Last week I appeared before the House of Commons Standing Committee on Access to Information, Privacy and Ethics as part of its review of PIPEDA, Canada’s private sector privacy law. The ETHI study is expected to last several months and may provide the foundation for potential reforms. My opening remarks are posted below:
Post Tagged with: "pipeda"
Do You Consent? Four Ways to Strengthen Digital Privacy
Privacy laws around the world may differ on certain issues, but all share a key principle: the collection, use and disclosure of personal information requires user consent. The challenge in a digital world where data is continuously collected and can be used in a myriad of previously unimaginable ways is how to ensure that the consent model still achieves the objective of giving the public effective control over their personal information.
The Office of the Privacy Commissioner of Canada released a discussion paper earlier this year that opened the door to rethinking how Canadian law addresses consent. The paper suggests several solutions that could enhance consent (greater transparency in privacy policies, technology-specific protections), but also raises the possibility of de-emphasizing consent in favour of removing personally identifiable information or establishing “no-go” zones that would regulate certain uses of information without relying on consent.
My weekly technology law column (Toronto Star version, homepage version) notes that the deadline for submitting comments concludes this week and it is expected that many businesses will call for significant reforms to the current consent model, arguing that it is too onerous and that it does not serve the needs of users or businesses. Instead, they may call for a shift toward codes of practice that reflect specific industry standards alongside basic privacy rules that create limited restrictions on uses of personal information.
Why the New Canadian Telecom Transparency Rules Fall Short
Canadians have become increasingly troubled by reports revealing that telecom and Internet companies receive millions of requests for subscriber data from a wide range of government departments. In light of public concern, some Internet and telecom companies have begun to issue regular transparency reports that feature aggregate data on the number of requests they receive and the disclosures they make.
The transparency reports from companies such as Rogers, Telus, and TekSavvy have helped shed light on government demands for information and on corporate disclosure practices. However, they also paint an incomplete picture since companies have offered up inconsistent data and some of the largest, including Bell, have thus far refused to come clean on past requests and disclosures.
B.C. Court of Appeal Rules Facebook’s Fine Print Trumps Privacy Law
One week after the B.C. Court of Appeal ruled that it could order Google to remove websites from its global index, the same court (but different judges) ruled that a privacy class action lawsuit against Facebook could not proceed in the province because the Facebook terms and conditions provide that all disputes must be resolved in a court in Santa Clara, California. The decision should provide a wake-up call to users and policy makers because an absolute approach to terms and conditions not only means that Canadian courts may be unable resolve consumer disputes involving companies like Facebook, but that Canadian law will not apply either.
The current Facebook terms and conditions state:
You will resolve any claim, cause of action or dispute (claim) you have with us arising out of or relating to this Statement or Facebook exclusively in the U.S. District Court for the Northern District of California or a state court located in San Mateo County, and you agree to submit to the personal jurisdiction of such courts for the purpose of litigating all such claims. The laws of the State of California will govern this Statement, as well as any claim that might arise between you and us, without regard to conflict of law provisions.
While this appears to be slightly different from the terms that governed the dispute before the B.C. courts (it referenced courts in Santa Clara county), the key takeaway from the decision goes well beyond a proposed class action lawsuit over a Facebook “sponsored stories” program that no longer exists. The trial judge rightly noted that the heart of the case is whether online terms and conditions override domestic legal protections (in this case, the B.C. Privacy Act).
How the Budget Bill Quietly Reshapes Canadian Privacy Law
A budget implementation bill is an unlikely – and many would say inappropriate – place to make major changes to Canadian privacy law. Yet Bill C-59, the government’s 158-page bill that is set to sweep through the House of Commons, does just that.
The omnibus budget bill touches on a wide range of issues, including copyright term extension and retroactive reforms to access to information laws. But there are also privacy amendments that have received little attention. In fact, the Privacy Commissioner of Canada was not even granted the opportunity to appear before the committee that “studied” the bill, meaning that privacy was not discussed nor analyzed (the committee devoted only two sessions to external witnesses for study, meaning most issues were glossed over).
My weekly technology law column (Toronto Star version, homepage version) notes that the bill raises at least three privacy-related concerns. First, the retroactive reforms to access to information, which are designed to backdate the application of privacy and access to information laws to data from the long-gun registry, has implications for the privacy rights of Canadians whose data is still contained in the registry. By backdating the law, the government is effectively removing the privacy protections associated with that information.
Recent Posts
The Law Bytes Podcast, Episode 201: Robert Diab on the Billion Dollar Lawsuits Launched By Ontario School Boards Against Social Media Giants 
The Law Bytes Podcast, Episode 200: Colin Bennett on the EU’s Surprising Adequacy Finding on Canadian Privacy Law 
Debating the Online Harms Act: Insights from Two Recent Panels on Bill C-63 
The Law Bytes Podcast, Episode 199: Boris Bytensky on the Criminal Code Reforms in the Online Harms Act 
AI Spending is Not an AI Strategy: Why the Government’s Artificial Intelligence Plan Avoids the Hard Governance Questions
