Telecom - Staff Letter addressed to the Distribution List

Ottawa, 29 May 2024

Our reference: 8000-C12-202306407

BY EMAIL

Distribution List

Subject: Request for Information regarding privacy and data sovereignty considerations within the context of implementation of Emergency Location Service and Hybridized Emergency Location

Dear recipients,

In Telecom Decision 2023-235, the Commission mandated the implementation of handset-based location in Canada by 30 April 2024.

Advanced Mobile Location (AML) is a handset-based location protocol that uses handset-based location technology to determine the location of a smartphone. AML can be used to determine caller location for 9-1-1 calls made from Android smartphones, which use Google’s Emergency Location Service (ELS), or iPhones, which use Apple’s Hybridized Emergency Location (HELO).^Footnote1  Both ELS and HELO supplement network-determined location information and send enhanced location information directly from the handset to a designated endpoint, such as a Public Safety Answering Point (PSAP).

The Canadian public and the Commission place a high degree of importance on privacy and data sovereignty. For example, the NG9-1-1 framework establishes that information carried over Canada’s 9-1-1 networks remain under Canadian jurisdiction to the greatest extent possible. Further, section 7 of the Telecommunications Act established as an objective to contribute to the protection of the privacy of persons.

In light of the above, Commission staff requests that recipients of this letter provide the following information including all relevant details, rationale and any supporting information, by 10 June 2024. This information will help to better understand how Canadian’s data from 9-1-1 calls is treated by Wireless Service providers (WSPs), Bell and TELUS as ELS aggregators, and Google and Apple as ELS and HELO providers, respectively, when ELS and HELO are utilized for 9-1-1 in Canada.

To WSPs:

In Telecom Decision 2023-235 paragraph 50.7, the Commission states that once ELS is provisioned, facilities-based WSPs are to enable the following processes for all wireless 9-1-1 calls that are placed from ELS-compatible handsets on their networks:

• undertake a validation process to ensure the ELS location result and/or the calculated control plane location are within the Phase I serving area;
• compare the Phase II location with the ELS location to determine which is the most accurate and send it to the PSAP using the existing Phase II configuration; and
• maintain the current in-call location update (ICLU) process (no Phase II configuration changes are required; however, that process may now include ELS location data from the WSP as part of the most accurate location calculation).

Q1. Does any part of the data flow that takes place once location information has been received from the aggregator go outside of Canada? If so, please confirm where this occurs, who has access to the data, and why is this not done in Canada.

To Aggregators:

With regard to Emergency Location Service (ELS), the Commission designated Bell and TELUS as the aggregators of this service. In TD2023-235 paragraph 50.6, the Commission states that Bell Canada and TCI are to deliver the ELS location using hypertext transfer protocol secure (HTTPS) to the applicable WSPs.

Q2. Based on TD2023-235 in paragraph 50.6, is there any data in the process of delivering ELS location that flows outside of Canada, such as to an outside-of-Canada HTTPS server? If so, please confirm where this occurs, who has access to the data, and why is this not done in Canada.

Q3. Based on “The Company will delete ELS data after such data has been provided to the appropriate WSP, subject to applicable laws” in the tariff filings:

1. What are the applicable laws that Bell Canada and TELUS are referring to?
2. What are Bell Canada’s and TELUS’ data retention policies in regard to ELS?

Q4. Confirm whether you have undertaken a Privacy Impact Assessment or other written privacy or data protection review of the tariffed service. If so, please file it, seeking any confidentiality designations according to the process explained below.

To Google/Apple:

Q5. What are all of the terms and conditions that apply to these services (ELS/HELO) that are presented to users?

Q6. What is the step-by-step process of the flow of data when ELS/HELO is in use? Is there any point within a 9-1-1 call or afterwards where data flows outside of Canada when using ELS/HELO? If there is data that flows outside of Canada, where does this occur in the process? And if so, who has access to the data and what privacy protections are in place, if any, and why can this not be done in Canada?

Q7. Is there any personal information, as described in section 3 of the Privacy Act, captured with the 9-1-1 call by Google/Apple? If so, please provide full details with regards to which information is captured, where this information is captured, by whom, for how long, with whom this information is shared (if anyone), why, and how long they have access to this information.

Q8. In Google support, it states “After a completed emergency call or text during which ELS was active, your phone may send de-identified usage and analytics data to Google for the purpose of analyzing how well ELS works. This information doesn’t include the location sent to authorized emergency partners, and doesn't identify you.” Based on this statement, what data is sent to Google when a 9-1-1 call has been placed?

Please note that this letter and all responses received will be placed on a public record and will inform the Commission in regard to privacy and data sovereignty considerations. Pursuant to section 37 of the Telecommunications Act, the Commission may require Canadian carriers, or any other person, to submit information that is necessary for the administration of the Telecommunications Act.

As set out in section 39 of the Telecommunications Act and in Broadcasting and Telecom Information Bulletin CRTC 2010-961, Procedures for filing confidential information and requesting its disclosure in Commission proceedings, recipients may designate certain information as confidential though must provide a detailed explanation on why the designated information is confidential, and why its disclosure would not be in the public interest, including why the specific direct harm that would be likely to result from the disclosure would outweigh the public interest in disclosure. Furthermore, should recipients designate information as confidential, recipients must either file an abridged version of the document omitting only the information designated as confidential or provide reasons why an abridged version cannot be filed.

In light of the public interest in understanding ELS and HELO, Commission staff expects recipients to disclose information on the public record to the maximum extent possible.

Where a document is to be filed or served by a specific date, the document must be actually received, not merely sent, by that date.

The Commission requires all documents to be submitted electronically by using the secured service “My CRTC Account” Partner Log In or GCKey and filing the “Telecom Cover Page” located on that web page.

Yours Sincerely,

Original signed by

Michel Murray
Director, Dispute Resolution & Regulatory Implementation
Telecommunications Sector

c.c.: Etienne Robelin, Manager, Emergency Services Policy, CRTC etienne.robelin@crtc.gc.ca

Attachment: Distribution list

Distribution List:

WSPs:

Bell  bell.regulatory@bell.ca
EastLink  regulatory.matters@corp.eastlink.ca
Freedom regaffairs@quebecor.com
Rogers   regulatory@rci.rogers.com
Sasktel  document.control@sasktel.com
TELUS regulatory.affairs@telus.com
Videotron regaffairs@quebecor.com

Aggregators: 

Bell bell.regulatory@bell.ca
TELUS regulatory.affairs@telus.com

AML providers:

Google salvobaglieri@google.com
Apple tforgety@apple.com

Date modified:

2024-05-29