January 28 is Data Privacy Day! Privacy a topic we’re hugely passionate about, and we’re really proud of the work we do to protect the personal data we’re entrusted with and to advocate for the privacy rights of domain owners and our resellers. It should go without saying that we approach data protection with great care and consideration year-round, but it’s nice to have a dedicated day when we pause to reflect on why data privacy is so important. I’m taking this as an opportunity to highlight some quick data privacy tips which are ready to be shared with your customers, recap what Tucows accomplished in 2020, and provide some insight into our plans for the year ahead.

Data privacy tips for your customers

Here are things that all of us should know when sharing our data online, also available in TikTok form.

    1. You have the right to access your data and correct inaccurate information
      Every company you share your data with should have this functionality. Check the app settings or contact them to find out more.
    2. You have the right to know if a company is sharing your data and a right to give or withdraw your consent to share it.
      Privacy settings are super important in controlling which information apps and services can share. Make sure you keep track of them!
    3. If you consented to optional data use, you can withdraw consent at any time.
      When you click “I consent,” that’s not permanent! You can change your mind and take back control of your information.

 

Data protection by design at Tucows

Tucows works hard to ensure that high standards of privacy and data protection are present in our products and services from start to finish. But what does this process actually look like?

Planning

Data protection begins in the planning phase, where we conduct comprehensive reviews called Data Protection Impact Assessments (DPIAs) for any new product or service we want to introduce that touches personal data. This includes changes and additions to our reseller services, as well as any tools or applications we adopt internally. These Assessments help us identify and document any possible risks to the data and our methods of mitigating those risks.

Implementing

In the product development and implementation phases, and while services are active in our platforms, we follow regulatory requirements for data protection, adhere to industry best practices for security measures, and have robust processes in place to respond to customer privacy concerns and fulfill data subject access requests.

Review

We have also put in place a new annual review process for our Data Protection Impact Assessments. This involves looking back at all the services we’ve completed DPIAs for, to see if there were changes to how those products or services handle data or any updates that require further data protection work on our part.

Tucows’ progress in 2020

Privacy and data protection work is so essential, but it’s perhaps not the most exciting topic, except to me and my fellow privacy and policy nerds. Nonetheless, we think it’s important to highlight some of the goals we achieved in 2020 related to data protection.

Creating greater transparency

The most visible change was the launch of our updated Data Sharing Preferences (a unique URL where domain owners can set their preferences; you can view a mockup here) and Data Sharing Practices pages. These resources now more clearly explain how and why we process personal data. We also now offer translation of these pages into eight languages, helping data subjects access the information in the language that they’re most comfortable reading.

Advocacy work within ICANN

Within the ICANN policy development world, we worked hard to ensure that the privacy rights of our domain customers are respected. We continue to advocate for policy changes to promote “data protection by design and default” within the domain name system, such as ensuring that registration data is only disclosed to third parties when there’s a valid legal reason to do so. This cause has been central to our public speaking engagements in 2020, including a recent webinar where we shared domain data disclosure statistics from the registrar and registry community (available here, look for September 22 in the chart).

Keeping a pulse on global privacy developments

From the broader international perspective, the biggest change we saw in 2020 was the invalidation of the EU-US Privacy Shield framework, which we blogged about in November.

Plans for the future

Looking ahead to 2021, Tucows’ Privacy Team’s goal is to continue the work we started in 2020 in an expanded and enhanced manner. This includes working to improve how we disclose data processing practices and options to users on our platform.

Our advocacy work with ICANN will remain a priority, specifically ensuring that policy requirements are in alignment with our obligations under data protection regulations and that when newly-approved policies are implemented they permit adherence to relevant privacy laws.

Finally, we’re avidly following developments to Canadian privacy law with the incoming Canadian Consumer Privacy Protection Act, and working with our contacts in Canada’s Ministry of Innovation, Science, and Economic Development to advocate for privacy rights in the tech industry.

If you have any questions about data protection and privacy as they relate to our Domains, Email, and SSL products, get in touch!

So, that’s what we’re looking forward to in the year to come. How will you celebrate Data Privacy Day? Personally, I plan to eat cake and reset all my passwords.