Taking charge of your cellphone privacy rights

A series of provincial and federal laws exist to help protect your privacy. In the balance of this page, we’ll walk you through how these laws play out in various contexts. 

Provincial privacy laws

British Columbia has three laws that protect your information and privacy. 

Two laws set out rules around the collection, use, protection, and disclosure of your personal information. The Freedom of Information and Protection of Privacy Act applies to public organizations, like local governments, schools, and hospitals. The Personal Information Protection Act applies to private organizations, like corporations and non-profits.  

A third law, BC’s Privacy Act, makes it an offence to intentionally violate someone else’s privacy.

Federal privacy laws

At the federal level, Canada’s Privacy Act covers how federal government institutions handle your personal information. This is information that, on its own or combined with other data, can identify you as an individual. For example, your name alone is not personal information. But your name along with your race, marital status, or address is personal information. 

This law puts limits on what personal information federal government institutions can collect from you. They can only collect information that’s necessary for them to operate a program or activity. And they have to take reasonable steps to keep your information accurate and up-to-date, and destroy whatever they don’t need.

The Charter

Another law that can come into play in privacy matters is Canada’s Charter of Rights and Freedoms. This law forms part of our Constitution. It says that everyone is protected from “unreasonable search and seizure.” It also protects citizens against unlawful intrusions on their privacy interests. We’ll touch more on this below.

When a police officer stops you, their right to search the contents of your cellphone depends on several factors. 

If the police have a search warrant

The first is whether the officer has a search warrant. This is a court order authorizing the police to search someone’s property. If an officer has a search warrant, they’re allowed to look at whatever the warrant allows them to. 

If the police don't have a search warrant

If an officer stops you and they don’t have a search warrant, you can refuse if they ask to look at your phone.

If you give your consent, an officer can look at your phone. For your consent to be valid, you must be given enough information to understand your options. And your consent must be voluntary, meaning you had a real choice to say no. 

For the police to search your cellphone without a warrant or your consent, they need to arrest or detain you. Even then, there are four conditions — all of which must be met:

• The arrest or detention must be lawful. For example, the police must have reasonable grounds to believe you’re about to commit an offence.

• The search must be incidental to the arrest. This means the purpose must be to protect you, the police, or the general public. Or it can be to preserve or discover evidence.

• The nature and extent of the search must be tailored to its purpose. The police have a duty not to seek anything not directly related to the purpose of the search.

• The police must take detailed notes of what they examined and how they examined it. This is important for determining whether any evidence uncovered by the search is admissible in court.

If your cellphone is locked or password-protected

If you get arrested and your phone is unlocked, it’s likely that the police could lawfully scroll through your photos and texts. That is, as long as they believe it’s necessary to the investigation. 

If your phone is locked or password-protected, an officer generally can’t force you to give them the password. If you refuse the search altogether, you risk facing further charges. But there’s nothing illegal about simply remaining silent. Even so, the police have methods of cracking into even the most secure cellphones.

“Occasionally, I have to cross the border into the US for work. Last month, on a trip down to Washington, a border agent asked to see my cellphone at the crossing. I was taken aback, but I handed it over. After a minute or two, he passed it back to me and told me to carry on my way. But I was uneasy about it — I had no idea border agents had that authority. From now on, I’m storing my private data on the cloud.”

– Bradley, Langley, BC

The rules border agents must follow in searching your cellphone vary from country to country. Generally, they have to limit their search to whatever information is stored on your phone. 

Going through a border in Canada

Border controls within Canada are overseen by the Canadian Border Services Agency (CBSA). Under Canadian law, border agents have broad authority to stop and search people without a warrant. This includes the power to search your baggage and possessions.

The law on whether border agents are permitted to search your mobile devices is evolving. Canadian courts haven’t yet ruled on this issue, and Canada’s privacy commissioner is currently examining it. CBSA policy says that searches of personal devices shouldn’t be conducted routinely. Rather, searches should only be done when there are grounds to believe the device contains evidence of an offence.

If your cellphone is searched, you’ll likely be asked to provide your password. If you refuse, they may hold your phone for further inspection. Under CBSA policy, officers are limited to examining only what’s on your phone — like photos, files, and downloaded emails. They’re supposed to disable your phone’s internet connectivity, and avoid accessing anything stored external to the device. For example, they’re not supposed to access your social media accounts or documents stored in a cloud.

If you disagree with a border agent’s decision to search your devices, you can complain to the CBSA. The agency also has an online form you can submit. Another option is to file a complaint with Canada’s privacy commissioner.

Travelling to the US or other countries

The powers of border officials in other countries differ from those in Canada.

US border agents have broad inspection powers. They can conduct basic searches of your electronic devices — like your cellphone or laptop — without grounds to believe you committed an offence. However, they rarely use this authority.

Under a customs directive, US border agents are limited to examining what’s stored on your cellphone. They aren’t supposed to access anything stored remotely, such as in a cloud. To avoid this, they’re required to ask you to disable your phone’s internet connectivity before you hand the phone over.

If you have concerns about actions taken by a US border officer, you can submit a complaint.

Under Canada’s Criminal Code, it’s an offence to record a private phone conversation unless at least one party to the call consents. So if you’re having a private conversation with someone and want to record it, you can do so without informing the other person. However, it’s illegal for a third party to record a private phone conversation if none of the parties to the call have consented. 

There are some exceptions to this rule. For example, police officers are allowed to record a private call if they have a warrant. Service providers are allowed to record calls as well, if it’s necessary in order to deliver the service.

If a business wants to record your private conversation

Under BC law, a private organization can record a conversation only for purposes that a reasonable person would consider appropriate. They must also get the customer’s consent and state the purpose of the recording. 

At the beginning of a call with a business, you’ve probably heard “This call is being recorded for quality assurance purposes.” If you proceed with the call, your consent to have the conversation recorded is implied. But the business can only use the recording for the stated purpose. They’re prohibited from using it for other purposes, such as marketing or customer profiling.

In limited circumstances, your consent isn’t required. For example, if the business is calling to collect a debt or investigate potential fraud.

If you’re concerned a business is violating your privacy, you can complain to BC’s privacy commissioner.

Spyware is a type of technology that allows someone to secretly monitor and gather information about your cellphone use. It can allow the sender to:

• track the websites you visit, the links you click, and the apps you use

• collect your personal information and send it to a third party

• interfere with your use of your phone (for example, by changing your settings)

• take control of your phone from a remote location

Spyware gets installed onto your phone without your knowledge or consent, usually in one of the following ways:

• you install an application that bundles spyware with the main application

• you click on a pop-up ad

• you open an email with an attachment that has spyware in it

• you visit a website with spyware on it that automatically downloads it to your phone 

There aren’t any federal or provincial laws that directly target spyware. However, there are privacy, consumer protection, and criminal laws that can protect you. If your rights are violated under any of these laws, there are steps you can take. For an in-depth look, check out this privacy handbook.

Below, under prevent problems, we offer guidance on how to protect yourself from spyware.

To protect sensitive information in your phone, you want to make it difficult for others to access it. There are a few ways to do this.

Password protect your devices

Your first line of defence is to password protect your device. If possible, your passwords should be eight or more characters. Use a combination of upper and lower case letters, numbers, and symbols. Avoid guessable passwords, like your mother’s maiden name or your address. Change any default or factory passwords, which are often widely known by hackers.

It’s a good idea to use different passwords for websites, accounts, and devices. Write them down somewhere offline, like a notepad or journal. Keep it somewhere safe.

Use automatic lock features

Once you have a strong password, take advantage of your cellphone’s automatic lock feature. You can do this by setting a short inactivity-until-locked time. (This is the amount of time your phone will stay unlocked after you last touch it.) A good rule of thumb is to set it to around one or two minutes. 

Enable encryption

Encryption is the scrambling of data so that only the person with the correct key can read it. Many new cellphones have encryption features built in and enabled automatically, usually through a password or unlock feature. To make sure it’s enabled, go to your phone’s security settings. 

If you have an older cellphone, you can purchase encryption software. Just make sure you’re getting it from a trusted source. Look up consumer reports or product reviews before you commit. 

These days, the list of apps for cellphone owners to choose from is seemingly endless. Unfortunately, not all of them are trustworthy. Some have been designed to steal your information, or monitor your activity. 

To protect yourself, only download apps from an official app source. This includes:

• Apple’s App Store

• BlackBerry’s BlackBerry World

• Google’s Google Play

• Microsoft’s Windows Store

Even then, don’t download apps with negative security or privacy-related feedback — or apps with no user ratings at all.

It’s a good idea to check your apps’ permissions in your phone’s settings. You may have unknowingly granted access to sensitive device features, such as location tracking or your contacts. If you want to be thorough, consider skimming your apps’ privacy policies and terms of use before hitting “I accept.”

Steps you can take to avoid spyware

It’s challenging to completely avoid spyware. That being said, here are some steps you can take to minimize the risk:

• update your operating system and install the latest “patches” and bug fixes

• install a personal firewall (this is a program that filters the traffic coming through the internet onto your private network)

• don’t click on pop-up ads

• download security software and regularly run scans on your cellphone

• change the privacy settings on your browser to the highest level

Surfing the web on an unsecure network is risky. Others may be able to monitor your cellphone activity, or even spy on the data you’re sending.

First off, make sure your home and work WiFi networks are secure. Change your router’s default settings, and turn on its encryption feature if it has one. Consider hiding your network ID, which will keep it from public view.

Avoid using public hotspots for sensitive transactions, like bank transfers. If needed, you can enable private browsing on public WiFi networks by using certain security features. For example, a virtual private network (VPN) allows you to send and receive data on a public network as if you were on a private network. Reach out to your cellphone manufacturer’s support team for details.

Consider disabling your phone’s WiFi, Bluetooth, and NFC features when you aren’t using them. These features allow your phone to connect to WiFi networks, wireless devices (like speakers), and use “tap-to-pay” services. However, they also emit a signal that third parties can use to track your movement. Go into your phone’s settings to turn off these features.