Teresa Scassa - Blog

Displaying items by tag: Privacy

Canada’s Federal Court of Appeal has handed down a decision that addresses important issues regarding control over commercially valuable data. The decision results from an appeal of an earlier ruling of the Competition Tribunal regarding the ability of the Toronto Real Estate Board (TREB) to limit the uses to which its compilation of current and historical property listings in the Greater Toronto Area (GTA) can be put.

Through its operations, the TREB compiles a vast database of real estate listings. Information is added to the database on an ongoing basis by real estate brokers who contribute data each time a property is listed with them. Real estate agents who are members of TREB in turn receive access to a subset of this data via an electronic feed. They are permitted to make this data available through their individual websites. However, the TREB does not permit all of its data to be shared through this feed; some data is available only through other means such as in-person consultation, or communications of snippets of data via email or fax.

The dispute arose after the Competition Commissioner applied to the Competition Tribunal for a ruling as to whether the limits imposed by the TREB on the data available through the electronic feed inhibited the ability of “virtual office websites” (VOWs) to compete with more conventional real estate brokerages. The tribunal ruled that they did, and the matter was appealed to the Federal Court of Appeal. Although the primary focus of the Court’s decision was on the competition issues, it also addressed questions of privacy and copyright law.

The Federal Court of Appeal found that the TREB’s practices of restricting available data – including information on the selling price of homes – had anticompetitive effects that limited the range of broker services that were available in the GTA, limited innovation, and had an adverse impact on entry into and expansion of relevant markets. This aspect of the decision highlights how controlling key data in a sector of the economy can amount to anti-competitive behavior. Data are often valuable commercial assets; too much exclusivity over data may, however, pose problems. Understanding the limits of control over data is therefore an important and challenging issue for businesses and regulators alike.

The TREB had argued that one of the reasons why it could not provide certain data through its digital feed was because these data were personal information and it had obligations under the Personal Information Protection and Electronic Documents Act to not disclose this information without appropriate consent. The TREB relied on a finding of the Office of the Privacy Commissioner of Canada that the selling price of a home (among those data held back by TREB) was personal information because it could lead to inferences about the individual who sold the house (e.g.: their negotiating skills, the pressure on them to sell, etc.). The Court noted that the TREB already shared the information it collected with its members. Information that was not made available through the digital feed was still available through more conventional methods. In fact, the Court noted that the information was very widely shared. It ruled that the consent provided by individuals to this sharing of information would apply to the sharing of the same information through a digital feed. It stated: “PIPEDA only requires new consent where information is used for a new purpose, not where it is distributed via new methods. The introduction of VOWs is not a new purpose – the purpose remains to provide residential real estate services [. . .].” (at para 165) The Court’s decision was influenced by the fact that the consent form was very broadly worded. Through it, TREB obtained consent to the use and dissemination of the data “during the term of the listing and thereafter.” This conclusion is interesting, as many have argued that the privacy impacts are different depending on how information is shared or disseminated. In other words, it could have a significant impact on privacy if information that is originally shared only on request, is later published on the Internet. Consent to disclosure of the information using one medium might not translate into consent to a much broader disclosure. However, the Court’s decision should be read in the context of both the very broad terms of the consent form and the very significant level of disclosure that was already taking place. The court’s statement that “PIPEDA only requires new consent where information is used for a new purpose, not where it is distributed via new methods” should not be taken to mean that new methods of distribution do not necessarily reflect new purposes that go beyond the original consent.

The Federal Court of Appeal also took note of the Supreme Court of Canada’s recent decision in Royal Bank of Canada v. Trang. In the course of deciding whether to find implied consent to a disclosure of personal information, the Supreme Court of Canada had ruled that while the balance owing on a mortgage was personal information, it was less sensitive than other financial information because the original amount of the mortgage, the rate of interest and the due date for the mortgage were all publicly available information from which an estimate of the amount owing could be derived. The Federal Court of Appeal found that the selling price of a home was similarly capable of being derived from other publicly available data sources and was thus not particularly sensitive personal information.

In addition to finding that there would be no breach of PIPEDA, the Federal Court of Appeal seemed to accept the Tribunal’s view that the TREB was using PIPEDA in an attempt to avoid wider sharing of its data, not because of concerns for privacy, but in order to maintain its control over the data. It found that TREBs conduct was “consistent with the conclusion that it considered the consents were sufficiently specific to be compliant with PIPEDA in the electronic distribution of the disputed data on a VOW, and that it drew no distinction between the means of distribution.” (at para 171)

Finally, the Competition Tribunal had ruled that the TREB did not have copyright in its compilation of data because the compilation lacked sufficient originality in the selection or arrangement of the underlying data. Copyright in a compilation depends upon this originality in selection or arrangement because facts themselves are in the public domain. The Federal Court of Appeal declined to decide the copyright issue since the finding that the VOW policy was anti-competitive meant that copyright could not be relied upon as a defence. Nevertheless, it addressed the copyright question in obiter (meaning that its comments are merely opinion and not binding precedent).

The Federal Court of Appeal noted that the issue of whether there is copyright in a compilation of facts is a “highly contextual and factual determination” (at para 186). The Court of Appeal took note of the Tribunal’s findings that “TREB’s specific compilation of data from real estate listings amounts to a mechanical exercise” (at para 194), and agreed that the threshold for originality was not met. The Federal Court of Appeal dismissed the relevance of TREB’s arguments about the ways in which its database was used, noting that “how a “work” is used casts little light on the question of originality.” (at para 195) The Court also found no relevance to the claims made in TREB’s contracts to copyright in its database. Claiming copyright is one thing, establishing it in law is quite another.

Published in Copyright Law

An Ontario small claims court judge has found in favour of a plaintiff who argued that her privacy rights were violated when a two-second video clip of her jogging on a public path was used by the defendant media company in a sales video for a real-estate development client. The plaintiff testified that she had been jogging so as to lose the weight that she had gained after having children. She became aware of the video when a friend drew her attention to it on YouTube, and the image “caused her discomfort and anxiety” (para 5). Judge Leclaire noted that the “image of herself in the video is clearly not the image she wished portrayed publicly”.

At the time of the filming, the defendant’s practice was to seek consent to appear in its videos from people who were filmed in private spaces, but not to do so where people were in public places. The defendant’s managing associate testified that if people in public places “see the camera and continue moving, consent is implied.” (at para 9) The judge noted that it was not established how it could be known whether individuals saw the camera. The plaintiff testified that she had seen the camera, and had attempted to shield her face from view; she believed that this demonstrated that she did not wish to be filmed.

Although the defendant indicated that the goal was to capture the landscape and not the people, the judge found that “people are present and central to the location and the picture.” (at para 10) The judge found that the photographer deliberately sought to include an image of someone engaging in the activity of jogging alongside the river. Although the defendant argued that it would not be practical to seek consent from the hundreds of people who might be captured in a video of a public space, the judge noted that in the last two years, the defendant company had “tightened up” its approach to seeking consent, and now approached people in public areas prior to filming to seek their consent to appear in any resulting video.

The plaintiff argued that there had been a breach of the tort of intrusion upon seclusion, which was first recognized in Ontario by the Ontario Court of Appeal in Jones v. Tsige in 2012. Judge Leclaire stated that the elements of the tort require 1) that the defendant’s actions are intentional or reckless; 2) that there is no lawful justification for the invasion of the plaintiff’s private affairs or concerns; and 3) that the invasion is one that a reasonable person would consider to be “highly offensive causing distress, humiliation or anguish.” (Jones at para 71) Judge Leclaire found that these elements of the tort were made out on the facts before him. The defendant’s conduct in filming the video was clearly intentional. He also found that a reasonable person “would regard the privacy invasion as highly offensive”, noting that “the plaintiff testified as to the distress, humiliation or anguish that it caused her.” (at para 16)

Judge Leclaire clearly felt that the defendant had crossed a line in exploiting the plaintiff’s image for its own commercial purposes. Nevertheless, there are several problems with his application of the tort of intrusion upon seclusion. Not only does he meld the objective “reasonable person” test with a subjective test of the plaintiff’s own feelings about what happened, his decision that capturing the image of a person jogging on a public pathway is an intrusion upon seclusion is in marked contrast to the statement of the Ontario Court of Appeal in Jones v. Tsige, that the tort is relatively narrow in scope:

 

A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one's financial or health records, sexual practises and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive. (at para 72)

 

Judge Leclaire provides relatively little discussion about how to address the capture of images of individuals carrying out activities in public spaces. Some have suggested that there is simply no privacy in public space, while others have called for a more contextual inquiry. Such an inquiry was absent in this case. Instead, Judge Leclaire relied upon Aubry v. Vice-Versa a decision of the Supreme Court of Canada, even though that decision was squarely based on provisions of Quebec law which have no real equivalent in common law Canada. The right to one’s image is specifically protected by art. 36 of the Quebec Civil Code, which provides that it is an invasion of privacy to use a person’s “name, image, likeness or voice for a purpose other than the legitimate information of the public”. There is no comparable provision in Ontario law, although the use of one’s name, image or likeness in an advertisement might amount to the tort of misappropriation of personality. In fact, with almost no discussion, Judge Leclaire also found that this tort was made out on the facts and awarded $100 for the use of the plaintiff’s image without permission. It is worth noting that the tort of misappropriation of personality has typically required that a person have acquired some sort of marketable value in their personality in order for there to be a misappropriation of that value.

Judge Leclair awarded $4000 in damages for the breach of privacy which seems to be an exorbitant amount given the range of damages normally awarded in privacy cases in common law Canada. In this case, the plaintiff was featured in a 2 second clip in a 2 minute video that was taken down within a week of being posted. While there might be some basis to argue that other damage awards to have been too low, this one seems surprisingly high.

It is also worth noting that the facts of this case might constitute a breach of the Personal Information Protection and Electronic Documents Act (PIPEDA) which governs the collection, use or disclosure of personal information in the course of commercial activity. PIPEDA also provides recourse in damages, although the road to the Federal Court is a longer one, and that court has been parsimonious in its awards of damages. Nevertheless, given that Judge Leclaire’s preoccupation seems to be with the unconsented-to use of the plaintiff’s image for commercial purposes, PIPEDA seems like a better fit than the tort of intrusion upon seclusion.

Ultimately, this is a surprising decision and seems out of line with a growing body of case law on the tort of intrusion upon seclusion. As a small claims court decision, it will carry little precedential value. The case is therefore perhaps best understood as one involving a person who was jogging at the wrong place at the wrong time, but who sued in the right court at the right time. Nevertheless, it should serve as a warning to those who make commercial use of footage filmed in public spaces; as it reflects a perspective that not all activities in public spaces are ‘public’ in the fullest sense of the word. It highlights as well the increasingly chaotic privacy legal landscape in Canada.

 

Published in Privacy

Metrolinx is the Ontario government agency that runs the Prestocard service used by public transit authorities in Toronto, Ottawa and several other Ontario municipalities. It ran into some trouble recently after the Toronto Star revealed that the organization shared Prestocard data from its users with police without requiring warrants (judicial authorization). The organization has now published its proposals for revising its privacy policies and is soliciting comment on them. (Note: Metrolink has structured its site so that you can only view one of the three proposed changes at a time and must indicate your satisfaction with it and/or your comments before you can view the next proposal. This is problematic because the changes need to be considered holistically. It is also frankly annoying).

The new proposals do not eliminate the sharing of rider information with state authorities without a warrant. Under the new proposals, information will be shared without a warrant in certain exigent circumstances. It will also be shared without a warrant “in other cases, where we are satisfied it will aid in an investigation from which a law enforcement proceeding may be undertaken or is likely to result.” The big change is thus apparently in the clarity of the notice given to users of the sharing – not the sharing itself.

This flabby and open-ended language is taken more or less directly from the province’s Freedom of Information and Protection of Privacy Act (FOIPPA), which governs the public sector’s handling of personal information. As a public agency, Metrolinx is subject to FOIPPA. It is important to note that the Act permits (but does not require) government entities to share information with law enforcement in precisely the circumstances outlined in the policy. However, by adapting its policy to what it is permitted to do, rather than to what it should do, Metrolinx is missing two important points. The first is that the initial outrage over its practices was about information sharing without a warrant, and not about poor notice of such practices. The second is that doing a good job of protecting privacy sometimes means aiming for the ceiling and not the floor.

Location information is generally highly sensitive information as it can reveal a person’s movements, activities and associations. Police would normally need a warrant to obtain this type of information. It should be noted that police are not relieved of their obligations to obtain warrants when seeking information that raises a reasonable expectation of privacy just because a statute permits the sharing of the information. It would be open to the agency to require that a warrant be obtained prior to sharing sensitive customer location data. It is also important to note that some courts have found that the terms of privacy policies may actually alter the reasonable expectation of privacy – particularly when clear notice is given. In other words, even though we might have a reasonable expectation of privacy in location data about our movements, a privacy policy that tells us clearly that this information is going to be shared with police without a warrant could substantially undermine that expectation of privacy. And all of this happens without any ability on our part to negotiate for terms of service,[1] and in the case of a monopoly service such as public transportation, to choose a different provider.

Metrolinx no doubt expects its users to be comforted by the other changes to its policies. It already has some safeguards in place to minimize the information provided to police and to log any requests and responses. They plan to require, in addition, a sign off by the requesting officer and supervisor. Finally, they plan to issue voluntary transparency reports as per the federal government’s Transparency Reporting Guidelines. Transparency reporting is certainly important, as it provides a window onto the frequency with which information sharing takes place. However, these measures do not correct for an upfront willingness to share sensitive personal information without judicial authorization – particularly in cases where there are no exigent circumstances.

As we move more rapidly towards sensor-laden smart cities in which the consumption of basic services and the living of our daily lives will leave longer and longer plumes of data exhaust, it is important to reflect not just on who is collecting our data and why, but on the circumstances in which they are willing to share that data with others – including law enforcement officials. The incursions on privacy are many and from all directions. Public transit is a basic municipal service. It is also one that is essential for lower-income residents, including students.[2]Transit users deserve more robust privacy protections.

Notes:

[1] A recent decision of the Ontario Court of Appeal does seem to consider that the inability to negotiate for terms of service should be taken into account when assessing the impact of those terms on the reasonable expectation of privacy. See: R. v. Orlandis-Habsburgo.

[2] Some universities and colleges have U-Pass agreements which require students to pay additional fees in exchange for Prestocard passes. Universities and colleges should, on behalf of their students, be insisting on more robust privacy.



[

Published in Privacy

In the 2010-2011 school year, a teacher at a London, Ontario high school used a pen camera to make surreptitious video recordings of female students, with a particular emphasis on their cleavage and breasts. A colleague noticed his activity and reported it to the principal, who confiscated the pen camera and called the police. The police found 19 videos on the camera’s memory card, featuring 30 different individuals, 27 of whom were female. A warrant was obtained a week later to search the teacher’s home – the police found nothing beyond a computer mysteriously missing its hard drive. The teacher was ultimately charged with voyeurism.

The offense of voyeurism requires that there be a surreptitious observation (recorded or not) of a “person who is in circumstances that give rise to a reasonable expectation of privacy”. It also requires that the “observation or recording is done for a sexual purpose” (Criminal Code, s. 162(1)(c)). The trial judge had found that the students had a reasonable expectation of privacy in the circumstances, but he inexplicably found that the Crown had not met its burden of showing, beyond a reasonable doubt, that the recordings of their cleavage and breasts was done for a sexual purpose. He stated: “While a conclusion that the accused was photographing the student’s [sic] cleavage for a sexual purpose is most likely, there may be other inferences to be drawn that detract from the only rationale [sic] conclusion required to ground a conviction for voyeurism.” (Trial Decision at para 77) He did not provide any information about what those other inferences might conceivably be.

On appeal, the Crown argued that the trial judge had erred in finding that the filming was not done for a sexual purpose. All of the appellate judges agreed that the judge had indeed erred. The majority noted that the trial judge had failed to identify any other possible inferences in his reasons. They also noted that his description of the teacher’s behavior as “morally repugnant” was “inconsistent with the trial judge’s conclusion that the videos might not have been taken for a sexual purpose.” (Court of Appeal decision at para 47) The majority noted that “[t]his was an overwhelming case of videos focused on young women’s breasts and cleavage” (at para 53), and they concluded that there was no reasonable inference other than that the videos were taken for a sexual purpose. Clearly, the teacher was not checking for skin cancer.

However, the accused had appealed the trial judge’s finding that the students had a reasonable expectation of privacy. The majority of the Court of Appeal agreed, leading to the overall appeal of his acquittal being dismissed. The majority’s reasoning is disturbing, and has implications for privacy more broadly. In determining what a ‘reasonable expectation of privacy’ entailed, the majority relied on a definition of privacy from the Oxford English Dictionary. That learned non-legal tome defines privacy as “a state in which one is not observed or disturbed by other people; the state of being free from public attention.” (at para 93). From this, the majority concluded that location was a key component of privacy. They stated: “A person expects privacy in places where the person can exclude others, such as one’s home or office, or a washroom. It is a place where a person feels confident that they are not being observed.” (at para 94) The majority accepted that there might be some situations in which a person has an expectation of privacy in a public setting, but these would be limited. They gave the example of upskirting as one “where a woman in a public place had a reasonable expectation of privacy that no one would look under her skirt” (at para 96). Essentially, the tent of a woman’s skirt is a private place within a public one.

The trial judge had found a reasonable expectation of privacy in the circumstances on the basis that a student would expect that a teacher would not “breach their relationship of trust by surreptitiously recording them without there consent.” (at para 103). According to the majority, this conflated the reasonable expectation of privacy with the act of surreptitious recording. They stated: “Clearly students expect that a teacher will not secretly observe or record them for a sexual purpose at school. However, that expectation arises from the nature of the required relationship between students and teachers, not from an expectation of privacy.” (at para 105) This approach ignores the fact that the nature of the relationship is part of the context in which the reasonableness of the expectation of privacy must be assessed. The majority flattened the concept of reasonable expectation of privacy to one consideration – location. They stated that “if a person is in a public place, fully clothed and not engaged in toileting or sexual activity, they will normally not be in circumstances that give rise to a reasonable expectation of privacy.” (at para 108)

Justice Huscroft, in dissent is rightly critical of this impoverished understanding of the reasonable expectation of privacy. He began by situating privacy in its contemporary and technological context: “Technological developments challenge our ability to protect privacy: much that was once private because it was inaccessible is now easily accessible and capable of being shared widely.” (at para 116). He observed that “whether a person has a reasonable expectation of privacy is a normative or evaluative question rather than a descriptive or predictive one. It is concerned with identifying a person’s legitimate interests and determining whether they should be given priority over competing interests. To say that a person has a reasonable expectation of privacy in some set of circumstances is to conclude that his or her interest in privacy should be prioritized over other interests.” (at para 117)

Justice Huscroft was critical of the majority’s focus on location as a means of determining reasonable expectations of privacy. He found that the majority’s approach – defining spaces where privacy could reasonably be expected – was both over and under-inclusive. He noted that there are public places in which people have an expectation of privacy, even if that expectation is attenuated. He gave the example of a woman breastfeeding in public. He stated: “Privacy expectations need not be understood in an all-or-nothing fashion. In my view, there is a reasonable expectation that she will not be visually recorded surreptitiously for a sexual purpose. She has a reasonable expectation of privacy at least to this extent.” (at para 125) Justice Huscroft also noted that the majority’s approach was over-inclusive, in that while a person has a reasonable expectation of privacy in their home, it might be diminished if they stood in front of an open window. While location is relevant to the privacy analysis, it should not be determinative.

Justice Huscroft found that the question to be answered in this case was “should high school students expect that their personal and sexual integrity will be protected while they are at school?” (at para 131). He noted that schools were not fully public in the sense that school officials controlled access to the buildings. While the school in question had 24-hour video surveillance, the cameras did not focus on particular students or particular body parts. No access was permitted to the recordings for personal use. The school board had a policy in place that prohibited teachers from making the types of recordings made in this case. All of these factors contributed to the students’ reasonable expectation of privacy. He wrote:

No doubt, students will be seen by other students, school employees and officials while they are at school. But this does not mean that they have no reasonable expectation of privacy. In my view, the students' interest in privacy is entitled to priority over the interests of anyone who would seek to compromise their personal and sexual integrity while they are at school. They have a reasonable expectation of privacy at least to this extent, and that is sufficient to resolve this case. (at para 133)

Justice Huscroft observed that the majority’s approach that requires the reasonable expectation of privacy to be considered outside of the particular context in which persons find themselves would unduly limit the scope of the voyeurism offence.

This case provides an ugly and unfortunate window on what women can expect from the law when it comes to voyeurism and other related offenses. In the course of his reasons, the trial judge stated that ““[i]t may be that a female student’s mode of attire may attract a debate about appropriate reactions of those who observe such a person leading up to whether there is unwarranted and disrespectful ogling” (Trial decision, at para 46). The issue is not just about public space, it is about the publicness of women’s bodies. The accused was acquitted at trial because of the trial judge’s baffling conclusion that the teacher might have had some motive – other than a sexual one – in making the recordings of female students’ breasts and cleavage. Although the Court of Appeal corrected this error, the majority found that female students at high school do not have a reasonable expectation of privacy when it comes to having their breasts surreptitiously filmed by their teachers (who are not allowed, under school board policies, to engage in such activities). The majority fixates on location as the heart of the reasonable expectation of privacy, eschewing a more nuanced approach that would consider those things that actually inform our expectations of privacy.

 

Published in Privacy

The long-term care context is one where privacy interests of employees can come into conflict with the interests of residents and their families. Recent reported cases of abuse in long-term care homes captured on video camera only serve to highlight the tensions regarding workplace surveillance. A June 2017 decision of the Quebec Court of Appeal, Vigi Santé ltée c. Syndicat québécois des employées et employés de service section locale 298 (FTQ), considers the workplace privacy issues in a context where cameras were installed by the family members of a resident and not by the care facility.

The facts of the case were fairly straightforward. The camera was installed by the family of a resident of a long term care facility, but not because of any concerns about potential abuse. Two of the resident’s children live abroad and the camera provided them with a means of maintaining contact with their mother. The camera could be used in conjunction with Skype, and one of the resident’s children present in Quebec regularly used Skype to receive updates about his mother from the private personal care person they also paid to be with their mother for part of the day, six days a week. The camera provided a live feed but did not record images. The operators of the long-term care facility did not have access to the feed. The employees of the facility were informed of the presence of the camera and none objected to it. The privately hired personal care worker was often present when staff provided care, and the court noted that there were no complaints about the presence of this companion. The family never complained about the services provided to the resident; in fact, they indicated that they were very satisfied. The resident had been in two other facilities prior to moving to this one; similar cameras had been used in those facilities.

The employees’ union challenged the installation of the video, and two questions were submitted to an arbitrator for determination. The first question was whether the employer could permit the family members of a resident to install a camera in the resident’s room for the sole purpose of allowing family members to see the resident. The second was whether the employer could permit family members to install a camera in the room of a resident with the goal of overseeing the activities of employee caregivers. The arbitrator had ruled that, as far as employees were concerned, in both cases the camera was a surveillance camera. He went on to find that the employer had no justification in the circumstances for carrying out surveillance on its employees. Judicial review of this decision was sought, and a judge of the Quebec Superior court confirmed the decision. It was appealed to the Court of Appeal.

Under the principles of judicial review, an arbitrator’s decision can only be overturned if it is unreasonable. The Court of Appeal split on this issue with the majority finding the decision to have been unreasonable. The majority emphasized that the arbitrator had found that the family’s motivation for installing the camera was not to carry out surveillance on the staff, and also highlighted the fact that none of the staff had complained about the presence of the camera.

Although the majority agreed that the privacy guarantees of the Quebec Charter of Human Rights and Freedoms protected employees against unjustified workplace surveillance by their employer, they found that the camera installed by the family for the purpose of maintaining contact with a loved one did not constitute employee surveillance. Further, it was not carried out by the employer. They noted in particular the fact that the images were not recorded and the feed was not accessible to the employer. The majority criticized the arbitrator for characterizing the family’s decision to install the camera as being motivated by a disproportionate concern (“une inquietude démesurée”) over their mother’s well-being, because there was no evidence of any mistreatment.

The majoirty cited jurisprudence to support its view that a camera that captured activities of workers was not necessarily a surveillance camera. It noted several Quebec arbitration cases where arbitrators determined that cameras installed by employers to provide security or to protect against industrial espionage were permissible, notwithstanding the fact that they also captured the activities of employees. Any surveillance of employees was incidental to a different and legitimate objective of the employer.

The majority went further, noting that in this case, the issue was whether an individual (or their family) had a right to install a camera in their own living space. For the majority, it was significant that the care home was the resident’s permanent living space because she had lost her ability to live on her own. The camera allowed her to remain in greater contact with her loved ones, including two children who lived abroad. They considered that the family’s choice in this matter had to be given its due weight, and found that the arbitrator should have ruled, in answer to the first question, that the employer could permit the installation of a camera, by family members, for the goal of permitting the family members to maintain contact with a resident.

The second question related to the rights of family members to install cameras with the goal of carrying out surveillance on caregivers. The majority declined to answer this question on because the facts did not provide a sufficient context on which to base a decision. The Court noted that the answer would depend on circumstances which might include whether there had already been complaints or reported concerns, the nature and extent of notice provided to employees, and so on.

Justice Giroux, in dissent, found that it was reasonable for the arbitrator to have characterized the camera as a surveillance camera. The arbitrator had noted that the camera was placed in such a way as to allow for a continuous view of all care provided by employees to the resident. The resolution was good enough to identify them, and in some cases to hear them. While there was no recording of the feed, it was possible to create still photographs through screen capture. The arbitrator had also turned his attention to the special nature of the care home, noting that it was a home to residents but at the same time was a workplace for the employees. The workplace was governed by a collective agreement, and disputes about working conditions were meant to be resolved by an arbitrator, meaning that courts should exercise deference in review. The arbitrator had found that by permitting the installation of the camera by the family of the resident, the employer had adopted as its own the family’s reasons for doing so, and was responsible for establishing that the level of surveillance was consistent with the Quebec Charter. The arbitrator had found that the family members had demonstrated a disproportionate level of concern, and that this could not be a basis for permitting workplace surveillance. He concluded that in his view the decision of the arbitrator should have been upheld.

 

Published in Privacy

In R. v. Orlandis-Habsburgo the Ontario Court of Appeal revisited the Supreme Court of Canada decisions in R. v. Spencer, R. v. Gomboc, and R. v. Plant. The case involved the routine sharing of energy consumption data between an electricity provider and the police. Horizon Utilities Corp. (Horizon) had a practice of regularly reviewing its customers’ energy consumption records, including monthly consumption figures as well as patterns of consumption throughout the day. When Horizon encountered data suggestive of marijuana grow operations, they would send it to the police. This is what occurred in Orlandis-Habsburgo. The police responded by requesting and obtaining additional information from Horizon. They then conducted observations of the accused’s premises. The police used a combination of data provided by Horizon and their own observation data to obtain a search warrant which ultimately led to charges against the accused, who were convicted at trial.

The defendants appealed their convictions, arguing that their rights under s. 8 of the Canadian Charter of Rights and Freedoms had been infringed when the police obtained data from Horizon without a warrant. The trial judge had dismissed these arguments, finding that the data were not part of the “biographical core” of the defendants’ personal information, and that they therefore had no reasonable expectation of privacy in them. Further, he ruled that given the constellation of applicable laws and regulations, as well as Horizon’s terms of service, it was reasonable for Horizon to share the data with the police. The Court of Appeal disagreed, finding that the appellants’ Charter rights had been infringed. The decision is interesting because of its careful reading of the rather problematic decision of the Supreme Court of Canada in Gomboc. Nevertheless, although the decision creates important space for privacy rights in the face of ubiquitous data collection and close collaboration between utility companies and the police, the Court of Appeal’s approach is highly contextual and fact-dependent.

A crucial fact in this case is that the police and Horizon had an ongoing relationship when it came to the sharing of customer data. Horizon regularly provided data to the police, sometimes on its own initiative and sometimes at the request of the police. It provided data about suspect residences as well as data about other customers for comparison purposes. Writing for the unanimous court, Justice Doherty noted that until the proceedings in this case commenced, Horizon had never refused a request from the police for information. He found that this established that the police and Horizon were working in tandem; this was important, since it distinguished the situation from one where a company or whistleblower took specific data to the police with concerns that it revealed a crime had been committed.

The Court began its Charter analysis by considering whether the appellants had a reasonable expectation of privacy in the energy consumption data. The earlier Supreme Court of Canada decisions in Plant and Gomboc both dealt with data obtained by police from utility companies without a warrant. In Plant, the Court had found that the data revealed almost nothing about the lifestyle or activities of the accused, leading to the conclusion that there was no reasonable expectation of privacy. In Gomboc, the Court was divided and issued three separate opinions. This led to some dispute as to whether there was a reasonable expectation of privacy in the data. In Orlandis-Habsburgo, the Crown argued that seven out of nine judges in Gomboc had concluded that there was no reasonable expectation of privacy in electricity consumption data. By contrast, the appellants argued that five of the nine judges in Gomboc had found that there was a reasonable expectation of privacy in such data. The trial judge had sided with the Crown, but the Court of Appeal found otherwise. Justice Doherty noted that all of the judges in Gomboc considered the same factors in assessing the reasonable expectation of privacy: “the nature of the information obtained by the police, the place from which the information was obtained, and the relationship between the customer/accused and the service provider.” (at para 58) He found that seven of the judges in Gomboc had decided the reasonable expectation of privacy issue on the basis of the relationship between the accused and the utility company. At the same time, five of the justices had found that the data was of a kind that had the potential to reveal personal activities taking place in the home. He noted that: “In coming to that conclusion, the five judges looked beyond the data itself to the reasonable inferences available from the data and what those inferences could say about activities within the home.” (at para 66) He noted that this was the approach taken by the unanimous Supreme Court in R. v. Spencer, a decision handed down after the trial judge had reached his decision in Orlandis-Habsburgo. He also observed that the relationship between the customer and the service provider in Orlandis-Habsburgo was different in significant respects from that in Gomboc, allowing the two cases to be distinguished. In Gomboc, a provincial regulation provided that information from utility companies could be shared with the police unless customers explicitly requested to opt-out of such information sharing. No such regulation existed in this case.

Justice Doherty adopted the four criteria set out in Spencer for assessing the reasonable expectation of privacy. There are: “(1) the subject matter of the alleged search; (2) the claimant's interest in the subject matter; (3) the claimant's subjective expectation of privacy in the subject matter; and (4) whether this subjective expectation of privacy was objectively reasonable, having regard to the totality of the circumstances.” (Spencer, at para 18) On the issue of the subject matter of the search, the Court found that the energy consumption data included “both the raw data and the inferences that can be drawn from that data about the activity in the residence.” (at para 75) Because the data and inferences were about a person’s home, the Court found that this factor favoured a finding of a reasonable expectation of privacy. With respect to the interest of the appellants in the data, the Court found that they had no exclusive rights to these data – the energy company had a right to use the data for a variety of internal purposes. The Court described these data as being “subject to a complicated and interlocking myriad of contractual, legislative and regulatory provisions” (at para 80), which had the effect of significantly qualifying (but not negating) any expectation of privacy. Justice Doherty found that the appellants had a subjective expectation of privacy with respect to any activities carried out in their home, and he also found that this expectation of privacy was objectively reasonable. In this respect, he noted that although there were different documents in place that related to the extent to which Horizon could share data with the police, “one must bear in mind that none are the product of a negotiated bargain between Horizon and its customers.” (at para 84) The field of energy provision is highly regulated, and the court noted that “[t]he provisions in the documents to which the customers are a party, permitting Horizon to disclose data to the police, cannot be viewed as a ‘consent’ by the customer, amounting to a waiver of any s. 8 claim the customer might have in the information.” (at para 84) That being said, the Court also cautioned against taking any of the terms of the documents to mean that there was a reasonable expectation of privacy. Justice Doherty noted that “The ultimate question is not the scope of disclosure of personal information contemplated by the terms of the documents, but rather what the community should legitimately expect in terms of personal privacy in the circumstances.” (at para 85) He therefore described the terms of these documents as relevant, but not determinative.

The documents at issue included terms imposed on the utility by the Ontario Energy Board. Under these terms, Horizon is barred from using customer information for purposes other than those for which it was obtained without the customer’s consent. While there is an exception to the consent requirement where the information is “required to be disclosed. . . for law enforcement purposes”, Justice Doherty noted that in this case the police had, at most, requested disclosure – at no point was the information required to be disclosed. He found that the terms of the licence distinguished this case from Gomboc and supported a finding of a reasonable expectation of privacy in the data.

The Court also looked at the Distribution System Code (DSC) which permits disclosure to police of “possible unauthorized energy use”. However, Justice Doherty noted that this term was not defined, and no information was provided in the document as to when it was appropriate to contact police. He found this provision unhelpful in assessing the reasonable expectation of privacy. The Court found the Conditions of Service to be similarly unhelpful. By contrast, the privacy policy provided that the company would protect its customers’ personal information, and explicitly set out the circumstances in which it might disclose information to third parties. One of these was a provision for disclosure “to personas as permitted or required by Applicable Law”. Those applicable laws included the provincial Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA) Justice Doherty looked to the Supreme Court of Canada’s interpretation of PIPEDA in Spencer. He found that the exception in PIPEDA that permitted disclosure of information to law enforcement could only occur with “lawful authority” and that “[t]he informal information-sharing arrangement between Horizon and the police described in the evidence is inconsistent with both the terms of Horizon’s licence and the disclosure provisions in PIPEDA.” (at para 104) He also found that it did not amount to “lawful authority” for a request for information.

The respondents argued that s. 32(g) of MFIPPA provided a basis for disclosure. This provision permits disclosures to law enforcement agencies without referencing any need for “lawful authority”. However, Justice Doherty noted that, like PIPEDA, MFIPPA has as its primary goal the protection of personal information. He stated: “That purpose cannot be entirely negated by an overly broad and literal reading of the provisions that create exceptions to the confidentiality requirement.” (at para 106) He noted that while s. 32(g) provides an entity with discretion to release information in appropriate circumstances, the exercise of this discretion requires “an independent and informed judgment” (at para 107) in relation to a specific request for information. The provision could not support the kind of informal, ongoing data-sharing relationship that existed between Horizon and the police. Similarly, the court found that the disclosure could not be justified under the exception in s. 7(3)(d)(i) of PIPEDA that allowed a company to disclose information where it had “reasonable grounds to believe that the information relates to . . . a contravention of the laws of Canada”. While Justice Doherty conceded that such disclosures might be possible, in the circumstances, Horizon “did not make any independent decision to disclose information based on its conclusion that reasonable grounds existed to believe that the appellants were engaged in criminal activity.” (at para 110) It simply passed along data that it thought might be of interest to the police.

Although the Court of Appeal concluded that there was a reasonable expectation of privacy in the energy consumption data, and that the search was unreasonable, it ultimately found that the admission of the evidence would not bring the administration of justice into disrepute. As a result, the convictions were upheld. The court cited, in support of its conclusion that the trial judge had reached his decision prior to the Supreme Court of Canada’s decision in Spencer, and that the error in the judge’s approach was only evident after reading Spencer.

 

Published in Privacy

Skirmishes over right to freely access and use “publicly available” data hosted by internet platform companies have led to an interesting decision from the U.S. District Court from the Northern District of California. The decision is on a motion for an interlocutory injunction, so it does not decide the merits of the competing claims. Nevertheless, it provides insight into a set of issues that are likely only to increase in importance as these rich troves of data are mined by competitors, opportunistic businesses, big data giants, researchers and civil society actors.

The parties in hiQ Labs Inc. v LinkedIn Corp. are companies whose business models are based upon career-related personal information provided by professionals. LinkedIn offers a professional networking platform to over 500 million users, and it is easily the leading company in its space. hiQ, for its part, is a data analytics company with two main products aimed at enterprises. The first is “Keeper”, a product which informs corporations about which of their employees are at greatest risk of being poached by other companies. The second is “Skill Mapper” which provides businesses with summaries of the skills of their employees. For both of its products hiQ relies on data that it scrapes from LinkedIn’s publicly accessible web pages.

Data featured on LinkedIn’s site are provided by users who create accounts and populate their profiles with a broad range of information about their background and skills. LinkedIn members have some control over the extent to which their information will be shared by others. They can choose to limit access to their profile information to only their close contacts or to an expanded list of contacts. Alternatively, they can provide access to all other members of LinkedIn. They also have the option to make their profiles entirely public. These public profiles are searchable by search engines such as Google. It is the data in the fully public profiles that is scraped and used by hiQ.

hiQ is not the only company that scrapes data from LinkedIn as part of an independent business model. In fact, LinkedIn has only recently attempted to take legal action against a large number of users of its data. hiQ was just one of many companies that received a cease and desist letter from LinkedIn. Because being cut off from the LinkedIn data would effectively decimate its business, hiQ responded by seeking a declaration from the California court that its activities were legal. The recent decision from the court is in relation to hiQ’s request for an interlocutory injunction that will allow it to continue to access the LinkedIn data pending resolution of the substantive legal issues raised by both sides.

hiQ argued that in moving against its data scraping activities, LinkedIn engaged in unfair business practices, and violated its free speech rights under the California constitution. LinkedIn, for its part, argued that hiQ’s data scraping activities violated the Computer Fraud and Abuse Act (CFAA), as well as the digital locks provisions Digital Millennium Copyright Act (DMCA) (although these latter claims do not feature in the decision on the interlocutory injunction).

Like other platform companies, access to and use of LinkedIn’s site is governed by website Terms of Service (TOS). These TOS prohibit data scraping. When LinkedIn demanded that hiQ cease scraping data from its site, it also implemented technological protection measures to prevent access by hiQ to its data. LinkedIn’s claims under the CFAA and the DMCA are based largely on the circumvention of these technological barriers by hiQ.

The court ultimately granted the injunction barring LinkedIn from limiting hiQ’s access to its publicly available data pending the resolution of the issues in the case. In doing so, it expressed its doubts that the CFAA applied to hiQ’s activity, noting that if it did, it would “profoundly impact open access to the Internet.” It also found that attempts by LinkedIn to block hiQ’s access might be in breach of state law as anti-competitive behavior. In reaching its decision, the court had some interesting things to say about the importance of access to publicly accessible data, and the privacy rights of those who provided the data. These issues are highlighted in the discussion below.

In deciding whether to grant an interlocutory injunction, a court must assess both the possibility of irreparable harm and the balance of convenience as between the parties. In this case, the court found that denying hiQ access to LinkedIn data would essentially put it out of business – causing it irreparable harm. LinkedIn argued that it was imperative that it be allowed to protect its data because of its users’ privacy interests. While hiQ only scraped data from public profiles, LinkedIn argued that even those users with public profiles had privacy interests. I noted that 50 million of its users with public profiles had selected its “Do Not Broadcast” feature which prevents profile updates from being broadcast to a user’s connections. LinkedIn described this as a privacy feature that would essentially be circumvented by routine data scraping. The court was not convinced. In the first place, it found that there might be many reasons besides privacy concerns that motivated users to choose “do not broadcast”. It gave as an example the concern by users that their connections not be spammed by endless notifications. The Court also noted that LinkedIn had its own service for professional recruiters that kept them apprised of updates even from users who had implemented “Do Not Broadcast”. The court dismissed arguments by LinkedIn that this was different because users had consented to such sharing in their privacy policy. The court stated: “It is unlikely, however, that most users’ actual privacy expectations are shaped by the fine print of a privacy policy buried in the User Agreement that likely few, if any, users have actually read.” [Emphasis in original] This is interesting, because the court discounts the relevance of a privacy policy in informing users’ expectations of privacy. Essentially, the court finds that users who make their profiles public have no real expectation of privacy in the information. LinkedIn could therefore not rely on its users’ privacy interests to justify its actions.

In assessing whether the parties raised serious questions going to the merits of the case, the court considered LinkedIn’s arguments about the CFAA. The CFAA essentially criminalizes intentional access to a computer without authorization, or in a way that exceeds the authorization provided, with the result that information is obtained. The question, therefore, was whether hiQ’s continued access to the LinkedIn site after LinkedIn expressly revoked any permission and tried to bar its access, was a violation of the CFAA. The court dismissed the cases cited by LinkedIn in support of its position, noting that these cases involved unauthorized access to password protected sites as opposed to accessing publicly available information.

The court observed that the CFAA was enacted largely to deal with the problem of computer hacking. It noted that if the application of the law was extended to publicly accessible websites it would greatly expand the scope of the legislation with serious consequences. The court noted that this would mean that “merely viewing a website in contravention of a unilateral directive from a private company would be a crime.” [Emphasis in original] It went on to note that “The potential for such exercise of power over access to publicly viewable information by a private entity weaponized by the potential of criminal sanctions is deeply concerning.” The court placed great emphasis on the importance of an open internet. It noted that “LinkedIn, here, essentially seeks to prohibit hiQ from viewing a sign publicly visible to all”. It clearly preferred an interpretation of the CFAA that would be limited to unauthorized access to a computer system through some form of “authentication gateway”.

The court also found that hiQ raised serious questions that LinkedIn’s behavior might fall afoul of competition laws in California. It noted that LinkedIn is in a dominant position in the field of professional networking, and that it might be leveraging its position to get a “competitively unjustified advantage in a different market.” It also accepted that it was possible that LinkedIn was denying its competitors access to an essential facility that it controls.

The court was not convinced by hiQ’s arguments that the technological barriers erected by LinkedIn violated the free speech guarantees in the California Constitution. Nevertheless, it found that on balance the public interest favoured the granting of the injunction to hiQ pending the outcome of litigation on the merits.

This dispute is extremely interesting and worth following. There are a growing number of platforms that host vast stores of publicly accessible data, and these data are often relied upon by upstart businesses (as well as established big data companies, researchers, and civil society) for a broad range of purposes. The extent to which a platform company can control its publicly accessible data is an important one, and one which, as the California court points out, will have important public policy ramifications. The related privacy issues – where the data is also personal information – are also important and interesting. These latter issues may be treated differently in different jurisdictions depending upon the applicable data protection laws.

Published in Privacy

The Supreme Court of Canada has just granted leave to appeal a decision of the British Columbia Court of Appeal in a case involving evidentiary issues in the province’s law suit to recover health care costs from the tobacco industry. The law suit was brought under the Tobacco Damages and Health Care Costs Recovery Act – a law passed specifically for the purpose of recovering health care costs from the industry. The case raises interesting issues regarding the balance between privacy rights and fairness in litigation; it also touches on issues or re-identification risk in aggregate health care data.

Under the B.C. statute, the province has two options for recovering health care costs. It can recover actual costs for particular identified individuals, or it can recover costs on an aggregate basis “for a population of insured persons as a result of exposure to a type of tobacco product.” (s. 2(1)) The province chose the second option. Under s. 2(5) of the Act, if this route is chosen, the province is not required to identify specific individuals or to establish tobacco-related illnesses with respect to those individuals. Further, the health records of specific individuals need not be provided as part of the litigation. However, if aggregate data is relied upon, the court retains the right to “order discovery of a statistically meaningful sample” of the records, and can issue “directions concerning the nature, level of detail and type of information to be disclosed.” The court must nevertheless ensure that the identities of the specific individuals to whom the data pertain are not disclosed.

The province generated aggregate statistical data regarding costs from its databases of health care services provided to insured persons, and indicated its intention to rely upon this data to prove its case. The defendant tobacco companies sought access to the data relied upon by the province. The province declined to provide the data directly. Instead it arranged for a limited form of access through third party intermediaries, which included Statistics Canada employees. Although some of the defendants accepted this approach, Philip Morris International (PMI) did not. It argued that it was entitled to access the data itself in order to assess the reliability and accuracy of the province’s analyses. Both the court at first instance and the B.C. Court of Appeal ultimately sided with PMI.

The B.C. Information and Privacy Commissioner, who intervened in the appeal before the B.C. Court, argued that “the interpretation of a statutory provision aimed at protecting personal privacy must be approached in light of the importance of protection of privacy as a fundamental value in Canadian society” (at para 25 of the BCCA decision). He maintained that the court should rely upon the Freedom of Information and Protection of Privacy Act (FIPPA) in interpreting the Tobacco Act, and that FIPPA required the terms “personal information” and “record” to be given a broad interpretation. The Court of Appeal summarily rejected this argument, stating that “FIPPA does not limit the information available by law to a party to a proceeding (s. 3(2)) and has no role in the interpretation of s. 2(5)(b).” (at para 25)

The Court of Appeal noted that the Tobacco Act provided two routes for the province to establish damages, one that required consideration of individual health records and one that did not. It chose the second route, which means that in general terms, individual health records are not compellable. The province argued that their decision to choose this route was motivated by a desire to protect the privacy of affected individuals. The Information and Privacy Commissioner argued that a requirement to disclose the aggregate data “has privacy implications for millions of insured persons who are not involved as litigants in the underlying action.” (at para 28) The Court of Appeal noted, however, that the legislation established the ‘playing field’ on which the litigation would take place and that there was no indication that this playing field was not intended to be even. It observed that the legislation does not make privacy a “paramount concern” (at para 31) since it did provide the province with the option to choose a route that would involve consideration of thousands of specific records. Had this route been chosen, the Court noted, “all of the individualized persons’ health care records would be subject to discovery and disclosure notwithstanding any privacy concerns that such disclosure might raise.” (at para 31)

With an aggregate action, the focus is not on individualized health care records. Section 2(5)(b) protects the privacy of individuals if such a route is chosen, and prevents “the aggregate action from becoming bogged down with “individual forms of discovery” in which the defendants could demand voluminous records of thousands or millions of people.” (at para 34) However, the Court noted that in following this route, the province will rely upon the data generated from its databases to establish both causation and damage. This makes the databases highly relevant to the litigation. The Court noted that s. 2(5)(b) “is not intended to block the discovery of the cumulative data contained in the databases, which data is essential to prove causation and damages.” (at para 35)

The Court ruled that the anonymized data on which the province would base its analyses would pose “no realistic threat to personal privacy.” (at para 36) Further, the defendants would be bound not to disclose the information provided to them as part of the litigation-related implied undertaking. The Court also observed that the identity of the specific individuals would be of no interest to the defendants, making it highly unlikely any attempts at re-identification would be made.

The Court of Appeal was particularly concerned about the unfairness that might result if “The only data available to the defendants would be the data the Province offers up on restrictive terms, or the data the Province’s testifying experts eventually choose to rely on in their reports.” (at para 37) It found that fairness required that the databases be produced.

It should be noted that in reaching its decision, the B.C. Court of Appeal declined to follow a judgment from the New Brunswick Supreme Court in a very similar case under nearly identical legislation. In Her Majesty the Queen in Right of the Province of New Brunswick v. Rothmans Inc., the judge had dismissed an application by the defendant tobacco companies for the production of anonymized health care data in the same circumstances. The judge in that case had access to the decision of the B.C. Supreme Court which had ordered production of the databases, but had declined to follow that decision on the basis that the anonymization of the data would not be sufficient to protect privacy, and that the database was “a document containing information that relates to the provision of health care benefits for “particular individuals””. (BCCA decision at para 20) In declining to follow the New Brunswick decision, the B.C. Court of Appeal observed that the New Brunswick judge had relied entirely on the privacy provisions and “did not attempt to read the provisions in the New Brunswick Act as a harmonious whole.” (at para 39) The New Brunswick Court of Appeal declined leave to appeal. With two conflicting decisions from two different provinces, the matter is now heading to the Supreme Court of Canada.

 

 

Published in Privacy

Toronto Star journalist Theresa Boyle has just won an important victory for access to information rights and government transparency – one that is likely to be challenged before the Ontario Court of Appeal. On June 30, 2017, three justices of the Ontario Divisional Court unanimously upheld an adjudicator’s order that the Ministry of Health and Long-Term Care disclose the names, annual billing amounts and fields of medical specialization of the 100 top-billing physicians in Ontario. The application for judicial review of the order was brought by the Ontario Medical Association, along with many of the doctors on the disputed list (the Applicants).

The amount that the Ontario Health Insurance Program (OHIP) pays physicians for services rendered is government information. Under the Freedom of Information and Protection of Privacy Act (FOIPPA), the public has a right of access to government information – subject to specific exceptions that serve competing issues of public interest. One of these is privacy – a government institution can refuse to disclose information if it would reveal personal information. The Ministry had been willing to disclose the top 100 amounts billed to OHIP, but it refused to disclose the names of the doctors or some of the areas of specialization (which might lead to their identification) on the basis that this was the physicians’ personal information. The Adjudicator disagreed and found that the billing information, including the doctors’ names, was not personal information. Instead, it identified the physicians in their professional capacity. FOIPPA excludes this sort of information from the definition of personal information.

The Applicants accepted that the physicians were named in the billing records in their professional capacity. However, they argued that when those names were associated with the gross amounts, this revealed “other personal information”. In other words, they argued that the raw billing information did not reflect the business overhead expenses that physicians had to pay from their earnings. As a result, this information, if released, would be misinterpreted by the public as information about their net incomes. They argued that this made converted it into “other personal information relating to the individual” (s. 2(1)(h)). How much doctors bill OHIP should be public information. The idea that the possibility that such information might be misinterpreted could be a justification for refusal to disclose it is paternalistic. It also has the potential to stifle access to information. The argument deserved the swift rejection it received from the court.

The Applicants also argued that the adjudicator erred by not following earlier decisions of the Office of the Information and Privacy Commissioner (OIPC) that had found that the gross billing amounts associated with physician names constituted personal information. Adjudicator John Higgins ruled that “Payments that are subject to deductions for business expenses are clearly business information.” (at para 18) The Court observed that the adjudicator was not bound to follow earlier OIPC decisions. Further, the issue of consistency could be looked at in two ways. As the adjudicator himself had noted, the OIPC had regularly treated information about the income of non-medical professionals as non-personal information subject to disclosure under the FOIPPA; but for some reasons had treated physician-related information differently. Thus, while one could argue that the adjudicator’s decision was inconsistent with earlier decisions about physician billing information, it was entirely consistent with decisions about monies paid by government to other professionals. The Court found no fault with the adjudicator’s approach.

The Applicants had also argued that Ms Boyle “had failed to establish a pressing need for the information or how providing it to her would advance the objective of transparency in government.” (para 31). The court gave this argument the treatment it deserved – they smacked it down. Justice Nordheimer observed that applicants under the FOIPPA are not required to provide reasons why they seek information. Rather, the legislation requires that information of this kind “is to be provided unless a privacy exception is demonstrated.” (at para 32) Justice Nordheimer went on to note that under access to information legislation, “the public is entitled to information in the possession of their governments so that the public may, among other things, hold their governments accountable.” He stated that “the proper question to be asked in this context, therefore, is not “why do you need it?” but rather is “why should you not have it.”” (at para 34).

This decision of the Court is to be applauded for making such short work of arguments that contained little of the public interest and a great deal of private interest. Transparency within a publicly-funded health care system is essential to accountability. Kudos to Theresa Boyle and the Toronto Star for pushing this matter forward. The legal costs of $50,000 awarded to them make it clear that transparency and accountability often do not come cheaply or without significant effort. And those costs continue to mount as the issues must now be hammered out again before the Ontario Court of Appeal.

Published in Privacy

Bill C-58, the government’s response to years of calls for reform of Canada’s badly outdated Access to Information Act has been criticized for falling far short of what is needed and from what was promised during the last election campaign. I share this concern. However, this blog post focuses on a somewhat different issue raised by Bill C-58 – the new relationship it will create around privacy as between the Offices of the Information Commissioner and the Privacy Commissioner of Canada.

While Canadian provinces combine access to information and the protection of personal information in the hands of government under a single statute and a single commissioner, the federal government has kept these functions separate. As a result, there is a federal Information Commissioner charged with administering the Access to Information Act and a federal Privacy Commissioner charged with administering the Privacy Act. In 2001, the Privacy Commissioner was also given the task of overseeing Canada’s private sector data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA). Certainly at the federal level it makes sense to separate the two regimes. While there is a close relationship between access and privacy (citizens have a right of access to their personal information in the hands of government, for example; and access rights are limited by the protection of the personal information of third parties), access to information and the protection of privacy have important – and sometimes conflicting – differences in their overall objectives. The reality is, as well, that both bring with them substantial and growing workloads, particularly at the federal level. Just as the role of the Privacy Commissioner has expanded with the addition of new responsibilities under PIPEDA, with the rapid advance of information technologies, and with new challenges at in relation to the actions of law enforcement and national security officials, so too has the Information Commissioner’s role been impacted by technology, and by the growing movement towards open government and open data.

In spite of these different spheres of activity, there remain points of intersection between access and privacy. These points of intersection are significant enough that changes to the role of one Commissioner may have implications for the other. For example, a government institution under the ATIA can refuse to disclose records if doing so would reveal third party personal information. The Information Commissioner, fielding a complaint about such a refusal, will consider whether the information at issue is personal information and whether it should be disclosed. The federal Privacy Commissioner, dealing with complaints regarding the mishandling of personal information, must also determine what is or is not personal information.

This overlap is poised to be affected by proposed changes to the ATIA. First, Bill C-58 will make the definition of “personal information” in the ATIA match that in the Privacy Act. Second – and significantly – the Bill will give the Information Commissioner order-making powers. This means that the Information Commissioner can rule on whether information in the hands of a government institution is or is not personal information. The decision will be binding and enforceable if it is not challenged. The Privacy Commissioner currently does not have order-making powers (these are on the wish-list for Privacy Act reform). Ironically, then, this means that the Information Commissioner will be in a position to make binding orders regarding what constitutes personal information in the hands of government whereas the Privacy Commissioner cannot. Even if the Privacy Commissioner eventually gets such powers, there will still be the potential for conflicting decisions/interpretations about how the definition of personal information should be applied to particular types of information.

No doubt in recognition of the potential for conflict in the short and longer term, Bill C-58 provides for the Information Commissioner to consult with the Privacy Commissioner. The proposed new section 36.2 reads:

36.‍2 If the Information Commissioner intends to make an order requiring the head of a government institution to disclose a record or a part of a record that the head of the institution refuses to disclose under subsection 19(1), the Information Commissioner may consult the Privacy Commissioner and may, in the course of the consultation, disclose to him or her personal information. [my emphasis]

In theory then, the Information Commissioner should touch base with the Privacy Commissioner before making orders regarding what is or is not personal information, or perhaps even whether certain personal information is subject to disclosure. It is worth noting, however, that the new provision uses the verb “may”, rather than “must”. Neither consultation nor consensus is mandatory.

Bill C-58 anticipates potential problems. A revised section 37(2) requires the Information Commissioner to give notice to the Privacy Commissioner before any order is made regarding the disclosure of personal information. Section 41(4) then provides:

41(4) If neither the person who made the complaint nor the head of the institution makes an application under this section within the period for doing so, the Privacy Commissioner, if he or she receives a report under subsection 37(2), may, within 10 business days after the expiry of the period referred to in subsection (1), apply to the Court for a review of any matter in relation to the disclosure of a record that might contain personal information and that is the subject of the complaint in respect of which the report is made.

Thus, if the Privacy Commissioner disagrees with a decision of the Information Commissioner regarding what constitutes personal information or whether it should be released, he can apply to a court to have the dispute resolved before a final order is made by the Information Commissioner. Note that this can happen even if the applicant and the government institution are satisfied with the Commissioner’s proposed resolution.

It will be interesting to see whether the Privacy Commissioner will get order-making powers if and when the Privacy Act is reformed. This seems likely. What will be even more interesting will be whether any decision by the Privacy Commissioner about what constitutes “personal information” will similarly be open to challenge by the Information Commissioner, with the outcome to be settled by the Federal Court. This too seems likely. In the provinces, decisions about personal information for access and privacy purposes are made by a single Commissioner. The best way to achieve consensus as to the meaning of “personal information” at the federal level with two different Commissioners with different mandates, will be to have any conflicts referred to the courts. This will add a layer of delay in any case where disputes arise, although in theory at least, with open lines of communication between the two Commissioners, such disputes may be few and far between. Nevertheless, there may be a disadvantage in pushing controversies over the definition of “personal information” directly to the courts which lack the same experience and expertise as the two Commissioners in an increasingly complex data landscape. True, the courts already have the last word when it comes to interpreting the definitions of personal information in either statute. But those interpretations have, to date, been confined in impact to one or the other of the statutes and understood in the context of the particular legislative goals underlying the specific statute at issue. The impact of these changes will interesting to monitor.

 

Published in Privacy
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
Page 1 of 10

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law