Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh

Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh

Privacy

Supreme Court in Ottawa by Alex Nobert (CC BY-NC-SA 2.0)

The Supreme Court Eviscerates Voluntary Disclosure, Part 1: Comparing Spencer With the Govt’s Claims

For weeks, the government has been claiming that the provisions in Bill C-13 and S-4 were compatible with the law. Last week, the Supreme Court of Canada disagreed, issuing its decision in Spencer on the legality of voluntary warrantless disclosure of subscriber information. The court ruled that there was a reasonable expectation of privacy with subscriber information and that voluntary disclosure to police may constitute an illegal search.

The court’s comments are particularly striking when contrasted with claims from government ministers, MPs, and officials, who have defended C-13 and S-4 at committee.  Consider what the court said about subscriber information:

in the totality of the circumstances of this case, there is a reasonable expectation of privacy in the subscriber information. The disclosure of this information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities would be anonymous. A request by a police officer that an ISP voluntarily disclose such information amounts to a search.

In contrast, Bob Dechert, the Parliamentary Secretary to the Minister of Justice, argued at committee that subscriber information was similar to a licence plate on a car:

Read more ›

June 16, 2014 2 comments News
Come Back With a Warrant by Thomas Hawk (CC-BY-NC 2.0)

Supreme Court Delivers Huge Victory for Internet Privacy & Blows Away Government Plans for Reform

For the past several months, many Canadians have been debating privacy reform, with the government moving forward on two bills: lawful access (C-13) and PIPEDA reform (S-4). One of the most troubling aspects of those bills has been the government’s effort to expand the scope of warrantless, voluntary disclosure of personal information.

Bill C-13 proposes to expand warrantless disclosure of subscriber information to law enforcement by including an immunity provision from any criminal or civil liability (including class action lawsuits) for companies that preserve personal information or disclose it without a warrant. Meanwhile, Bill S-4, proposes extending the ability to disclose subscriber information without a warrant from law enforcement to private sector organizations. The bill includes a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. I appeared before both committees in recent weeks (C-13, S-4), but Conservative MPs and Senators were dismissive of the concerns associated with voluntary disclosures.

This morning another voice entered the discussion and completely changed the debate. The Supreme Court of Canada issued its long-awaited R. v. Spencer decision, which examined the legality of voluntary warrantless disclosure of basic subscriber information to law enforcement. In a unanimous decision written by (Harper appointee) Justice Thomas Cromwell, the court issued a strong endorsement of Internet privacy, emphasizing the privacy importance of subscriber information, the right to anonymity, and the need for police to obtain a warrant for subscriber information except in exigent circumstances or under a reasonable law.

Read more ›

June 13, 2014 30 comments News

Interview Discussing Spencer Ruling: No More Voluntary Disclosure

I talked to Rob Breakenridge on his show on News Talk 770 to about the Supreme Court of Canada’s landmark ruling in Spencer where it eviscerated voluntary disclosure of internet subscriber data.

Read more ›

June 13, 2014 Comments are Disabled News Interviews, Tv / Radio
Facebook: The privacy saga continues by Ruth Suehle for opensource.com (CC BY-SA 2.0) https://www.flickr.com/photos/opensourceway/4638981545/sizes/o/

Blown Chances, Bogus Claims & Blatant Hypocrisy: Why Yesterday Was a Disastrous Day for Canadian Privacy

Bills C-13 and S-4, the two major privacy bills currently working their way through the legislative process, both reached clause-by-clause review yesterday, typically the best chance for amendment. With Daniel Therrien, the new privacy commissioner, appearing before the C-13 committee and the sense that the government was prepared to compromise on the controversial warrantless disclosure provisions in S-4, there was the potential for real change. Instead, the day was perhaps the most disastrous in recent memory for Canadian privacy, with blown chances for reform, embarrassingly bogus claims from the government in defending its bills, and blatant hypocrisy from government MPs who sought to discredit the same privacy commissioner they were praising only a few days ago.

Read more ›

June 11, 2014 13 comments News
Internet E-mail by twitter.com/mattwi1s0n (CC BY 2.0)

The Fear-Free Guide to Canada’s Anti-Spam Legislation: Answers to Ten Common Questions

The imminent arrival of Canada’s anti-spam legislation has sparked considerable fear that might lead the uninitiated to think that sending commercial electronic messages will grind to a halt on July 1st, when parts of the law kick in. The reality is far less troubling. For any organization that already sends commercial electronic messages, they presumably comply with PIPEDA, the private sector privacy law, that requires organizations to obtain user consent, allow users to withdraw their consent, and provide the necessary contact information to do so.  Compliance with the new anti-spam law (CASL) involves much the same obligations.  While there are certainly some additional technical requirements and complications (along with tough penalties for failure to comply), the basics of the law involve consent, withdrawal of consent (ie. unsubscribe), and accessible contact information. 

This post is not legal advice, but it seeks to unpack the key requirements associated with the commercial electronic messages provisions in CASL by answering the ten questions organizations should ask (and answer). Note that there are additional rules associated with software that do not take effect until next year. While this is not designed to be comprehensive – some organizations will face unique issues – it provides a starting point for the key requirements, exceptions, and application of the law. The law itself can be found here. The Industry Canada regulations here and the CRTC regulations here.

The primary takeaways? If you send commercial electronic messages, you need explicit consent along with an unsubscribe mechanism and contact information. There are many common sense exceptions to this general rule, however, including personal messages, most business-to-business messaging, and most messages sent to recipients outside of Canada. Moreover, if you do not have explicit consent, the government has implemented a transition period that grants you three years to get it.

Read more ›

June 10, 2014 11 comments News
1 47 48 49 50 51 186