Welcome to PrivacyInfo.ca, a site maintained by Professor Michael Geist of the University of Ottawa, Faculty of Law. The site features summaries of all of the Canadian Privacy Commissioner's decisions under the Personal Information Protection and Electronic Documents Act (PIPEDA) . While those decisions are available in full-text on the Commissioner's site, this site provides additional search functionality, including full-text searches as well as searching by individual provisions, sector, and outcome.
The site also contains links to Canadian privacy legislation, privacy law news, and other resources. For regular updates of new decisions and additions to the site, click here.
This site is not affiliated in any way with the Canadian Privacy Commissioner's office. It is provided for informational purposes only and should not be treated or relied upon as legal advice.
The CRTC announced yesterday that it plans to delegate enforcement of the do-not-call list. The Commission previously delegated the maintenance of the list itself to Bell Canada.
Following on Privacy Commissioner of Canada Jennifer Stoddart's public letter warning against weakening privacy through copyright reform, a broad coalition of privacy, education, civil liberties groups, and academics have signed a public letter raising similar concerns (I am a signatory).
As Canada's top privacy watchdog, Privacy Commissioner of Canada Jennifer Stoddart regularly appears before House of Commons committee hearings to identify the privacy implications of government bills. Late last week, Stoddart went one step further by warning against the potential negative privacy impact of legislation that has yet to be tabled.
In a public letter to Industry Minister Jim Prentice and Canadian Heritage Minister Josée Verner, Stoddart cautioned against using forthcoming copyright legislation to undermine privacy, noting that "privacy protections for Canadians would be weakened if changes to the Copyright Act authorized the use of technical mechanisms to protect copyrighted material that resulted in the collection, use and disclosure of personal information without consent.”
The Canadian legislation, which could be introduced as early as next week, is expected to use the U.S. Digital Millennium Copyright Act (DMCA) as a model. Since its enactment in 1998, the U.S. law has been roundly criticized on privacy, security, and consumer protection grounds.
At issue are rumoured provisions in a Canadian DMCA that would provide legal protection for digital locks, often referred to as digital rights management (DRM). Stoddart notes that if "DRM technologies only controlled copying and use of content, our Office would have few concerns." However, those same technologies can be used to collect personal information about computer users that is "transmitted back to the copyright owner or content provider, without the consent or knowledge of the user."
While there are tools to stop this unwanted form of surveillance, Stoddart warns that Prentice and Verner's proposed reforms could render their use illegal. In fact, even if the Ministers insert an exception for privacy protection into the bill, the tools themselves could still be banned, leaving Canadians with the legal right to protect their privacy but without the means to do so.
A 2005 incident involving the recording industry provides strong support for Stoddart's concerns. Sony BMG, one of the world's largest record labels, inserted a copy-control technology on dozens of its CDs that surreptitiously installed a program on users' computers that, according to Stoddart, was "capable of reporting back to Sony BMG information such as when the CD was played, the IP address it was being played at, and whether and how often attempts were made to copy it."
Once the incident was discovered, Sony BMG was hit with class action lawsuits in both the United States and Canada, with allegations of violations of privacy law, breach of contract, and tort claims.
Last week's letter is not the first time that Stoddart has worked to raise awareness about the privacy implications of DRM. In a November 2006 fact sheet, she enumerated a wide range of privacy concerns and urged the industry to consider alternative technologies.
Stoddart's objections to the proposed copyright reforms extend beyond just DRM. Her letter also calls attention to provisions that are likely to require Internet service providers to retain customer information for up to one year based solely on the request of a private company alleging copyright infringement. She notes that "allowing a private sector organization to require an ISP to retain personal information is a precedent-setting provision that would seriously weaken privacy protections."
The outcry against the Canadian copyright reforms have to date largely centered on the U.S. influence in crafting the bill and its negative effect on education and consumer rights. Stoddart's public letter provides an important reminder that it is more than just copyright law that hangs in the balance as Prentice and Verner must take care to simultaneously not place Canadians' privacy at risk.
Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He is a member of the Privacy Commissioner of Canada's External Advisory Board. He can reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.
Privacy Commissioner of Canada Jennifer Stoddart has issued a public letter to Industry Minister Jim Prentice and Canadian Heritage Minister Josee Verner warning against copyright reforms that "could have a negative impact on the privacy rights of Canadians."
The letter focuses on the anti-circumvention provisions, which Stoddart notes would weaken privacy protections for Canadians "if changes to the Copyright Act authorized the use of technical mechanisms to protect copyrighted material that resulted in the collection, use and disclosure of personal information without consent." She also highlights the potential impact of mandated data retention under a notice-and-notice system, concluding that "allowing a private sector organization to require an ISP to retain personal information is a precedent-setting provision that would seriously weaken privacy protections."
The outcry against the Canadian DMCA have largely centered on the U.S. influence in crafting the bill and its effect on education and consumer rights. Stoddart’s public letter provides an important reminder that it is more than just copyright law that hangs in the balance as the government's plans could ultimately place Canadians' privacy at risk.
The Canadian Bar Association has been hit by a security breach. The CBA has advised affected members that:
Your records may have been affected by this unauthorized activity. The files contained personal information relating to online orders (name, address, phone, fax, member number) and encrypted credit card information. We have no reason to believe that the encrypted credit card information was compromised. CBA uses one of the most secure encryption solutions available to protect credit card information. As a precautionary measure, we recommend that members monitor their credit card accounts for suspicious activity.
The Globe and Mail reports that Passport Canada has suffered a massive privacy breach that resulted in online availability of applicant information. I argue that this again highlights the need for mandatory security breach notification legislation.
Update: The incident is raised during Question Period on the floor of the House of Commons.
posted
on Tue. Dec. 4/07
Site Last Updated: 2008-02-04 Copyright (c) 2003 Michael Geist
First (12/06/2007)
Previous
#3 of 27
Next 
Last (12/01/2009) 
