Data is the engine of the modern economy, a key driver of innovation and growth. While the power of data is undeniable, questions emerge about the impact of digital transformation on our human rights, our collective well-being, and the state of our democracy. Commissioner Kosseim speaks with Jim Balsillie, retired co-CEO of Research In Motion (BlackBerry) and founder of the Centre for International Governance Innovation about the most pressing public policy issue of our time.
Hello, I’m Patricia Kosseim, Ontario’s Information and Privacy Commissioner, and you’re listening to Info Matters. A podcast about people, privacy, and access to information. We dive into conversations with people from all walks of life, and hear real stories about the access and privacy issues that matter most to them.
Hello listeners, thank you for joining us for another episode of Info Matters. It’s been said many times that data is the new oil of the 21st century, but our guest today prefers to call it the new plutonium. Data is a vast resource with valuable insights that can be extracted with the help of powerful tools like artificial intelligence and machine learning. These technologies make it possible to analyze massive data holdings in unprecedented ways, at a scale and speed that humans simply cannot match. With innovative tools, we can uncover insights, find new patterns and discover relationships in data, to help address complex challenges in health, equity, poverty education, and the environment.
While the potential societal benefits of using data for good are immense, harnessing data in this way also raises game changing questions about the impact of this digital transformation on our human rights, our collective wellbeing and the state of our democracy. How can we ensure our data is being used fairly, safely and securely? And how can we hold organizations that control our data to high standards of transparency and accountability? In recent years, data governance frameworks have begun to emerge to support the responsible treatment of data based on concepts of fairness, accountability, transparency and respect for privacy. But there’s still a disconnect between these frameworks and our existing privacy laws in Ontario, and in Canada, which were enacted well before the internet age and haven’t kept pace with technology.
In this episode, we’ll be talking about data governance, as one of the most important public policy issues of our times. We’ll also explore what a modern privacy framework could look like, one that protects the privacy of Ontarians, while at the same time supporting innovation in the digital economy. My guest is Jim Balsillie. You may know him from his role as co-CEO of Research In Motion, the Canadian company that brought us the Blackberry, known to the world as Barack Obama’s favorite phone. That’s quite the endorsement, and speaks to the company’s success in its heyday. But Basillie’s career spans way beyond the business world. He’s a philanthropist, supporting advanced research at the University of Waterloo and Wilfred Laurier University. He’s the founder of the center for international governance, innovation or CIGI, an independent think tank that supports research and advances policy debate on global governance issues. And he established the Center for Digital Rights, a nonprofit that aims to promote public awareness of digital rights issues related to the data driven economy. Jim, welcome to the show.
A pleasure to be with you, commissioner.
Please call me Patricia. So Jim, you’re well known for your work with Research In Motion. In fact, I understand it’ll soon be 10 years since you retired from RIM. Can you tell us about what you’ve been doing since then, particularly your philanthropy work and the causes that you’ve chosen to dedicate yourself to?
Sure. And it’s a pleasure to be with you. And I retired from RIM, but certainly not from business. And have a lot of private commercial interests around the world, which keep me busy. So while I’m not in an operating role anymore, I very much enjoy strategically supporting our tech executives, including those that are members of the Council of Canadian Innovators, Canada’s tech business association. For personal philanthropy, I’ve been very active in digital public policy, both intellectually but also in funding research and policy. But also I’ve been, my philanthropic activity is including supporting arts and culture, and also very active in supporting environmental science in the Canadian Arctic. So I’m active commercially, but I’m active also philanthropically, but also in public policy. And it’s an interesting life, and I learn every day.
Despite your experience as co-CEO of one of the largest global tech companies of its time, you’ve become outspoken about the need to reign in the tech industry. And you were a vocal critic of Sidewalk Labs, that was planned for Toronto’s waterfront. What is it that led you from tech executive to tech critic?
Well, I’ve always been involved in public policy. I founded CIGI over 20 years ago, and when you participate in global tech, you also participate in public policy. And the digital arena, or the realm operates in rules that change literally hundreds of times a day. And so, owning ideas is an abstract construct, and therefore markets are governed and made by governments. So you’re in global tech, you’re in public policy. And I believe in tech, I believe in innovation, I believe in entrepreneurship, but it’s very important that business operate within democratic rules.
And when you think of more traditional businesses, we have environmental rules, we have labor rights, we have consumer protection, we have product safety. We have many things that create the guardrails that business operates in so that it creates public good and private gain concurrently. And that’s when capitalism is at its best. And there are many issues with the Sidewalk project, but the cardinal sin was putting the vendor in charge of designing the data governance rules. And at the time neither the city, nor the province, nor Canada had developed strategies for smart cities or data governance. And the decision makers really didn’t have the expertise, nor the authority to really make such a consequential decision.
It’s very important to understand in data that today’s technologies get much of their power from control of data. And so, data has enormous crosscutting impacts on society, security, health, economy, democracy, fair markets and so on. And so, this is a very technical realm. It’s an extraordinarily consequential realm. And these kinds of decisions have to be made in a transparent, democratically accountable forum. And in this case they were not, they were made by an agency that did not have the authority, from my perspective and others. And it gave a role to a vendor, where a vendor would be running the process to create rules rather than comply with rules. So the project attracted global criticism because, as I said and I wrote, it’s a self-colonizing experiment in surveillance capitalism that attempted to bulldoze critical civic governance questions.
You’ve said that data governance is the most pressing public policy issue of our time. And you’ve warned that the data driven economy is developing faster than the ability of policy makers to reckon with its consequences. Why is it such an important public policy issue, in your view?
Well, yes, I do believe it’s the most important public policy issue of our time. Because whoever controls the data controls who and what interacts with it. And data is protean, meaning that any data can be reprocessed and analyzed in new ways in the future that are unanticipated at the time of its collection. And this has major implications, not just for privacy protections, but as I said just a minute ago, for security, democracy and governance of the whole economy. So abuse of data compromises the very democratic processes on which we rely, to intelligently and effectively address urgent challenges. We’ve seen societies torn apart by misinformation, including climate change and vaccines. We’ve seen behavioral manipulation at scale. And when democratic institutions are under attack, we can’t effectively address these challenges. So that’s why I put it as a pinnacle public policy issue, because it’s from there, so many other things are either properly supported or corroded.
I certainly agree with you on the importance of data governance, and really do believe that it’s one of the most pressing public policy issues of our time, most certainly. You’ve also spoken about the false dichotomy between privacy regulation and innovation, this false trade-off. Can you unpack that for us a little bit?
Sure. And there’s been quite a bit of research on this where the proper regulation and limiting of data collection can restore competitive market dynamism. Because the unique features of data as a corporate asset means that when a company has a lot of data, and then as it gathers more, it gains more value from it, so that’s called a positive spillover. So every new data set makes all the preexisting data sets in the hands of the same few companies, more valuable. So that’s why you have issues of monopolization, and this monopoly power really means that companies can compete by eroding consumer privacy. So, it’s created a race to the bottom, and it’s created very few companies gaining all of the benefits. And in the process over the last 10 years, we’ve seen that the greatest concentration of market and wealth. We’ve seen reduced rate of entrepreneurship, innovation and business dynamism, and a lot of wage compression on those that aren’t the highest end technical skills.
And all these outcomes are currently being investigated by the US Federal, State, and European antitrust authorities. So, it’s a false dichotomy. And what’s also very interesting when you look at perennial leaders in innovation in the world, like Germany and South Korea, they’re also leaders in privacy rules. So these two elements actually reinforce one another, it’s a false dichotomy, not a dichotomy. And those that represent it as a dichotomy, there’s no evidence to support that. So the better the appropriate regulation, the better the innovation, and the better the societal and economic outcomes for especially a small open economy like Canada’s, and an open economy like Ontario’s.
So if you were to design a privacy law for the ages, what would it look like? In other words, if you were given a clean slate, what broad concepts would you want to introduce or change in a law?
Well, that’s a big question, and one that you could have many, many discussions with many, many experts on. So I can just touch on a few of the issues. One, I think we have to move beyond a consent model. Of course, people need to have consent over their data. But in a sense, if these rights are inalienable, then you can’t consent them away, anymore than I can consent away my vote. And also data and these systems, have community and population level impacts. So in a sense, it’s not a private decision anymore. You can play loud music in your basement at one o’clock in the morning, but that doesn’t mean you can do it in your front yard, because you’re affecting public good.
So I think you have to start thinking, privacy and data have moved beyond a more narrow realm of hygiene, to something that controls individuals, and communities and assets. And so, you have to think of it much, much differently. I think that the power of these algorithms, they need to be regulated appropriately, both for people to understand properly what their impact is, and the ability to contest them. In Europe, they have a special treatment of data for what they call vulnerable or particularly important kinds of data. One of them is for children. And so, I think we have to have special treatment for children because they’re a vulnerable constituency. They also have special treatment for political data, and we really are lawless on that right now in Canada. And yet, Europe puts a higher standard on that because it protects the democratic realm.
And so, I think when somebody does have control of this data, because it’s so consequential, potentially good as you said in your opening remarks, but also potentially adverse, and because it’s protean and it can be reprocessed, you have to have careful rules on what’s the purpose it was granted? And I would argue, a duty of care on the part of the person who has that data. Because kind of like a lawyer or a doctor, they have a lot of information on you. They have a lot of power in your relationship. And so, there’s an imbalance of knowledge and power, and therefore they have duties to be careful with you because of that. And so, I think this is a subset of the kinds of things we could talk about. We could spend a lot of time on this with a lot of experts, but I think we have to get the first principles right. Because the world has changed, and that’s the most important thing to understand, that this is not like good corporate hygiene practices was a primary issue some era ago. It’s a much different world now.
Fascinating, and you’re right. We could spend hours talking about this, that’s for sure. You know my office has been quite vocal about the need for a made in Ontario privacy law, one that’s tailored to the needs of Ontarians, and the vast majority of small and medium sized businesses in our province. Also, one that addresses significant regulatory gaps, including for employees of provincially regulated companies or charitable organizations, unions, professional associations, among other areas beyond federal reach. What are your thoughts on that, Jim? Does Ontario need its own law?
Oh, absolutely. It’s important to know that Ontario is something around 40% of Canada’s economy. So it’s the leader, it’s the biggie. And I think a lot of Canadians look to Ontario to lead. We are a federation, and so in federations there’s elements of realms of responsibility and there’s always a question of overlaps. But when something is this consequential and this crosscutting, it’s just an imperative. And you mentioned some things on employee law, what are the rules for protecting the tracking of employees? Which has become a rapidly emerging issue. Not for profits, political parties, children, there’s going to be gaps, there needs to be harmony between provinces. But in my interaction with the subnational, there’s a lot of desire to have alignment. I’ve not seen fundamental incompatibilities in general approach here, whether it’s acting where Ottawa won’t, or can’t, we can debate those things. But yeah, I think it’s critically important.
And also, it’s very impressive that Ontario’s moving ahead with a new data authority, which is really thinking institutionally about how we deal with data. If it’s got public good aspects to it, and I know I’m moving a bit beyond your question here, but if it’s so consequential, it’s so protean, and it’s consequentially crosscutting, potentially good, potentially harmful, then I can’t see a responsible approach that doesn’t involve some form of government authority that says, “I’m going to be a repository of this data. I’m going to have unique governance to it, so that it’s not used for bad behavior.” It’s got to have democratic accountability. It’s got to have multi-stakeholder engagement, because the alternative is to just let it naturally fly out of the country.
And so, that approach has risks, but inaction has much, much, much greater risk. When you think of health data, if you don’t do an authority for health data, then it’s either going to be in a filing cabinet where it really won’t be anymore, or it’s going to be absorbed by actors who want to get at it for their purposes. But when it becomes an asset with a new form of economic logic, about surveilling people, and changing their behavior, and micro-profiling them, then all roads go to focusing on control, and managing the upstream harms with a lot of accountability and transparency. Rather than a game of occluded downstream whack-a-mole, which is fundamentally an impossibility, in around where the most valuable and powerful companies in really the history of capitalism are controlling this in places we really don’t know.
You know my office has spoken publicly about its support for data trust-like mechanisms, or data authorities with important governance responsibilities, like you describe, as long as they themselves are subject to independent oversight. Because to your earlier point, they too have to be accountable for the decisions they make upstream. So, fascinating discussion. My office has also called on government to amend privacy laws to include oversight of political parties, which we’ve mentioned is one of the glaring gaps currently among Canada’s privacy laws, and in particular in Ontario. Today, as you know, political parties are able to collect, share and analyze voter data like never before. Voters in Ontario don’t have the legal right to know if their information has been collected by political parties, or even who it’s been shared with. So in your view, Jim, what can be done to protect citizens’ privacy and uphold a healthy democracy in the age of big data and social media?
Yeah. Well, this is just a central question, that if we lose democracy, I think we lose it all. And the nature of the surveillance capitalism business model, it’s well documented that triggering negative emotion heightens engagement. So if you can micro-target people, in the traditional democratic forum, let’s say you had 10 people in a room and they have a discussion and a debate, and they agree on… It’s all a transparent discussion, and people see what’s being discussed. They may agree, they may agree to disagree. But then there’s a vote, and then they understand what the vote means and they understand what they’re moving ahead with. But now in an era of micro-targeting and surveillance capitalism, 10 different people can get 10 very different messages that are really micro-targeted to move them. That in my view, foundationally undermines that the democratic discourse, the democratic dynamic, so absolutely political activity should be guided by privacy.
You’ve also spoken about data driven harms in children, specifically how the information industry is targeting young people and using artificial intelligence tools to influence or even nudge their behavior in potentially adverse ways. Can you elaborate on some of your concerns there?
Well, I’ve drawn a lot of knowledge and inspiration from a friend, Beeban Kidron, her Foundation of Five Rights, that’s advocated for the age appropriate design that is really being used very much in Europe. And it’s just been bipartisan adopted in California, and she was recently, we were together in Ottawa for a couple days a couple weeks ago, advocating for this. And so, it’s just what she captured so brilliantly is that in the democratization of the web, it treats children no differently than adults. And yet when we design products, we have all kinds of product safety rules for children, up and down the line. When you think of toys, when you think of pharmaceuticals or therapeutics or whatever it is, there’s tremendous care for children, because they know that they’re not in the same developed state as an adult.
And then we put them in this online world, which is very arguably, far more consequential to their physical and emotional vulnerability. And yet what are the protections? And so, she’s got an age appropriate design code, I think that is entirely appropriate. And I think in Europe, they’re now deep in the process of looking at the social media or different internet services, and would they be considered and classified as a product? Because if they’re classified as a product, all the design safety standards kick into gear. And so, children are our most vulnerable, they’re our future. And I think we have a duty of care to make sure they’re safe, and they’re safe in the world. And you think of crosswalks at schools and things like that. And so, I think we have to be very focused and committed to protecting our children. And again, that’s another thing provincially, that I believe should be an absolute priority.
Well, thanks for mentioning her in particular and putting me onto her work. I’ve listened to her in interviews, and she certainly is very passionate about the work that she does in the area of children’s safety and wellbeing. And for those of you interested, we’ll be sure to include a link to the UK code in the show notes to this episode.
And I did mention to you, she recently did an interview, on TVO, The Agenda when she was in Ottawa, which might for the listeners have some interest too, as a shared note.
Yes. A fascinating interview I listened to on your suggestion as well, and we’ll be sure to include a link to that interview in the show notes. As you know, Jim, my office adopted four strategic priority areas to focus our work over the next few years. One of them is privacy and transparency in a modern government, where we intend to work with Ontario’s public institutions to develop those kinds of bedrock principles and governance frameworks for the responsible deployment of digital technologies. Another priority area is children and youth in a digital world, where we will work to promote the digital literacy of children and youth, and champion their digital rights while holding institutions accountable for protecting them. So let me ask you, Jim, I’d be very interested in hearing your advice to our office on how we can advance our work in each of these areas.
You’re doing a lot of great work in your advocacy. I think the most important thing is that the policy community and the citizenry needs to understand that what we need from your office is much, much more. Because the world has changed, so the legislative gaps need to be filled, and the powers and the capabilities of your office needs to be enhanced to do that. Because this isn’t just about a breach, breaches are bad, but it’s much more than that. So yeah, I would just say the important thing is certainly help people, and policy makers, and citizens, and politicians understand the importance of data governance in their world, and have a much, much more holistic understanding of it.
I think we need new and updated laws, as I said, and new powers for your office. And also, if you want to make sure that data’s looked after, and yes, there’s transparency elements. I get that. But also the governance of data, I think we have to look at new institutions. There was kind of a tradition that you’ve just kept all this separate in a paper world, and you kept them in separate filing cabinets, then the potential for abuse was much, much less. But now health data is all digital, it’s being combined. What are the rules, and who governs those rules? And one careless move could have this all quickly accessed for foreign firms. And then once the cat’s out of the bag, you can’t put it back in. Because data’s non-rival, it can be replicated.
So, I think we have to think about those three areas that I just mentioned. And this is a journey, and we’re in a world where this is fast moving. But there are risks in action, but the risks of inaction are far, far greater. And as long as it’s democratically accountable, as long as it’s transparent with experts, I think we’ll be okay. But inaction, lack of transparency, non-experts playing in an expert realm, I think that’s where you get into trouble. And so, you’re the repository of expertise and accountability, so I think it’s a natural place for much of this advocacy and research and subsequent governance to be centered.
Well, thank you very much for that. And we take that to heart, and certainly our work is amplified by passionate voices like yours, Jim. So thank you so much for taking the time out of your very busy schedule to join me on the show. I was really delighted that you accepted, and so happy to have this conversation today. I’ve learned a lot, and I’m sure our listeners have too, about the formidable forces at play in our data driven economy, and the fundamental challenges we face as a society as the world becomes increasingly digital. And you’ve certainly convinced me and many of our listeners, I think today, That data governance really is the most pressing public policy issue of our time.
For listeners want to learn more about the work of Ontario’s Information and Privacy Commissioner’s office, I encourage you to visit our website at ipc.on.ca. Our website also includes general information about privacy and access rights under Ontario’s laws. And you can also call or email our office for assistance and general information. Well that’s it, folks. Thanks for joining us for this episode of Info Matters, and until next time.
I’m Patricia Kosseim, Ontario’s Information and Privacy Commissioner, and this has been Info Matters. If you enjoyed the podcast, leave us a rating or review. If there’s an access or privacy topic you’d like us to explore on a future episode, we’d love to hear from you. Send us a tweet @ipcinfoprivacy, or email us at email@example.com. Thanks for listening, and please join us again for more conversations about people, privacy and access to information. If it matters to you, it matters to me.
Info Matters is a podcast about people, privacy, and access to information hosted by Patricia Kosseim, Information and Privacy Commissioner of Ontario. We dive into conversations with people from all walks of life and hear stories about the access and privacy issues that matter most to them.
If you enjoyed the podcast, leave us a rating or a review.
This post is also available in: French