Teresa Scassa - Blog

Teresa Scassa

Teresa Scassa

Metrolinx is the Ontario government agency that runs the Prestocard service used by public transit authorities in Toronto, Ottawa and several other Ontario municipalities. It ran into some trouble recently after the Toronto Star revealed that the organization shared Prestocard data from its users with police without requiring warrants (judicial authorization). The organization has now published its proposals for revising its privacy policies and is soliciting comment on them. (Note: Metrolink has structured its site so that you can only view one of the three proposed changes at a time and must indicate your satisfaction with it and/or your comments before you can view the next proposal. This is problematic because the changes need to be considered holistically. It is also frankly annoying).

The new proposals do not eliminate the sharing of rider information with state authorities without a warrant. Under the new proposals, information will be shared without a warrant in certain exigent circumstances. It will also be shared without a warrant “in other cases, where we are satisfied it will aid in an investigation from which a law enforcement proceeding may be undertaken or is likely to result.” The big change is thus apparently in the clarity of the notice given to users of the sharing – not the sharing itself.

This flabby and open-ended language is taken more or less directly from the province’s Freedom of Information and Protection of Privacy Act (FOIPPA), which governs the public sector’s handling of personal information. As a public agency, Metrolinx is subject to FOIPPA. It is important to note that the Act permits (but does not require) government entities to share information with law enforcement in precisely the circumstances outlined in the policy. However, by adapting its policy to what it is permitted to do, rather than to what it should do, Metrolinx is missing two important points. The first is that the initial outrage over its practices was about information sharing without a warrant, and not about poor notice of such practices. The second is that doing a good job of protecting privacy sometimes means aiming for the ceiling and not the floor.

Location information is generally highly sensitive information as it can reveal a person’s movements, activities and associations. Police would normally need a warrant to obtain this type of information. It should be noted that police are not relieved of their obligations to obtain warrants when seeking information that raises a reasonable expectation of privacy just because a statute permits the sharing of the information. It would be open to the agency to require that a warrant be obtained prior to sharing sensitive customer location data. It is also important to note that some courts have found that the terms of privacy policies may actually alter the reasonable expectation of privacy – particularly when clear notice is given. In other words, even though we might have a reasonable expectation of privacy in location data about our movements, a privacy policy that tells us clearly that this information is going to be shared with police without a warrant could substantially undermine that expectation of privacy. And all of this happens without any ability on our part to negotiate for terms of service,[1] and in the case of a monopoly service such as public transportation, to choose a different provider.

Metrolinx no doubt expects its users to be comforted by the other changes to its policies. It already has some safeguards in place to minimize the information provided to police and to log any requests and responses. They plan to require, in addition, a sign off by the requesting officer and supervisor. Finally, they plan to issue voluntary transparency reports as per the federal government’s Transparency Reporting Guidelines. Transparency reporting is certainly important, as it provides a window onto the frequency with which information sharing takes place. However, these measures do not correct for an upfront willingness to share sensitive personal information without judicial authorization – particularly in cases where there are no exigent circumstances.

As we move more rapidly towards sensor-laden smart cities in which the consumption of basic services and the living of our daily lives will leave longer and longer plumes of data exhaust, it is important to reflect not just on who is collecting our data and why, but on the circumstances in which they are willing to share that data with others – including law enforcement officials. The incursions on privacy are many and from all directions. Public transit is a basic municipal service. It is also one that is essential for lower-income residents, including students.[2]Transit users deserve more robust privacy protections.

Notes:

[1] A recent decision of the Ontario Court of Appeal does seem to consider that the inability to negotiate for terms of service should be taken into account when assessing the impact of those terms on the reasonable expectation of privacy. See: R. v. Orlandis-Habsburgo.

[2] Some universities and colleges have U-Pass agreements which require students to pay additional fees in exchange for Prestocard passes. Universities and colleges should, on behalf of their students, be insisting on more robust privacy.



[

In the 2010-2011 school year, a teacher at a London, Ontario high school used a pen camera to make surreptitious video recordings of female students, with a particular emphasis on their cleavage and breasts. A colleague noticed his activity and reported it to the principal, who confiscated the pen camera and called the police. The police found 19 videos on the camera’s memory card, featuring 30 different individuals, 27 of whom were female. A warrant was obtained a week later to search the teacher’s home – the police found nothing beyond a computer mysteriously missing its hard drive. The teacher was ultimately charged with voyeurism.

The offense of voyeurism requires that there be a surreptitious observation (recorded or not) of a “person who is in circumstances that give rise to a reasonable expectation of privacy”. It also requires that the “observation or recording is done for a sexual purpose” (Criminal Code, s. 162(1)(c)). The trial judge had found that the students had a reasonable expectation of privacy in the circumstances, but he inexplicably found that the Crown had not met its burden of showing, beyond a reasonable doubt, that the recordings of their cleavage and breasts was done for a sexual purpose. He stated: “While a conclusion that the accused was photographing the student’s [sic] cleavage for a sexual purpose is most likely, there may be other inferences to be drawn that detract from the only rationale [sic] conclusion required to ground a conviction for voyeurism.” (Trial Decision at para 77) He did not provide any information about what those other inferences might conceivably be.

On appeal, the Crown argued that the trial judge had erred in finding that the filming was not done for a sexual purpose. All of the appellate judges agreed that the judge had indeed erred. The majority noted that the trial judge had failed to identify any other possible inferences in his reasons. They also noted that his description of the teacher’s behavior as “morally repugnant” was “inconsistent with the trial judge’s conclusion that the videos might not have been taken for a sexual purpose.” (Court of Appeal decision at para 47) The majority noted that “[t]his was an overwhelming case of videos focused on young women’s breasts and cleavage” (at para 53), and they concluded that there was no reasonable inference other than that the videos were taken for a sexual purpose. Clearly, the teacher was not checking for skin cancer.

However, the accused had appealed the trial judge’s finding that the students had a reasonable expectation of privacy. The majority of the Court of Appeal agreed, leading to the overall appeal of his acquittal being dismissed. The majority’s reasoning is disturbing, and has implications for privacy more broadly. In determining what a ‘reasonable expectation of privacy’ entailed, the majority relied on a definition of privacy from the Oxford English Dictionary. That learned non-legal tome defines privacy as “a state in which one is not observed or disturbed by other people; the state of being free from public attention.” (at para 93). From this, the majority concluded that location was a key component of privacy. They stated: “A person expects privacy in places where the person can exclude others, such as one’s home or office, or a washroom. It is a place where a person feels confident that they are not being observed.” (at para 94) The majority accepted that there might be some situations in which a person has an expectation of privacy in a public setting, but these would be limited. They gave the example of upskirting as one “where a woman in a public place had a reasonable expectation of privacy that no one would look under her skirt” (at para 96). Essentially, the tent of a woman’s skirt is a private place within a public one.

The trial judge had found a reasonable expectation of privacy in the circumstances on the basis that a student would expect that a teacher would not “breach their relationship of trust by surreptitiously recording them without there consent.” (at para 103). According to the majority, this conflated the reasonable expectation of privacy with the act of surreptitious recording. They stated: “Clearly students expect that a teacher will not secretly observe or record them for a sexual purpose at school. However, that expectation arises from the nature of the required relationship between students and teachers, not from an expectation of privacy.” (at para 105) This approach ignores the fact that the nature of the relationship is part of the context in which the reasonableness of the expectation of privacy must be assessed. The majority flattened the concept of reasonable expectation of privacy to one consideration – location. They stated that “if a person is in a public place, fully clothed and not engaged in toileting or sexual activity, they will normally not be in circumstances that give rise to a reasonable expectation of privacy.” (at para 108)

Justice Huscroft, in dissent is rightly critical of this impoverished understanding of the reasonable expectation of privacy. He began by situating privacy in its contemporary and technological context: “Technological developments challenge our ability to protect privacy: much that was once private because it was inaccessible is now easily accessible and capable of being shared widely.” (at para 116). He observed that “whether a person has a reasonable expectation of privacy is a normative or evaluative question rather than a descriptive or predictive one. It is concerned with identifying a person’s legitimate interests and determining whether they should be given priority over competing interests. To say that a person has a reasonable expectation of privacy in some set of circumstances is to conclude that his or her interest in privacy should be prioritized over other interests.” (at para 117)

Justice Huscroft was critical of the majority’s focus on location as a means of determining reasonable expectations of privacy. He found that the majority’s approach – defining spaces where privacy could reasonably be expected – was both over and under-inclusive. He noted that there are public places in which people have an expectation of privacy, even if that expectation is attenuated. He gave the example of a woman breastfeeding in public. He stated: “Privacy expectations need not be understood in an all-or-nothing fashion. In my view, there is a reasonable expectation that she will not be visually recorded surreptitiously for a sexual purpose. She has a reasonable expectation of privacy at least to this extent.” (at para 125) Justice Huscroft also noted that the majority’s approach was over-inclusive, in that while a person has a reasonable expectation of privacy in their home, it might be diminished if they stood in front of an open window. While location is relevant to the privacy analysis, it should not be determinative.

Justice Huscroft found that the question to be answered in this case was “should high school students expect that their personal and sexual integrity will be protected while they are at school?” (at para 131). He noted that schools were not fully public in the sense that school officials controlled access to the buildings. While the school in question had 24-hour video surveillance, the cameras did not focus on particular students or particular body parts. No access was permitted to the recordings for personal use. The school board had a policy in place that prohibited teachers from making the types of recordings made in this case. All of these factors contributed to the students’ reasonable expectation of privacy. He wrote:

No doubt, students will be seen by other students, school employees and officials while they are at school. But this does not mean that they have no reasonable expectation of privacy. In my view, the students' interest in privacy is entitled to priority over the interests of anyone who would seek to compromise their personal and sexual integrity while they are at school. They have a reasonable expectation of privacy at least to this extent, and that is sufficient to resolve this case. (at para 133)

Justice Huscroft observed that the majority’s approach that requires the reasonable expectation of privacy to be considered outside of the particular context in which persons find themselves would unduly limit the scope of the voyeurism offence.

This case provides an ugly and unfortunate window on what women can expect from the law when it comes to voyeurism and other related offenses. In the course of his reasons, the trial judge stated that ““[i]t may be that a female student’s mode of attire may attract a debate about appropriate reactions of those who observe such a person leading up to whether there is unwarranted and disrespectful ogling” (Trial decision, at para 46). The issue is not just about public space, it is about the publicness of women’s bodies. The accused was acquitted at trial because of the trial judge’s baffling conclusion that the teacher might have had some motive – other than a sexual one – in making the recordings of female students’ breasts and cleavage. Although the Court of Appeal corrected this error, the majority found that female students at high school do not have a reasonable expectation of privacy when it comes to having their breasts surreptitiously filmed by their teachers (who are not allowed, under school board policies, to engage in such activities). The majority fixates on location as the heart of the reasonable expectation of privacy, eschewing a more nuanced approach that would consider those things that actually inform our expectations of privacy.

 

The Ontario Court of Appeal has just handed down its decision in Keatley Surveying Ltd. v. Teranet Inc. The case involved a copyright dispute between land surveyors and the private company retained by the Province of Ontario to run its land titles registry. There are relatively few court decisions that discuss Crown copyright in Canada, and so this case has been an interesting one to watch.

It has long been accepted that land survey plans are works in which copyright subsists and that the author of a plan of survey is the surveyor. Under the Copyright Act, this creates a default presumption that the surveyor is the owner of copyright in the work. The dispute in this case is about what happens when that plan is deposited in the provincial land titles registry. While such deposits have been taking place for decades, the issue only became controversial after Ontario moved from its old paper-based registry to an electronic system run by a private company on behalf of the province. Under the electronic system, Teranet, the private company, charges fees for access and for the downloading of documents, including plans of survey. The plaintiff, representing the class of surveyors, objected to what it saw as Teranet profiting from the commercial reproduction and dissemination of their copyright-protected works.

For the surveyors to succeed with their action, they had to establish that they owned the copyright in their works. Section 12 of the Copyright Act reads:

12. Without prejudice to any rights or privileges of the Crown, where any work is, or has been, prepared or published by or under the direction or control of Her Majesty or any government department, the copyright in the work shall, subject to any agreement with the author, belong to Her Majesty and in that case shall continue for the remainder of the calendar year of the first publication of the work and for a period of fifty years following the end of that calendar year.

The trial judge found that since they did not create the works under the direction or control of Her Majesty, the Crown could not be said to be the owner of copyright in the plans. However, he was unwilling to find that copyright remained with the surveyors, since to do so might jeopardize the land titles system. Instead, he found that copyright in the plans of survey is “transferred to the province” when plans are deposited. This conclusion is somewhat problematic. As I pointed out in my post on this earlier decision, the Copyright Act requires a signed assignment in writing in order for a transfer of ownership to take place. If the provincial legislation effected a transfer of ownership other than according to the terms of the federal Copyright Act, then this would seem to be a potentially unconstitutional interference with federal jurisdiction over copyrights.

Although constitutional issues were raised before the Court of Appeal, the Court of Appeal arrived at its decision in a way that managed to evade them. The Court agreed that surveyors were the authors of their plans and were thus the original copyright owners. It also agreed that the Crown in right of the Province of Ontario ended up as the copyright owner once the plans became part of the registry. However, Justice Doherty, writing for the unanimous court, disagreed with the approach taken by the trial judge, and rejected the idea that there was a transfer of ownership when plans were deposited in the land titles registry. Instead he adopted a rather interesting interpretation of Crown copyright.

Section 12 of the Copyright Act provides thatthe Crown is the owner of copyright in any work that “is, or has been, prepared or published by or under the direction or control of Her Majesty […]”. Justice Doherty agreed that the plans were not prepared under the direction or control of Her Majesty, but focused instead on the “or published” part of s. 12. In his view, “[m]ere publication” by the Crown does not give rise to Crown copyright – the publication has to be “by or under the direction or control of Her Majesty”. Justice Doherty reviewed the legislation and regulations that related to the land titles system. He noted that the legislation provides for deposit of plans of survey with the province’s Land Registry Office. The statutory scheme also sets strict parameters for the form and content of any plans of survey that are to be deposited. The plans are subject to review, and the Examiner of Surveys can raise questions about the plans with the surveyors, and can require changes to be made before the plans are finally accepted. Justice Doherty noted that this review process did not constitute the “direction or control” necessary to give rise to Crown copyright on the basis that the works were prepared under the direction or control of Her Majesty. However, he found it relevant to the question of whether the “subsequent publication of the registered or deposited plans occurs under the “direction or control” of the Crown.” (at para 37).

Justice Doherty also noted that once a survey plan is deposited in the register, the surveyor is no longer able to make any changes to it without permission from the Examiner of Surveys. He observed that s. 145(6) of the Land Titles Actalso permits the Examiner to make changes at the behest of a third party. Both the Land Titles Act and the Registry Act provide that “certified copies of registered or deposited plans of survey must be made available to members of the public upon payment of the prescribed fee.” (at para 39) Justice Doherty found that the statutory obligation to provide copies of a work “is fundamentally inconsistent with the claim by the document’s author to a right to control the making of copies of the document.” (at para 40) He observed as well that O.Reg 43/96 to the Registry Act provides that no plan deposited in the registry can include “any notes, words or symbols that indicate that the right to make or distribute copies is in any way restricted.” (s. 9(1)(e)).

Justice Doherty found that this combination of provisions created a context in which the Crown has “complete control over registered or deposited plans of survey and complete control over the “publication” of those plans of survey within the meaning of the Copyright Act.” (at para 44) As a result, the plans are works that are published under the direction or control of the Crown, giving rise to Crown copyright in the documents. He stated:

Considered as a whole, the provisions demonstrate that plans of survey registered or deposited in the ELRS are held and published entirely under the Crown’s direction and control. Ownership of copyright does not, however, flow from the provincial land registration scheme. It is s. 12 of the Copyright Act that vests the copyright in the Crown by virtue of the publication of those plans under the “direction or control” of the Crown. (At para 45.)

The solution arrived at by the Court of Appeal is certainly more elegant than that proposed by the trial judge. Nevertheless, it does raise important questions. The first is what actually happens to the original copyright of the surveyors. The Court accepts that they are the first owners of copyright, and that the legislative system does not effect a transfer of rights. Yet at the end of the day, the Court finds that the Crown has copyright in the works. Presumably this extinguishes the copyright of the surveyors, but on what basis? If it is not a transfer, is it an expropriation? What level of statutory/regulatory control is required to trigger such a shift in ownership?

It might not have been necessary for the court to go so far as to find that the Crown assumed copyright over these works. At one point Justice Doherty states that: “The copyright rests in either the Province or the land surveyor who prepared the plan of survey. If the land surveyor has copyright, the making and distribution of paper or digital copies of the plan of survey is a breach of copyright whether done by an employee of the Province or by a third party hired by the Province to perform that function.” (at para 19). What this statement overlooks is the possibility of a licence – one that might well be implied once a surveyor deposits a plan with the land titles registry. Essentially, the same provisions of the statutory regimes governing the registration of plans of survey could be used to support the view that a surveyor who deposits a plan with the registry provides a broad, perpetual licence to the government to reproduce and disseminate the plans as part of the land titles system.

Crown copyright has been a thorn in the side of many who see it as unnecessary at its most benign and a threat to open government at its worst. This decision may breathe complicated new life into this controversial fixture of the Canadian copyright regime.

As part of Right to Know week, I participated in a conference organized by Canada’s Office of the Information Commissioner. My panel was asked to discuss Bill C-58, an Act to amend the Access to Information Act. I have discussed other aspects of this bill here and here. Below are my thoughts on the Commissioner’s order-making powers under that Bill.

Bill C-58, the Act to amend the Access to Information Act will, if passed into law, give the Information Commissioner order-making powers. This development has been called for repeatedly over the years by the Commissioner as well as by access to information advocates. Order-making powers transform the Commissioner’s recommendations into requirements; they provide the potential to achieve results without the further and laborious step of having to go to the Federal Court. This is, at least the theory. For many, the presence of order-making powers is one of the strengths of C-58, a Bill that has otherwise been criticized for not going far enough to reform a badly outdated access to information regime.

Before one gets too excited about the order-making powers in Bill C-58, however, it is worth giving them a closer look. The power is found in a proposed new s. 36.1, which reads:

36.‍1 (1) If, after investigating a complaint described in any of paragraphs 30(1)‍(a) to (d.‍1), the Commissioner finds that the complaint is well-founded, he or she may make any order in respect of a record to which this Part applies that he or she considers appropriate, including requiring the head of the government institution that has control of the record in respect of which the complaint is made

(a) to disclose the record or a part of the record; and

(b) to reconsider their decision to refuse access to the record or a part of the record.

Although this appears promising, there is a catch. Any such order will not take effect until after the expiry of certain periods of time. The first of these is designed to allow the head of the institution to ask the Federal Court to review “the matter that is the subject of the complaint.” The second time period is to allow third parties (for example, someone whose personal information or confidential commercial information might be affected by the proposed order) or the federal Privacy Commissioner to apply to the Federal Court for a review. (The reason why the Privacy Commissioner might be seeking a review is the subject of an earlier post here).

The wording of these provisions makes it clear that recourse to the Federal Court is neither an appeal of the Commissioner’s order, nor an application for judicial review. Instead, the statute creates a right to request a hearing de novo before the Federal Court on “the matter that is the subject of the complaint”. As we know from experience with the Personal Information Protection and Electronic Documents Act, such a proceeding de novo does not require any deference to be given to the Commissioner’s report, conclusions or order.

One need only compare these order-making powers with those of some of the Commissioner’s provincial counterparts to see how tentative the drafters of Bill C-58 have been. Alberta’s Freedom of Information and Protection of Privacy Act states simply “An order made by the Commissioner under this Act is final.”(s. 73) British Columbia’s statute takes an approach which at first glance looks similar to what is in C-58. Section 59 provides:

59. (1) Subject to subsection (1.1), not later than 30 days after being given a copy of an order of the commissioner, the head of the public body concerned or the service provider to whom the order is directed, as applicable, must comply with the order unless an application for judicial review of the order is brought before that period ends.

Like C-58, s. 59 of B.C.’s Freedom of Information and Protection of Privacy Act provides for a delay in the order’s taking effect depending on whether the head of the institution seeks to challenge it. However, unlike C-58, the head of the institution must seek judicial review of the order (not the matter more generally). Judicial review is based on the record that was before the original adjudicator. It is also a process that requires some deference to be shown to the Commissioner.

A report on the modernization of Canada’s access to information regime compared the current ombuds model with the order-making model. It found that the order making model was preferable for a number of cogent reasons. Two of these were:

  • It gives a clear incentive to institutions to apply exemptions only where there is sufficient evidence to support non-disclosure and then put this evidence before the adjudicator, as judicial review before the Court is based on the record that was before the adjudicator.
  • The grounds on which the order can be set aside are limited and the institution cannot introduce new evidence or rely on new exemptions, as it is the adjudicator’s, and not the institution’s, decision that is under review before the Court.

These are very sound reasons for moving to an order-making model. Unfortunately, the model provided in Bill C-58 does not provide these advantages. Because it allows for a hearing de novo, there is no incentive to put everything before the adjudicator – new evidence and arguments can be introduced before the Federal Court. This will do nothing to advance the goals of accountability and transparency; it might even help to obstruct them.

A decision of the U.S. Court of Appeals for the 10th Circuit highlights the power dynamics around rights to collect and share data. It marks an important victory for environmental activists, and should also be of interest to all those who engage in citizen science, as well as community-based environmental monitoring.

The case arose after the Wyoming legislature passed a law titled Trespassing to Unlawfully Collect Resource Data that imposed civil and criminal liability on any person who crossed over private land in order to “access adjacent or proximate land where he collects resource data.” The statutory definitions of resource data included all kinds of data gathering activity from taking notes to photographing wildlife or taking samples of soil or water.

The backstory to the legislation involved efforts by environmental activists with the Western Watersheds Project to document the impact of cattle grazing on water quality, and to push for limits on grazing on public lands. These efforts were opposed by cattle ranchers, who apparently carry enough clout to push the legislature to enact such a law. A predecessor statute in 2015, titled Trespassing to Collect Data, created civil and criminal liability for collecting data on “open lands”. After the constitutionality of the 2015 law was challenged, it was amended to prohibit crossing private land without permission in order to collect data on “adjacent or proximate land” (which might be public land). It was this amended version that was considered by the appellate court.

The issue before the Court was not whether there was a broad right to collect resource data on either public or private land. Rather, it was whether the state, by creating new civil and criminal trespass penalties for those who crossed private land without permission in order to collect data on public land, violated the free speech rights of the data collectors. The plaintiffs’ argument was essentially that although there were already penalties for trespass on private land, the statute created additional penalties for those who trespassed on private land for the purpose of collecting data on public land. Thus, the court framed the issue as “not whether trespassing is protected conduct, but whether the act of collecting resource data on public lands qualifies as protected speech.” The court noted that the prohibited acts under the law involved “collecting water samples, taking handwritten notes about habitat conditions, making an audio recording of one’s observation of vegetation, or photographing animals”, so long as location data was also included.

The Court noted that a number of federal and state environmental statutes and regulations provided for public submission of environmental data as part of assessment and decision-making processes. The plaintiffs argued that a law restricting their ability to gather environmental data inhibited their ability to participate in such processes, thus limiting their freedom of speech. The Court agreed, noting that the First Amendment extends to the “creation” of speech. The Court observed that “An individual who photographs animals or takes notes about habitat conditions is creating speech in the same manner as an individual who records a police encounter”. The Court also found that the taking of samples, though “somewhat further afield of pure speech”, was protected. In this case, the samples were characterized by the Court as “information plaintiffs need to engage in environmental advocacy”. The Court also observed that the plaintiffs used the data they collected in advocacy activities, and that this type of political engagement was at the core of the First Amendment protection.

The Court does caution that there is no general “unrestrained right to gather information”. As a result, laws that, by banning activities incidentally prevent the ability to gather information about those activities would not run afoul of the First Amendment. In this way, a general prohibition on trespass does not offend the First Amendment, even if it means that someone would be equally barred from trespassing to gather information. What was problematic here was that the laws created new penalties that specifically applied to trespass for data gathering activities.

Although the legislation in this case might seem to be an outlier product of an aggressive stakeholder lobby of government, the issues it raises have a broader significance. Control over data, access to data and even the ability to create data are all crucially important in our data-driven society. My ongoing research explores issues of ownership, control and access to data – expect to see more posts on these topics over the course of the year.

A recent incident raises important issues about excessive control over data and information. Open data activists, who have long battled to liberate government data will recognize the principles at play here. The difference in this case, is that the data over which control is being asserted are in private sector hands. Yet while the law necessarily provides means for private sector organizations to exercise control over data and information in appropriate circumstances, this control is not without its limits. In this case, the limits may have been seriously overstepped.

A Toronto-area man who posted his own data-visualization based on Toronto real estate data hasreceived a blunt cease and desist notice from counsel for the Toronto Real Estate Board (TREB). The story, which was reported by David Hains in Metro News, explains that the 26 year old data analyst named Shafquat Arefeen created the visualization as a personal project and posted it on his non-commercial website. The visualization, which is no longer available as a result of the letter, provided an overview of housing sales activity in Toronto and contained data that, among other things, showed the differences between listing and selling prices, including data for specific house sales.

The cease and desist letter makes it clear that the TREB believes that the data were taken from its proprietary website. There are some interesting issues around accessing and using data hosted on a web platform, including whether any terms of use associated with the site are binding on the user. The letter, however, does not raise any contractual claims. Instead, it asserts copyright – apparently in the data. Mr. Arefeen denies that he obtained the data from the TREB site. Whether he did or not, the copyright claims are independently worth considering.

It is a basic and fundamental principle of copyright law that facts and information are in the public domain. The Federal Court of Canada has clearly stated: “there can be no copyright in information.”( Nautical Data International Inc v. C-Map USA Inc. at para 11), as has the Supreme Court of Canada: “copyright protection does not extend to facts or ideas but is limited to the expression of ideas.” (CCH Canadian Ltd. v. Law Society of Upper Canada, at para 22).

Copyright law does protect compilations, including compilations of data. Yet, where data are part of a compilation, all that is protected is the original selection or arrangement of the data. In a 2016 decision of the Competition Tribunal regarding the TREB’s data, the Tribunal stated that it was: “not persuaded that TREB owns copyright in the MLS Database, including the Disputed Data. In brief, the Tribunal has concluded that TREB has not led sufficient evidence to establish the level of skill, judgment and labour required for the MLS Database to benefit from copyright protection.” (at para 731)

Let’s assume for the sake of argument that there is a copyright claim to be made. Even in those cases where copyright in a compilation of data is found to exist, a second user who does not take a substantial part of the selection or arrangement of the data does not infringe copyright. If Mr. Arefeen’s visualization was his own original expression of the data that he used, then it would be very difficult to sustain an argument that there was a substantial taking of the arrangement of the TREB’s data. It is not clear whether it constituted substantial taking of any original selection of the data – this is far from an open and shut issue. Yet even if a court were to find substantial taking of a selection, Mr. Arefeen would be entitled to rely upon the fair dealing exceptions in the Copyright Act. The Supreme Court of Canada has mandated a generous approach to fair dealing, and there is every possibility that this non-commercial use might be considered fair – in other words, not infringing. The bottom line is that any claim to either copyright in the data or infringement of any such copyright would appear to be very weak.

The cease and desist letter also contains strong language alleging that Mr. Arefeen’s use of the data was a violation of the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA applies only to personal information that is collected, used or disclosed in the course of commercial activity. Mr. Arefeen’s website appears to be non-commercial – it does not even contain advertising. If this is the case, PIPEDA does not apply. There are also exceptions to the application of PIPEDA where information is collected, used or disclosed for journalistic or artistic purposes. Frankly, it’s hard to see how PIPEDA would apply in this instance.

The cease and desist letter achieved its objective in that Mr. Arefeen took down his data visualization, and it is no longer available to a public according to the newspaper coverage found it useful and interesting. This allows the TREB to maintain control over its closely controlled data about the real estate market in Ontario. It also enables it to restrict public engagement with data that are relevant, interesting and important to Toronto residents. The outcome highlights the imbalance between well-resourced data ‘owners’ and data users – particularly those who act in the public interest. Such users often have limited resources either to pay for data licences or to hire lawyers to push back against excessive claims. The result is far from being in the public interest.

The long-term care context is one where privacy interests of employees can come into conflict with the interests of residents and their families. Recent reported cases of abuse in long-term care homes captured on video camera only serve to highlight the tensions regarding workplace surveillance. A June 2017 decision of the Quebec Court of Appeal, Vigi Santé ltée c. Syndicat québécois des employées et employés de service section locale 298 (FTQ), considers the workplace privacy issues in a context where cameras were installed by the family members of a resident and not by the care facility.

The facts of the case were fairly straightforward. The camera was installed by the family of a resident of a long term care facility, but not because of any concerns about potential abuse. Two of the resident’s children live abroad and the camera provided them with a means of maintaining contact with their mother. The camera could be used in conjunction with Skype, and one of the resident’s children present in Quebec regularly used Skype to receive updates about his mother from the private personal care person they also paid to be with their mother for part of the day, six days a week. The camera provided a live feed but did not record images. The operators of the long-term care facility did not have access to the feed. The employees of the facility were informed of the presence of the camera and none objected to it. The privately hired personal care worker was often present when staff provided care, and the court noted that there were no complaints about the presence of this companion. The family never complained about the services provided to the resident; in fact, they indicated that they were very satisfied. The resident had been in two other facilities prior to moving to this one; similar cameras had been used in those facilities.

The employees’ union challenged the installation of the video, and two questions were submitted to an arbitrator for determination. The first question was whether the employer could permit the family members of a resident to install a camera in the resident’s room for the sole purpose of allowing family members to see the resident. The second was whether the employer could permit family members to install a camera in the room of a resident with the goal of overseeing the activities of employee caregivers. The arbitrator had ruled that, as far as employees were concerned, in both cases the camera was a surveillance camera. He went on to find that the employer had no justification in the circumstances for carrying out surveillance on its employees. Judicial review of this decision was sought, and a judge of the Quebec Superior court confirmed the decision. It was appealed to the Court of Appeal.

Under the principles of judicial review, an arbitrator’s decision can only be overturned if it is unreasonable. The Court of Appeal split on this issue with the majority finding the decision to have been unreasonable. The majority emphasized that the arbitrator had found that the family’s motivation for installing the camera was not to carry out surveillance on the staff, and also highlighted the fact that none of the staff had complained about the presence of the camera.

Although the majority agreed that the privacy guarantees of the Quebec Charter of Human Rights and Freedoms protected employees against unjustified workplace surveillance by their employer, they found that the camera installed by the family for the purpose of maintaining contact with a loved one did not constitute employee surveillance. Further, it was not carried out by the employer. They noted in particular the fact that the images were not recorded and the feed was not accessible to the employer. The majority criticized the arbitrator for characterizing the family’s decision to install the camera as being motivated by a disproportionate concern (“une inquietude démesurée”) over their mother’s well-being, because there was no evidence of any mistreatment.

The majoirty cited jurisprudence to support its view that a camera that captured activities of workers was not necessarily a surveillance camera. It noted several Quebec arbitration cases where arbitrators determined that cameras installed by employers to provide security or to protect against industrial espionage were permissible, notwithstanding the fact that they also captured the activities of employees. Any surveillance of employees was incidental to a different and legitimate objective of the employer.

The majority went further, noting that in this case, the issue was whether an individual (or their family) had a right to install a camera in their own living space. For the majority, it was significant that the care home was the resident’s permanent living space because she had lost her ability to live on her own. The camera allowed her to remain in greater contact with her loved ones, including two children who lived abroad. They considered that the family’s choice in this matter had to be given its due weight, and found that the arbitrator should have ruled, in answer to the first question, that the employer could permit the installation of a camera, by family members, for the goal of permitting the family members to maintain contact with a resident.

The second question related to the rights of family members to install cameras with the goal of carrying out surveillance on caregivers. The majority declined to answer this question on because the facts did not provide a sufficient context on which to base a decision. The Court noted that the answer would depend on circumstances which might include whether there had already been complaints or reported concerns, the nature and extent of notice provided to employees, and so on.

Justice Giroux, in dissent, found that it was reasonable for the arbitrator to have characterized the camera as a surveillance camera. The arbitrator had noted that the camera was placed in such a way as to allow for a continuous view of all care provided by employees to the resident. The resolution was good enough to identify them, and in some cases to hear them. While there was no recording of the feed, it was possible to create still photographs through screen capture. The arbitrator had also turned his attention to the special nature of the care home, noting that it was a home to residents but at the same time was a workplace for the employees. The workplace was governed by a collective agreement, and disputes about working conditions were meant to be resolved by an arbitrator, meaning that courts should exercise deference in review. The arbitrator had found that by permitting the installation of the camera by the family of the resident, the employer had adopted as its own the family’s reasons for doing so, and was responsible for establishing that the level of surveillance was consistent with the Quebec Charter. The arbitrator had found that the family members had demonstrated a disproportionate level of concern, and that this could not be a basis for permitting workplace surveillance. He concluded that in his view the decision of the arbitrator should have been upheld.

 

In R. v. Orlandis-Habsburgo the Ontario Court of Appeal revisited the Supreme Court of Canada decisions in R. v. Spencer, R. v. Gomboc, and R. v. Plant. The case involved the routine sharing of energy consumption data between an electricity provider and the police. Horizon Utilities Corp. (Horizon) had a practice of regularly reviewing its customers’ energy consumption records, including monthly consumption figures as well as patterns of consumption throughout the day. When Horizon encountered data suggestive of marijuana grow operations, they would send it to the police. This is what occurred in Orlandis-Habsburgo. The police responded by requesting and obtaining additional information from Horizon. They then conducted observations of the accused’s premises. The police used a combination of data provided by Horizon and their own observation data to obtain a search warrant which ultimately led to charges against the accused, who were convicted at trial.

The defendants appealed their convictions, arguing that their rights under s. 8 of the Canadian Charter of Rights and Freedoms had been infringed when the police obtained data from Horizon without a warrant. The trial judge had dismissed these arguments, finding that the data were not part of the “biographical core” of the defendants’ personal information, and that they therefore had no reasonable expectation of privacy in them. Further, he ruled that given the constellation of applicable laws and regulations, as well as Horizon’s terms of service, it was reasonable for Horizon to share the data with the police. The Court of Appeal disagreed, finding that the appellants’ Charter rights had been infringed. The decision is interesting because of its careful reading of the rather problematic decision of the Supreme Court of Canada in Gomboc. Nevertheless, although the decision creates important space for privacy rights in the face of ubiquitous data collection and close collaboration between utility companies and the police, the Court of Appeal’s approach is highly contextual and fact-dependent.

A crucial fact in this case is that the police and Horizon had an ongoing relationship when it came to the sharing of customer data. Horizon regularly provided data to the police, sometimes on its own initiative and sometimes at the request of the police. It provided data about suspect residences as well as data about other customers for comparison purposes. Writing for the unanimous court, Justice Doherty noted that until the proceedings in this case commenced, Horizon had never refused a request from the police for information. He found that this established that the police and Horizon were working in tandem; this was important, since it distinguished the situation from one where a company or whistleblower took specific data to the police with concerns that it revealed a crime had been committed.

The Court began its Charter analysis by considering whether the appellants had a reasonable expectation of privacy in the energy consumption data. The earlier Supreme Court of Canada decisions in Plant and Gomboc both dealt with data obtained by police from utility companies without a warrant. In Plant, the Court had found that the data revealed almost nothing about the lifestyle or activities of the accused, leading to the conclusion that there was no reasonable expectation of privacy. In Gomboc, the Court was divided and issued three separate opinions. This led to some dispute as to whether there was a reasonable expectation of privacy in the data. In Orlandis-Habsburgo, the Crown argued that seven out of nine judges in Gomboc had concluded that there was no reasonable expectation of privacy in electricity consumption data. By contrast, the appellants argued that five of the nine judges in Gomboc had found that there was a reasonable expectation of privacy in such data. The trial judge had sided with the Crown, but the Court of Appeal found otherwise. Justice Doherty noted that all of the judges in Gomboc considered the same factors in assessing the reasonable expectation of privacy: “the nature of the information obtained by the police, the place from which the information was obtained, and the relationship between the customer/accused and the service provider.” (at para 58) He found that seven of the judges in Gomboc had decided the reasonable expectation of privacy issue on the basis of the relationship between the accused and the utility company. At the same time, five of the justices had found that the data was of a kind that had the potential to reveal personal activities taking place in the home. He noted that: “In coming to that conclusion, the five judges looked beyond the data itself to the reasonable inferences available from the data and what those inferences could say about activities within the home.” (at para 66) He noted that this was the approach taken by the unanimous Supreme Court in R. v. Spencer, a decision handed down after the trial judge had reached his decision in Orlandis-Habsburgo. He also observed that the relationship between the customer and the service provider in Orlandis-Habsburgo was different in significant respects from that in Gomboc, allowing the two cases to be distinguished. In Gomboc, a provincial regulation provided that information from utility companies could be shared with the police unless customers explicitly requested to opt-out of such information sharing. No such regulation existed in this case.

Justice Doherty adopted the four criteria set out in Spencer for assessing the reasonable expectation of privacy. There are: “(1) the subject matter of the alleged search; (2) the claimant's interest in the subject matter; (3) the claimant's subjective expectation of privacy in the subject matter; and (4) whether this subjective expectation of privacy was objectively reasonable, having regard to the totality of the circumstances.” (Spencer, at para 18) On the issue of the subject matter of the search, the Court found that the energy consumption data included “both the raw data and the inferences that can be drawn from that data about the activity in the residence.” (at para 75) Because the data and inferences were about a person’s home, the Court found that this factor favoured a finding of a reasonable expectation of privacy. With respect to the interest of the appellants in the data, the Court found that they had no exclusive rights to these data – the energy company had a right to use the data for a variety of internal purposes. The Court described these data as being “subject to a complicated and interlocking myriad of contractual, legislative and regulatory provisions” (at para 80), which had the effect of significantly qualifying (but not negating) any expectation of privacy. Justice Doherty found that the appellants had a subjective expectation of privacy with respect to any activities carried out in their home, and he also found that this expectation of privacy was objectively reasonable. In this respect, he noted that although there were different documents in place that related to the extent to which Horizon could share data with the police, “one must bear in mind that none are the product of a negotiated bargain between Horizon and its customers.” (at para 84) The field of energy provision is highly regulated, and the court noted that “[t]he provisions in the documents to which the customers are a party, permitting Horizon to disclose data to the police, cannot be viewed as a ‘consent’ by the customer, amounting to a waiver of any s. 8 claim the customer might have in the information.” (at para 84) That being said, the Court also cautioned against taking any of the terms of the documents to mean that there was a reasonable expectation of privacy. Justice Doherty noted that “The ultimate question is not the scope of disclosure of personal information contemplated by the terms of the documents, but rather what the community should legitimately expect in terms of personal privacy in the circumstances.” (at para 85) He therefore described the terms of these documents as relevant, but not determinative.

The documents at issue included terms imposed on the utility by the Ontario Energy Board. Under these terms, Horizon is barred from using customer information for purposes other than those for which it was obtained without the customer’s consent. While there is an exception to the consent requirement where the information is “required to be disclosed. . . for law enforcement purposes”, Justice Doherty noted that in this case the police had, at most, requested disclosure – at no point was the information required to be disclosed. He found that the terms of the licence distinguished this case from Gomboc and supported a finding of a reasonable expectation of privacy in the data.

The Court also looked at the Distribution System Code (DSC) which permits disclosure to police of “possible unauthorized energy use”. However, Justice Doherty noted that this term was not defined, and no information was provided in the document as to when it was appropriate to contact police. He found this provision unhelpful in assessing the reasonable expectation of privacy. The Court found the Conditions of Service to be similarly unhelpful. By contrast, the privacy policy provided that the company would protect its customers’ personal information, and explicitly set out the circumstances in which it might disclose information to third parties. One of these was a provision for disclosure “to personas as permitted or required by Applicable Law”. Those applicable laws included the provincial Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA) Justice Doherty looked to the Supreme Court of Canada’s interpretation of PIPEDA in Spencer. He found that the exception in PIPEDA that permitted disclosure of information to law enforcement could only occur with “lawful authority” and that “[t]he informal information-sharing arrangement between Horizon and the police described in the evidence is inconsistent with both the terms of Horizon’s licence and the disclosure provisions in PIPEDA.” (at para 104) He also found that it did not amount to “lawful authority” for a request for information.

The respondents argued that s. 32(g) of MFIPPA provided a basis for disclosure. This provision permits disclosures to law enforcement agencies without referencing any need for “lawful authority”. However, Justice Doherty noted that, like PIPEDA, MFIPPA has as its primary goal the protection of personal information. He stated: “That purpose cannot be entirely negated by an overly broad and literal reading of the provisions that create exceptions to the confidentiality requirement.” (at para 106) He noted that while s. 32(g) provides an entity with discretion to release information in appropriate circumstances, the exercise of this discretion requires “an independent and informed judgment” (at para 107) in relation to a specific request for information. The provision could not support the kind of informal, ongoing data-sharing relationship that existed between Horizon and the police. Similarly, the court found that the disclosure could not be justified under the exception in s. 7(3)(d)(i) of PIPEDA that allowed a company to disclose information where it had “reasonable grounds to believe that the information relates to . . . a contravention of the laws of Canada”. While Justice Doherty conceded that such disclosures might be possible, in the circumstances, Horizon “did not make any independent decision to disclose information based on its conclusion that reasonable grounds existed to believe that the appellants were engaged in criminal activity.” (at para 110) It simply passed along data that it thought might be of interest to the police.

Although the Court of Appeal concluded that there was a reasonable expectation of privacy in the energy consumption data, and that the search was unreasonable, it ultimately found that the admission of the evidence would not bring the administration of justice into disrepute. As a result, the convictions were upheld. The court cited, in support of its conclusion that the trial judge had reached his decision prior to the Supreme Court of Canada’s decision in Spencer, and that the error in the judge’s approach was only evident after reading Spencer.

 

Skirmishes over right to freely access and use “publicly available” data hosted by internet platform companies have led to an interesting decision from the U.S. District Court from the Northern District of California. The decision is on a motion for an interlocutory injunction, so it does not decide the merits of the competing claims. Nevertheless, it provides insight into a set of issues that are likely only to increase in importance as these rich troves of data are mined by competitors, opportunistic businesses, big data giants, researchers and civil society actors.

The parties in hiQ Labs Inc. v LinkedIn Corp. are companies whose business models are based upon career-related personal information provided by professionals. LinkedIn offers a professional networking platform to over 500 million users, and it is easily the leading company in its space. hiQ, for its part, is a data analytics company with two main products aimed at enterprises. The first is “Keeper”, a product which informs corporations about which of their employees are at greatest risk of being poached by other companies. The second is “Skill Mapper” which provides businesses with summaries of the skills of their employees. For both of its products hiQ relies on data that it scrapes from LinkedIn’s publicly accessible web pages.

Data featured on LinkedIn’s site are provided by users who create accounts and populate their profiles with a broad range of information about their background and skills. LinkedIn members have some control over the extent to which their information will be shared by others. They can choose to limit access to their profile information to only their close contacts or to an expanded list of contacts. Alternatively, they can provide access to all other members of LinkedIn. They also have the option to make their profiles entirely public. These public profiles are searchable by search engines such as Google. It is the data in the fully public profiles that is scraped and used by hiQ.

hiQ is not the only company that scrapes data from LinkedIn as part of an independent business model. In fact, LinkedIn has only recently attempted to take legal action against a large number of users of its data. hiQ was just one of many companies that received a cease and desist letter from LinkedIn. Because being cut off from the LinkedIn data would effectively decimate its business, hiQ responded by seeking a declaration from the California court that its activities were legal. The recent decision from the court is in relation to hiQ’s request for an interlocutory injunction that will allow it to continue to access the LinkedIn data pending resolution of the substantive legal issues raised by both sides.

hiQ argued that in moving against its data scraping activities, LinkedIn engaged in unfair business practices, and violated its free speech rights under the California constitution. LinkedIn, for its part, argued that hiQ’s data scraping activities violated the Computer Fraud and Abuse Act (CFAA), as well as the digital locks provisions Digital Millennium Copyright Act (DMCA) (although these latter claims do not feature in the decision on the interlocutory injunction).

Like other platform companies, access to and use of LinkedIn’s site is governed by website Terms of Service (TOS). These TOS prohibit data scraping. When LinkedIn demanded that hiQ cease scraping data from its site, it also implemented technological protection measures to prevent access by hiQ to its data. LinkedIn’s claims under the CFAA and the DMCA are based largely on the circumvention of these technological barriers by hiQ.

The court ultimately granted the injunction barring LinkedIn from limiting hiQ’s access to its publicly available data pending the resolution of the issues in the case. In doing so, it expressed its doubts that the CFAA applied to hiQ’s activity, noting that if it did, it would “profoundly impact open access to the Internet.” It also found that attempts by LinkedIn to block hiQ’s access might be in breach of state law as anti-competitive behavior. In reaching its decision, the court had some interesting things to say about the importance of access to publicly accessible data, and the privacy rights of those who provided the data. These issues are highlighted in the discussion below.

In deciding whether to grant an interlocutory injunction, a court must assess both the possibility of irreparable harm and the balance of convenience as between the parties. In this case, the court found that denying hiQ access to LinkedIn data would essentially put it out of business – causing it irreparable harm. LinkedIn argued that it was imperative that it be allowed to protect its data because of its users’ privacy interests. While hiQ only scraped data from public profiles, LinkedIn argued that even those users with public profiles had privacy interests. I noted that 50 million of its users with public profiles had selected its “Do Not Broadcast” feature which prevents profile updates from being broadcast to a user’s connections. LinkedIn described this as a privacy feature that would essentially be circumvented by routine data scraping. The court was not convinced. In the first place, it found that there might be many reasons besides privacy concerns that motivated users to choose “do not broadcast”. It gave as an example the concern by users that their connections not be spammed by endless notifications. The Court also noted that LinkedIn had its own service for professional recruiters that kept them apprised of updates even from users who had implemented “Do Not Broadcast”. The court dismissed arguments by LinkedIn that this was different because users had consented to such sharing in their privacy policy. The court stated: “It is unlikely, however, that most users’ actual privacy expectations are shaped by the fine print of a privacy policy buried in the User Agreement that likely few, if any, users have actually read.” [Emphasis in original] This is interesting, because the court discounts the relevance of a privacy policy in informing users’ expectations of privacy. Essentially, the court finds that users who make their profiles public have no real expectation of privacy in the information. LinkedIn could therefore not rely on its users’ privacy interests to justify its actions.

In assessing whether the parties raised serious questions going to the merits of the case, the court considered LinkedIn’s arguments about the CFAA. The CFAA essentially criminalizes intentional access to a computer without authorization, or in a way that exceeds the authorization provided, with the result that information is obtained. The question, therefore, was whether hiQ’s continued access to the LinkedIn site after LinkedIn expressly revoked any permission and tried to bar its access, was a violation of the CFAA. The court dismissed the cases cited by LinkedIn in support of its position, noting that these cases involved unauthorized access to password protected sites as opposed to accessing publicly available information.

The court observed that the CFAA was enacted largely to deal with the problem of computer hacking. It noted that if the application of the law was extended to publicly accessible websites it would greatly expand the scope of the legislation with serious consequences. The court noted that this would mean that “merely viewing a website in contravention of a unilateral directive from a private company would be a crime.” [Emphasis in original] It went on to note that “The potential for such exercise of power over access to publicly viewable information by a private entity weaponized by the potential of criminal sanctions is deeply concerning.” The court placed great emphasis on the importance of an open internet. It noted that “LinkedIn, here, essentially seeks to prohibit hiQ from viewing a sign publicly visible to all”. It clearly preferred an interpretation of the CFAA that would be limited to unauthorized access to a computer system through some form of “authentication gateway”.

The court also found that hiQ raised serious questions that LinkedIn’s behavior might fall afoul of competition laws in California. It noted that LinkedIn is in a dominant position in the field of professional networking, and that it might be leveraging its position to get a “competitively unjustified advantage in a different market.” It also accepted that it was possible that LinkedIn was denying its competitors access to an essential facility that it controls.

The court was not convinced by hiQ’s arguments that the technological barriers erected by LinkedIn violated the free speech guarantees in the California Constitution. Nevertheless, it found that on balance the public interest favoured the granting of the injunction to hiQ pending the outcome of litigation on the merits.

This dispute is extremely interesting and worth following. There are a growing number of platforms that host vast stores of publicly accessible data, and these data are often relied upon by upstart businesses (as well as established big data companies, researchers, and civil society) for a broad range of purposes. The extent to which a platform company can control its publicly accessible data is an important one, and one which, as the California court points out, will have important public policy ramifications. The related privacy issues – where the data is also personal information – are also important and interesting. These latter issues may be treated differently in different jurisdictions depending upon the applicable data protection laws.

Tuesday, 08 August 2017 08:39

On data ownership rights

In early July 2017 I attended an excellent workshop hosted by researchers at the Centre for Information Technology, Society and Law at the University of Zurich. The objective of the workshop was to bring a group of academic experts together to discuss data ownership rights.

It is perhaps not surprising that the issue of ownership rights in data is bubbling to the surface as we move further into the evolving big data environment. Data have been described as the new “oil” of the information society. They have a tremendous value and are strongly linked to innovation. One of the ways in which industrialized nations have nurtured innovation has been through the creation of intangible property rights such as intellectual property rights. Data ownership rights flow from that same industrial era mind set. However, it is far from clear that this paradigm is a good fit for data and data-related innovation.

The concept of a data ownership right was raised in the EU in the European Data Market Study, Second Interim Report, June 2016. At page 146, it states:

In fact, the way data are made available and the extent to which data are flowing across sectors and organizations, play a fundamental role in sustaining and developing the emergence of a European data-driven economy. In defining and specifying the rights to create, edit, modify, share and restrict access to data, data ownership becomes a pivotal factor affecting a growing number of potential data users and an increasing range of data-related activities.

One might perhaps be forgiven for thinking that there are already data ownership rights; for example, terms of service for websites frequently state that the company behind the website “owns” its data. Canada’s federal government even got its knuckles rapped by the Federal Court of Appeal for making a similar copyright-based claim in one of its data licences (see my post on this decision here). And, while the law of confidential information could be argued to provide a kind of property right in data or information, in reality what is protected by this body of law is the confidentiality of the information. Once confidentiality is lost, it is clear that there is no underlying ‘property’ right in the data.

Policy makers have long been wary of extending IP rights to data – and for some very good reasons. Copyright law, for example, does not protect “facts”, viewing them instead as the building blocks for creativity and expression, and therefore part of the public domain. Of course, copyright law does protect the original selection and arrangement that goes into creating a compilation of facts (i.e. a data set). How extensive this protection ultimately is depends on what a court sees as the taking of a substantial part of that selection or arrangement. It is this protection for compilations of data that no doubt supports those Terms-of-Service claims to ownership of data mentioned above, but the scope and extent of copyright protection in such circumstances is nevertheless limited and uncertain. In the EU, database rights have provided a broader protection for databases, but it still, fundamentally, is not a protection for the data that make up the database.

It is difficult to see where the interest in a data ownership right is coming from. No clear or pressing need to enhance the protection available for data has been identified. Data ownership rights might be more likely to create confusion and uncertainty – and to increase transaction costs and slow innovation – than to improve the current situation. It would be difficult – and hugely problematic – even to begin to try to identify the ‘owners’ of rights in data and to manage the potential competing interests. And while there are undoubtedly issues around the fairness of particular uses of data, or the legitimacy of means used to acquire data, existing laws already offer a range of recourses and remedies that may be applicable in any given case.

The brief summary of our meetings on data ownership is now publicly available, and it addresses these and many other issues relating to data ownership rights. Our conclusions – that there is no evident need for a new data ownership right and that it would be impossibly difficult to define or constrain – offer a caution to those who regard property rights as a panacea in marketplaces of all kinds.

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
Page 1 of 26

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law