Thursday, July 29, 2010

White House proposal would ease FBI access to records of Internet activity

According to the Washington Post, the Obama administration is seeking to expand (or "clarify") the authority of the FBI to seek web-surfing records with a national security letter. The current law allows the FBI to require the production of "transactional" information without a warrant but not content information. The FBI is of the view that the current statute allows them this authority, but want it clarified to avoid "unnecessary litigation". See: White House proposal would ease FBI access to records of Internet activity.

Privacy and Access Rights in the Age of Technology: The State of Canadians’ Information Rights in 2010 and Beyond

The Canadian Bar Association's National Privacy and Access Law Section has organized what I expect will be one of the premier continuing education events in Canada for privacy and access specialists on September 19/20 in Ottawa.

The program is awesome, covering both access to information and privacy.

Speakers include Federal Privacy Commissioner Jennifer Stoddart, Federal Information Commissioner Suzanne Legault, Alberta Commissioner Frank Work, BC Commissioner Liz Denham, Nova Scotia's Dulcie McCallum, Saskatchewan's Gary Dickson, Quebec's Jacques Saint-Laurent. Private sector speakers are a who's who of privacy law.

More info here: CBA - Privacy and Access Rights in the Age of Technology: The State of Canadians’ Information Rights in 2010 and Beyond.

Monday, July 26, 2010

Privacy Commissioner announces new round of research contributions

The Office of the Privacy Commissioner of Canada has announced its latest round of research funding under its contributions program.

Below is a list of the projects funded:

Research Projects - Contributions Program 2009-2010

Research Projects funded under 2009-2010 Contributions Program

  • Association sur l’accès et la protection de l’information (AAPI) - Internet portal on privacy protection
  • University of Alberta, Health Law Institute - Analysis of Privacy Policies and Practices of Direct-to-Consumer Genetic Testing Companies: Private Sector Databanks and Privacy Protection Norms
  • University of Victoria - Deep-Packet Inspection: Resources for the Analysis of Privacy Implications in Canada
  • Memorial University of Newfoundland - Privacy Protection and Biobanks: A Conjoint Analysis of Priorities and Preferences of Stakeholder Groups
  • Union des consommateurs - Electronic Health Records: Controlling Personal Health Data in the Context of Medical Records Information
  • Queen’s University - Camera Surveillance in Canada: A Research Workshop

Sunday, July 25, 2010

New Pacific rim privacy commissioners

In the last week or so, new Privacy Commissioners have been named for both Australia and Hong Kong:

Allan Chiang named Privacy Commissioner (Hong Kong)

The Chief Executive has appointed former Postmaster General Allan Chiang as the new Privacy Commissioner for Personal Data for five years from August 4.

Secretary for Constitutional & Mainland Affairs Stephen Lam said today Mr Chiang has rich experience in public administration, served in senior public positions and possesses proven leadership, management and communication skills.

"With his commitment, experience and knowledge he is well placed to perform the roles of the Privacy Commissioner. We are confident under his leadership the office will strive to promote the protection of personal data privacy in the community," Mr Lam said.

Mr Chiang, 59, has served in the Government for 33 years and was Postmaster General from 2003 to 2006. He has since been Chief Executive Officer of the Hong Kong Design Centre.

Mr Chiang said he will work with the incumbent Roderick Woo, whose term of office will expire July 31, to ensure a smooth transition.

Mr Lam said Mr Woo has taken steps to strengthen the enforcement of the Personal Data (Privacy) Ordinance and initiated inspections and investigations of major personal data systems of public concern to facilitate their compliance with the ordinance.

Mr Woo also conducted a comprehensive review of the ordinance having regard to developments in the last decade.

Government appoints new Privacy Commissioner (Australia)

Commissioner touts technology for privacy.

Special Minister of State Joe Ludwig has appointed Timothy Pilgrim as Australia's Privacy Commissioner, replacing Karen Curtis whose term ended on July 12.

Pilgrim was appointed as Deputy Privacy Commissioner in February 1998. He has now been appointed Privacy Commissioner for a five year term.

Senator Ludwig's office said Pilgrim was selected following an "open merit based" selection process, in accordance with the Guidelines introduced by the Government in 2008 after previous Privacy Commissioner, Curtis' term expired on July 12.

"I am confident that Mr Pilgrim's experience and operational knowledge of the office will be of great assistance when the office transitions to form part of the new Office of the Australian Information Commissioner, which will open its doors on 1 November 2010," Senator Ludwig said in a statement.

Pilgrim said he will focus his attention on informing the public about how technology can be used to protect privacy. He will also work with agencies and organisations to design new and developing technologies in a privacy-enhancing way.

"I note that advances in information, communication and surveillance technologies have created and intensified a range of privacy issues.

"While Australians value their privacy, they also appreciate that other interests intersect such as freedom of speech and law enforcement.

"People also want the significant benefits of new technologies, such as communicating with friends and family around the world, and shopping and banking online," he said.

Thursday, July 15, 2010

New Brunswick names first privacy commissioner

The government of New Brunswick has named Fredericton lawyer Anne Bertrand to become the province's first access to information and privacy commissioner. She will be responsible for oversight of the province's new health privacy law.

CBC News - New Brunswick - Fredericton lawyer named information czar

Last Updated: Thursday, July 15, 2010 | 7:39 PM AT

CBC News

Premier Shawn Graham has tapped Fredericton lawyer Anne Bertrand to become the province's first access to information and privacy commissioner.

Bertrand will start Sept. 1, when the independent office is officially created. Graham said Bertrand's legal experience will help her establish the office.

"I am confident that the breadth of her experience in the field of law, along with her work in the community and strong values of justice and integrity, will serve New Brunswickers well as she fulfils the commissioner's responsibilities," he said in a news release.

Until now, access to information and privacy issues have been the responsibility of Bernard Richard, the provincial ombudsman and child and youth advocate.

Bertrand's appointment must be confirmed by the legislature after the Sept. 27 election. But Opposition Leader David Alward has indicated his party will support a motion.

"The position is important," Alward told CBC News. "There was a fair, competitive process. I feel confident with that."

Alward said he isn't concerned Bertrand once tried to become a Liberal candidate.

"I feel very comfortable that there was a fair evaluation," he said.

The appointment is for five years.

Failed Liberal candidate

Bertrand has been a lawyer in private practice for 24 years. She has also been active in the arts community and serves as the chair of the New Brunswick Foundation for the Arts.

Bertrand tried to enter provincial politics in 2006 but lost the Liberal nomination in the riding of Fredericton-Silverwood to Rick Miles, who is now the environment minister.

She has also dabbled in federal politics. In 2006, she served as the provincial campaign co-chair to former Ontario education minister Gerard Kennedy, when he ran for the federal Liberal leadership.

New legislation

The information and privacy commissioner will be responsible for overseeing two new pieces of legislation governing access to information and health information privacy.

Bertrand will be responsible for hearing any public complaints related to the legislation and for advocating for information and privacy issues.

Friday, July 09, 2010

Important Federal Court decision on "commercial activities" under PIPEDA

Today, the Federal Court of Canada released an important decision on the parameters of "commercial activity" under PIPEDA: State Farm v Privacy Commissioner, 2010 FC 736. Because I was one of the counsel on the case, I can't say much so I'll leave it to Dan Michaluk to provide a full, unbiased summary.

In short, the Court concluded that an insurance company, acting on behalf of its insured in defending a personal injury claim, is not engaged in "commercial activity" so PIPEDA does not apply. Though the case it not specifically followed, this conclusion is consistent with Ferenczy v. MCI Medical Clinics (some commentary here).

Damages under PIPEDA: What does it take to get some damages around here?

Dan Michaluk has a great summary of Randall v. Nubodys Fitness Centres, 2010 FC 681 (CanLII), where the Federal Court was not inclined to award any damages for a breach of PIPEDA. Dan calls it a "conservative approach", but it seems more restrictive than that. See:Case Report – Court espouses preference for conservative approach to PIPEDA remedies - All About Information.

Thursday, July 08, 2010

The truth about internet advertising

Most people don't spend a lot of time thinking about the magic that takes place behind the scenes when they are on the internet. When it comes to advertising, tailored ads often lead people to assume that the advertisers know something about them and that often creeps them out. In most cases, it is not the advertiser who knows about you but the site you are visiting knows you. Or the personalisation is based on assumed demographics. Or information that you've provided to the company that serves the ads on behalf of others. It is seldom because the site you are visiting has sold your data to the advertisers.

For example, Facebook often serves me ads that seem to know about my age, marital status and some of my interests. The advertisers don't know any of that information about me, but Facebook does. If a business asks Facebook to present its ads to a particular group of users, such as handsome, young, brilliant privacy lawyers, I'll see that ad. The company that bought the ad will not learn anything about me unless I click the ad and decide to give them my personal information.

This great article, forwarded to me by a friend, explains a lot about the myths and realities of online advertising: Privacy MythBusters: No, Facebook Doesn’t Give Advertisers Your Data!:

It’s a myth that Facebook is hell-bent on getting users to share more information more widely for the sake of of advertisers. In fact, advertising on Facebook doesn’t involve sharing information about users with advertisers. In fact, advertisers buy ads that Facebook shows to users Facebook (or rather, its algorithms) thinks might be interested. If anything, sharing more information can actually help Facebook’s competitors if users take advantage of Facebook Connect’s data portability to port their data over to competing platforms. So the widely perceived conflict of interest between Facebook’s economic interests and users’ privacy just doesn’t exist. The site gains from having more users spend more time on the site, not from tricking users into “giving up their privacy.”