Insights Header image
Insights Header image
Insights Header image

Bell Gets a Bad Rap for its RAP (Relevant Advertising Program)

June 2015 Privacy Bulletin 4 minute read

New technologies present vast opportunities for businesses to develop innovative advertising initiatives. However, it is important for organizations to assess the privacy impact of such marketing schemes in the early stages, to avoid having their ventures vetoed by privacy enforcement authorities.

The Bell Case

In November 2013, Bell launched its relevant advertising program (“RAP“). The RAP tracked users’ Internet browsing activities (e.g., websites visited and apps used on a customer’s mobile device) and combined such information with existing customer account information (e.g., postal code, gender, age range, plan type, device information, average revenue and credit score). Bell used this information to create detailed “interest profiles” for each customer. In assigning profile categories, Bell also used truncated URL history to assign interest categories such as “sports” or more specifically “soccer”.

The OPC gave the following example of the types of profiles created by Bell:

“For instance, a Customer Profile could indicate that a Bell Customer is an English-speaking female, between the ages of 26 and 30, in the city of Montreal, who has a medium to high interest in hockey and who recently visited[1]

The RAP also contemplated the use and collection of information about Wi-Fi Internet usage, television viewing habits and telephone calling patterns, however, at the time of the OPC’s investigation, the company was not using this information to create profiles. In addition, Bell did not directly include predetermined sensitive categories in its profiles, such as “adult content” or “cancer”. Rather, such information was used to yield non-sensitive categories. For instance, while “cancer” would be discarded as a category, a non-sensitive category such as “men’s health” could be assigned to the customer profile.

Once the interest profiles were created, they would be matched against the “ad profiles” of third party advertisers, so that targeted advertisements could be delivered to Bell customers.

Although Bell used customer personal information to develop its “interest profiles”, the company did not disclose the identity of any customers to third parties in connection with the RAP. Furthermore, Bell made significant efforts to notify its customers about the RAP, including bill messages, text messages and emails. The OPC also accepted that maximizing advertising revenue and improving users’ online experience through targeted advertising were legitimate business objectives, and therefore, there was a reasonable purpose for Bell to collect and use personal information in connection with the RAP.

However, the OPC found that the RAP did not comply with the Personal Information Protection and Electronic Documents Act in a number of respects. In particular, the OPC found that:

  • Notices to customers were not sufficiently transparent. For instance, Bell’s detailed explanation on its website did not explain that existing account/demographic information would be used in the RAP.
  • Bell allowed customers to opt-out of the RAP, but given the sensitivity of the information and the reasonable expectations of customers, the OPC determined that opt-in consent was required for this program.
  • Bell continued to track network usage information of customers who opted-out of the RAP, in order to further develop its customer profiles in the event the customer chose to opt back into the program.

In determining that opt-out consent was not appropriate for the RAP, the OPC reasoned that Bell had access to vast amounts of personal information which was provided by users in order to gain access to mobile, Internet, telephone and television services, and that the breadth of the combined information rendered it more sensitive. In addition, in considering the expectations of customers, the OPC noted that Bell charged for its services (sometimes hundreds of dollars per month), and so customers would not expect the information that Bell collected for the purposes of delivering its primary services to be used for the secondary purpose of delivering behaviourally targeted ads. This is in contrast to previous OPC decisions where it was found that users who are provided with a free service would expect that some information may be used for advertising purposes.

Following the OPC’s Report of Findings, Bell decided to withdraw the RAP and it agreed to delete all existing customer profiles related to the program.

Lessons for Organizations

The Bell case illustrates the risks involved in developing new programs without considering applicable privacy laws. Bell undoubtedly invested significant resources in the RAP, only to cancel the program because of inadequate privacy controls. This could have been avoided if the company had conducted a privacy impact assessment early in the process.

Therefore, when developing a behavioural advertising program, organizations should:

  • Assess the privacy impact with the involvement of the organization’s privacy officer(s) and legal counsel
  • Communicate with customers (and other affected persons) in a transparent and understandable manner, including providing clear information about the type of data that will be collected and the purposes for which the data will be used
  • Obtain consent, and consider whether opt-out or opt-in consent is appropriate depending upon the sensitivity of the information and the reasonable expectations of affected individuals
  • Consult and carefully consider the OPC’s Online Behavioral Advertising Guidelines, which can be found at:

Such steps are important not only from a legal standpoint but also to build and maintain customer trust.

Online behavioural advertising is not prohibited in Canada, but as with any new initiative that involves personal information, such programs should be designed carefully to ensure appropriate privacy controls.

by Lyndsay Wasser (CIPP/C) and Joanna Vatavu

1 PIPEDA Report of Findings #2015-001.

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2015

Insights (5 Posts)View More

Featured Insight

R. vs Greater Sudbury Webinar

Following a brief overview of the case and the SCC’s split decision, this discussion will focus on the implications of the decision to the roles and responsibilities of each project party, including the owner, contractor and design consultant (architect and engineer). The discussion will be interactive and will include an extensive Q&A period.

Wednesday, December 13, 2023
Featured Insight

Client Alert – Certain Canadian Corporations May Be Subject to US Corporate Transparency Act Reporting Requirements

Certain Canadian Corporations Conducting Business in the United States May Be Subject to US Corporate Transparency Act Reporting Requirements

Read More
Nov 29, 2023
Featured Insight

Could it be True? Canada to Introduce Open Banking Legislation

On November 21, 2023, the Government of Canada released its 2023 Fall Economic Statement. The Economic Statement announced the federal government's intention.

Read More
Nov 29, 2023
Featured Insight

Net Zero Plans Deserve Closer Attention Than They Are Getting

This bulletin provides guidance for companies on practices around net zero plans

Read More
Nov 29, 2023
Featured Insight

Necessary Guidance: Ontario Capital Markets Tribunal Provides Key Insights on the ‘Necessary Course of Business’ Exception in Kraft (Re)

The first application of the "necessary course of business" defense to tipping, Kraft (Re) offers key insights when handling material non-public information.

Read More
Nov 29, 2023