The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Sunday, July 23, 2006
Saturday's Globe & Mail had an interesting article on RFID, which is now online in the Globe's technology section: globeandmail.com : Who's watching the watchers? I find these articles to be interesting, but often overstate the threat that RFID poses in Canada. Most of the concern is that item-level tagging of purchased items will lead to the ability to track individuals once they have left the store. While this might theoretically be possible, the advent of a new technology does not mean that Canadian laws go out the window.
Every retail operation in Canada is governed by privacy laws, either PIPEDA or a substantially similar equivalent. Among other things, these laws require that the collection of personal information be reasonable and that personal information only be collected with the knowledge and the consent of the individual. I have no doubt that the unique identifier in a purchased item's RFID tag, when attached to any other information about an individual, is personal information for the purposes of these statutes. Therefore, in Canada:
Essentially, this means that retailers cannot covertly use RFID to track consumers in this country. The situation is entirely different in the US where no general privacy law covers the retail sector.
If you want any more information on RFID and Canadian privacy law, check out this great report by Teresa Scassa, Michael Deturbide, Theodore Chiasson and Anne Uteck of Dahousie's Law and Technology Institute: An Analysis of Legal and Technological Privacy Implications of Radio Frequency Identification Technologies. This report was funded by the Privacy Commissioner's contributions programme.
In a letter to the editor in today's Globe & Mail (July 25, 2006), Anne Cavoukian responds to the article from Saturday's paper:
globeandmail.com : RFIDs track products:
"RFIDs track products
ANN CAVOUKIAN Information and Privacy Commissioner of Ontario
Toronto -- The article Who's Watching The Watchers? (July 22) suggests that Katherine Albrecht was invited 'back' to brief my office on Radio Frequency Identifiers (RFIDs). I would like to make this perfectly clear -- she was never there, nor was she ever invited. Meanwhile, the article's characterization of RFIDs as spy chips is misleading.
Let's have a reality check. Currently in Canada, RFID tags are used in the supply-chain process for inventory control (tracking products, not people), which involves no privacy issues. But in future, if and when RFIDs are embedded into consumer products and linked to personal identifiers, we must remain vigilant to ensure that they are deployed in a manner that does not threaten privacy.
I have been studying RFIDs since 2003 and recently issued RFID privacy guidelines to address the future prospect of item-level, potentially privacy-invasive, RFIDs. I am a fierce protector of privacy but also believe in describing issues fairly and evenly. What we need is public education about this technology rather than fear mongering.
Misrepresenting RFIDs only serves to keep the public in the dark."
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.