Post Tagged with: "privacy"

Message to the mail man by gajman (CC BY 2.0) https://flic.kr/p/b8fDw6

Keep Calm and Get Consent: Canada’s Anti-Spam Law Takes Effect This Week

Canada’s anti-spam legislation takes effect this week, sparking panic among many businesses, who fear that sending commercial electronic messages may grind to a halt on July 1st. The reality is far less troubling. The new law creates some technical requirements for commercial email marketing alongside tough penalties for violations, but left unsaid is that Canadian law has featured rules requiring appropriate consents for over a decade.

My weekly technology law column (Toronto Star version, homepage version)The concern over the new anti-spam law, which mirrors similar worries from 2004 when private sector privacy legislation arrived, suggests that many may not have complied with their existing obligations. As Canadians receive a flood of requests for consent from long-forgotten organizations they never realized had collected and used their personal information in the first place, the controversy over the rollout of the new anti-spam law says more about poor compliance rates with current privacy laws than it does about the new regulations.

June 30, 2014 — 5 comments — Columns

LG Cookie Fresh Email Setup by Digitpedia Com (CC BY 2.0) https://flic.kr/p/8rtADu

The Canadian Anti-Spam Law Panic: Same As It Ever Was

As the Canadian media reports on the panic associated with the new anti-spam law set to take effect next week, consider the following from Macleans titled “Few Companies Prepared for New Privacy Law“:

The new law..says organizations can only collect personal information for a stated reason – and can use it only for that purpose. Among others things, that means a company that supplies a service can’t sell its list of subscribers to another company’s marketing department. Individuals must be informed, and give their consent, before personal information is collected, used or disclosed..But most firms are unaware of the new law.”

The article continues by noting that “there’s confusion over which organizations might be exempt” and that “there is no grandfather clause – all existing customer information needs to be compliant.” The message is similar in a Globe and Mail article titled “Many small firms not ready for privacy rules“, which also notes the possibility of a constitutional challenge. An IT World Canada reiterates that concern in its coverage:

most Canadian organizations are not aware of the [law]. And very few are prepared to comply.

June 26, 2014 — 11 comments — News

How Europe is dealing with online privacy by safwat sayed (CC BY-ND 2.0) https://flic.kr/p/bk53au

Say Anything: The Government’s Response to its Disintegrating “Privacy” Reform Strategy

The Supreme Court of Canada’s Spencer decision is still only a few days old, but it has become clear that the ruling has left the government’s privacy and lawful access strategy in tatters. I’ve posted earlier on how the decision – which held that Canadians have reasonable expectation of privacy in their subscriber information and that voluntary disclosure of such information to the police constitutes an unlawful search – blows away the government’s plans for Bills C-13 and S-4 by contradicting longstanding government policy positions.

While there are options for the government to establish reforms that are consistent with the court ruling and that would grant police the access they say they need, government ministers have instead adopted a rather bizarre response of saying anything, no matter how inconsistent with prior positions, the court’s analysis, or public comments from authorities such as the Privacy Commissioner of Canada. There is admittedly a track record for this: Conservatives have dismissed privacy concerns from Carole Todd, the Boys and Girls Club of Canada, the Privacy Commissioner of Canada, and many more. Further, the Conservative leader in the Senate claims Spencer has “no impact whatsoever” on Bill S-4.

June 19, 2014 — 9 comments — News

The Supreme Court Eviscerates Voluntary Disclosure, Part 2: What Comes Next for C-13 and S-4?

In the fall of 2007, Public Safety Canada quietly launched a lawful access consultation that envisioned mandatory disclosure of customer name and address information. After I posted the consultation online, the department claimed that the consultation was not secret and then-Public Safety Minister Stockwell Day suggested that the document actually contained old Liberal wording. Day promised not introduce legislation compelling disclosure without a court order, a commitment that Peter Van Loan, the next Public Safety Minister, rejected when the Conservatives introduced their first lawful access bill in 2009.

This third post on Spencer (case summary, comparison with government talking points) begins with some lawful access history because it is important for understanding what might come in the aftermath of the Supreme Court of Canada’s evisceration of the government’s arguments on voluntary disclosure of personal information in the Spencer decision. The starting point for the voluntary disclosure provisions in Bills C-13 and S-4 can be traced back to the 2007 consultation. Law enforcement complained about inconsistent access to customer name and address information and sought new provisions to make such disclosure mandatory (PIPEDA permitted voluntary disclosure but did not require it).

June 16, 2014 — 1 comment — News

Supreme Court in Ottawa by Alex Nobert (CC BY-NC-SA 2.0)

The Supreme Court Eviscerates Voluntary Disclosure, Part 1: Comparing Spencer With the Govt’s Claims

For weeks, the government has been claiming that the provisions in Bill C-13 and S-4 were compatible with the law. Last week, the Supreme Court of Canada disagreed, issuing its decision in Spencer on the legality of voluntary warrantless disclosure of subscriber information. The court ruled that there was a reasonable expectation of privacy with subscriber information and that voluntary disclosure to police may constitute an illegal search.

The court’s comments are particularly striking when contrasted with claims from government ministers, MPs, and officials, who have defended C-13 and S-4 at committee. Consider what the court said about subscriber information:

in the totality of the circumstances of this case, there is a reasonable expectation of privacy in the subscriber information. The disclosure of this information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities would be anonymous. A request by a police officer that an ISP voluntarily disclose such information amounts to a search.

In contrast, Bob Dechert, the Parliamentary Secretary to the Minister of Justice, argued at committee that subscriber information was similar to a licence plate on a car:

June 16, 2014 — 2 comments — News