After reading the Star article and the new Oath terms and conditions I too am shocked to learn that Rogers can read my emails and send communication to my contacts without my permission.
My business relationship is with Rogers - not Oath. Under Canadian privacy laws my personal information must only be used for the purposes for which it was intended. Regardless of what Rogers says it is part of my internet subscription service and they can not get off the hook by saying it is outsourced to a 3rd party.
The appropriate process is to file a complaint with Canadian Privacy Commissioner and / or the CRTC.
Here is another article on the issue from a PEI newspaper.
I think this highlights two of the concerning provisions in the new privacy policies relating to analyzing of our emails and personal data of family and friends. I think the author makes a good analogy to this being like us allowing the postal service to open all of our paper mail and reading before delivering to us to see if there are any business opportunities for them or others to target us (or our friends and contacts).
In addition to the CRTC and Privacy Commissioner, it wouldn't hurt to complain to the Prime Minister, email@example.com, the Minister of Innovation, Science and Economic Development, firstname.lastname@example.org and your MP. Perhaps the leaders of the opposition should be included too.
My MP is Navdeep Bains, who is also Minister of Innovation, Science and Economic Development.
I have nothing but nice things to say about the helpful moderators on this forum. They are a great bunch of people.
I have filed a complaint with the Privacy Commission and opened an email account with ProtonMail.com. Yesterday I deleted all my saved emails and contacts from my (Rogers) Yahoo/Oath email service. I should not have had to do this. C'est la guerre.
We are now confronted with the hard reality of the internet age. We are being observed, recorded and catalogued by nebulous business entities every time we venture into the web. Whether it is Yahoo, Facebook, Twitter, or Google we are the product not the customers.
The Star article by Ellen Roseman was pretty pathetic, too. She was apparently speaking to "Rogers spokesperson, Samantha Grant", yet advises Rogers customers (you know, those guys who pay the bills) "press for more information. What is the deadline for agreeing to Oath’s updated terms? Will they be cut off without access if they don’t agree? Can they get help moving all their emails to another provider?"
Come on, Ellen - you had Ms. Grant talking to you and couldn't get the answers to those questions?
By the way, the answers are: May 25, Yes, and Don't let the door hit you on the way out.
But I loved Ms. Grant's characterization of Rogers email an "optional service." Roseman didn't ask it but I will: Samantha, what services does Rogers offer that are not optional?
Regarding the Toronto Star article, it is noted that "After I forwarded his email to Rogers, Stephen was offered a $150 credit to smooth the transition to a paid service such as ProtonMail." Could providing a credit to a customer suggest that the problem has been acknowledged. Any time I ever received a credit from Rogers in the past was because of a service (or billing) issue admitted by Rogers.
I want to first thank everyone here in the forum for their detailed review of this matter and elevating the relevant issues. I am cautiously hopeful that this will be resolved soon. It will need to be resolved soon as one month from tomorrow the new Oath privacy policies go into effect. I wanted to share my two cents worth on the issues (actually more like four cents worth – I apologize for the length of my comments.)
I have two @rogers.com email accounts – my main one I use for almost all communications with businesses, friends, family, etc. is accessed using Microsoft Office software for Windows 10 on my laptop and using the Microsoft Mail app for Android on my phone. I never use the Rogers Yahoo web porta to access this email address. My secondary email is used rarely and I only access it using the Rogers Yahoo email web portal. (I could live without the second email address but the first address is critical). My contacts and calendar are associated with an @outlook.com email address at Microsoft and thus Rogers/Yahoo has no access to my contacts and calendar.
There are three areas of concern I have with the policy revisions - the first two have been already raised by others but I wanted to share my thoughts.
1.In the Oath Privacy Center – How We Use Your Information – section of the policies it states Oath will “Analyze your content and other information (including emails, instant messages, posts, photos, attachments, and other communications) in order to keep our Services safe and secure and to assist us in making the content, Services and ads we provide to you more personalized.” My interpretation (and that of others) is that this provides Oath with permission to review my emails and attachments and then send me advertising targeting me based on the topics in emails and attachments. I can supposedly opt out of receiving the advertising (I say supposedly as I have tried to opt out and then when I log into my account again I am opted in again – I have allowed cookies so that should not be the issue) but that does not change the fact the Oath can still scan my emails and attachments. I understand there are legitimate reasons for scanning emails – for security purposes, etc. – and other email providers include provisions regarding such legitimate scanning of emails in their email privacy policies.
2.In the Oath Terms of Service – in the Canada specific section – under Personal Data of Friends and Family it states ”By using the Services you agree that you have obtained the consent of your friends and contacts to provide their personal information (for example: their email address or telephone number) to Oath or a third party, as applicable, and that Oath or a third party may use your name to send messages on your behalf to make the Services available to your friends and contacts. The Services are not to be used for any form of spam.”
It appears that using the Yahoo email service is considered a “Service” – do you agree?
a. How exactly do I obtain the permission of friends and contacts? Do I need to obtain written permission and keep it on file for Oath in case they ask for it. Should I send an email to all of my friends/contacts worded as follows” (I am only half joking about this.)
Your (probably former) friend/contact,
b. Let’s assume that I don’t receive a positive (or any) reply from all of my friend/contacts. (I am not sure why that would be as of course I would reply positively if I received an email like I proposed above (ok the joking stops now)). I will then have no choice but to refrain from using my @rogers.com email after 25 May 2018 as I will not be able to in good conscience agree (with my explicitly agreeing now or implicitly agreeing by using the service after 25 May) that I have obtained the consent of my family and friends. I will not be party to an agreement that I cannot knowingly fulfill the terms under – regardless of how inappropriate I believe those terms are.
c. Who is included in “friends and contacts” and what is the source of their personal information. Is it only people in my contacts list and the information such as email address, phone number, possibly address, birthday that would be stored in contacts. If so then I should be ok as my contacts are not stored with Rogers email accounts. OR is anyone I send or receive email from considered a friend or contact – if so what is their source of personal information – does it come from reading the emails. As the term “friends and contacts” is not defined in the policies, I am unsure how encompassing the term is
d. What does “use your name to send messages on your behalf” mean. Will such messages be coming from my email address? Will they state at the bottom – “sent on behalf of <me>” Could phone calls be made on my behalf (as sharing of phone numbers is explicitly cited)
f. Is the reason “the Services are not to be used for any form of spam to friends and contacts” because I (if I agreed) state that my friends and contacts consent to receive such communication from Oath and third parties and if one consents to receive it then it is not spam.
3. I sent an email to the Rogers Privacy Office last week (still awaiting reply) asking whether all @rogers.com email users are subject to both the Rogers and Oath policies regardless of how they access their email – i.e. using Rogers Yahoo email web portal versus using another interface such as Outlook 2016 software as I do. I suspect the answer is that all @rogers.com email users are (or will be) subject to both Rogers and Oath privacy policies but I was confused by the Oath policies referencing Services. Assuming Yahoo mail (the web portal) is a Service then accessing my email through the portal brings me under the Oath policies. But am I using any Yahoo Service (including Yahoo mail) if I access my email through Outlook 2016 software. I never see reference to Yahoo when use Outlook and the servers I use in Outlook 2016 reference Rogers and not Yahoo. I unfortunately suspect the answer is that since all @rogers.com email service was outsourced to Yahoo (and now Oath) that simply using any @rogers.com email account is considered to mean I am using a Yahoo Service and now subject to the Oath policies. I was hoping there might me a simple solution of not using Yahoo email web portal(a Service) to access any @rogers.com email accounts and thus only being subject to Roger privacy policies. Any thoughts?
The Canadian clause saying we certify that our contacts allow them or third parties to contact them in our name leads me to suspect that it'll be done the way some other services who scoop address books have, by blasting their promos out as though the email came from us. They're trying to squirm around anti-spam regulations.
As far as how we access email, it doesn't matter - it's still coming through Yahoo/Oath, whether we collect it through a web client or in Outlook.
If you haven't already contacted the Privacy Commissioner of Canada, do so. And we should all yell at Rogers as well. This is a totally unacceptable compromise of our privacy and security.
May 25 is a very significant day. It's when the European Union's General Data Protection Regulation (GDPR) comes into effect - privacy legislation with fangs (the maximum penalties are huge). Oath is trying to cover its posterior with some of the clauses in the new ToS.