Teresa Scassa - Blog

In a recent blog post I wrote about the issues raised by the mapping of public information. The issue that prompted this blog post was the creation, by the Journal News of New York State, of a map featuring the names and addresses of all gun permit holders in two counties. The map prompted outrage although it merely represented data made available to the newspaper on an access to information request.

A recent development in the story highlights another issue both with open data and with the mapping of public information. The Journal News reports that a substantial amount of the posted information was inaccurate. Apparently this was attributable to the fact that one of the two counties at issue did not require permit renewals, and thus contained a significant amount of outdated information. In fact, the data for this county was only about 25% accurate. The other county required renewals every five years, which made the data more current, though not entirely up-to-date.

The open data movement promises significant social and economic benefits. Making government data freely available in appropriate formats for reuse is meant to increase government transparency and accountability, and to provide individuals and the private sector with raw data for research or innovation. Many already use such information to create useful apps, or to develop information maps that place government data in an interactive and accessible geographic context.

One of the challenges, however, is ensuring that the data sets provided by government are accurate, complete and fit for the purpose to which they are put. Not only must governments ensure that they are providing current data and appropriate updates, they must also include the meta data necessary for users to understand the scope and limitations of the data set.

Where the data includes personal information (including home addresses) it would seem that the onus should be even higher on governments to ensure that the information being provided is current, or that the limitations of the data set are clearly identified. Of course, there is also an onus on the party using the information to ensure that they understand the limits of the data set.

Voltage Pictures LLC has brought a motion in Federal Court seeking a court order that would compel Internet Service Provider Teksavvy Solutions Inc. to disclose the identities of customers using certain IP addresses that have been linked to Internet file-sharing of works in which Voltage owns the copyright. If the court were to order the disclosure, the identified individuals could be sued for copyright infringement by Voltage.

The University of Ottawa’s Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC) has brought a motion to intervene in the proceedings. CIPPIC has an established track record in representing the public interest in cases of this kind; they have argued for a balance between individuals’ privacy interests in their online activities and copyright holders interests in previous litigation. The Federal Court has adjourned its hearing of Voltage’s motion in order to consider the issue of CIPPIC’s intervention.

A New York newspaper created a furore by publishing, in the wake of the tragic school shooting in Newtown, Connecticut, an interactive online map that displayed the names and addresses of residents holding permits for guns. The newspaper obtained the data through an access to information request. The map was accompanied by an article with the title: “The gun owner next door: What you don't know about the weapons in your neighborhood." The map and article provoked outrage. Gun owners were concerned about their privacy, and one news agency ran an interview with a retired burglar who suggested that the map would make burglars’ work much easier. A blogger responded to the map by creating another map which featured the names and addresses of the staff of the newspaper. The newspaper has reportedly had to hire armed guards to protect its main office.

This is, of course, not the first time that controversial information maps have been created by news agencies or by others. In California, for example, information about election donors is a matter of public record. Someone used this information to publish a map detailing the names, addresses and contribution amounts of individuals who had donated to a campaign to amend the State’s constitution to prohibit gay marriage.

Widely available Web 2.0 tools and resources have made it easy for almost anyone to create online maps. The ability to present information in a geographical context is an attractive option. Information maps are visually appealing, and can reveal patterns and permit connections that might not be evident from data presented in the form of lists or plain text. For example, Patrick Cain, a Canadian journalist, has been creating innovative and fascinating information maps for many years. Perhaps one of his most useful maps is his annual map of busted grow-ops in Toronto. There are real risks associated with purchasing a house which was once used for a grow op, and there is no obligation on sellers to disclose this information. The grow-op maps provide important and easily accessible information for those searching for a new home.

While there is no doubt that information maps can be useful and important, there are also potential risks. There is a great deal of publicly available information collected by different levels of government. For example, many registers of public documents, and decisions of administrative tribunals are already accessible to the public. The Privacy Commissioner of Canada has expressed concerns about the consequences of placing this sort of information online; in the past, public access was available only to those who took the trouble to show up at specific sites to view the entries in the register. This implicitly limited access to this information. While some of this public information might be very usefully presented to the public in map form (see, for example, the maps of crime reports in Ottawa) other information may have serious privacy or security consequences if disclosed online and in map form.

Privacy and data protection laws in Canada do not offer a great deal of protection in this regard. While governments are bound by privacy legislation that protects against the disclosure of personal information in the context of access to information requests, a great deal of other government information is part of public registers. Individuals who disclose information on maps for personal, non-commercial purposes may be exempt from the application of national or provincial private sector data protection laws, and these laws also create exceptions for information that is collected, used or disclosed for “artistic, literary or journalistic purposes”. (I recently published a law journal article on this issue.)Thus, for example, a news outlet in Canada that did something comparable to the New York-based newspaper described above might well be insulated from recourse under data protection laws because of their “journalistic purposes” in doing so.

There is, of course, a tricky balance to be struck. Personal privacy and individual security are important values, but so are those served by open government (transparency, accountability) and by the freedom of expression. Indeed, the Supreme Court of Canada is expected to rule sometime in the coming year on the constitutionality of the exception for journalistic purposes in Alberta’s private sector data protection legislation. That decision may give us some guidance on the tricky balance between freedom of expression and the protection of privacy. In the meantime governments must continue to examine how best to achieve the goals of openness while at the same time protecting individual privacy and security.

Note: this piece was first published by me at:http://www.bloggingforequality.ca/2013/01/information-maps-freedom-of-expression.html

“Location-Based Services and Privacy”, (T. Scassa & Anca Sattler) (2011) 9:2 Canadian Journal of Law and Technology 99-134

The last decade has seen a rapid growth in the number and variety of location-based services that are available to consumers. While some of the older location-based services are tools such as GPS and other navigation systems, more recent innovations include applications that permit users to call up a variety of different information about their current locations, such as the nearest Italian restaurant, or the best deals at a favourite store. Location-based services (LBS) also allow individuals to share their location with friends in a wide range of social networking contexts. Location-based services are already shifting from pull to push applications. Information can now be pushed automatically to users based on their location. The options for such services are virtually limitless, and include mobile-marketing, public transportation applications, information about local points of interest, health care applications connected to remote treatment systems, or tools to find the closest election-day polling booth.

There is no doubt that many location-based services offer real benefits to users. Yet location-based services raise inevitable user privacy concerns. These concerns operate on multiple levels and involve many players. In some applications, privacy issues will arise between individual users, where, for example, applications permit the tracking of movements of family members, co-workers or “friends”. Location-based services may also result in the collection of a new layer of personal information about consumers by private sector companies. Information about individuals and their movements has meaningful commercial value, and the potential for the collection, use and disclosure of this information is significant. Location-based services also raise the spectre of state surveillance of individual activity – either concurrent with an individual’s movements (tracking), or retrospectively, through searching records of individual patterns of movement. These are just some of the contexts in which privacy issues are raised.

In this paper we describe location-based services, their evolution and their future directions. We then outline privacy issues raised by such services. We consider how current Canadian data protection laws apply to location-based services, and indicate where such laws fall short of addressing the full range of issues raised by location-based services. We also explore some technological methods to address the privacy challenges raised by location-based services. The paper concludes with a series of recommendations.

The recent Alberta Court of Appeal decision in United Food and Commercial Workers, Local 401 v. Alberta (Attorney General) raises interesting issues regarding the relationship of data protection legislation to the constitutionally guaranteed freedom of expression.

The dispute arose after a union representing striking casino workers set up a picket line at the mall entrance to the casino. As part of the picketing activity, the Union videotaped the picket line and also took still photographs of persons crossing the line to enter the casino. Signs posted nearby indicated that photographs and videos might be featured on strike-related website. Different things were done with the images; some were posted online on the union’s website, and a still photo of the Casino Vice-President was used in unflattering ways in the Union newsletter and on leaflets. Following a complaint by some of the filmed individuals, an adjudicator under Alberta’s Personal Information Protection Act (PIPA) found that the photos and videos constituted personal information and that it had been collected, used and disclosed without notice or consent, as required by the Act. She also found that the exception to the application of PIPA for personal information that is collected, used or disclosed for “journalistic purposes and no other purpose” did not apply because the Union had multiple purposes for its actions, most of which were not journalistic. She found that the Union could argue that the information was collected, used or disclosed for the purposes of a possible investigation or legal proceeding, as disputes often broke out on picket lines. However, she ruled that the relevant exception would only be available if notice had been given of this purpose for collection. According to the adjudicator, the scope of this exception, if it had been available, would not have extended to the publication of the materials on the website, or the use of the still photos in the newsletter and elsewhere.

The Union sought judicial review of the decision, arguing in particular that their Charter right to freedom of expression had been infringed. Justice Goss of the Alberta Court of Queen’s Bench agreed, and she ordered that the regulation defining “publicly available information” be struck down for being under inclusive, and that the words “and for no other purpose” found in the exception to the Act for journalistic purposes should also be struck down. She also ordered a temporary suspension of invalidity to permit the Alberta legislature to address the defects in the legislation.

The Attorney-General of Alberta appealed this decision to the Alberta Court of Appeal. Although the Court of Appeal agreed with Justice Goss that PIPA posed certain constitutional issues, it disagreed with her as to the source of these issues and the appropriate remedies. It rejected the conclusion that the regulations defining “publicly available information” were relevant, observing correctly that “[u]nder the Act, “personal” information is not the same as “private” information” (at para 10). It spent more time on the s. 4(3)(c) exception to the application of the Act where information is collected, used or disclosed “for journalistic purposes and for no other purpose.” The Union had argued that posting the information on its website or in its pamphlets or newsletters served journalistic purposes, and that the consent of the photographed individuals should not have been required.

The Court of Appeal noted that it was possible to give this provision effect in two ways. The first would be to find that any information that was collected for journalistic purposes as well as other purposes was entirely tainted by those other purposes, and thus could not qualify for the exception. The second would be to find that the information could be collected, used or disclosed without consent for journalistic purposes, but consent would have to be obtained for any other purposes. The Court preferred the latter interpretation, noting that organizations may have many different objectives and purposes. It wrote: “even though the union’s purpose is not primarily journalistic, to the extent that it does engage in journalistic activities it is entitled to rely on the exemption in the Act for that purpose.” (at para 52) Because this approach was adopted, the Court found it unnecessary to rule (as had Justice Goss) that the terms “and for no other purpose” in s. 4(3)(c) were unconstitutional.

The Court next considered the scope of the exception for journalistic purposes in order to determine whether the Union’s activities were captured by it. It opted for a relatively narrow interpretation. It found that the Union’s activities in filming the picket line were not primarily journalistic, but rather focused on “labour relations, collective bargaining, and the economic dynamics of a strike.” (at para 57). It noted: “Just because the union might have to communicate with its members and the public about the strike in order to accomplish its labour relations objectives does not turn the whole exercise into journalism.”(at para 57). The Court was of the view that it was not appropriate to cram the union’s activities into “journalism” in order to conduct a constitutional assessment. Rather, the issue should be whether PIPA, by creating barriers to the Union’s expression in the context of a strike, cast an appropriate balance between the goals of protecting personal information and the freedom of expression.

The jurisprudence is clear that picketing is an expressive activity that is also linked to the freedom of association. The Court of Appeal acknowledged that the decision of the adjudicator in this case did not impact on the right to picket. However, it did place limits on what could be done with photos and recordings made of the picket line activities. According to the Court, recording and distributing images and videos is an activity directly related to the purposes of picketing, which has both an informational and a dissuasive component. Because recordings of people crossing the picket line “spreads news of the picket line to a wider audience . . . [and] tends to increase the pressure on those who might be tempted to cross the picket line” (at para 64), it constitutes expressive activity. Although there is a coercive element to this type of expression, the Court observed that unpleasant speech is protected by the constitution. It stated: “so long as there is no promotion of violence or other illegal activity, a reasonable amount of psychological pressure may be brought to bear on all those involved.” (at para 66)

Because the recording and dissemination of images of people crossing the picket line is expressive conduct, the Court of Appeal concluded that the adjudicator’s decision that the images could not be collected, used or disclosed without consent, violated the Union’s freedom of expression rights. The Court accepted that PIPA served a pressing and substantial objective (protecting against the misuse of personal information), and that placing limits on the collection, use and disclosure of personal information was rationally connected to that objective. However, it found that there was no proportionality in the legislation because it was not drafted “in a manner that is adequately sensitive to Charter rights.” (at para 73). The Court’s comments on the elements of overbreadth of PIPA are interesting.

In the first place, the Court suggests that PIPA is overbroad for having “no functional definition” of the term “personal information”. Yet the core of the definition (“information about an identifiable individual”) is essentially shared by private and public data protection statutes across Canada. According to the Court, it is necessary for the Commissioner to narrow this definition in order to make it compliant with Charter values. However, the structure of the legislation is such that, although the definition is broad, the Act contains many exceptions to its application or to the requirements of consent for collection, use or disclosure of personal information in particular contexts or circumstances. It is not at all clear that the definition is the problem. The court may be looking for a definition that would exclude information about people in public places, yet such an exception to the application of the law (as inadvisable as it might be) could be created without changing the definition. It should be noted that shrinking the scope of the definition might also mean that the legislation would no longer qualify as “substantially similar” to PIPEDA.

The objection to the definition of personal information is thus closely linked to the Court’s second objection, which is that PIPA does not contain a general exception for information “that is personal, but not at all private”. Without citing any examples, the Court claims that “the comparative statutes in some provinces exempt activity that occurs in some public places.” (at para 73). It is not clear to what the court is referring, as the only other provinces with private sector data protection statutes are B.C. and Quebec, and neither statute has the kind of exemption described. The court is most likely referring to statutes in some provinces which create torts of invasion of privacy, and which set certain contextual boundaries for the torts. The situations are not at all equivalent. It is entirely appropriate that an individual’s ability to allege an invasion of their privacy be considered in light of circumstances that include whether they were engaged in activity in a public place. However, the data protection context is different. Data protection laws protect individuals against the collection, use and disclosure of their personal information by private sector actors. There is no obvious reason why an exception to the law should be carved out to permit companies to cull personal information about individuals from multiple sources regarding their movements in public spaces. It is important to note that video surveillance cameras and cell phone location information could both fall within this category of information.

The Court also objects to the “artificially narrow” definition of “publicly available information”. This objection is also problematic. The publicly available information exception is narrowly crafted, and is limited to things such as public telephone directory listings, public government registries, court and tribunal records, and the like. The exception is only available where the information is used for the purposes for which it was made publicly available, and where the collection, use or disclosure being made is for purposes which a reasonable person would consider appropriate in the circumstances. In all cases, the categories of publicly available information are ones where it could be said that the individual has either consented to the information becoming public (for example, directory listings only constitute publicly available information where the individual has been given an option to delist their number), or where the government has mandated by law that such information is to be public (in the case of registries, or court decisions). Information published in a newspaper, magazine or other publication is only publicly available information if “it is reasonable to assume that the individual that the information is about provided that information” (PIPA Regulation, s. 7(e)(ii).) Here again, one finds the notion of consent to a specific use of the information. The exceptions are crafted narrowly because to do otherwise would substantially disrupt the balance in the Act, making all manner of personal information open to collection, use or disclosure without consent. Expanding the definition of publicly available information to include activities in public lacks both the consent element and the specific purpose as a limiting condition.

The Court also objects to the fact that there is “no special exemption for information collected and used for free expression”. In an article critical of the wording of the journalistic purposes exception, I consider a number of problems with the journalistic purposes exception. I have argued that indeed the formulation in Quebec’s private sector data protection legislation is broader than that used in PIPA or PIPEDA, as it refers to journalistic information that is communicated for “the legitimate information of the public”, rather than for the more obscure “journalistic purposes”. This gives somewhat more scope to the exception. However, I note that the effect of the Quebec exception is to permit the Commissioner to consider whether a communication was for “the legitimate information of the public”. In other words, it does not function as an outright exception to the application of the Act (as does the journalistic purposes exception). Rather, it allows the Commissioner to consider the scope and manner of the communication in order to determine whether the balance between freedom of expression and privacy has been appropriately struck. Given the significant developments in the new media, it may well be time to revisit the journalistic purposes exception in data protection laws; this must be done, however, in a thoughtful and considered manner.

Finally, the Court objects to the fact that “there is no exemption allowing organizations to reasonably use personal information that is reasonably required in the legitimate operation of their business.” (at para 73). This is puzzling since this seems to be a central purpose of data protection legislation. The statute as a whole is a scheme designed to permit just that – while at the same time giving individuals some right to control how their personal information is collected, used and disclosed.

Ultimately the Court wisely chose to simply quash the decision of the adjudicator, rather than to declare any portion of the statute unconstitutional. According to the Court, it is up to the legislature “to decide what amendments are required to the Act in order to bring it in line with the Charter.” (at para 81). Any such reform initiative by the legislature should be one that gives a much more careful consideration to the structure of the Act as a whole, and the complex web of interests that are already finely balanced.

Below is the statement I made to the House of Commons Standing Committee on Access to Information, Privacy and Ethics on May 31, 2012. The Standing Committee had convened hearings on the following motion:

Be it Resolved: That the Committee study the efforts and the measures taken by Google, Facebook and other social media to protect the personal information of Canadians, and that the Committee report its findings back to the House.

I would like to begin by saying that I think it is very important that more attention be given to data protection and privacy in relation to the activities of social media companies. I do find it somewhat ironic, however, that the Committee’s mandate has been framed in terms of studying the efforts and measures taken by social media companies to protect the personal information of Canadians. It is a bit like studying the efforts made by foxes to protect the lives of the chickens.

I note that to the extent that Google, Facebook and other social media companies attempt to protect the personal information of Canadians, these efforts are shaped by data protection law. The adequacy of our data protection legislation must therefore be a focus of attention. The amendments from the first five year review of 2006 have yet to make it through Parliament; the second five year review is already late in getting underway. These should be matters for concern, particularly since the data protection environment has changed substantially since the law was first enacted. The current law is particularly weak with respect to enforcement. The Commissioner has no order making powers and lacks the ability to impose fines or other penalties in the case of particularly egregious conduct.

The focus on social media and privacy has two broad aspects. The first relates to how individuals use these tools to communicate amongst themselves. In this regard we hear concerns about employers accessing Facebook pages, people posting the personal information of other people online, criminals exploiting Facebook information, and so on. These are concerns about information that individuals choose to share, the consequences of that sharing, and the norms that should govern this new mode of interpersonal exchange. The second aspect, and the one on which I will focus my attention is on the role of these companies in harvesting – or in facilitating the harvesting – of massive amounts of information about us in order to track our online activity, consumption habits, and even patterns of movement. In this respect, attention given to large corporations such as Facebook and Google is important, but there are also many other players in the digital environment who are engaging in these practices.

The business models of social media companies are generally highly dependent upon the personal data of their users. In fact, social networking, search engines, email and many other services are offered to us for free. By hosting our content and tracking our activities, these services are able to extract a significant volume of personal data. The nature and quality of this data is enhanced by new innovations. For example, information about the location and movements of individuals is highly coveted. More and more individuals carry with them location enabled smart phones and they use these devices for social networking and other online activities. Even computer browsers are now location-enabled, and thus information about our location is routinely gathered in the course of ordinary internet activities.

The point is that more and more data of increasingly varied kinds are being sought, collected, used and disclosed. This data is compiled, matched and mined in order to profile consumers for various purposes including targeted behavioural marketing. In some cases, this data may be shared with third party advertisers, with application developers or with related companies. Even where the data is de-identified, its fine-textured nature may still leave individuals identifiable, as companies such as AOL and Netflix have learned the hard way. Individuals may also still be identifiable from detailed profile information, and the substantial volumes of information gathered about us make us highly vulnerable to data security breaches of all kind.

It has become very difficult to protect our personal data, particularly in contexts where privacy preferences are set once (and often by default) and the service is one which we use daily or even multiple times each day. It is often difficult to determine what information is being collected, how it is being shared and with whom. Privacy policies are often too long, unclear, and remote for anyone to actually read and understand. We now enter into a myriad of transactions each day and there simply isn’t time or energy to properly “manage” our data. It is a bit like walking through a swamp and being surrounded by a cloud of mosquitoes. To avoid being bitten we can swat away; we can even use insect repellents or other devices, but in the end we are inevitably going to be bitten, often multiple times.

It is also becoming increasingly difficult to avoid entering this swamp. People use social media to keep family and friends close, regardless of how far apart they live, or because the social network communities have become a part of how their own peer groups communicate and interact. Increasingly businesses, schools, and even governments are developing presences in social media, which give even more impetus to individuals to participate in these environments. Traditional information content providers are also moving to the Internet and to Facebook and Twitter, and are encouraging their readers/viewers/listeners to access their news and other information online and in interactive formats. These tools are rapidly replacing traditional modes of communication.

To date, our main protection from the exploitation of our personal information in these contexts has been data protection law. Data protection laws are premised on the need to balance the privacy interests of consumers with the needs of businesses to collect and use personal data. But in the time since PIPEDA was enacted, this need has become a voracious hunger for more and more data, retained for longer and longer periods of time. The need for data has shifted from information required to complete transactions or to maintain client relationships to a demand for data as a resource to be exploited. This shift risks gutting the consent model on which the legislation is based. This new paradigm deserves special attention and may require different legal norms and approaches.

Under the traditional data protection model, the goal was to enable consumers to make informed choices about their personal data. In the big data context, informed choices are virtually impossible to make. Beyond this, there is an element of servitude that is deeply disturbing. Nancy Obermeyer uses the term “volunteered geoslavery” to describe a context where location-enabled devices report on our movements to any number of companies without us necessarily being aware of this constant stream of data. She makes the point that equipping individuals with sensors that report on their activities leaves them vulnerable to dominance and exploitation; yet this is a growing reality in our everyday lives. Going beyond the simple collection of data, social networking services encourage users to make these sites the hub of their daily activities and communications.

Our personal data is a resource that businesses large and small regularly exploit. The data is used to profile us so as to define our consumption habits, to determine our suitability for insurance or other services, or to apply price discrimination in the delivery of wares or services. We become data “subjects” in the fullest sense of the word. There are few transactions or activities that do not leave a data trail.

As noted earlier, many so-called “free” services such as social networking sites, document sharing sites, cool applications, and even internet searching, are actually premised upon the ability to extract user data. In the 2011 decision of the Quebec Superior Court in St. Arnaud c. Facebook a judge refused to certify a class action law suit against Facebook. To do so would have required classifying the terms of use for the site as a consumer contract so that Quebec law could override the clause that provided that all disputes would be settled under the laws of California and adjudicated by California courts. The Quebec Court found that there was no consumer contract because the Facebook service is entirely free, whereas a consumer contract “is premised on payment and consideration.” The judge found that there was no obligation placed on users that could be regarded as a form of consideration.

This case demonstrates how the provision of personal data is overlooked as an element of the contract between the company and the individual. It is treated as a matter governed by the tangential privacy policies. This lack of transparency regarding the quid pro quo makes it the consumer’s sole responsibility to manage their personal information. Concerns that excessive amounts of personal information are being collected can then be met by assertions that people just don’t care about privacy. To regard the sharing of personal data as part of a consumer contract for services, by contrast, places both competition law and consumer protection concerns much more squarely in the forefront. In my view, it is time to explicitly address these concerns.

Another social harm potentially posed by big data is of course, discrimination. Oscar Gandy has written about this in his most recent book. We understand how racial profiling leads to injustice in the application of criminal laws. Profiling, whether based on race, sex, sexual orientation, religion, ethnicity, socio-economic status or other grounds, is a growing concern in how we are offered goods or services. Through big data, corporations develop profiles of our tastes and consumption habits; they channel these back to us in targeted advertising, recommendations and special promotions. When we search for goods or services, we are presented first with those things which we are believed to want. We are told that profiling is good because it means we don’t have to be inundated with marketing material for products or services that are of little interest. Yet there is also a flip side to profiling. It can be used to characterize individuals as unworthy of special discounts or promotional prices; unsuitable for credit or insurance; uninteresting as a market for particular kinds of products and services. Profiling can and will exclude some and privilege others.

I have argued that big data alters the data protection paradigm, and that social networking services, along with many other “free” internet services are major players in this regard. To conclude my remarks, I would like to focus on the following key points.

1) The collection, use and disclosure of personal information is no longer simply an issue of privacy, but raises issues of consumer protection, competition law, and human rights;

2) The nature and volume of personal information collected from social media sites and other “free” internet services goes well beyond transaction information and relates to the activities, relationships, preferences, interests and location of individuals;

3) Data protection law reform is overdue, and may now require a reconsideration or modification of the consent-based approach, particularly in contexts where personal data is treated as a resource and personal data collection extends to movements, activities and interests;

4) Changes to PIPEDA should include greater powers of enforcement for data protection norms, which might include order-making powers, and the power to levy fines or impose penalties in the case of egregious or repeated transgressions.

On March 7, 2012, counsel for Tory cabinet Minister Vic Toews made an ex parte application for a court order that would compel the Registrar of the Manitoba Court of Queen’s bench to disclose any logs or requisition forms that would reveal the identities of anyone who had applied to view the files relating to Mr. Toews divorce proceedings. The application made reference to the fact that persons unknown had accessed the files, made copies of some of the documents, and posted them on the Internet. These acts had taken place during the so-called “Vikileaks” scandal; the person who disclosed the information was allegedly responding to the government’s lawful access bill before Parliament which critics have claimed could lead to unprecedented forms and levels of state surveillance of Canadians’ Internet activities. Mr. Toews had attracted a great deal of negative media attention leading up to the Vikileaks scandal when he publicly stated that a critic of the bill could either stand with the government or stand with the child pornographers.

The open courts principle in Canada means that not only the decisions of courts are available to the public, but that court hearings take place in public and that court records may also be consulted by members of the public. There are limits, of course. In appropriate circumstances courts may seal files, limit access to hearings, or place bans on the publication of all or some aspects of court proceedings. The person or persons who accessed the Toews divorce files were within their rights to do so.

The Justice Saull of the Manitoba Court of Queen’s bench granted the application and ordered the Registrar to disclose the information sought by counsel for Toews. This very troubling decision is brief, and offers no explanation of the basis for the order.

Ex parte proceedings are inherently non-adversarial; the opposing party, or the affected party, is not present to participate in the hearing or to provide their own perspective or arguments. In proceedings where an applicant (often seeking to launch a defamation suit) seeks a court order to compel disclosure of the identity of a person who has anonymously posted allegedly defamatory material about them on the Internet, courts have insisted that the applicant meet a stringent test in order to justify the violation of the privacy of the person engaged in the internet communications, and to justify compelling a third party to disclose information that they must otherwise keep in confidence. The elements of this test require the court to assess:

(i) Whether the applicant has provided evidence sufficient to raise a valid, bona fide or reasonable claim;

(ii) Whether the applicant has established a relationship with the third party from whom the information is sought such that it establishes that the third party is somehow involved in the acts complained of;

(iii) Whether the third party is the only practicable source of the information available;

(iv) Whether the third party can be indemnified for costs to which the third party may be exposed because of the disclosure, some [authorities] refer to the associated expenses of complying with the orders, while others speak of damages; and

(v) Whether the interests of justice favour the obtaining of the disclosure.

None of these elements appear to have been considered in this case. Significantly, the applicant did not even allege that any legal wrong, such as defamation, was committed. The brief merely stated that the applicant “had a vital interest in knowing who accessed his personal affairs and published them on the interest [sic] as “retribution” for his fulfilling his mandate as a member of Her Majesty’s government.”

The lack of reasons for the decision to order the release of the information is troubling not just because the issues are important and deserve some articulation. The lack of reasons could also be taken as an acceptance of the assertions advanced by the applicant. Among these is the assertion that “there can be no privacy interests in filing a requisition to view a public document. Nor can there be public policy reasons to provide anonymity to persons who do this.”

Both of these assertions deserve closer scrutiny, something which was not permitted by the ex parte nature of these proceedings. Although Manitoba’s Freedom of Information and Protection of Privacy Act does not apply to “information in a court record”, the names of individuals who have requested access to court documents from the Registrar do not constitute information in a court record. This is information collected by the Registrar regarding access to records under their custody. Under the FOIPP Act, a public body (here the Registrar) may only disclose the personal information it collects in limited circumstances. This would seem, from the outset, to counter the argument that there is no privacy interest in this information. The Registrar is a public body with an obligation to protect and limit disclosure of the personal information which it collects; citizens have an expectation that this obligation will be met in accordance with the terms of the law.

The assertion that there are no “public policy reasons to provide anonymity” to persons who file requisitions to view public documents is quite simply baseless. There is no question of anonymity; individuals are required to provide their name when they access the information. The name becomes part of a record maintained by the institution. The issue is whether other people have any entitlement to access this information. Keep in mind that this information is not about the court proceedings themselves and has nothing to do with the open courts principle. It is information about the personal or professional interest taken by individuals in different court proceedings. Quite apart from the Registrar’s obligation to protect the personal information which it collects from individuals in this manner, one might ask what public interest is served by making such lists presumptively public; and whether a greater public interest is served by protecting individuals from undue scrutiny about what they choose to read.

It would seem that the issue comes down to the same one that arises in Internet defamation suits: under what circumstances should a court order access to records in the hands of third parties in which there is a privacy interest. The test for a Norwich order sets some important guidelines in order to avoid abuse. Perhaps most significantly, it asks whether the applicant has provided sufficient evidence to establish that they have suffered a legal wrong for which they are seeking redress. In this case nothing in the applicant’s brief alleges a legal wrong has been committed, or that legal action is even contemplated by the applicant.

The result in this case is that a Minister of the Crown successfully persuaded a court in an ex parte application which featured no concrete legal arguments and provided no evidence of a legal wrong, to disclose the names of individuals who had sought access to public court records (something which we are all entitled to do under the open courts principle). Although the brief alleges that access to the divorce records had been sought by the unnamed individual for “retribution” against the Minister, the fact that the brief makes no argument about any actual legal proceedings in relation to which the names are sought itself raises the spectre of retribution. Although the issue is one that potentially affects all court records, in this case, the power imbalance between a Minister of the Crown and any citizens who may have chosen to access these records for their own purposes is quite stark. There are much bigger public policy issues at play here and the public interest was not well served by this court decision.

In its unanimous decision in Jones v. Tsige, 2012 ONCA 32, the Ontario Court of Appeal recognized at least one subset of a common law right of action for invasion of privacy. This subset, which the court calls the tort of “intrusion upon seclusion” is one of four privacy-related torts identified by U.S. law professor William L. Prosser in his article “Privacy”((1960), 48 Cal. L.R. 383 at 389), and adopted by the U.S. Restatement (Second of Torts) (2010). Its recognition in this case is described by Justice Sharpe as “an incremental step that is consistent with the role of this court to develop the common law in a manner consistent with the changing needs of society.”(at para 65).

Jones was the ex-spouse of Tsige’s current common law partner. Ostensibly out of a dispute with her partner, and questions about whether he was making child support payments, Jones began checking Tsige’s bank account information, to which she had access as an employee of Tsiges bank, the Bank of Montreal (BMO). The surreptitious checking of financial information occurred on at least 174 occasions over a 4 year period. After Jones voiced her suspicions to BMO, Tsige was confronted and admitted to the conduct and was disciplined by her employer. Jones brought a law suit against Tsige for invasion of privacy, seeking damages in the amount of $70,000 and punitive damages of $20,000. Her case was dismissed by summary judgment on the basis that there was no common law tort of invasion of privacy in Ontario. It was this decision which was appealed to the Court of Appeal.

The Court of Appeal outlined the four privacy-related torts identified by Prosser and adopted by the restatement:

1. Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs.

2. Public disclosure of embarrassing private facts about the plaintiff.

3. Publicity which places the plaintiff in a false light in the public eye.

4. Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness. (reproduced at para. 18 of the Court of Appeal decision).

Justice Sharpe, writing for the unanimous court, noted that the tort of misappropriation of personality was already recognized in Ontario. Rather than recognize a broad tort of invasion of privacy, he chose, on these facts, merely to address the more limited tort of intrusion upon seclusion. Justice Sharpe noted that, in the Restatement, the tort of intrusion upon seclusion “includes physical intrusions into private places as well as listening or looking, with or without mechanical aids, into the plaintiff’s private affairs.” (at para 20).

Justice Sharpe reviewed prior case law from Ontario and noted that other courts had awarded damages for wrongs that involved privacy dimensions without explicitly recognizing a tort of invasion of privacy per se, or had at least declined to dismiss actions for invasion of privacy on the basis that the disclosed no reasonable cause of action. He also canvassed Charter privacy jurisprudence, noting that this case law “identifies privacy as being worthy of constitutional protection and integral to an individual’s relationship with the rest of society and the state.” (at para 39). He noted that “the common law should be developed in a manner consistent with Charter values” (at para 46), and that such an approach would favour the recognition of a right of action for intrusion upon seclusion.

Justice Sharpe next considered the relevance of various pieces of privacy legislation. The court below had expressed the view that the Personal Information Protection and Electronic Documents Act (PIPEDA), provided recourse for persons in the plaintiff’s position, and thus supported the view that the recognition of a tort action was unnecessary. Justice Sharpe corrected this erroneous view, noting that PIPEDA dealt with the information practices of “organizations” engaged in commercial activity, and did not address the particular circumstances that arose in this case (or that might arise in many others). Unfortunately, his reasons were not as complete as they might be on this point, and contain some misapprehensions of the nature and scope of PIPEDA. For example, Justice Sharpe erroneously refers to PIPEDA as “dealing with “organizations” subject to federal jurisdiction and does not speak to the existence of a civil cause of action in the province.” (at para 50). PIPEDA’s scope of application is much broader than just federally-regulated organizations; for example, it applies to all organizations in Ontario that engaged in “commercial activity”. Justice Sharpe also indicates that another reason that recourse under PIPEDA does not suffice is that it does not give a right to damages. This is not true; sections 12 and 14 of PIPEDA give complainants the option of seeking damages before the Federal Court once they have received a report of findings from the Commissioner. But Justice Sharpe is directly on point when he notes that PIPEDA would only have given Jones recourse against BMO, and not against Tsige. This is extremely important; PIPEDA’s scope of application (to organizations engaged in commercial activity) and its express exclusion of application to domestic contexts or where individuals are acting for private purposes (where so many truly egregious violations of privacy occur) mean that PIPEDA is only a very selective data protection tool and not a broad recourse for privacy invasive conduct.

Justice Sharpe also canvasses the four existing provincial statutes that create causes of action for invasion of privacy, as well as case law in the U.S. and commonwealth jurisdictions before arriving at the principles that should guide the newly minted tort in Ontario. He noted that the evolving case law supports the recognition of the new tort, and cited academic authority in support of this view. He then noted the importance of technological change as a driver for the recognition of privacy rights. He observed that “[a]s the facts of this case indicate, routinely kept electronic data bases render our most personal financial information vulnerable.” (at para 67). Similarly, health information databases pose risks, as to the innumerable other digital records we leave in our wake as we carry out our daily activities. He stated: “It is within the capacity of the common law to evolve to respond to the problem posed by the routine collection and aggregation of highly personal information that is readily accessible in electronic form.” (at para 68).

According to Justice Sharpe, the facts before him “cry out for a remedy”. Noting that Tsige’s actions were deliberate and sustained, as well as “shocking”, he observed that “the law of this province would be sadly deficient if we were required to send Jones away without a legal remedy.” (at para 69). He distilled the elements of the tort from the U.S. Restatement and summarized them in these terms:

The key features of this cause of action are, first, that the defendant’s conduct must be intentional, within which I would include reckless; second that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. (at para 71)

However, he cautioned that “given the intangible nature of the interest protected, damages for intrusion upon seclusion will ordinarily be measured by a modest conventional sum.” (at para 71).

Justice Sharpe seems concerned that the tort must be narrowly drawn so as not to open any floodgates of litigation. He cautions that a claim for intrusion upon seclusion “will arise only for deliberate and significant invasions of personal privacy.” (at para 72) He also warns that “Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.” (at para 72) It is not clear that such an enumeration is ultimately helpful; while it does give some sense of the ambit of the tort he envisages, it may also lead overly cautious lower court judges to unduly restrain the parameters of a tort that may need to adapt and respond to our ever-shifting technological environment. Similarly, the standard of “highly offensive” is a tricky one, as is the perspective of the “reasonable” as opposed to the unusually privacy sensitive person.

Justice Sharpe is also sensitive to the need to balance privacy with other potentially competing interests, such as freedom of expression and freedom of the press. Thus, there is no absolute right of privacy, each case will require a contextual examination.

On the issue of damages, Justice Sharpe notes that it is not necessary to establish proof of loss (although it presumably would be open to a plaintiff to do so, had he or she incurred specific quantifiable losses associated with the invasive activity.) Where no proof of specific damages is advanced, Justice Sharpe, after an evaluation of damage awards in a series of cases, sets an upper limit of $20,000. He also distils the following criteria to provide guidance to courts in assessing where on the spectrum (from $0 to $20,000) a damage award should lie. A court should consider:

1. the nature, incidence and occasion of the defendant’s wrongful act;

2. the effect of the wrong on the plaintiff’s health, welfare, social, business or financial position;

3. any relationship, whether domestic or otherwise, between the parties;

4. any distress, annoyance or embarrassment suffered by the plaintiff arising from the wrong; and

5. the conduct of the parties both before and after the wrong, including any apology or offer of amends made by the defendant. (at para 87)

Aggravated or punitive damages awards are neither precluded nor encouraged, although Justice Sharpe notes that these would only be available in “exceptional cases calling for exceptional remedies.” (at para 88). On the facts before him, he settled on a damage award of $10,000, noting that although the actions were deliberate and repeated, the defendant had apologized and was genuinely remorseful. He also noted that she had not publicized the plaintiff’s financial information, and her actions caused no embarrassment or other public consequences. He declined to award punitive damages. Perhaps surprisingly, he did not award costs to either party, citing the novel issues raised by the case.

Teresa Scassa and Anca Sattler, “Location-Based Services and Privacy”, forthcoming in (2011) Canadian Journal of Law and Technology

The last decade has seen a rapid growth in the number and variety of location-based services that are available to consumers. These include applications that permit users to call up a variety of different information about their current locations. Location-based services (LBS) also allow individuals to share their location with friends in a wide range of social networking contexts. Location-based services also permit information to be pushed automatically to users based on their location.

Many location-based services offer real benefits to users. Yet LBS raises inevitable user privacy concerns. In some applications, privacy issues will arise between individual users, where, for example, applications permit the tracking of movements of family members, co-workers or “friends”. Location-based services may also result in the collection of a new layer of personal information about consumers by private sector companies. Information about individuals and their movements has meaningful commercial value, and the potential for the collection, use and disclosure of this information is significant. Location-based services also raise the spectre of state surveillance of individual activity – either concurrent with an individual’s movements (tracking), or retrospectively, through searching records of individual patterns of movement.

In this paper we begin by describing location-based services, their evolution and their future directions. We then outline privacy issues raised by such services. We consider how current Canadian data protection laws apply to location-based services, and indicate where such laws fall short of addressing the full range of issues such services raise. We also explore some technological methods to address the privacy challenges raised by location-based services. The paper concludes with a series of recommendations.

In a recent case, Jones v. Tsige, (2011 ONSC 1475) Justice Whittaker of the Ontario Superior Court granted a motion for summary judgment in law suit which the plaintiff had argued that the defendant had invaded her privacy when she accessed her personal banking information 174 times in a 4 year period.  The defendant argued that there was no such action at common law in the province of Ontario.
    The defendant worked for the Bank of Montreal (BMO). She allegedly accessed the plaintiff’s banking information because she was in a relationship with the plaintiff’s ex-husband and wanted to see if he was paying child support to the plaintiff.  The defendant’s actions were eventually noticed by her employer, which disciplined but did not fire her.  Jones then sued Tsige for damages for invasion of privacy and for breach of fiduciary duty.  Justice Whittaker found that no fiduciary duty was owed on the facts.  The dispute turned, then, on whether there was a recognized tort of invasion of privacy in Ontario.
    In reaching the decision that no such tort existed, Justice Whittaker mistakenly indicated that it would have been open to Jones to bring a complaint against Tsige under the Personal Information Protection and Electronic Documents Act (PIPEDA). While that statute might have permitted Jones to bring a complaint against BMO, the statute does not apply to “personal information that the individual collects, uses or discloses for personal or domestic purposes and does not collect, use or disclose for any other purpose.” Here, Tsige was apparently collecting the information for her own personal purposes. The decision is thus based on the erroneous view that Jones could have had the remedy she sought by bringing a complaint under PIPEDA, followed by an application to the Federal Court under s. 14 of that Act for a remedy which could include damages. 
    Justice Whittaker’s misunderstanding of PIPEDA and its scope seems central to the outcome of this case.  Later on, he comments that because of the other statutes that exist to address privacy issues, such as PIPEDA, there was no “legal vacuum that permits wrongs to go unrighted.” (at para 53) As noted above, however, PIPEDA only applies where information is collected, used and disclosed in the course of commercial activity, and it does not apply in a range of other circumstances, including private or domestic contexts.  Invasion of privacy tort cases in those provinces which have created statutory torts frequently arise precisely in the context of disputes between neighbours or family members. (For just a few examples, see: Watts v. Klaemt, Wasserman v. Hall, Lane v. Lane, and Nesbitt v. Neufeld).
Justice Whittaker goes on to note that “[s]tatutory schemes that govern privacy issues are, for the most part, carefully nuanced and designed to balance practical concerns and needs in an industry-specific fashion.” (at para 56) Once again, these comments seem oriented towards the private sector data protection context.  Provincial statutes that establish torts of invasion of privacy (in Newfoundland, Manitoba, Saskatchewan and B.C.) do not duplicate the territory covered by private sector data protection legislation. They create recourse where there is a wilful and intentional violation of a privacy right. 
In reaching his decision, Justice Whittaker also reviewed case law in Ontario on the issue of whether there is a tort of invasion of privacy.  He noted that such a cause of action appears to have been recognized in Saccone v. Orr, (1981) 19 C.C.L.T. 37 (Ont. Cty Ct.), although he distinguished this case by noting that in Saccone the plaintiff had demonstrated actual harm.  Both Somwar v. McDonald’s Restaurants of Canada Ltd and Nitsopoulos v. Wong are cases in which Ontario courts declined to dismiss actions for invasion of privacy on the basis that they did not disclose a reasonable cause of action. The courts in both cases considered that the existence of such a tort was at least arguable.  Justice Whittaker did not take note of Caltagirone v. Scozzari-Cloutier, [2007] O.J. No. 4003 (Ont. Small Claims), a decision which actually recognized the tort.
    In spite of case law suggesting that a tort of invasion of privacy might be emerging at common law, Justice Whittaker chose to consider himself bound by comments of the Ontario Court of Appeal decision in Euteneier v. Lee.  The plaintiff in that case sought damages under the Charter for police conduct related to a strip search. The damages she sought were linked to what she claimed was harm to her privacy and dignity interests.  The Court of Appeal observed that there was no “’free standing’ right to dignity or privacy under the Charter or at common law.” (at para 63)  Justice Whittaker interpreted this comment, decided in a case involving a very different context, to mean that there was no tort of invasion of privacy at common law. 
    The decision is disappointing not just for its failure to recognize a tort law recourse that seems ripe to emerge at common law, but also for the way in which it misrepresents the nature and extent of recourse currently available under data protection statutes.   The decision is currently under appeal.