The province’s privacy watchdog says there are risks to Metrolinx’s plan to sell anonymized ridership data to private companies, but the transit agency has agreed to consult with his office before considering proposals to share the data.

In a letter dated Tuesday and addressed to Ontario NDP deputy leader Sara Singh, information and privacy commissioner Brian Beamish said until the opposition complained about it, he had not been aware of Metrolinx’s plan, unveiled last week, to sell riders’ information.

Beamish said he “would be very concerned” if the agency, which is a provincial Crown corporation in charge of transportation for the Greater Toronto and Hamilton Area, “were to share information about its customers” without first conducting “a complete review to ensure that the privacy of individuals is protected.”

He wrote that he had spoken with Metrolinx representatives and while they assured him the agency wouldn’t share any data that would reveal riders’ identities, “privacy risks may still exist.” As an example, Beamish cited the possibility of data not being “properly de-identified before release.”

In a written statement issued Wednesday, the commissioner said he was “pleased to confirm that Metrolinx’s chief privacy officer and chief marketing officer have committed to consulting with our office” on their plan, which is backed by Premier Doug Ford’s Progressive Conservative government.

“In this way, the IPC can ensure that any information released by Metrolinx is properly de-identified and that rider privacy is protected. This should help assure Ms. Singh, as well as other Ontarians, that steps are being taken to address the privacy risks of disclosures of this nature,” he said.

In an interview Wednesday, Singh (Brampton Centre) called Metrolinx’s assurances to the commissioner “a good first step.” But she called on the Progressive Conservative government to share more information about the agency’s plan and consult the public about it.

“I don’t think that most people would be supportive to their personal information being shared,” she said.

“Again, if Metrolinx is using this information to improve the transit experience, that is a fair use of people’s information,” she added. But “if this information is being sold off to marketing agencies, or whatever other third-party organizations, I think that’s where we really have a big concern.”

Metrolinx confirmed last Thursday it was considering selling its passengers’ data as part of a broader plan to raise revenue through private sector sponsorships that could include auctioning off naming rights to GO Transit stations.

A Metrolinx document detailing its request posted Friday for expressions of interest in private sponsorships lists a “data exchange” as one of the potential benefits for corporations that partner with the agency. It states the exchange could include the “potential use of aggregated and anonymized Presto ridership and sales data” for “research collaboration” and “customer mapping research.”

The document says personal information recorded through the Presto fare card system, which can include details such as credit card numbers and home addresses, wouldn’t be shared. Instead, the agency believes anonymized data about topics such as station usage, ridership by time of day and ridership growth could be valuable to sponsors.

The opposition NDP immediately seized on the data-sharing aspect of the proposal last week, warning it could lead to data breaches and compromising riders’ privacy. Singh wrote to the privacy commissioner last Thursday and asked for “an immediate investigation.”

Metrolinx spokesperson Anne Marie Aikins said Wednesday the agency has made clear its “unwavering commitment” to protecting riders’ privacy in accordance with provincial privacy legislation.

“All ridership data that may be shared will be aggregated and will not contain any personal information or any other identifiable information that could be tied to an actual person,” she said.

Read more:

Metrolinx plans to sell naming rights for GO stations. But will anyone want them?

Medical-record software companies are selling your health data

5 ways to protect your personal finances after a data breach

Loading... Loading... Loading... Loading... Loading... Loading...

Aikins declined to say whether the agency has received any interest in its proposal from private corporations, saying “it is much too early to speak about potential partners and potential data sharing opportunities.”

According to the privacy commissioner, there are some “exceptional cases” in which government organizations sell personal information that’s been scrubbed of identifying features. For instance, the Municipal Property Assessment Corporation, a non-profit corporation accountable to the provincial government, sells non-identifiable property assessment data to the public.

Clarification – August 8, 2019: The lead paragraph of this article was edited from a previous version that referred to ‘plans to sell riders’ personal information’ to make clear that Metrolinx’s plan is to sell anonymized customer information to private companies. As stated further down in the article, personal information recorded through the Presto fare card system such as credit card numbers and home addresses, wouldn’t be shared.

Ben Spurr is a Toronto-based reporter covering transportation. Reach him by email at bspurr@thestar.ca or follow him on Twitter: @BenSpurr

Read more about: