The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Thursday, December 31, 2009
The CLawBies (the Canadian Law Blog awards) for 2009 are out and I'm absolutely delighted to be a runner-up in the category of "Best Canadian Law Blog". It's particularly humbling to be in the same paragraph as slaw.ca, the hands-down, undoubtedly best Canadian legal blog out there.
It's been a good year for Canadian legal bloggers. Read all the results here.
Wednesday, December 30, 2009
It's official, the Prime Minister is proroguing parliament until the beginning of March: CBC News - Politics - PM seeks Parliament shutdown until March. (Never mind that they've been on vacation since November.)
This means that a number of privacy-affecting bills are being forced into a coma. The list includes:
The media is also reporting that, in the meantime, Harper plans to fill five vacant senate seats, which will give the Conservatives the majority they need to ensure safe passage of their legislation.
Sunday, December 20, 2009
Check out Dan Michaluk's summary of Carter v. Connors, 2009 NBQB 317, in which the New Brunswick Court of Queen's Bench ordered a litigant to obtain from her internet service provider a record of all her internet usage since the accident in issue to produce to the other side: Case Report – Another FaceBook production order made « All About Information.
I would be very surprised (shocked, actually) if the ISP kept a record of websites visited, going back five years.
From the first paragraph of the case:
 The Applicant-Defendant has brought a motion for an order that the Plaintiff, who is currently undergoing discovery examination by the Applicant’s counsel, provide an undertaking to have her Internet Service Provider, Bell-Aliant, disclose the history of her Internet use at her home from the date of a motor vehicle accident in 2004 until today. Included in that request is a specific ancillary request that, in the event the motion succeeds, the technician that assembles the Internet use record segregate as a discrete record, if possible, the time spent on the Internet social network site Facebook that may be disclosed in the Plaintiff’s Internet use account record. The Plaintiff has conceded in her examination that she also has an account on the social networking site Facebook. The motion is brought pursuant to Rule 33.12 of The Rules of Court but, practically speaking, under the auspices of Rule 32.06 and 33.08(3) of The Rules of Court.
Labels: social networking
Monday, December 14, 2009
I'm pretty sure that I don't get the appeal: Blippy is a fun and easy way to see and discuss the things people are buying.
Thursday, December 10, 2009
The 'net and twitter have been all abuzz this past week with revelations about telco and ISP cooperation with law enforcement. We've seen Wikileaks post the internal policies of MySpace and Cryptome's posting of Yahoo!'s internal policies.
Blame for this appears to be laid at the feet of the service providers.
I'm all in favour of privacy and completely in favour of government restraint. I'm even more keen on court oversight and requirements that warrants be produced in order for cops and national security types to get access to customer information. I'm also in favour of transparently and accountability. But I haven't seen much nuance in any of the online discussion of this topic. Perhaps that's just the analytical limitations of twitter and the general tone of much of the blogosphere.
Two important issues are being missed. First: just about any time you interact with any business these days, a data trail of some sort is left. If you buy a book using any credit or debit card, there's a record that can connect that purchase to you. If you check out a book from the library, there's a record. If you use a transponder-based tolling system, there's a record of where you were, when and maybe where you are going. If you use any loyalty program to collect points on your purchases, there's an even denser data trail. Your mobile phone provider knows where you phone is at all times and who you have called. This is not unique to online companies. It's simply the reality of our digital lives. Some information collection or retention may be gratuitous, but more often than not it is essential to provide the service that users are asking for. It is not unreasonable, however, to question how much information is collected and how long it is retained. Fair information practices demand that service providers only collect the amount of information necessary to provide the service and that they keep it for only as long as they need to in order to provide the service.
The second, and more important, issue: love it or loathe it, it is the law. If a third party has information about you, the government can get access to it with a court order, a warrant or a subpoena. The third party can sometimes go to court to challenge the legality of the request, but it seldom has enough information to do so. And in many cases, it really has no ability to do so. The fact is, if there is a lawful demand for information, the service provider has to comply or face criminal sanctions itself.
And that's not just unique to the US and the USA Patriot Act. In Canada, take a look at the Anti-Terrorism Act, the Criminal Code, the Canadian Security Intelligence Service Act or the National Defence Act. European democracies have similar rules, too. These companies are generally following their legal obligations. If you have a problem with that, energies and outrage might be more usefully channelled to changing those laws.
ISPs and telcos may influence the laws, but they generally don't make they rules they have to abide by. In short: don't hate the player, hate the game.
Monday, December 07, 2009
As announced earlier this week, the nominations are now open for the annual Canadian Legal Blogging Awards, affectionately known as the Clawbies: Nominations Open for the 2009 Clawbies – Law Firm Web Strategy.
This blog was a runner-up in 2007.
The hardest part about nominating blogs for the award is the abundance of great Canadian law blogs out there. I follow dozens that provide interesting, relevant and timely information. I know it takes a lot of time and effort to produce one, so all of them deserve recognition. The best of the best need a special shout-out.
But if I am forced to single out three blogs, I will focus on three that provide me with "practitioner support". These provide a mental and professional return on my investment of time and attention. If I could follow only three Canadian legal blogs, here they are:
All About Information - Dan Michaluk from Hicks Morley puts a lot of thought into everything he posts. His blog has the best commentary and analysis on just about every important privacy and access to information case in Canada. And, he's a great guy.
Michael Geist - Blog - Everyone I know reads Michael's blog and his columns. Not everyone agrees with his perspective, but there is no denying that he is one of the most prolific, plugged-in Canadian legal bloggers. If your practice touches on IP law or privacy, you have to follow him.
Slaw - For me, Slaw is a must-follow because of the regular content that's relevant to my practice. But reading Slaw also reminds me of the Sunday New York Times or wandering through the library stacks: there's amazing stuff that you probably never thought of looking for. You can easily get lost in all the good stuff.
If you read any Canadian legal blogs, please take the time nominate your three faves. All the details are here.
Over the last little while, there has been much discussion about cooperation between telcos and ISPs, on one hand, and law enforcement, on the other hand. We've certainly seen a lot of talk about "lawful access" in Canada.
If you're curious about some of the goings on behind the scenes at American telcos and ISPs in this regard, Cryptome and Wikileaks both have some interesting leaked documentation about policies and procedures for companies like MySpace, Sprint, Yahoo! and others. Just go to Cryptome.org and WikiLeaks.org and do a little digging around.
Wednesday, December 02, 2009
A quick thanks to the Delaware Employment Law Blog for including this blog in their Top 100 Employment Law Blogs. Thanks!
If you're a regular reader of this blog because of workplace privacy issues, head on over there and check out the great resources they provide.
At least since I've been using Facebook, this is the first time that Mark Zuckerberg has addressed the Facebook community through an open letter linked from the main user page. I find it interesting that the focus of this is privacy and the future of privacy on Facebook.
An Open Letter from Facebook Founder Mark Zuckerberg FacebookFor all the grief Facebook gets, I think they deserve a lot of credit for finally becoming very responsive to user (and regulatory) privacy demands and are providing much more detailed and customizable privacy controls.
by Mark Zuckerberg Yesterday at 6:23pm
It has been a great year for making the world more open and connected. Thanks to your help, more than 350 million people around the world are using Facebook to share their lives online.
To make this possible, we have focused on giving you the tools you need to share and control your information. Starting with the very first version of Facebook five years ago, we've built tools that help you control what you share with which individuals and groups of people. Our work to improve privacy continues today.
Facebook's current privacy model revolves around "networks" — communities for your school, your company or your region. This worked well when Facebook was mostly used by students, since it made sense that a student might want to share content with their fellow students.
Over time people also asked us to add networks for companies and regions as well. Today we even have networks for some entire countries, like India and China.
However, as Facebook has grown, some of these regional networks now have millions of members and we've concluded that this is no longer the best way for you to control your privacy. Almost 50 percent of all Facebook users are members of regional networks, so this is an important issue for us. If we can build a better system, then more than 100 million people will have even more control of their information.
The plan we've come up with is to remove regional networks completely and create a simpler model for privacy control where you can set content to be available to only your friends, friends of your friends, or everyone.
We're adding something that many of you have asked for — the ability to control who sees each individual piece of content you create or upload. In addition, we'll also be fulfilling a request made by many of you to make the privacy settings page simpler by combining some settings. If you want to read more about this, we began discussing this plan back in July.
Since this update will remove regional networks and create some new settings, in the next couple of weeks we'll ask you to review and update your privacy settings. You'll see a message that will explain the changes and take you to a page where you can update your settings. When you're finished, we'll show you a confirmation page so you can make sure you chose the right settings for you. As always, once you're done you'll still be able to change your settings whenever you want.
We've worked hard to build controls that we think will be better for you, but we also understand that everyone's needs are different. We'll suggest settings for you based on your current level of privacy, but the best way for you to find the right settings is to read through all your options and customize them for yourself. I encourage you to do this and consider who you're sharing with online.
Thanks for being a part of making Facebook what it is today, and for helping to make the world more open and connected. Mark Zuckerberg
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.