The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Monday, February 15, 2010
Following in the footsteps of British Columbia and Alberta, bar owners in Halifax are talking about rolling out a "Bar Watch" program. You can read about other programs here: id swiping.
What is particularly troubling or at the very least needs close scrutiny is the suggestion that the banned list is going to originate from the police. So far, I haven't seen what gives the police the right to decide who goes into licensed establishments and what criteria they will use. I haven't seen any detail about how it with be implemented and what information will be demanded from all bar patrons.
Bar owners see police role in managing ban (UNews)
The group spearheading a citywide bar-goer blacklist may rely on police to provide personal information of banned patrons, according to a spokesperson for the group.
"I'm assuming that the police would hand it over to us, I can't see why they wouldn't," said Richard Stevens of the Restaurant Association of Nova Scotia. "I'm fairly certain that that's the way it would go."
Stevens is a co-owner of the Pogue Fado Irish Public House, as well as chair of the association's government-affairs committee. That committee met Thursday with its partners in this project - the municipality, police and provincial liquor enforcement officials - and agreed in principle to proceed with the plan.
The Bar Watch program, as it's been dubbed, may begin as early as April, but there's a lot still up in the air. Though Stevens said he's just speculating at this point, maintaining a database of patrons barred from Halifax's drinking establishments would be key.
This list would likely contain "very basic biographical information about the person," such as name and address, he said. Some details of the incident that earned them their spot on the list may also be included, including names of witnesses and security staff involved.
The list would be maintained by the association, and only bar owners and general managers would be able to add people to it. Bar security would only see the names of banned patrons, not their full details.
"It would take a significant incident (to get on the list). This isn't anything that any of the owners take lightly," Stevens said.
"I'm assuming that probably 75 to 80 per cent of the people that end up getting barred, the police would probably end up getting involved anyway ... because it would be that serious."
Even if bar security have to restrain patrons involved in a fight or another serious incident, the bouncers have no right to search them for ID, he said.
"If they fail to provide identification, if and when they've been restrained after an incident, we'd call the police," he said. "The police would come and the police would get that information."
Stevens said he believes the police will provide the information necessary for the blacklist. Arrest records are public.
Police advising, but no word on further role
Halifax Regional Police spokesperson Cst. Brian Palmeter said the police's role "is to provide any guidance or assistance that they would ask from us."
"All that we're really saying about it is that we're aware the Restaurant Association has had some preliminary discussions about this ... We would support anything that any business would do to make it safer for their customers ... but as far as this goes, this is something that they're looking at doing. It's not a police matter."
At the time, Palmeter was not asked and did not comment on whether police would provide the association with personal information of patrons.
Stevens said the police have been advising the association on the administration of the program.
"They have a lot more experience with these programs than we do," he said. "They're guiding us along, providing advice, and they're going to stay by our side ... until we get this thing up and running."
Stevens said the police could be involved in this capacity for one to two years.
The next step in getting this program off the ground is a meeting with "the key stakeholders around HRM," which Stevens said he expects within the next two or three weeks.
"We'll target, with the help of the police force, 10 or 12 key establishments, contact the owners, and call them in for a meeting where we'll describe the program, its objectives, what we hope to accomplish, and ask them to get onboard."
Monday, August 24, 2009
According to the CBC, the Information and Privacy Commissioner of British Columbia has approved a modified version of the BarWatch program. Bars, under BC's Personal Information Protection Act, are allowed to swipe a patron's drivers license or other ID, collecting name, gender, date of birth and a photograph of the patron. The information must be deleted within 24 hours, except for "rowdies", whose information can be kept and exchanged with other bars through the BarWatch database. See: Privacy commissioner OKs Barwatch software.
For more information on this controversial practice, click on the link "ID SWIPING" below.
Thursday, July 23, 2009
Earlier this week, the Information & Privacy Commissioner of British Columbia issued a decision (P09-01) related to the controversial practice of scanning photo IDs of patrons by bars, pubs and night clubs.
From the Commissioner's media release:
FOR IMMEDIATE RELEASE
July 21, 2009
Information and Privacy Commissioner Releases Order on Driver’s Licence Scanning
VICTORIA — Information and Privacy Commissioner David Loukidelis today released Order P09-01, in response to a complaint about the scanning of a bar customer’s driver’s licence. The customer complained that, when he went to the bar, employees asked him to produce his driver’s licence, swiped it through a card reader and then required him to have his digital photograph taken. He did not receive what he considered to be a reasonable explanation for why his personal information was being collected and later complained under B.C.’s Personal Information Protection Act (“PIPA”), which regulates the collection, use and disclosure of personal information by businesses.
The OIPC investigated the complaint twice and a formal hearing was eventually held. In Order P09-01, the Commissioner has decided that section 7(2) of PIPA does not allow the organization complained about, the Wild Coyote Club, to force its customers to give up their personal information, to the extent this is now being done, as a condition of being allowed into the bar.
Section 7(2) says a business “must not, as a condition of supplying a product or service, require an individual to consent to the collection, use or disclosure of personal information beyond what is necessary to provide the product or service.” The Commissioner accepted that it is “necessary” to collect personal information of certain customers for the purpose of operating a nightlife establishment, but not “to develop and maintain a personal profile containing the personal information of all customers in order to effectively track the few who may be removed from, and subsequently barred from re-entering, an establishment. Certainly, the full scope of information which is collected by Wild Coyote and the length for which it is retained is not necessary to achieve that purpose” (para. 98). The Commissioner therefore found that “a requirement for consent to the collection of personal information through the TreoScope system is a requirement for consent to the collection and use of information ‘beyond what is necessary’ for providing the service of operating a nightlife establishment in the terms I have described” (para. 98).
Section 11 of PIPA says a business “may collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances”.
The Commissioner found that, under s. 11 of PIPA, the collection of personal information was not appropriate in the particular circumstances, including given the nature and amount of personal information being collected. He found that “it is reasonable, in the case of Wild Coyote, for it to be able, in order to preserve a safe environment for customers, to identify those individuals who have been determined to be violent, or otherwise undesirable for re-entry from a safety perspective, and thus improve customer safety” (para. 127). He went on to say, however, that “much of the information collected by the TreoScope system”, including driver’s licence numbers, “does not further this safety purpose”, adding, “Moreover, I have not been provided with any reason related to improved customer safety for an establishment’s retention of any information at all relating to customers who are not involved in violent incidents” (para. 127).
As regards moving forward with a system for keeping banned customers out of bars, Loukidelis said this: Of course, I have received no submissions from the other parties on this alternative, and no details from Wild Coyote on how the system would operate if it were aimed at only maintaining a list of banned customers. As a result, I can only decide whether or not the collection as a whole, as it was being conducted at the time of the Investigation Report, complies with s. 11 of PIPA. For reasons already given, I conclude that it is not. The alternative proposed in Wild Coyote’s supplemental submissions would likely involve different considerations and cannot be addressed here.
In closing, the Commissioner said this: … I am well aware of, indeed share, public concern about gang violence and public safety in British Columbia. Some may assert that the technology involved here is synonymous with safety, such that any decision perceived to constrain ID scanning is a decision against safety. These are easy claims to make, but my duty is to apply PIPA based on the evidence and argument actually before me, which I have done.
 On the basis of the material before me, I have decided that it is reasonable for Wild Coyote to be able, in order to preserve a safe environment for customers, to identify those individuals who have been determined to be violent or otherwise undesirable for re-entry from a safety perspective, and thus improve customer safety. For the reasons given above, however, the collection of personal information as a whole does not comply with PIPA. In this light, and in view of the reasons given above, I invite –– indeed, strongly encourage––those involved to seek the views of this Office if they wish to find a solution for collecting personal information of a nature, and in a manner, that complies with PIPA.
Neither the Commissioner nor the OIPC will be giving interviews or commenting on this decision.
For previous posts on this topic, see the keywrd "id swiping".
Tuesday, May 05, 2009
Presuably to counteract the effects of the Information and Privacy Commissioner's decision that bans siping licenses at bars in the province (Alberta Commissioner forbids license scanning), the Alberta legislature is considering Bill 42 which permits the collection of similar information:
Legislative Assembly of Alberta - Bill 42: Gaming and Liquor Amendment Act, 2009
Collection of personal information by licensee
69.2(1) A licensee may, before allowing a person to enter licensed premises, collect the person’s name, age and photograph.
(2) If a licensee has personal knowledge or reasonably believes that a person referred to in subsection (1) has, at any time within the preceding year, engaged in an activity referred to in section 69(1) or (2), the licensee may, in good faith, disclose the person’s name, age and photograph to other licensees for the purpose of allowing them to determine whether they wish to allow the person to enter licensed premises.
(3) A licensee must, as soon as possible after a request is made by a police officer, disclose to the police officer any information collected under subsection (1).
Thanks to a correspondent for pointing this out ...
Wednesday, January 07, 2009
I've written on this blog before about the practice of swiping drivers' licenses and other IDs at bars. The Omega--an independent student newspaper from Thompson River University--is reporting about a company that takes it to a new level by photographing all bar patrons:
Big brother at the bar? - Cactus Jacks implements new way to screen attendees
“We have a new monitoring system called Treoscope that everyone that comes into the pub must go through,” said Cactus Jack’s manager Pete Backus. “It takes your picture and also records your name and where you are from.”
The entire system has brought up privacy concerns. The B.C. privacy commissioner is ruling on the legality of the way Treoscope collects and stores information.
The B.C. Civil Liberties Association said Tresocope violates the Personal Information Protection Act and the collection and storage of information from driver’s licenses is not necessary to provide the services drinking establishments offer. The association has qualms over who can access personal information and any resulting identity theft.
The electronic identification system has been put in place because of rising levels of violence in the club. Cactus Jack’s now requires identification cards that have a magnetic swipe stripe containing the user’s name, address and age in order for entrance to be granted.
According to the Treoscope website, patrons’ personal information is safe because only the name and age are displayed, not the birth date. It also claims information can only be accessed by police if they have a proper warrant.
Treoscope EnterSafe’s software database is connected to other clubs’ computers that operate the same software. When there is an incident, a “community alert” is attached to the person’s name allowing all those connected to determine whether to allow a club-goer in or not.
“We use it for security for the patrons of the club,” Backus said, who added they have been trying to cut down on gang violence in and around the club. When they learn someone is an Independent Soldier or other gang member they go back to the stored information and flag the individual. “We are trying to get rid of that,” Backus said. “We are not allowing people into the club that are gang-related or if they come into a club and start a fight. When that happens we now have their picture and we can suspend them from the club for as long as we want.”
Wednesday, February 20, 2008
In a long awaited decision, the Information and Privacy Commissioner of Alberta has ordered a nightclub to cease scanning drivers licenses. The practice is an unreasonable collection of personal information and is not justified under the Personal Information Protection Act.
From the decision, the Commissioner didn't see the connection between the collection of drivers license information and the supposed purposes for collecting it:
[para 31] From my review of the evidence and the parties’ submissions, I find that, at best, the Organization offers conjecture that collecting driver’s license information of patrons may act as a deterrent to violent behaviour. The Organization did not submit any evidence to establish that collecting the Complainant’s driver’s license information, or that of other patrons, is in any way a deterrent to violent behavior. In addition, it did not provide any evidence regarding the causes of violence in bars or statistics relating to the incidence of violence in bars before and after the implementation of a driver’s license collection program. I draw the inference that the Organization is unable to produce any evidence to draw a correlation between violence, patron safety, and collecting driver’s license information. As a result, the Organization has failed to establish any reasonable relationship between collecting driver’s license information and any of its stated purposes for scanning driver’s licenses. I am therefore unable to conclude that the Organization has a reasonable purpose within the meaning of section 11 when it scans patrons’ driver’s licenses.
[para 32] For these reasons, I find that the Organization did not comply with the requirements of either section 11(1) or (2) when it scanned the driver’s license information of the Complainant, as its collection of personal information is not reasonable related to its purpose....
On the topic of whether putting up a poster results in informed consent:
[para 53] The Complainant’s evidence is that his driver’s license was scanned before he could raise an objection. He had assumed that the Organization’s employee would check his birth date, but she instead scanned the information on the license into a database. The Organization does not challenge the Complainant’s version of events, but points to a poster it has now posted for patrons explaining why it collects driver’s licenses and what it does with them. It argues that this poster satisfies the requirements of section 13(1).
[para 54] As noted above, the poster explains that its collection practice is intended “to encourage our patrons to behave responsibly and deter those who are seeking to ruin your experience with us, from entering the venue.” The poster is not clear about the purposes of the Organization in collecting the information and does not warn patrons that information will be retained for a period of 7 – 10 days or longer by the Organization.
[para 55] I find that the poster is misleading and does not provide sufficient information for patrons to provide informed consent to the Organization’s collection of personal information. In addition, the Organization provided no evidence that the poster was in place when it scanned the Complainant’s driver’s license. In fact, paragraph 8 of the Organization’s affidavit establishes only that the notice was posted on August 24, 2006, the date of the affidavit.
[para 56] I find that the Complainant did not consent to the scanning of the information on the face of his driver’s license, other than to permit the Organization employee to confirm his date of birth. I also find that the Organization did not provide adequate notice to the Complainant of its collection of his personal information. As none of the provisions of 14 apply, and because an individual cannot consent to the unreasonable collection of personal information, I find that the Organization was required to provide notice of its collection and did not. As a result, I find that the Organization contravened section 13 of the Act when it collected the Complainant’s personal information.
The Calgary Sun reports that the owner of the bar is considering appealing and is "furious" about the decision: The Calgary Sun - Bar owner furious after licence checks halted.
Monday, January 14, 2008
Personal information practices of bars and nightclubs are coming under increasing scrutiny, particularly with repect to video surveillance in Nova Scotia and the practice of scanning identification documents. Complaints related to the latter practice are pending in British Columbia and Alberta. It appears that a decision of the Alberta Commissioner is to be expected shortly: Alberta privacy commission to rule on bar scans.
Thursday, January 03, 2008
Just before New Year's, the Nova Scotia Utility and Review board reinstated the liquor license of a popular bar in Halifax on the condition (among others) that the bar double the number of surveillance cameras and allow liquor inspectors and the cops to have offsite access to the feeds (see: Canadian Privacy Law Blog: Offsite surveillance in Halifax bar may set precedent and Canadian Privacy Law Blog: Halifax bar gets liquor license back on condition that cops have off-site access to surveillance system).
When this report came out, I voiced some concerns that this may set a dangerous precedent. Any move to implement such a scheme has to include very tight controls over how this new-found surveillance power will be used lest it be a license for unimpeded and unrestricted intrusiveness.
In case you were wondering what the slippery slope of function creep (to mix my metaphors) looks like, look no further than random ID checks in casinos in Illinois. Random identification checks by law enforcement officers were put in place to deal with excluded problem gamblers. Assurances were given that there would be no other use of that information or other abuse of this power. Now it's reported, shockingly, that the cops in Illinois casinos are checking for problem gablers, sex offenders, outstanding warrants and other micreants. See: Daily Herald Police admit ID checks in casinos turn up more than problem gamblers.
To put it bluntly, function creep is a very real phenomenon that needs to be anticipated and guarded against whenever a new intrusive technique or technology is rolled out.
Wednesday, November 28, 2007
I've blogged on this topic of bars swiping patrons' identification a number of times (see label "id swiping"), but it appears that we'll have a decision from the Alberta Commissioner on the topic in the next few months: edmontonsun.com - Edmonton News - Barlink probed by privacy watchdog.
Friday, January 26, 2007
According to the CBC, the Information and Privacy Commissioner has completed his inquiry related to the practice of swiping drivers' licenses at bars in that province. A decision is expected next month. See: B.C. privacy commissioner to rule on ID scans in bars.
Monday, October 23, 2006
Today's New York Times is running a very interesting article on the next battle over RFID: the mass rollout out proximity-based consumer credit cards. The latest fuss particularly relates to alleged defects in the implementation of RFID that allow researchers (and perhaps malevolent folks) to read cards en clair from a distance. See: Researchers See Privacy Pitfalls in No-Swipe Credit Cards - New York Times.
Tuesday, February 28, 2006
Bars seem to be on the cutting edge of identification technology. Regular readers of the blog probably have noted references to bars scanning identification documents of visitors and some using external databases to keep track of banned patrons. (see Swiping driver's licenses - instant marketing lists?, Calgary student challenges nightclub over scanning ID, Alberta bar to continue scanning IDs despite Commissioner's advice not to, New technologies for scanning IDs.) Now, Wired News is reporting on facial recognition software that takes a picture of visitors to bars and matches them against a database of banned patrons. The technology was born in Toronto, Canada:
Wired News: BioBouncer Might Make Bars Safer
Privacy watchdog groups, however, don't like the sound of it, and it's not clear club patrons will dig it, either. Many people are already accustomed, or oblivious, to cameras recording their every move at ATMs and 7-11s. But in a bar's let-loose environment the sign Dussich wants posted at the entrance announcing that BioBouncer is recording their faces might send customers running.
Lee Tien, a staff attorney with the Electronic Frontier Foundation, said people may find BioBouncer insulting or invasive. Facial recognition software is notoriously inaccurate, he said, and he is concerned that data-sharing could be used to blackball innocent partiers.
"Think about it: Someone doesn't like you, your photo gets in there, you walk in someplace and they're telling you, 'You're a troublemaker, you got bounced from that other bar.'"
BioBouncer was born when a Toronto club owner asked if Dussich could help curb a burgeoning crime problem. Dussich may be on to something, as crime is plaguing the club scene nationwide, said Robert Smith, a police officer and nightclub security expert, who runs the Hospitality and Security Alliance.
Update: Bruce Schneier has some things to say about this:
Schneier on Security: Face Recognition Comes to Bars:
And the data will be owned by the bars that collect it. They can choose to erase it, or they can choose to sell it to data aggregators like Acxiom.
It's rarely the initial application that's the problem. It's the follow-on applications. It's the function creep. Before you know it, everyone will know that they are identified the moment they walk into a commercial building. We will all lose privacy, and liberty, and freedom as a result.
Thursday, November 24, 2005
The saga related to the scanning of IDs in Alberta bars continues. The Gauntlet, a University of Calgary student publication, reports that the bar in question is planning to ignore the Information and Privacy Commissioner's recommendation by continuing to use the Secureclub system. The investigation by the IPC will likely continue and may culminate with an order under the Personal Information Protection Act of Alberta in the new year. In the meantime, the univeristy pub is going ahead with using the technology. See Gauntlet News - Private info or no beer.
For some background on this complaint and the issue generally:
Monday, September 19, 2005
For those bar and nightclub owners who are not content with reading the magnetic stripes of patrons' ID cards, a UK company has added to the ID-capturing arsenal with ClubScan. It's a all-in-one scanner, OCR driver and database management system to slice and dice customer information:
"idscan incorporates the cutting edge of Optical Card Recognition OCR technology. It uses advanced image processing and field identification capabilities to read and process the information on driver licenses, Idcards, passports and other forms of ID.
idscan application has an OCR system that is pre-trained to recognize and interpret a wide variety of font types on ID cards. Including Passports, Provisional UK, European, US, Australian, Middle East and Far East IDS & Driving Licenses.
idscan OCR technology begins reading the text information, the application uses its intelligent processing engine to correctly place the text data into appropriate text fields i.e. ID Number, Name, Address, Issue Date, Expiration Date and Date of Birth.
The combination of accurate OCR with advanced image processing yields a perfect system for scanning and filing driver licenses and ID cards and offers the only OCR system that delivers 99% accuracy. ..."
For those who want to share with other users, Sharescan adds "troublesome" former customers to a worldwide database accessible to other idscan customers. Oddly, there's no mention on the website of how this jibes with the UK Data Protection Act.
Via Engadget: The Clubscan ID scanner for nightclubs.
For a somewhat related blog entry, check out: The Canadian Privacy Law Blog: Calgary student challenges nightclub over scanning ID.
Monday, August 15, 2005
I've been waiting for this complaint for some time. When people (usually younger and with more interesting social lives) make the mistake of asking me what I do for a living, the description is usually follwed by the question "can bars legally scan your driver's license?" According to the Globe & Mail, an Alberta law student has complained to the Alberta Information and Privacy Commissioner about the increasingly common practice of requiring bar patrons to have their ID scanned before being allowed entry.
Presumably the basis for the complaint is that the bar is requiring patrons to consent to the collection and use of personal information that is not necessary. Section 7(2) of the Personal Information Protection Act (Alberta) reads:
An organization shall not, as a condition of supplying a product or service, require an individual to consent to the collection, use or disclosure of personal information about an individual beyond what is necessary to provide the product or service.
I have heard bar owners in Halifax quoted as saying that the practice is only to verify that the ID has not been altered because the readers check that the info encoded on the magnetic strip is the same what appears on the face of the license. OK. But readers also record all the data (name, address, date of birth, license restrictions, etc.) and download them into a central system at the end of the day.
This should be an interesting case, since it will have to consider why the bars want this information and whether it is reasonable.
Read the Globe & Mail article here: Globetechnology: Calgary student challenges nightclub
Sunday, January 25, 2004
A little while ago, I wrote about biometrics on drivers licenses and particularly referred to the practice of swiping driver's licenses (below). Debora Pierce, who regularly writes on law and technology issues in the Seattle Press, has an article on the topic that I just found: The Seattle Press - LAW&TECHNOLOGY: Swiping driver's licenses - instant marketing lists?:
"IN AN effort to cut down on underage drinking and smoking, many bars, clubs, and restaurants have begun to use devices that scan driver's licenses. In addition to verifying the age of the driver's license holder, the scanner also picks up all of the information in the magnetic stripe found on the backs of most driver's licenses. The obvious benefit is that underage drinking and smoking is curtailed, but that benefit comes at a price. Here is another case where technology has outpaced the law, and the casualty is privacy. "
I would suggest that the automatic swiping of driver's licenses at bars is very likely in violation of the law here in Canada. The federal privacy law, PIPEDA, requires knowledge and consent for the collection, use or disclosure of personal information. From what I understand, individuals are not being informed about why their cards are being swiped and how that information will be used. There is no "identifying Purposes", as required by Principle II. Individuals are not being given the opportunity to consent, let alone being asked to consent. If a bar refuses admission because you refuse to have your personal information harvested, they are in violation of the following sub-principles:
4.3.2 - The principle requires "knowledge and consent". Organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.
4.3.3 - An organization shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified, and legitimate purposes.
If the collection is supposed to be to verify that the license has not been tampered with, it probably still amounts to a violation of Principle 4 - Limiting Collection because much more information is collected and used than is necessary for that particular purpose:
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
The Federal Privacy Commissioner hasn't, as far as I know, had a complaint about this practice but I am sure it is not too far off.
Wednesday, January 14, 2004
B.C.'s privacy commissioner is wary of allowing high-tech gizmos to keep tabs on bar patrons and taxi customers. David Loukidelis said he has concerns with a proposed scheme by bars in Vancouver to take pictures of patrons and swipe data from their driver's licence -- name, age and licence number -- into a computer."
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.