Post Tagged with: "consent"

IAPP by forester401 (CC BY-NC-SA 2.0) https://flic.kr/p/Y4B7dW

PIPEDA at 20: Time for PIPEDA 2.0

Earlier this year, I had the honour of delivering a keynote address at the IAPP’s 2018 Canadian Privacy Symposium in Toronto. My talk argued that as Canada’s private sector privacy law turns 20 (it was first introduced in the fall of 1998), an updated statute is long overdue, focusing on issues such as enforcement, consent, and big data. A video of the talk has now been posted online. The slides can be accessed here.

 

Read more ›

July 13, 2018 1 comment News
delete by Mixy Lorenzo (CC BY-NC-SA 2.0) https://flic.kr/p/7bGe9M

No Longer Fit for Purpose: Why Canadian Privacy Law Needs an Update

Canada’s private sector privacy law was first introduced 20 years ago, coinciding with the founding of Google and predating Facebook, the iPhone, and the myriad of smart devices that millions of Canadians now have in their homes. Two decades is a long time in the world of technology and privacy and it shows. There has been modest tinkering with the Canadian rules over the years, but my Globe and Mail opinion piece notes the law is struggling to remain relevant in a digital age when our personal information becomes increasingly valuable and our consent models are little more than a legal fiction.

The House of Commons Standing Committee on Access to Information, Ethics and Privacy last week released the results of a comprehensive study into Canadian privacy law. The report, which features 19 recommendations, provides Innovation, Science and Economic Development Minister Navdeep Bains with a road map for future reforms (I appeared before the committee as one of 68 witnesses from across the policy spectrum).

Read more ›

March 6, 2018 2 comments Columns
Five Data Privacy Principles from Mozilla (Put on a museum wall) 2014 by Ann Wuyts (CC BY 2.0) https://flic.kr/p/pVKYKn

Do You Consent? Four Ways to Strengthen Digital Privacy

Privacy laws around the world may differ on certain issues, but all share a key principle: the collection, use and disclosure of personal information requires user consent. The challenge in a digital world where data is continuously collected and can be used in a myriad of previously unimaginable ways is how to ensure that the consent model still achieves the objective of giving the public effective control over their personal information.

The Office of the Privacy Commissioner of Canada released a discussion paper earlier this year that opened the door to rethinking how Canadian law addresses consent. The paper suggests several solutions that could enhance consent (greater transparency in privacy policies, technology-specific protections), but also raises the possibility of de-emphasizing consent in favour of removing personally identifiable information or establishing “no-go” zones that would regulate certain uses of information without relying on consent.

My weekly technology law column (Toronto Star version, homepage version) notes that the deadline for submitting comments concludes this week and it is expected that many businesses will call for significant reforms to the current consent model, arguing that it is too onerous and that it does not serve the needs of users or businesses. Instead, they may call for a shift toward codes of practice that reflect specific industry standards alongside basic privacy rules that create limited restrictions on uses of personal information.

Read more ›

August 2, 2016 4 comments Columns
Did you consent to your involvement in this process? by Quinn Dombrowski (CC BY-SA 2.0) https://flic.kr/p/6Ghzp2

Canadian Chamber of Commerce, Canadian Marketing Association Take Aim At Digital Privacy Act’s Consent Provision

The Standing Committee on Industry, Science and Technology continues its hearing on the Digital Privacy Act (Bill S-4) yesterday, with appearances from Privacy Commissioner of Canada Daniel Therrien, the Canadian Chamber of Commerce, and the Canadian Marketing Association. Therrien expressed general support for the bill, but concern with the expanded voluntary disclosure provision.

The Canadian Chamber of Commerce and the Canadian Marketing Association seemed to take the committee by surprise by criticizing a provision in the bill that clarifies what constitutes meaningful consent. The proposed provision states:

6.1 For the purposes of clause 4.3 of Schedule 1, the consent of an individual is only valid if it is reasonable to expect that an individual to whom the organization’s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting.

That provision should be uncontroversial given that it only describes what most would take to mean consent, namely that the person to whom the activities are directed would understand the consequences of consent. Indeed, Therrien expressed support for the change, noting:

Read more ›

February 18, 2015 3 comments News
Please! By Josh Hallett (CC-BY 2.0) https://flic.kr/p/yALRk

In Defence of Canada’s Anti-Spam Law, Part Two: Why the Legislation Is Really a Consumer Protection and Privacy Law in Disguise

My first post defending Canada’s anti-spam law focused on why spam remains a problem and how the new law may help combat fraudulent spam and target Canadian-based spamming organization. Most would agree that these are legitimate goals, but critics of the law will argue that it still goes too far since it covers all commercial electronic messages, not just fraudulent or harmful messages.

If the law were only designed to deal with harmful spam, they would be right. However, the law was always envisioned as something more than just an anti-spam bill. Indeed, when it was first introduced, it was called the Electronic Commerce Protection Act, reflecting the fact that it was expressly designed to address online consumer protection issues (the name CASL was an unofficial working name developed within Industry Canada). The law has at least three goals: provide Canada with tough anti-spam rules, require software companies to better inform consumers about their programs before installation, and update Canadian privacy standards by re-allocating who bears the cost for the use of personal information in the digital environment.

Read more ›

July 10, 2014 8 comments News