Latest Faculty of Information News

Alumni Portraits: How Brenda McPhail became a privacy guru

Submitted on Monday, May 13, 2019

As Director of the Privacy, Technology and Surveillance Project at the Canadian Civil Liberties Association, Brenda McPhail (PhD, 2013) works as both a privacy advocate and educator. But she’s far from a zealot. Her photo and bio can be found online and she’ll happily talk about the benefits of Facebook as well as the drawbacks. In our current era of Big Data, she says, privacy has become one of the civil liberties issues of our times.

In the following interview, she talks about some of her specific concerns, jobs in the privacy sphere, and why she decided not to become a rare books librarian.

Photo by Della Rollins

How did you originally get into the privacy field?

My interest in privacy was actually piqued at the Faculty of Information. I arrived there with two degrees in English thinking that I was going to end up as a rare books librarian. Because of the Master’s degree requirements at the time, I ended up taking a course on information technologies with Professor Andrew Clement, and it was an eye-opening new world of issues and questions. I enjoyed it so much that I took a follow-up course with him on participatory design.

There, we had to do a project where we worked with a community organization to help them. One of the groups that we worked with was a victim rights advocacy organization and one of their big concerns in relation to their data, of course, was privacy. The experience of doing research with real life humans and current problems as opposed to old books — which, don’t get me wrong, are still fascinating and interesting — caused me to shift my focus and my program. The experience that I got during my PhD and the other research projects gave me background in the social impacts of evolving technologies that got me the job here at the CCLA (Canadian Civil Liberties Association).

Can you say a bit about your PhD thesis, which I understand was about working conditions at call centres?

One thing I found out in my thesis research is that none of the workers there had any expectation of privacy. For me, it was a shocking discovery that privacy was not an issue for them because they just expected to be monitored and tracked in a call center environment. That led me to ask, what are reasonable expectations of privacy and in what situations? And how is evolving technology changing our privacy expectations in different places where we work, where we live, where we play?

Overall, would you say we’re more concerned about privacy than we used to be or less concerned? Sometimes I wonder if a phone book could ever be invented today yet people routinely tell all on social media.

I think we’re at a time where privacy is both more important than ever before and more at risk. Your example of a phone book, which was ubiquitously available, and everybody participated and didn’t really think very much about it, is an interesting one because a phone book, of course, is a local artifact. It’s something that people would have in their homes. You put one on the on the shelf underneath the phone.

You would get the book for your community. If you wanted a book for elsewhere, that would be harder to obtain. I was brought up in a very small town in east central Alberta. If my address and phone number were in the Castor phone book, the only people who were going to get that were the 1,000 people who lived in that town. Now, if my contact information is on the Internet, anybody in the world can access that essentially at will.

With that increased access comes increased concern about who might see it, how they might use it, and–increasingly in the age of Big Data–how it might be combined with other information about me. So the reason that I think people are more concerned about information, that in the past we might have considered trivial or inconsequential, is that we’re increasingly coming to understand that it’s precisely those teensy tiny, seemingly trivial bits of information about the minutia of our lives that are being used to create massive, complex and detailed profiles of who we are. And the problem is we don’t exactly know necessarily what they’re going to be used for or by whom.

I was a bit surprised when I found your CV available online.

That’s a byproduct of my job, which is interesting for someone whose title is Director of Privacy. Part of my responsibility is public and media engagement. Before I joined CCLA you probably wouldn’t have found a photo of me online. That’s all part and parcel of what’s so interesting in this field. There are increasingly different ways that we’re rendered visible through technology and we find it increasingly difficult to disengage from those platforms.  They’ve also become deeply entwined in our lives.

You almost start to look weird if you’re not using them. 

During the great Facebook Cambridge Analytica scandal one of the one of the memes that was going around was basically Quit Facebook. Some of the hashtags were ruder but we’ll go with Quit Facebook.

There was also an important counter narrative to that. People were speaking up and saying, you know I have a I have a rare illness and Facebook is the way that I found my community who can support me and I don’t have that locally. There were a series of examples of people saying that despite the risks, this is a piece of technology that I’ve integrated into my life in ways that are important and consequential. It’s not just so easy as saying, gee they did something bad so I’m going to dump it.

The solution is to find ways as a society to convince those platforms to do better. How do you make sure that the tools that are increasingly becoming entwined in our lives are developed in accordance with our values and the things that we think are important? And how do we do that as Canadians when so many of the platforms that we’re using are not based in our country or grounded in our particular set of values?

Am I right that you’re the first Director of Privacy at the CCLA?

The CCLA did privacy before I came here and they’ll do it after I’m gone, but the position was created at the time I joined the organization. Over the last few years it’s been increasingly evident that in the age of Big Data, privacy has become one of the civil liberties issues of our times. It’s a very big portfolio. There’s never a shortage of work. Anyone who’s interested in privacy probably knows that pretty much every day you pick up a newspaper, you can find a privacy story.

It sounds like a great job. 

It’s incredibly exciting and challenging. I do a real mix of things. We are a legal advocacy group so we act through the courts and work with pro bono counsel from across Canada to develop interventions that try to make the laws better for Canadians. There are times when I essentially serve in a general counsel type role. Privacy is unique in that technology is changing faster than laws can change and much faster than courts can get a grip on or understand the issues. The research is further ahead than law when it comes to thinking about these issues in the field of privacy and surveillance relating to technologies.

How are the job prospects for privacy specialists?

I would say it depends on what kind of interests they have. There aren’t a lot of organizations like the Canadian Civil Liberties Association who do this work. And the non-profit sector in Canada is small and badly resourced. But privacy as an issue is increasingly important. And there are a variety of places where skills in protecting privacy and privacy, in relation to data management and data storage records, are needed.

There are all kinds of different ways in which you could develop an interest in privacy and find a career. Hospitals have people who do privacy. Banks have people who do privacy. And advertisers have people who do privacy.


Yes. They might not be on the same side as I’d be. Some of the big marketing associations are working on responsible data use policies. It’s increasingly important that we have people who care about privacy in the business world. Government is interested in data and digital strategy and there’s a real need for people who are conversant with privacy principles in those fields as well.

Privacy is being recognized as a threshold right that’s essential for the enjoyment of other human rights. At the level of international policy and law, there is an interest in people who have privacy expertise. And of course in Europe they’ve introduced the new General Data Protection Regulation.

Can I ask you for a few quick privacy tips?

I think it’s really important to figure out one thing that you use all the time, something that you think is important to your life, and read that one privacy policy. It’s important because it helps you understand the kinds of language that are being used, the kinds of tricks that are being played, the kind of policies that are in place, and the potential ways for your information to be used and shared and sold.

Think about whether or not you want to use encrypted communications devices both because it protects your own information and because the more people that use encrypted traffic, the more it protects the people who desperately need to use it. So, human rights defenders who are being targeted by oppressive governments, for example, get cover for their communications thanks to those of us who are texting our partners, Can you pick up milk on the way home? It’s also just good security hygiene to make sure that the information that you share, whether it’s intimate or trivial, is protected.

There are excellent communication products that provide end-to-end encryption. I don’t recommend products but I can strongly recommend the Security Planner at the Citizen Lab at the University of Toronto. It basically walks you through some steps to think about what your own risk level and help you decide what some good privacy protected and secure options would be.