Post Tagged with: "privacy"

EU-Canada signing ceremony by European Union http://tvnewsroom.consilium.europa.eu/event/eu-canada/eu-canada-signing-ceremony#/gallery/0

Canada – European Union Data Sharing Agreement Sent to EU Court of Justice for Review

Earlier this year, Canada and the European Union announced that they had reached agreement on sharing airline passenger name record data. The data shared includes names, addresses, and credit card numbers of airline passengers. The agreement was signed in June (video of the signing here), but approval from the European Parliament was required. In light of growing privacy concerns, that approval has proven more difficult to obtain than previously anticipated.

Rather than simply grant approval, the European Parliament has narrowly voted to send the agreement to the European Court of Justice for review to ensure that it is compliant with European law including EU treaties and the European Charter of Rights and Freedoms (the final vote was 383 to 271 with 47 abstentions). The resolution notes that the European Data Protection Supervisor (effectively the Privacy Commissioner for the EU) issued an opinion in September 2013 that questioned the necessity and proportionality of agreements to transfer passenger information between jurisdictions. The EDPS opinion features an extensive review of the agreement and raises pointed questions about specific provisions along with numerous recommendations for reform.

The decision means that the Canada – EU data sharing agreement will be delayed by at least one to three years while the court conducts its review. The review will raise several important privacy issues including the effectiveness of exchanging passenger information in combating terrorism and the state of Canadian privacy law. The European Court of Justice has already struck down the European Data Retention Directive, suggesting that this agreement could also face tough scrutiny.

December 3, 2014 — Comments are Disabled — News

bc-amanda-todd10nw1 at https://amandatoddlegacy.files.wordpress.com/2013/10/bc-amanda-todd10nw1.jpg

Carol Todd on Bill C-13: “What Happened to Democracy?”

The Senate Committee on Justice and Human Rights continues its study later today on Bill C-13, the cyber-bullying/lawful access bill that has already passed the House of Commons and seems certain to clear the Senate shortly. I appeared before the committee last week, but one person who will not appear is Carol Todd, the mother of cyber-bullying victim Amanda Todd. Ms. Todd wrote to me yesterday to express her dismay at the committee process with Conservative Senators mischaracterizing her views and the committee declining to offer her an invitation to appear, likely due to her criticisms of the privacy-related provisions in the bill.

Ms. Todd did appear before the House of Commons committee studying Bill C-13, telling Members of Parliament:

November 26, 2014 — 10 comments — News

Uber is Uber Cool by Mike (CC BY-NC-SA 2.0) https://flic.kr/p/eeVwN3

Why Uber Has a Canadian Privacy Problem

The mounting battle between Uber, the popular app-based car service, and the incumbent taxi industry has featured court dates in Toronto, undercover sting operations in Ottawa, and a marketing campaign designed to stoke fear among potential Uber customers. As Uber enters a growing number of Canadian cities, the ensuing regulatory fight is typically pitched as a contest between a popular, disruptive online service and a staid taxi industry intent on keeping new competitors out of the market.

My weekly technology law column (Toronto Star version, homepage version) notes that if the issue was only a question of choosing between a longstanding regulated industry and a disruptive technology, the outcome would not be in doubt. The popularity of a convenient, well-priced alternative, when contrasted with frustration over a regulated market that artificially limits competition to maintain pricing, is unsurprisingly going to generate enormous public support and will not be regulated out of existence.

While the Uber regulatory battles have focused on whether it constitutes a taxi service subject to local rules, last week a new concern attracted attention: privacy. Regardless of whether it is a taxi service or a technological intermediary, it is clear that Uber collects an enormous amount of sensitive, geo-locational information about its users. In addition to payment data, the company accumulates a record of where its customers travel, how long they stay at their destinations, and even where they are located in real-time when using the Uber service.

November 24, 2014 — 5 comments — Columns

analog sphere of privacy by Jason Tester Guerrilla Futures (CC BY-ND 2.0) https://flic.kr/p/8Hq5GM

The Spencer Effect: No More Warrantless Access to Subscriber Info With Five Minutes of Police Work

The Canadian Press reports that the RCMP has abandoned some Internet-related investigations because it is unable to obtain warrantless access to subscriber information. The article is based on an internal memo expressing concern with the additional work needed to apply for a warrant in order to obtain access to subscriber information. The changes have arisen due to the Supreme Court of Canada’s Spencer decision, which held that there is a reasonable expectation of privacy in subscriber information. As a result, it is believed that most telecom and Internet providers have rightly stopped voluntary disclosures without a warrant (some have still not publicly stated their disclosure practices).

The article notes how easily subscriber information was disclosed prior to Spencer:

Prior to the court decision, the RCMP and border agency estimate, it took about five minutes to complete the less than one page of documentation needed to ask for subscriber information, and the company usually turned it over immediately or within one day. The agencies say that following the Supreme Court ruling about 10 hours are needed to complete the 10-to-20 pages of documentation for a request, and an answer can take up to 30 days.

The troubling aspect of the story is not that some investigations are being curtailed because law enforcement is now following due process and that telecom providers are requiring a warrant before disclosing subscriber information. It is that for millions of requests prior to Spencer, it took nothing more than five minutes to fill out a form with the information voluntarily released without court oversight and without notifying the affected subscriber.

November 21, 2014 — 8 comments — News

Senate Chamber HDR by Intiaz Rahim (CC BY-NC-ND 2.0) https://flic.kr/p/5LhGZg

Choosing Between Privacy and Cyberbullying: My Appearance on Bill C-13 Before the Senate Legal and Constitutional Affairs Committee

Yesterday I appeared before the Senate Committee on Legal and Constitutional Affairs, which is studying Bill C-13, the lawful access/cyberbullying bill. The full transcript of the spirited discussion is not yet available, but my opening statement is posted below.

Appearance before the Senate Standing Committee on Legal and Constitutional Affairs, November 19, 2014

Good afternoon. My name is Michael Geist. I am a law professor at the University of Ottawa, where I hold the Canada Research Chair in Internet and E-commerce Law. I appear today in a personal capacity representing only my own views.

Given the limited time, I’m going to confine my remarks to three privacy-related issues: immunity for voluntary disclosure, the low threshold for transmission data warrants, and the absence of reporting and disclosure requirements.

November 20, 2014 — 5 comments — Committees, News