The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Sunday, April 11, 2010
Simon Fodden, the head slawer over at http://www.slaw.ca/ has a great post to end the week (The Friday Fillip – Slaw), pointing to a great piece of photographic excellence "We're all gonna die". It's a 100m long photograph of people taken from Warshauer Strasse in Berlin. Go take a look at it, then come back here.
Simon notes that you can't go and see the location on Google Street View, presumably because of the supposed privacy issues that the German government has with street level imaging. That's too bad.
Simon brings up the broader topic of the privacy issues of photographing people, particularly in public places. It's an issue that has come up in all the discussions about Google Street View and other street imaging products out there on the 'net. I've given this topic a bit of thought, being simultaneously a privacy nerd, photo nerd and history nerd. Obviously, taking photos of people raises privacy issues but I don't have much of a problem when photos are taken in public places. People simply have diminished expectations of privacy on a public street. I like that Google and some others have allowed individual "vetoes", so that anyone who does not want to appear online can have the image taken down.
That's not to say that wholesale surveillance is ok, but when the images are being taken primarily of places and the people are incidental, I don't think this is what privacy laws were designed to protect us against. (The line can blur towards stalking or harassment if you follow a person in a public area and continue to take their photo, but that's not at issue here.)
Canadian privacy laws are meant to address commercial activity. To me, this sort of imaging is not "commercial" but fits under the exception of "journalistic, artistic and literary" expression, which is expressly excluded from PIPEDA.
My firm's property department has some great historical publications on the original property grants for Halifax. They include all sorts of info, like what was where, who owned what. For a history nerd, it is fascinating. It's a cool city with a neat history. I've spent hours looking at historical photos of Halifax. Many of them have people in them, which only adds to the value. I don't care who they, but what they are doing, where they are going and what they are wearing add so much to the historical significance of the photos.
I can't wait until the technology has been around long enough so that not only will you be able to stroll down a virtual street, but you'll be able to scroll back through history. Imagine looking at a downtown street in Street View and being able to choose to see what it looked like last year, five years go, ten years ago and fifty years ago. Not only will that be immensely cool, academics will have an incredibly valuable resource at their disposal.
Tuesday, February 23, 2010
The Privacy Commissioner of Saskatchewan is reportedly having to scale back services after the provincial government nixed a request for additional resources to hire another investigator. Gary Dickson's office not only administers the public sector access and privacy law, but he has to deal with the health privacy law that covers public and private sector healthcare.
I'm not sure you can truly be independent of the government if you have to go begging to it for adequate funds.
Saskatchewan privacy commissioner cuts services citing lack of resources - Winnipeg Free Press
REGINA - Saskatchewan's privacy commissioner says his office is in crisis and is being forced to cut back services because of a lack of funding from the provincial government.
Gary Dickson says surging demand for service has overwhelmed his office and the current three investigators cannot sustain the caseload.
He says despite his plea, the government's Board of Internal Economy has denied a request for $129,000 to hire another investigator and set up office space for that person.
"I've said to the board when I appeared in front of them, and I used the word very consciously, our office is in a crisis in terms of being swamped with demands for service from the people who live in the province," Dickson said Monday.
"We just cannot possibly ... respond to that demand in any kind of reasonable time frame."
Dickson says the number of reviews and complaints is up by 113 per cent over last year. Requests for advice and inquiries from public bodies and health trustees are also up.
Some people have been waiting for more than three years for a resolution to their case file, he says. The three investigators currently have a caseload of 376 reviews and investigations.
"Something has to give," says Dickson.
"So what we've decided to do is try and be transparent to the people of the province in terms of how this is going to translate into waits and delays."
The commissioner says his office will send letters to everyone who requests an investigation or review alerting them that they should not expect any action on their file for approximately 12 to 18 months.
Dickson also says all public organizations should expect significant cutbacks and delays if they need consultation on a project.
The privacy commissioner's office oversees some 3,000 bodies including ministries, Crown corporations, boards, commissions, agencies, schools, regional health authorities, municipalities, universities, colleges and health trustees.
The commissioner says the decision by the board will diminish how accountable public bodies are to the people of Saskatchewan.
"Manitoba, with roughly the same population, would have six investigators. Newfoundland and Labrador I think has more than six investigators (and) half the population. They certainly don't oversee 3,000 public bodies and health trustees," says Dickson.
Saskatchewan Justice Minister Don Morgan, who sits on the board of internal economy, says the privacy commissioner's budget has been steadily rising since 2002. That can't continue during tough financial times, he says.
"We're in times of fiscal restraint and we're expecting all ministries, all government agencies to try and work within existing budgets wherever they can," says Morgan.
The province is trying to cope with a big hole in last year's budget when potash revenue fell $1.8 billion.
The Saskatchewan government will deliver its new budget March 24, but Premier Brad Wall has already warned there won't be big spending increases - in fact, cuts are in the works.
Morgan said there's no way of controlling how many complaints the privacy commissioner's office receives, but he wants to cut the number if possible.
"We would like to work with the privacy commissioner to find ways that we can reduce the backlog in their office and try and find some efficiencies by having more of the requests dealt with at the ministry levels rather than through his office," he says.
Monday, February 15, 2010
Following in the footsteps of British Columbia and Alberta, bar owners in Halifax are talking about rolling out a "Bar Watch" program. You can read about other programs here: id swiping.
What is particularly troubling or at the very least needs close scrutiny is the suggestion that the banned list is going to originate from the police. So far, I haven't seen what gives the police the right to decide who goes into licensed establishments and what criteria they will use. I haven't seen any detail about how it with be implemented and what information will be demanded from all bar patrons.
Bar owners see police role in managing ban (UNews)
The group spearheading a citywide bar-goer blacklist may rely on police to provide personal information of banned patrons, according to a spokesperson for the group.
"I'm assuming that the police would hand it over to us, I can't see why they wouldn't," said Richard Stevens of the Restaurant Association of Nova Scotia. "I'm fairly certain that that's the way it would go."
Stevens is a co-owner of the Pogue Fado Irish Public House, as well as chair of the association's government-affairs committee. That committee met Thursday with its partners in this project - the municipality, police and provincial liquor enforcement officials - and agreed in principle to proceed with the plan.
The Bar Watch program, as it's been dubbed, may begin as early as April, but there's a lot still up in the air. Though Stevens said he's just speculating at this point, maintaining a database of patrons barred from Halifax's drinking establishments would be key.
This list would likely contain "very basic biographical information about the person," such as name and address, he said. Some details of the incident that earned them their spot on the list may also be included, including names of witnesses and security staff involved.
The list would be maintained by the association, and only bar owners and general managers would be able to add people to it. Bar security would only see the names of banned patrons, not their full details.
"It would take a significant incident (to get on the list). This isn't anything that any of the owners take lightly," Stevens said.
"I'm assuming that probably 75 to 80 per cent of the people that end up getting barred, the police would probably end up getting involved anyway ... because it would be that serious."
Even if bar security have to restrain patrons involved in a fight or another serious incident, the bouncers have no right to search them for ID, he said.
"If they fail to provide identification, if and when they've been restrained after an incident, we'd call the police," he said. "The police would come and the police would get that information."
Stevens said he believes the police will provide the information necessary for the blacklist. Arrest records are public.
Police advising, but no word on further role
Halifax Regional Police spokesperson Cst. Brian Palmeter said the police's role "is to provide any guidance or assistance that they would ask from us."
"All that we're really saying about it is that we're aware the Restaurant Association has had some preliminary discussions about this ... We would support anything that any business would do to make it safer for their customers ... but as far as this goes, this is something that they're looking at doing. It's not a police matter."
At the time, Palmeter was not asked and did not comment on whether police would provide the association with personal information of patrons.
Stevens said the police have been advising the association on the administration of the program.
"They have a lot more experience with these programs than we do," he said. "They're guiding us along, providing advice, and they're going to stay by our side ... until we get this thing up and running."
Stevens said the police could be involved in this capacity for one to two years.
The next step in getting this program off the ground is a meeting with "the key stakeholders around HRM," which Stevens said he expects within the next two or three weeks.
"We'll target, with the help of the police force, 10 or 12 key establishments, contact the owners, and call them in for a meeting where we'll describe the program, its objectives, what we hope to accomplish, and ask them to get onboard."
Thursday, January 07, 2010
The incomparable Frank Work, Information and Privacy Commissioner of Alberta, appears to have an opinion on body scanning technologies.
Privacy boss pans scans
New naked body security measures at airports don't fly, he says
The thin edge of the wedge -it's not the happiest of analogies when the subject is naked body scans and orifice-probing technology.
But that's the uncomfortable warning from Alberta Privacy Commissioner Frank Work, following a federal decision to install full-body security scanners at major Canadian airports, including Calgary and Edmonton.
Blasting the move as a serious blow to personal privacy and dignity, Work says he expects the obvious flaws in body-scanning security will result in more high-tech "toys" to fill the gaps.
"What will they do next, after the next incident? We're running out of toys and technological silver bullets," said Work, one day after the federal government announced the new airport security measures.
Work guards the privacy of Albertans, be it information or images.
If this was an Alberta rule or an airport decision, Work would surely step in and prevent the visual strip-search.
But being federal legislation, Work fears there is nothing he can do to block the airport scanners, which expose naked images of passengers to the eyes of prying security staff.
"The bottom line is it's a dignity issue, and either out of fear or because we don't want to stand in line too long, we've forsaken any notion of dignity -- it's like, all right, we'll assume the position," said Work.
He's awaiting a call from federal Transport Minister John Baird, but Work believes his hands are tied.
Work said that because human-monitored body scanners aren't perfect, showing only a surface view of the nude passenger, he believes it's a matter of time and/or tragedy before the next step is taken.
"The system is still prone to failure, so let's say the next guy packs his ass with however many grams of (plastic explosive) he can shove up there, and either successfully or unsuccessfully detonates it. What do they do next?" said Work.
"How do they trump full body scans? There actually is a device called the BOSS -- the Body Orifice Security Scanner -- where you sit in a plastic armchair and it can detect plastic or metal in body orifices. Is this next?"
The privacy boss knows his technology, and the chair he references is used in U.S. prisons, in lieu of the old rubber glove approach. That it could easily be installed in airport security areas is a squirmy thought.
Work believes it's just a matter of time.
"At what point do we say, 'Holy crap man, you're patting me down, you've got pictures of me naked, you've got me squatting on a chair, and you've taken my water bottle away'. I mean at what point is enough, enough?"
The federal government is installing 44 of the $250,000 body-scanners across Canada, as well as implementing a new system of visual observation, where security staff will monitor passenger behaviour.
The changes come in response to a Christmas Day attempt to blow up a jetliner over Michigan, when a Nigerian man failed to ignite explosives sewn into his underwear.
While the new body-scanners reportedly wouldn't have caught the underwear bomber -- the explosives were spread too thin -- U.S. demands for extra security have forced countries like Canada to follow suit.
Work says Canada obviously has little choice, if citizens want to travel internationally.
While the U.S. is forcing Canadian travellers to surrender their dignity, Work said the real danger is people starting to believe in safety, purchased through an invasion of privacy.
"The thing that troubles me most as the privacy commissioner, is we're getting more and more used to this stuff.
"Maybe we have to throw in the towel on the body scanners, but the next time the police or authorities come along wanting to blanket the city in cameras for safety reasons, we'll be that much more compliant."
This is too funny, scary and prescient:
Undressing the naked truth about the future of airline travel
Cavity searches, complementary catheters, cryogenic suspension will be the norms
By Paula Simons, Edmonton Journal
January 7, 2010 2:07 AM
The Edmonton Journal
January 7, 2011
The federal government says Canadian air travellers will soon be asked to undergo full-body cavity searches.
The move comes after full-body scanners, of the same type installed in Canadian airports last year, failed to detect bomb-making materials that a group of alleged would-be bombers had secreted within their personal body cavities.
Transport Canada says passenger privacy will be fully protected, because all individuals being stripped-searched will wear paper bags over their heads, preventing security officers from seeing their faces.
"We feel this strikes the necessary balance between protecting passenger safety and avoiding unnecessary traveller embarrassment," said Transport Canada spokesman Winston Smith.
Health Canada will compensate travellers by including complementary prostate exams and PAP smears as part of the inspection process.
"We won't just be striking a blow in the war on terror," said Reductio Ad-Absurdum, a spokesman with the Prime Minister's office. "We'll also reduce the burden on our public health-care system by screening early for cervical and prostate cancer. We think Canadians will be open to the value-added benefits."
While a few civil libertarian academic-types raised concerns about the invasion of privacy, most of those commenting on The Journal's web-site were enthusiastic.
"Flying is a privilege, not a right," said one.
"If you don't have anything to hide, why would you object?"
"The world is a scary place," said another. "I don't mind having my government stick its nose into every nook and cranny."
The Edmonton Airport Authority is asking all local passengers to arrive at the airport at least five hours before flight time to allow enough time for the new inspections.
The Edmonton Journal
January 7, 2015
In a new policy initiative designed to flush out terrorist plots, Transport Canada has announced that airline passengers will no longer be allowed to use on-board washrooms while the plane is in flight.
"Letting people move freely through the cabin, allowing them access to a private space where they couldn't be monitored, well, it's just too big a risk," said Transport Canada spokesman Winston Smith.
Passengers will be required to stay in their seats, with their belts securely fastened, for the duration of the flight. For short-haul flights, passengers will be provided complementary adult diapers. Long-haul flyers will be issued personal catheters.
"We feel this strikes the necessary balance between protecting passenger safety and avoiding unnecessary traveller embarrassment," Smith said.
While civil libertarians and others soft on terrorism suggested the new policy was an affront to human dignity, public response was muted.
"This is public safety we're talking about here," said Edmonton passenger Saaphtee Pherst, 52.
"If you have a problem with it, then don't fly."
The Edmonton Airport Authority is asking long-haul passengers to arrive six hours ahead of their departure time to be fitted for catheters.
January 7, 2020
In a move designed to restore public confidence in air travel, Transport Canada has announced it is moving to align with a new American policy that requires that all airline passengers be placed in pre-flight cryogenic suspension.
"We believe that flash-freezing will maximize both passenger safety and passenger comfort," said federal spokesman Winston Smith. "Ever since we banned people from taking books, magazines, computers and food aboard planes, and made it illegal for them to get out of their seats, air travel has become unduly tedious. This way, we eliminate any terrorism and boredom, and allow passengers to arrive safe and well-rested, without jet lag. And since we'll be able rip out the seats and stack passengers like cordwood, we'll be able to make more efficient use of space and fuel."
Federal spokesman Reductio Ad-Absurdum said cryogenics was a proven technology with minimal health risks.
The Edmonton Airport Authority is asking all passengers to report to the airport 24 hours before their flight for freezing.
January 2, 2021
Air UnitedCanNorthWestDeltaKLMVirginJALEl-AlJet, the world's sole surviving airline, filed for creditor protection this week in the wake of a disastrous Christmas travel season. A climate of fear, combined with fears about climate change, meant no one flew anywhere.
"Flying was no longer exciting or convenient," said business analyst Noitall Pundit. "The Age of the Airplane is over."
Travel Alberta is now asking people to travel by low-carbon donkey instead, and to stay strictly within a 100-mile radius of home.
"Foreign travel is dangerous and overrated. So are foreigners," said spokeswoman Pollyanna Xenophobe. "Alberta is the promised land. Really, no one should ever want leave it again."
I was interviewed by the Halifax Chronicle Herald on the need for a thorough debate about the privacy impact of body scanners and to make sure that we are actually dealing with the problem. And if we're going to use the technology, we need to ensure that all steps are taken to mitigate the privacy impact.
Safety vs. privacy: - Nova Scotia News - TheChronicleHerald.ca
Safety vs. privacy: Legal expert warns tradeoff of agreeing to virtual strip search might not be worth it
By KELLY SHIERS Staff Reporter Thu. Jan 7 - 4:47 AM
A Halifax privacy expert says airline passengers willing to undergo virtual strip searches are trading privacy for security in an equation that may not result in increased safety in the air.
"Because this is almost unprecedented in its intrusiveness, that means we really need to have a debate about it," David Fraser said Wednesday.
"If you throw out people’s privacy, it doesn’t necessarily mean you’re going to end up with the best security.
"I think we need to have all the facts in front of us about how effective these things are, what sort of impact they’re having on privacy, and how (we can) increase the effectiveness of security while trying to mitigate the impact it can have on privacy."
Mr. Fraser, a privacy lawyer with McInnes Cooper, said most of the people he has spoken with have reacted positively to the news that airports across the country, including in Halifax, will soon use scanners that see through clothes.
The machines show a three-dimensional outline of a naked body that allow screening officers to see whether someone is carrying dangerous items.
"When they balance their safety versus their privacy, they’re happy to give up their privacy in exchange for their safety," he said.
The scanners have been used at some airports outside Canada and were expected to be introduced in this country at some point.
But on Tuesday, the federal government announced it will buy 44 machines as part of an international response to a man’s attempt to blow up a jet approaching Detroit on Christmas Day. The man was wearing explosives sewn into his underwear.
The devices are only supposed to be used on passengers who have been singled out for secondary screening. Those passengers can choose to go through the machines or be frisked.
Mr. Fraser said he would prefer to be scanned rather than have the kind of intrusive pat-down that would be required in order to detect explosives sewn into underwear.
But he said he believes technology is only part of the answer to combating terrorism in the air.
"It’s convenient to throw technology at the problem and I think there may be an assumption this is going to make everybody safe, but I’m not sure this is necessarily the case," he said.
The devices have shortcomings, even if they are better than what is now in place, he said.
And technology, he said, may not be as effective as "strategic investments in humans" who are collecting, analyzing and using the massive amounts of data about possible threats and possible terrorists.
He said the public should ask questions about the use of the images and the safeguards that will be in place to protect them.
Under a plan approved by Canada’s privacy commissioner, an officer would view the image in a separate room and never see the passenger. The images are supposed to be erased automatically and no copies kept.
Other possible safeguards could include scanning screeners to ensure they’re not carrying cameras or cellphones capable of taking pictures of the images, Mr. Fraser said. And just as pat-downs are only done by members of the same sex, perhaps that rule should apply to viewing the naked images, he said.
Sunday, January 03, 2010
The thwarted Christmas Day bombing plot has certainly raised security levels in airports over the holidays. Individual passengers are being frisked before boarding, presumably to make sure they don't have any hidden compartments in their unmentionables (but inspectables). Carryons are being dramatically restricted to reduce screening times, as all such items have been hand inspected. Not at all surprisingly, this has brought body scanning technology to the fore.
In October of this year, the Federal Privacy Commissioner gave her conditional approval to the use of the technology. The conditions are that the images are not retained and the scanners are used only as a secondary screening tool. (See: A necessary image - The Globe and Mail.) However, all passengers to the US are now subject to secondary screening. The Globe article says that technology exists to blur faces and genitals, but I would think that genital blurring may might have obscured a cleverly hidden crotch bomb.
Also according to the Globe (Nigeria, Netherlands to introduce full-body imaging; Canada undecided - The Globe and Mail), both countries that were connected to the pantsbomber, Nigeria and the Netherlands, are introducing body scanning for all flights to the United States. So are UK airports (BAA to introduce full-body scanners at UK's Heathrow).
I travel a lot. Personally, I'd rather be virtually stripped in five seconds than physical patted down by a stranger over two or three minutes. But I'm not so shy. I would also think that the same technology that is currently used to detect explosives residue should be rolled out on a wider scale as well.
For a good overview of the technology and the debate, check out: Full-Body Scanners at Airports: The Good, the Bad, and the Ugly Technomix Fast Company.Also, CBS (via YouTube) does a pretty good job of covering the debate:
Saturday, January 02, 2010
On January 2, 2004, the first post for the Canadian Privacy Law Blog went live (though it was called "PIPEDA and Canadian Privacy Law" at the time.
Looking back to 2004, I had become an avid reader of legal blogs that were already being put out there and wanted to join the conversation. Many were such fantastic resources for a practitioner who needed to keep on top of developments in the law. At the time, privacy law was the most rapidly developing and it seemed a natural fit.
When I first clicked "Publish Post", I really hoped that I'd be able to keep at it. My greatest fear was, aside from not making a positive contribution, was joining the thousands of others who had abandoned blogs after a brief flurry of activity. My expectations have been greatly surpassed. Blogger tells me this will be the 3052nd posting to the Canadian Privacy Law Blog.
I'd like to thank the many people who read this blog regularly and subscribe to the RSS feed. I hope that it has proven to be of value to lawyers and others who have an interest in what I feel is one of the most interesting areas of the law. The tempo of developments in privacy law has varied and so has my posting frequency, but I plan to keep at it.
I thought it may be interesting to look at the top ten most read posts of 2009. Two topics that got a lot of attention in 2009, lawful access and social networking, weren't really on the radar in 2004.
There's a lot going on in the arena of privacy law and I hope this blog has been of assistance in keeping on top of it.
(Birthday cake graphic used under a creative commons license from K. Pierce.)
The timing on this couldn't be worse, in the aftermath of the Christmas day "underwear bomber" and unprecedented scrutiny of airline passengers.
The National Airlines Council of Canada is looking to the federal government to develop a "permanent solution" to the dilemma they are facing. Airlines that overfly the United States are required to send passenger information to the US TSA, but the airlines contend this violates Canadian privacy laws.
There are a number of circumstances under Canadian privacy laws where organizations require the collection of personal information that's not strictly necessary for the provision of goods or services. PIPEDA permits collection, use and disclosure where it is "required by law", but this is not a Canadian legal requirement.
From the Canadian Press:
Canadian airlines plead with government to solve U.S. security dilemma
By Jim Bronskill (CP) – 13 hours ago
OTTAWA — Canada's major airlines say they will be forced either to break privacy laws or to ignore new American air security rules unless the federal government comes up with a response to U.S. demands for passenger information.
The National Airlines Council of Canada, which represents the four largest Canadian carriers, is pleading with the government to find "a permanent solution" to the dilemma posed by the U.S. Secure Flight program.
The program would collect the name, gender and birth date of the approximately five million Canadians who fly through American airspace each year en route to destinations such as the Caribbean, Mexico and South America, even if their planes don't touch the ground in the States.
The U.S. Transportation Security Administration (TSA) would then vet the names against security watch lists.
Passengers whose names appear on the list could face anything from extra security screening to being barred from a flight. There are also concerns the personal data could be used for purposes unrelated to aviation security.
Washington is still reeling from an apparent attempt by a Nigerian man to blow up a jetliner over Michigan by igniting explosives sewn into his clothes.
The near-disaster has put renewed pressure on the TSA to ensure the skies are safe.
Canadian airlines have already begun passing along the personal information for flights that land in the United States.
But the requirement to hand over information for international flights over U.S. airspace was put on hold last February pending discussions with the governments of Canada, Mexico and some Caribbean countries.
In a November letter to Bill Baker, deputy minister of Public Safety, the National Airlines Council says Canadian carriers "are not aware of any progress" on the discussions and are concerned the TSA might suddenly enact the overflight provisions.
The council says this would force Canadian airlines to breach either Secure Flight or the Personal Information Protection and Electronic Documents Act, a federal privacy law that applies to Canadian companies.
An internal Public Safety document prepared last January agrees that sharing such information is "currently prohibited" under the privacy law.
Nicole Baer, a spokeswoman for the federal privacy commissioner, said it was too early to determine whether giving overflight data to the Americans would break Canadian privacy law.
The Public Safety document, obtained under the Access to Information Act, raises other concerns about Secure Flight.
"It is possible that Canadians overflying the United States could be denied boarding based on U.S. no-fly lists that were developed based on lower U.S. risk tolerance," says the January 2009 assessment.
"There are also no guarantees how the U.S. will use the information it obtains from carriers overflying its territory."
The United States has indicated it will waive the Secure Flight requirement to provide information for overflights if Canada creates an equivalent security screening system.
Last March, the airlines council told Public Safety Minister Peter Van Loan in a letter that application of U.S. Secure Flight rules in Canada "is a direct result of the failure to ensure" that Canada's no-fly list, known as Passenger Protect, is "an accepted part of a continental aviation security system."
The airlines council favours a homegrown system as long as carriers don't bear any new costs.
Canada has been working for years on a more comprehensive passenger screening system. The Public Safety Department had no immediate update on those plans.
Critics say extending the Secure Flight program to Canadian flights that merely pass over the U.S. would indeed be a threat to Canadian sovereignty.
The Ottawa-based International Civil Liberties Monitoring Group has argued that sprawling American watch lists could ensnare many Canadians - or activists, immigrants and refugees who want to fly to Canada from Latin America but must travel through American airspace to do so.
Washington says Secure Flight, which transfers the task of watch-list screening to the TSA from individual airlines, will reduce the number of false matches - a longstanding problem with common names - and clear up mistakes more quickly.
Copyright © 2010 The Canadian Press. All rights reserved
Wednesday, December 30, 2009
It's official, the Prime Minister is proroguing parliament until the beginning of March: CBC News - Politics - PM seeks Parliament shutdown until March. (Never mind that they've been on vacation since November.)
This means that a number of privacy-affecting bills are being forced into a coma. The list includes:
The media is also reporting that, in the meantime, Harper plans to fill five vacant senate seats, which will give the Conservatives the majority they need to ensure safe passage of their legislation.
Wednesday, December 02, 2009
At least since I've been using Facebook, this is the first time that Mark Zuckerberg has addressed the Facebook community through an open letter linked from the main user page. I find it interesting that the focus of this is privacy and the future of privacy on Facebook.
An Open Letter from Facebook Founder Mark Zuckerberg FacebookFor all the grief Facebook gets, I think they deserve a lot of credit for finally becoming very responsive to user (and regulatory) privacy demands and are providing much more detailed and customizable privacy controls.
by Mark Zuckerberg Yesterday at 6:23pm
It has been a great year for making the world more open and connected. Thanks to your help, more than 350 million people around the world are using Facebook to share their lives online.
To make this possible, we have focused on giving you the tools you need to share and control your information. Starting with the very first version of Facebook five years ago, we've built tools that help you control what you share with which individuals and groups of people. Our work to improve privacy continues today.
Facebook's current privacy model revolves around "networks" — communities for your school, your company or your region. This worked well when Facebook was mostly used by students, since it made sense that a student might want to share content with their fellow students.
Over time people also asked us to add networks for companies and regions as well. Today we even have networks for some entire countries, like India and China.
However, as Facebook has grown, some of these regional networks now have millions of members and we've concluded that this is no longer the best way for you to control your privacy. Almost 50 percent of all Facebook users are members of regional networks, so this is an important issue for us. If we can build a better system, then more than 100 million people will have even more control of their information.
The plan we've come up with is to remove regional networks completely and create a simpler model for privacy control where you can set content to be available to only your friends, friends of your friends, or everyone.
We're adding something that many of you have asked for — the ability to control who sees each individual piece of content you create or upload. In addition, we'll also be fulfilling a request made by many of you to make the privacy settings page simpler by combining some settings. If you want to read more about this, we began discussing this plan back in July.
Since this update will remove regional networks and create some new settings, in the next couple of weeks we'll ask you to review and update your privacy settings. You'll see a message that will explain the changes and take you to a page where you can update your settings. When you're finished, we'll show you a confirmation page so you can make sure you chose the right settings for you. As always, once you're done you'll still be able to change your settings whenever you want.
We've worked hard to build controls that we think will be better for you, but we also understand that everyone's needs are different. We'll suggest settings for you based on your current level of privacy, but the best way for you to find the right settings is to read through all your options and customize them for yourself. I encourage you to do this and consider who you're sharing with online.
Thanks for being a part of making Facebook what it is today, and for helping to make the world more open and connected. Mark Zuckerberg
Tuesday, November 17, 2009
The Privacy Commissioner of Canada has tabled her annual report on the public sector privacy law, the Privacy Act: Annual Report to Parliament 2008-2009 - Report on the Privacy Act.
At the same time, she has also tabled additional privacy audits, related to FINTRAC and the Canadian no-fly list:
Here's the media release that accompanied the tabling of the reports:
Audits of major national security programs raise concerns for privacy Excessive reporting of personal information to FINTRAC and potential information technology risks with Canada’s “no-fly list” are among concerns identified in audits highlighted in the Privacy Commissioner’s annual report on public sector issues.
OTTAWA, November 17, 2009 — The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has more personal information in its database than it needs, uses or has the legislative authority to receive.
This was one of the key findings of the Privacy Commissioner of Canada’s in-depth audit of the independent agency mandated to analyze financial transactions and identify suspected money laundering and terrorist financing in Canada.
A separate audit, also published today, examined the Passenger Protect Program – better-known to Canadians as the no-fly list. It identified several concerns, such as the fact that the Deputy Minister ultimately in charge of who is on the list was not provided with complete information to allow for informed decision-making.
“Since the terrorist attacks of 9/11, we’ve seen a proliferation of new national security programs. We fully appreciate the underlying aim of many security programs – protecting Canadians. However, it is critical – a point reinforced by our new audits – for government officials to integrate privacy protections into all of these programs at the outset,” says Privacy Commissioner Jennifer Stoddart.
The findings of the two audits are highlighted in the Commissioner’s 2008-2009 report to Parliament on Canada’s federal public-sector privacy legislation, the Privacy Act.
Legislative changes passed in 2006 expanded the types of transactions that must be reported to FINTRAC, as well as the number of professionals and organizations that are required to collect information about clients and to report it to FINTRAC. Examples of entities required to report to FINTRAC include financial institutions, life insurance companies, accountants and casinos.
The audit found that FINTRAC needs to do more to ensure that the amount of personal information it acquires is kept to an absolute minimum. A random sample of files examined in the audit turned up several reports that did not clearly demonstrate reasonable grounds to suspect money laundering or terrorist financing. For example:
A reporting entity filed several reports stating it was “taking a conservative approach in reporting this … because there are no grounds for suspecting that this transaction is related to the commission of a money laundering offence, but there is a lack of evidence to prove that the transaction is legitimate.”
An individual deposited a government cheque for an amount less than $300 and then withdrew the entire amount. The financial institution filed a suspicious-transaction report, but did not indicate why the transaction was deemed suspicious.
A financial institution filed a report about an individual who had deposited a cheque from a law firm. The institution was satisfied that the individual had provided legitimate reasons for the source of funds, but decided to notify FINTRAC anyway because of the individual’s ethnic origin and the fact that this person had visited a particular country.
“It is clear that such reports, containing not a shred of evidence of money laundering and terrorist financing, should not be making their way into the FINTRAC database,” says Commissioner Stoddart.
“It is a bedrock privacy principle that you collect only the personal information you need for a specific purpose,” she says. “The federal government needs to have a justifiable need to collect someone’s personal information. Clearly, FINTRAC needs to do more work with organizations to ensure it does not acquire personal information that it has no legislative authority to receive – and that it does not need or use.”
The audit recommended enhanced front-end screening of reports; stronger ongoing monitoring and review to ensure that information holdings are relevant and not excessive, and the permanent deletion of information that FINTRAC did not have the statutory authority to receive.
Under amendments passed in 2006, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act requires the Privacy Commissioner to review FINTRAC every two years and report the results to Parliament.
Passenger Protect Program Audit
The “no-fly list” is a passenger screening tool introduced in 2007 to prevent people named on a “specified persons list” from boarding domestic and international flights from or to Canadian airports.
The program has sparked privacy concerns, in part because it is secretive in that it uses personal information without the knowledge of the individuals concerned. Moreover, the repercussions for a person named on the list being denied boarding on an aircraft can be profound in terms of privacy and other human rights, such as freedom of association and expression and the right to mobility.
The focus of the audit, however, was to determine whether the program has adequate controls and safeguards in place to protect personal information.
“We were concerned to learn that officials did not always provide the Deputy Minister – who is ultimately responsible for adding to or removing people’s names from the ‘specified persons’ list – all the information needed to make these sorts of decisions,” says Assistant Privacy Commissioner Chantal Bernier.
Other concerns identified during the audit included:
Transport Canada has not verified that airlines are complying with federal regulations related to the handling and safeguarding of the “specified persons list.” The risk of this information being inappropriately disclosed is particularly high for the small number of air carriers that rely on paper copies of the list.
There were no requirements that air carriers report to Transport Canada security breaches involving personal information related to the no-fly list.
Transport Canada did not demonstrate that the application used to transmit information to air carriers met government security standards.
The Passenger Protect Program and the FINTRAC audits, as well as the latest Privacy Act annual report, are available at http://www.priv.gc.ca/.
The annual report also includes details of privacy-related complaints against federal departments and agencies investigated during the 2008-2009 fiscal year. The Office received 748 formal complaints in 2008-2009, down slightly from the previous year. The most common complaints related to access to personal information and to the length of time government departments and agencies were taking to respond to access requests.
The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of privacy and the protection of personal information rights of Canadians.
To view the reports:
Sunday, November 15, 2009
The Sunday Chronicle Herald has two articles on the increasing use of video surveillance by police and private organizations in Halifax. They are interesting reading, but what I find most interesting is that this is the first time that I've seen any dicussion of how the police manage the feeds and access to recordings. Check them out:
The cameras in place now are not monitored all day long, although they are recording, Supt. Moore said. The images are automatically deleted if there’s no request to see them within 14 days.
The department used guidelines from the province’s Freedom of Information office as well as the federal Office of the Privacy Commissioner to develop its guidelines for using the images, he said.
All viewing requests are made to him and only he and his technical staff have access to the recordings.
"They’re very much locked down and once they’re collected, there’s a formalized process for someone looking to go in and find these images," he said.
Supt. Moore said police haven’t used video from those downtown cameras to solve "big" crimes – yet.
"We are still optimistic that it will, but to date it has not been pivotal," he said.
Any discussion of the policies regulating the use of video surveillance is a good thing, and better late than never.
Friday, November 06, 2009
AFP: Experts agree on proposed global privacy standards
Experts agree on proposed global privacy standards
MADRID — Experts from 50 nations meeting in Madrid have reached a draft agreement on international standards for the protection of privacy and personal data, participants said Friday.
Under the proposed standards, data may only be processed after obtaining the "free, unambiguous and informed consent" of the data subjects and it should be deleted when it is no longer necessary for the purposes for which it was gathered.
Data collectors must identify themselves, state in clear language the purpose of the data processing and the recipients of the gathered data.
International transfers of personal data may only be carried out to a country which "affords, as a minimum, the level of protection provided for in the document," according to the proposed standards, agreed by representatives from privacy protection agencies.
"This agreement was reached with the active participation and support of civil society and industry," the head of the Spanish Data Protection Agency, Artemi Rallo Lombarte, said at the end of the three-day gathering.
Participants hope the draft international standards will serve as the basis for a universal, binding legal instrument on data protection. But several cautioned that this is still a long way off given the different rules around the world.
"We have jumped over a first step but we have a long road, a very long road, ahead to arrive at a common, restricting legal framework," said the president of France's CNIL data protection agency, Alex Turk.
Over 1,000 participants from around the world took part in the 31st International Conference of Data Protection and Privacy which is billed as the world's largest forum dedicated to privacy.
US Homeland Security Secretary Janet Napolitano and representatives from key Internet firms like Google and Facebook were among those who took part in the event, which was organized by the Spanish Data Protection Agency.
The next such conference is scheduled for October 2010 in Jerusalem. Previous gatherings have taken place in Strasbourg, Hong Kong, Sydney and Montreal.
Thanks to Alex Cameron for the pointer.
Thursday, November 05, 2009
Wednesday, November 04, 2009
The Minister of Health for Nova Scotia has today introduced the Personal Health Information Act in the legislature. I'll have a link to the text of the bill tomorrow, but in the meantime you can read the release:
Personal Health Information Legislation Introduced News Releases Government of Nova Scotia
Personal Health Information Legislation Introduced
Department of Health
November 4, 2009 2:46 PM
Nova Scotian's personal health information would be better managed under proposed legislation introduced today, Nov. 4.
The Personal Health Information Act would provide consistent provincial rules for the management of personal information in health care.
"Patient privacy is a fundamental principle in delivering health care. At the same time, it is important that health care professionals can share information in ways that can improve care," said Health Minister Maureen MacDonald. "This legislation balances these important objectives."
The proposed legislation sets out rules for how health information is collected, used, disclosed, retained and destroyed by the health-care sector in Nova Scotia. It better supports a system that uses electronic as well as paper health records and helps provide a more seamless flow of information.
Specific rules include provisions for privacy breach notification audit reports to track who has had access to electronic health records, and requests for people to access to their health information.
Nova Scotia does not have clear health information legislation. It is governed by a mix of federal and provincial laws, health profession codes, and organizational policies and procedures. Nova Scotia joins eight other provinces who have comprehensive legislation to manage personal health information.
I understand that the legislature session ends shortly, so the Bill will not be debated until the new year. It's also reported that the Department plans to have the Bill come into force in January 2011.
Wednesday, October 28, 2009
Notification respecting service provider outside CanadaPermitted "as required by law" disclosures are now limited to required by Canadian or Alberta law. The breach notification provisions require notice to the Commissioner and the Commissioner may order that individuals be notified. I'm sure we'll be hearing more about this. Here's an extract from yesterday's Hansard:
13.1(1) Subject to the regulations, an organization that uses a service provider outside Canada to collect personal information about an individual for or on behalf of the organization with the consent of the individual must notify the individual in accordance with subsection (3).
(2) Subject to the regulations, an organization that, directly or indirectly, transfers to a service provider outside Canada personal information about an individual that was collected with the individual’s consent must notify the individual in accordance with subsection (3).
(3) An organization referred to in subsection (1) or (2) must, before or at the time of collecting or transferring the information, notify the individual in writing or orally of
(a) the way in which the individual may obtain access to written information about the organization’s policies and practices with respect to service providers outside Canada, and
(b) the name or position name or title of a person who is able to answer on behalf of the organization the individual’s questions about the collection, use, disclosure or storage of personal information by service providers outside Canada for or on behalf of the organization.
(4) The notice required under this section is in addition to any notice required under section 13.
ISYSweb 8 Search Results for Bill 54
Personal Information Protection Amendment Act, 2009
Mr. Denis: Thank you very much, Mr. Speaker. I rise to introduce Bill 54, the Personal Information Protection Amendment Act, 2009. Mr. Speaker, this bill is a direct result of the hard work of the SelectSpecialPersonalInformation Protection ActReviewCommittee, an all-party special committee of the Legislature that in 2006 undertook a complete review of the act and tabled a report to the Legislature in November 2007 outlining recommendations for amendments. This bill incorporates a number of their proposed amendments.The main proposals for change include emerging issues such as notifying the commissioner or individuals about security breaches that place personal information at risk and informing individuals when services involving personal information are occurring outside of Canada. Mr. Speaker, as required for any new legislation in a rapidly evolving area, this bill also does some updating and finetuning of the existing provisions of this act.
Thank you very much, Mr. Speaker.
[Motion carried; Bill 54 read a first time]
The Speaker: The hon. Government House Leader.
Mr. Hancock: Thank you, Mr. Speaker. I move that Bill 54 be moved onto the Order Paper under Government Bills and Orders.
Monday, October 26, 2009
I was honoured to be one of the speakers at the Halifax Internet Town Hall hosted at Dalhousie University this evening, sponsored by the Chebucto Community Net and Dalhousie Student Union. My portion of the proceedings -- surprise -- was about privacy. I only had ten minutes, so needed to be short and sweet.
I decided to focus my presentation on the abomination that is Bill C-47, in particular the provision that allows law enforcement to have wholesale access to customer information without a warrant. It is frankly appalling and should not be allowed to pass.
Look at this provision:
16. (1) Every telecommunications service provider shall provide a person designated under subsection (3), on his or her written request, with any information in the service provider’s possession or control respecting the name, address, telephone number and electronic mail address of any subscriber to any of the service provider’s telecommunications services and the Internet protocol address, mobile identification number, electronic serial number, local service provider identifier, international mobile equipment identity number, international mobile subscriber identity number and subscriber identity module card number that are associated with the subscriber’s service and equipment.
You can disagree on the finer aspects of whether an ISP should be permitted to match an IP address provided by the cops with the customer name and address information in their files. That's a reasonable debate. But I do not see any limitation in Section 16. There's no oversight. There's no real accountability. There's no nuance. All ISPs will be required to provide any (or all) of the following:
It doesn't have to be connected to a child exploitation investigation. Or a parking ticket. In fact, there's no requirement that there be an underlying lawful investigation. The police will be able to hand a list of names to the ISP and require all of the above information, for an unlimited number of targets.
This is appalling legislation and should not stand.
For other postings on this topic, check out my previous postings tagged Lawful Access.
Saturday, October 17, 2009
Computerworld is reporting on the first report of the Department of Homeland Security Privacy Office since the changeover to the Obama administration. The report itself is interesting, but perhaps most interesting are the statistics related to the number of searches of laptops at border crossings. This has been a controversial practice since reports on it came to light some time ago. I was surprised to read that fewer than two thousand took place in the year under review, in light of the millions of people (and laptops) that have crossed the border during that time.
Here's Computerworld's coverage: Laptop searches at airports infrequent, DHS privacy report says.
Wednesday, October 14, 2009
Thursday, September 10, 2009
The federal, provincial and territorial Privacy Commissioners meeting together in St. John's have issued a statement calling for "caution" on the expansion of investigative powers proposed by the conservative government.
They issued the following media release, referring to resolutions available on the federal Commissioner's website:
Privacy commissioners urge caution on expanded surveillance plan
ST. JOHN'S, Sept. 10 /CNW Telbec/ - Parliament should take a cautious approach to legislative proposals to create an expanded surveillance regime that would have serious repercussions for privacy rights, say Canada's privacy guardians.
Privacy commissioners and ombudspersons from across the country issued a joint resolution today urging Parliamentarians to ensure there is a clear and demonstrable need to expand the investigative powers available to law enforcement and national security agencies to acquire digital evidence.
The federal government has introduced two bills aimed at ensuring that all wireless, Internet and other telecommunications companies allow for surveillance of communications, and comply with government agency demands for subscriber data - even without judicial authorization.
"Canadians put a high value on the privacy, confidentiality and security of their personal communications and our courts have also accorded a high expectation of privacy to such communications," says Jennifer Stoddart, the Privacy Commissioner of Canada.
"The current proposal will give police authorities unprecedented access to Canadians' personal information," the Commissioner says.
The resolution is the product of the semi-annual meeting of Canada's privacy commissioners and ombudspersons from federal, provincial and territorial jurisdictions across Canada, being held in St. John's.
The commissioners unanimously expressed concern about the privacy implications related to Bill C-46, the Investigative Powers for the 21st Century Act and Bill C-47, the Technical Assistance for Law Enforcement in the 21st Century Act. Both bills were introduced in June.
"We feel that the existing legal regime governing interception of communications - set out in the Criminal Code and carefully constructed by government and Parliament over the decades - does protect the rights of Canadians very well," says Ed Ring, the Information and Privacy Commissioner for Newfoundland and Labrador and host of the meeting.
"The government has not yet provided compelling evidence to demonstrate the need for new powers that would threaten that careful balance between individual privacy and the legitimate needs of law enforcement and national security agencies."
The resolution states that, should Parliament determine that an expanded surveillance regime is essential, it must ensure any legislative proposals:
- Are minimally intrusive;
- Impose limits on the use of new powers;
- Require that draft regulations be reviewed publicly before coming into force;
- Include effective oversight;
- Provide for regular public reporting on the use of powers; and
- Include a five-year Parliamentary review.
At the meeting in St. John's, the commissioners and ombudspersons also passed a resolution about the need to protect personal information contained in online personal health records.
The resolution emphasizes the importance of empowering patients to control how their own health information is used and shared. For example, it calls for developers of personal health records to allow patients to gain access to their own health information, set rules about who else has access, and to receive alerts in the event of a breach.
"Personal health records have the potential to deliver significant benefits for patients and their health care providers. However, given the highly sensitive personal information involved, developers need to ensure they build in the highest privacy standards," says Commissioner Ring.
Both resolutions are available on the Privacy Commissioner of Canada's website, http://www.priv.gc.ca/.
The resolutions are here:
Wednesday, September 02, 2009
The Information and Privacy Commissioner of Ontario has released written guidance on the "circle of care" under that province's Personal Health Information Protection Act, entitled Circle of Care: Sharing Personal Health Information for Health-Care Purposes.
Here's the news release:
Privacy Commissioner Cavoukian and seven health organizations team up to eliminate confusion over key element of health privacy law
TORONTO, Sept. 2 /CNW/ - Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, today released a new publication that includes specific practical examples to help clarify any confusion over when health information custodians can assume a patient's implied consent to collect, use or disclose personal health information.
The brochure, Circle of Care: Sharing Personal Health Information for Health-Care Purposes, was developed with the collaboration of seven health organizations. "This brochure cuts through the confusion surrounding the term circle of care," said the Commissioner. "We are using seven relevant examples from across the broader continuum of the health sector to provide such clarification."
"There had been some confusion in the health sector as to the meaning and scope of the circle of care concept," explained Commissioner Cavoukian. "In part, this may have been because the term does not appear in the Personal Health Information Protection Act, 2004. It is, however, commonly used in the health-care community to describe the provisions in the Act that permit health-care providers to assume a patient's implied consent to collect and use personal health information - and to share that information with other health-care providers - in order to provide health care to that patient, unless the patient expressly indicates otherwise."
The Act is based on the premise that privacy can be protected, without needless delays in the health system.
"Overall, the Act is working very well, but clarity needed to be brought to bear on the circle of care concept," said Commissioner Cavoukian.
The seven examples in the brochure address this. As a fictional 61-year-old patient is followed through much of the health-care system, the examples provide specific guidance relating to when a health provider can assume implied consent.
The seven health organizations that worked with the IPC include (in alphabetical order): the College of Physicians and Surgeons, the Ontario Association of Community Care Access Centres, the Ontario Association of Non-Profit Homes and Services for Seniors, the Ontario Hospital Association, the Ontario Long Term Care Association, the Ontario Medical Association and the Ontario Ministry of Health and Long-Term Care.
Here is a condensed version of one of the examples used in the brochure:A patient is sent by his family doctor to a laboratory for blood and urine testing. A geriatrician, a specialist whom the patient has been referred to by his family doctor, would like to obtain the results of those tests. He would also like to obtain a list of the patient's current prescriptions from the pharmacy where he fills all his prescriptions.
Can the laboratory and pharmacy disclose this personal health information and can the geriatrician collect information based on assumed implied consent?
Yes. The laboratory, pharmacy and geriatrician may assume implied consent. The personal health information was received by the laboratory and pharmacy - and will be received by the geriatrician - for the purpose of providing health care to this patient.
"Personal health information may be shared within the circle of care - among health-care providers who are providing health care to a specific patient - but not outside that circle," stressed Commissioner Cavoukian. "Any sharing of personal health information with other health-care providers for purposes other than the provision of health care - or the sharing of personal health information with persons or organizations that are not health-care providers, such as insurers and employers - requires the express consent of the patient."
To see a copy of the brochure, visit http://www.ipc.on.ca/.
Thursday, August 27, 2009
This just in:
News Release: Facebook agrees to address Privacy Commissioner’s concerns - August 27, 2009
Privacy Commissioner of Canada satisfied that proposed changes to the social networking site’s privacy practices and policies would bring Facebook into compliance with Canadian law.
OTTAWA, August 27, 2009 — Facebook has agreed to add significant new privacy safeguards and make other changes in response to the Privacy Commissioner of Canada’s recent investigation into the popular social networking site’s privacy policies and practices.
The company’s decision to implement the Privacy Commissioner’s recommendations is a positive step towards bringing Facebook in line with the requirements of Canada’s privacy law.
“These changes mean that the privacy of 200 million Facebook users in Canada and around the world will be far better protected,” says Privacy Commissioner Jennifer Stoddart.
“This is extremely important. People will be able to enjoy the benefits of social networking without giving up control of their personal information. We’re very pleased Facebook has been responsive to our recommendations.”
Last month, the Privacy Commissioner issued a report on an in-depth investigation triggered by a complaint from the Canadian Internet Policy and Public Interest Clinic.
While Facebook took some steps to resolve privacy concerns, the Commissioner remained dissatisfied by Facebook’s response at the end of the investigation. She was particularly concerned about the risks posed by the over-sharing of personal information with third-party developers of Facebook applications such as games and quizzes.
Facebook was given 30 days to respond to the Commissioner’s report and explain how it would address the outstanding concerns. Following a review of Facebook’s formal response and discussions with company officials, the Commissioner is now satisfied Facebook is on the right path to addressing the privacy gaps on its site.
“Facebook is promising to make significant technological changes to address the issue we felt was the biggest risk for users – the relatively free flow of personal information to more than one million application developers around the world,” says Assistant Commissioner Elizabeth Denham, who led the investigation on behalf of the Office.
“Application developers have had virtually unrestricted access to Facebook users’ personal information. The changes Facebook plans to introduce will allow users to control the types of personal information that applications can access.”
An over-arching issue highlighted during the investigation was that the way in which Facebook provides privacy information to users is often confusing or incomplete.
Facebook agreed to changes to help users to better understand how their personal information will be used and, ultimately, to make more informed decisions about how widely to share that information. The Commissioner has reviewed these improvements and will be following up with Facebook as the changes are implemented.
The following is an overview of key issues raised during the investigation and Facebook’s response:
1. Third-party Application Developers
Issue: The sharing of personal information with third-party developers creating Facebook applications such as games and quizzes raises serious privacy risks. With more than one million developers around the globe, the Commissioner is concerned about a lack of adequate safeguards to effectively restrict those developers from accessing users’ personal information, along with information about their online “friends.”
Response: Facebook has agreed to retrofit its application platform in a way that will prevent any application from accessing information until it obtains express consent for each category of personal information it wishes to access. Under this new permissions model, users adding an application will be advised that the application wants access to specific categories of information. The user will be able to control which categories of information an application is permitted to access. There will also be a link to a statement by the developer to explain how it will use the data.
This change will require significant technological changes. Developers using the platform will also need to adapt their applications and Facebook expects the entire process to take one year to implement.
2. Deactivation of Accounts
Issue: Facebook provides confusing information about the distinction between account deactivation – whereby personal information is held in digital storage – and deletion – whereby personal information is actually erased from Facebook servers. As well, Facebook should implement a retention policy under which the personal information of users who have deactivated their accounts will be deleted from the site’s servers after a reasonable length of time.
While we asked for a retention policy, we looked at the issue again and considered what Facebook was proposing. We determined the company’s approach – providing clarity about the options, offering a clear choice, and alleviating the confusion – is acceptable because it will allow users to make informed decisions about how their personal information is to be handled.
3. Personal Information of Non-users
Issue: Facebook should better protect the privacy of non-users who are invited to join the site.
4. Accounts of Deceased Users
Facebook has committed to a timetable for implementing all of the changes, some of which, such as the third-party application changes, are technologically complex. The company has already started to make changes and we expect them to be fully complete within a year.
“It’s now up to Facebook to demonstrate to us that they are living up to their commitments,” says Assistant Commissioner Denham.
“With the conclusion of the Facebook investigation, our Office has made clear our expectations for how social networking sites need to protect personal information. Other sites should take note – and take steps to ensure they’re complying with Canadian law.”
Statements by the Commissioner and Assistant Commissioner are available on the OPC’s website.
The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of privacy and the protection of personal information rights of Canadians.
Wednesday, August 26, 2009
Apparently both the Privacy Commissioner of Canada and Facebook intend to hold separate press conferences tomorrow to discuss the outcome of the last month of negotiations between the two about whether Facebook is in compliance with Canadian privacy laws. See: Canada may reveal next step on Facebook privacy.
Monday, August 24, 2009
According to the CBC, the Information and Privacy Commissioner of British Columbia has approved a modified version of the BarWatch program. Bars, under BC's Personal Information Protection Act, are allowed to swipe a patron's drivers license or other ID, collecting name, gender, date of birth and a photograph of the patron. The information must be deleted within 24 hours, except for "rowdies", whose information can be kept and exchanged with other bars through the BarWatch database. See: Privacy commissioner OKs Barwatch software.
For more information on this controversial practice, click on the link "ID SWIPING" below.
Monday, August 17, 2009
According to the Toronto Star, the Privacy Commissioner is going to accept Facebook's friend request, just on the eve of the deadline to comply with the Commissioner's prevous adverse finding:
TheStar.com Canada Facebook, privacy commissioner make friends
OTTAWA – Friendship, fittingly, appears to have broken out in the dispute between Canada's privacy commissioner and the Facebook social networking site.
Today is the 30-day deadline for Facebook to respond to a strongly worded report issued last month by Canada's privacy commissioner, Jennifer Stoddart, criticizing how people's personal information was being treated by the global giant in online friendships.If Stoddart is not happy with Facebook's response, she has 15 days to decide whether to get the Federal Court of Canada involved.
But the two sides appear to be solving their problems in harmony.
Alexandra Brown, a Toronto spokesperson for Facebook, said a formal response is being sent today to the privacy commissioner's office, complete with timelines for Facebook to respond to the concerns raised in last month's report. Over the past month, the two sides have reportedly been working well together, with privacy-commission officials paying a visit to Facebook headquarters in Palo Alto, Calif., to negotiate a compromise.
"I know there's been lots of discussion and there will continue to be discussion over the next 15 days," Brown said.
Canada's privacy commission was sounding similarly upbeat about the status of the dispute.
Anne-Marie Hayden, a spokesperson for the commission said: "We continue to have very positive discussions with Facebook.... It's going very well."
Neither side was willing to talk about details of their agreement to date or even what is in the report that Facebook sent to the privacy office today. Hayden said that the privacy commission needs time to review what Facebook has filed, and more will be said closer to the next deadline, 15 days from now.
Stoddart's original report on Facebook last month identified concerns in the following areas:
* A lack of adequate safeguards to restrict outside software developers — of games, quizzes and the like — from gaining access to personal profiles of users and their online friends.
* Facebook's indefinite retention of personal information of people who have deactivated their accounts.
* A lack of clarity about how Facebook material can be used in the event of a person dying, which the privacy office calls "memorialization" concerns.
* A lack of protection of information about non-users — people who may not have their own Facebook accounts, but whose personal data may be on friends' or associates' pages.
Sunday, August 16, 2009
Following the Commissioner's adverse finding against Facebook, the social networking site's deadling to respond is tomorrowf (See: Canadian Privacy Law Blog: Canadian Privacy Commissioner calls on Facebook to improve privacy practices). I don't expect a big response from Facebook, so we'll have to wait to see if the Commissioner takes them to court. See: Facebook must satisfy Canada's privacy commissioner by Monday.
Thursday, August 06, 2009
The next in the series of three privacy OpEds in the National Post goes to Phillipa Lawson, formerly of CIPPIC:
Give privacy laws teeth Internet use in Canada has had enormous economic and social benefits; individuals and organizations can now broadcast their ideas, promote their businesses and build communities of interest instantly, at minimal cost, worldwide. But technology is a double-edged sword; it can be used for bad as well as good, and the impacts of its use even for non-criminal purposes are not all positive. The greatest casualty of our enthusiastic embrace of the Internet is, without doubt, individual privacy.
Fraudsters, identity thieves, stalkers and vengeance-seekers are using the Internet to solicit, track and prey on victims, often by taking advantage of the vast amount of personal information available online. While such information is a gold mine for imposters and stalkers, its collection, use and trading by non-criminals can be equally damaging for the individuals whose personal information is at issue.
Careless or malicious posting of photos, videos and personal information online can have devastating reputational impacts on individuals -- impacts that may never fully disappear because the digitized information, once released online, never disappears.
A video posted on You-Tube, for example, can turn a small-town student into an instant celebrity, but it can also provoke ridicule worldwide. False rumours can spread like wildfire. Embarrassing photographs posted online can seriously impede future employment prospects. And because the digital medium is so persistent, reputational effects may never be overcome.
Easily abused personal information is offered up to a remarkable extent by individuals themselves on social-networking sites, personal blogs and chat rooms. But many users don't appreciate the extent to which such information is publicly accessible, easily gathered and compiled by others and thus vulnerable to abuse. Only a minority of Facebook users, for example, bother to adjust their privacy settings from the defaults set by Facebook, which are to share with everyone in the Facebook-determined networks they have joined.
Personal information is also made public by friends, acquaintances and organizations who post it online often without the individual's knowledge, let alone consent. Once discovered, it can be too late to undo the damage caused, for instance, by publication of an indiscreet photo or the home address of a high-risk social worker.
Furthermore, there is a huge industry in the collection and trading of personal information, much of it covert. Marketers want to manipulate us into buying more stuff. Insurers want to minimize their risk. Employers want reliable, mature employees. Governments want to make sure that we aren't threatening national security.
Privacy law is about protecting our right to control with whom we share information about ourselves. But it should also recognize that certain uses are simply inappropriate, and that "consent" is often no more than a fiction.
Canada has a reasonably good set of data-protection laws. In general, corporations are required to get our informed consent before collecting, using or disclosing our personal data, and can do so only for purposes that a reasonable person would consider appropriate in the circumstances. Government entities can collect, use and disclose our data only for certain specified purposes.
But these laws do not place explicit limits on the collection and use of personal information posted by children, who are most vulnerable to abuse online.
Nor do our laws, outside Quebec, Alberta and B. C., place significant limits on non-commercial and nongovernmental uses of personal data without consent. While courts are starting to recognize a common-law right to privacy that would fill this gap, there is little to protect most Canadians from privacy abuses that arise outside the commercial or government context.
Moreover, existing privacy laws are only as good as their enforcement. At least one study has shown that there is widespread non-compliance with Canadian privacy laws, especially in the commercial sector.
This is not surprising given that the costs of non-compliance are minimal. The federal privacy commissioner is limited to making recommendations. Complainants in most jurisdictions must engage in expensive lawsuits in order to get binding orders for which they will likely receive no compensation.
This is not good enough. Privacy laws should apply to non-commercial as well as commercial activities. They should prohibit collection and use of kids' data, other than in exceptional cases. They should require meaningful consent, not just an easily overlooked opt-out check box. And we should be able to hold others accountable under privacy laws without undue effort and cost -- it's time to put some teeth into our privacy laws.
Philippa Lawson was director of the Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa from 2003 to 2008 and currently practises law in Whitehorse, Yukon.
Wednesday, August 05, 2009
Jacob Glick, Canadian policy counsel for Google Inc., has a good OpEd piece in today's National Post. I agree that innovators need to build privacy into their products, not only to manage their own risks but as members of society who have responsibilities for their users. I would say that responsibility is heightened for companies whose products are used by young people who may have an under-developed sense of privacy.
Privacy is in the product
This week, the National Post brings you a three-part series on the rocky place where the Internet meets the law. The question put to today's contributors: Given the proliferation of personal information on the Internet, especially on social-networking sites such as Facebook, how must Canada's laws adapt to ensure our privacy online?
When I moved to Ottawa four years ago, social-networking sites helped me keep up with my friends in Toronto and elsewhere -- in a way and on a scale that wasn't possible previously. Recently, I started micro-blogging on Twitter (mostly because I'm too lazy to blog more than 140 characters at a time) to share my thoughts on work-related matters and other miscellany. Through the Internet, we're reshaping the ways we do business, communicate and represent ourselves to the world. The good news is, we can embrace these changes without surrendering our privacy.
Privacy protection can and ought to be at the heart of innovative tools -- not only as a matter of legal compliance, but also as a principle of product design. This is what Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, calls "Privacy by Design."
Questions about the sufficiency of Canada's privacy regime, while relevant, miss the bigger picture. Privacy is best protected by good product design. In fact, Canada has a well-functioning private-sector privacy regime. The Internet is not a Wild West: Existing rules related to legal jurisdiction and privacy apply online, as they do in the physical world. Internet companies, just like their brick-and-mortar brethren, are legally accountable for the ways they collect, use and disclose personal information.
For example, street-level photography has long been part of cartography. With a quick trip to your local municipal archive, you'll discover thousands of photos, taken over decades, of our urban landscapes. For those of us who can't read maps, seeing the world at street level is the easiest way to get around unfamiliar locales. Google Street View takes this traditional discipline and integrates it with digital mapping.
Google's approach is to build products that harness the power of the Internet while protecting privacy for the benefit of hundreds of millions of people worldwide, including tens of millions of Canadians. That's why we have built facial and license-plate blurring into Google Street View and why we make it easy for Canadians to request that we remove any image containing themselves, their kids, their cars or their homes -- even if the image is already blurred. There are privacy rules that apply to Google Street View just as they do to more traditional cartographers.
In addition to offering more accessible and useful mapping data, today's online applications provide exciting tools for collaboration and community building. They help us break through the alienation endemic to urban society and reconnect with our communities in new and fun ways. For example, here in Ottawa, online groups and web-sites give new parents a great support network and help them find local activities they can enjoy with their kids.
One of these innovative communications and collaboration tools is YouTube, a revolutionary platform that turned four this year. YouTube enables people to make their videos, professional or amateur, available worldwide. This ability can blur the line between the public and the private spheres, and Canadians get that. They also know that they are in control of what they post on YouTube -- and with whom they share it.
That's why not every video on YouTube has to be made public. Some can be shared with a smaller circle of friends. That's also what Google has done with the recent launches of Google Latitude, our mobile feature which enables users to select people to share their location with, and our Interest-based advertising system, which was built with tools that allow users to specify which categories of ads they'd like to see (or not see).
Of course, to make sensible choices people must have products that let them make such choices. Innovators should therefore develop applications in which privacy is built in from the start, so that Canadians can control the parts of themselves they reveal to the world.
Regulators ought to hold companies accountable for their privacy practices. However, privacy ultimately should be about good product design -- not just about legislation, regulation or compliance. The best products and businesses will have transparency and user choice built right in. Canadians should expect it.
-Jacob Glick is Canada policy counsel for Google.
Thursday, July 23, 2009
Earlier this week, the Information & Privacy Commissioner of British Columbia issued a decision (P09-01) related to the controversial practice of scanning photo IDs of patrons by bars, pubs and night clubs.
From the Commissioner's media release:
FOR IMMEDIATE RELEASE
July 21, 2009
Information and Privacy Commissioner Releases Order on Driver’s Licence Scanning
VICTORIA — Information and Privacy Commissioner David Loukidelis today released Order P09-01, in response to a complaint about the scanning of a bar customer’s driver’s licence. The customer complained that, when he went to the bar, employees asked him to produce his driver’s licence, swiped it through a card reader and then required him to have his digital photograph taken. He did not receive what he considered to be a reasonable explanation for why his personal information was being collected and later complained under B.C.’s Personal Information Protection Act (“PIPA”), which regulates the collection, use and disclosure of personal information by businesses.
The OIPC investigated the complaint twice and a formal hearing was eventually held. In Order P09-01, the Commissioner has decided that section 7(2) of PIPA does not allow the organization complained about, the Wild Coyote Club, to force its customers to give up their personal information, to the extent this is now being done, as a condition of being allowed into the bar.
Section 7(2) says a business “must not, as a condition of supplying a product or service, require an individual to consent to the collection, use or disclosure of personal information beyond what is necessary to provide the product or service.” The Commissioner accepted that it is “necessary” to collect personal information of certain customers for the purpose of operating a nightlife establishment, but not “to develop and maintain a personal profile containing the personal information of all customers in order to effectively track the few who may be removed from, and subsequently barred from re-entering, an establishment. Certainly, the full scope of information which is collected by Wild Coyote and the length for which it is retained is not necessary to achieve that purpose” (para. 98). The Commissioner therefore found that “a requirement for consent to the collection of personal information through the TreoScope system is a requirement for consent to the collection and use of information ‘beyond what is necessary’ for providing the service of operating a nightlife establishment in the terms I have described” (para. 98).
Section 11 of PIPA says a business “may collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances”.
The Commissioner found that, under s. 11 of PIPA, the collection of personal information was not appropriate in the particular circumstances, including given the nature and amount of personal information being collected. He found that “it is reasonable, in the case of Wild Coyote, for it to be able, in order to preserve a safe environment for customers, to identify those individuals who have been determined to be violent, or otherwise undesirable for re-entry from a safety perspective, and thus improve customer safety” (para. 127). He went on to say, however, that “much of the information collected by the TreoScope system”, including driver’s licence numbers, “does not further this safety purpose”, adding, “Moreover, I have not been provided with any reason related to improved customer safety for an establishment’s retention of any information at all relating to customers who are not involved in violent incidents” (para. 127).
As regards moving forward with a system for keeping banned customers out of bars, Loukidelis said this: Of course, I have received no submissions from the other parties on this alternative, and no details from Wild Coyote on how the system would operate if it were aimed at only maintaining a list of banned customers. As a result, I can only decide whether or not the collection as a whole, as it was being conducted at the time of the Investigation Report, complies with s. 11 of PIPA. For reasons already given, I conclude that it is not. The alternative proposed in Wild Coyote’s supplemental submissions would likely involve different considerations and cannot be addressed here.
In closing, the Commissioner said this: … I am well aware of, indeed share, public concern about gang violence and public safety in British Columbia. Some may assert that the technology involved here is synonymous with safety, such that any decision perceived to constrain ID scanning is a decision against safety. These are easy claims to make, but my duty is to apply PIPA based on the evidence and argument actually before me, which I have done.
 On the basis of the material before me, I have decided that it is reasonable for Wild Coyote to be able, in order to preserve a safe environment for customers, to identify those individuals who have been determined to be violent or otherwise undesirable for re-entry from a safety perspective, and thus improve customer safety. For the reasons given above, however, the collection of personal information as a whole does not comply with PIPA. In this light, and in view of the reasons given above, I invite –– indeed, strongly encourage––those involved to seek the views of this Office if they wish to find a solution for collecting personal information of a nature, and in a manner, that complies with PIPA.
Neither the Commissioner nor the OIPC will be giving interviews or commenting on this decision.
For previous posts on this topic, see the keywrd "id swiping".
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.