Privacy - News

Today, CIPPIC presented its intervention in a hearing before the Federal Court as part of a reference launched by the Office of the Privacy Commissioner of Canada. At issue is the degree to which PIPEDA - Canada's federal privacy law - applies to activities of commercial search engines.

As noted in our written submissions:

1. PIPEDA applies to commercial search engines.

2. In order to determine whether personal information is collected, used or disclosed in the course of commercial activities under s. 4(1)(a) of PIPEDA, the Court must evaluate the relationship between that information and the organization’s business model. The commercial value of most Internet companies and social media platforms is derived by providing a free service to attract user’s time, attention and personal information, which is then monetized through advertising, tracking and profiling. A restrictive definition of “commercial activity” which includes nothing but discrete, revenue-generating interactions ignores precisely the kinds of business models that drive the digital economy and that PIPEDA was intended to regulate.

3. Whether the collection, use or disclosure of personal information is undertaken for exclusively “journalistic” purposes must be determined with reference to Parliament’s intent and the constitutional rationale for the exclusion set out in s. 4(2)(c) of PIPEDA. This analysis must account for the particular role played by a free, adversarial and independent press in a democratic society—through newsgathering, source protection, the exercise of professional discipline and editorial judgement, and a commitment to communication on matters of public interest. The fact that an organization happens to permit the dissemination or discovery of journalistic content through its platform is not sufficient to immunize its activities from scrutiny under PIPEDA as a whole. The Act and the Charter provide other safeguards in this respect.

4. The remedy sought by the Complainant has obvious implications for section 2(b) Charter rights and a conclusion that PIPEDA applies to commercial search engines may eventually raise other constitutional and policy questions. However, the rules of statutory interpretation do not permit the Court to preempt these debates by distorting the meaning of the Act’s application clause to exclude certain organizations from Canadian privacy regulation altogether. Appropriate and properly tailored constitutional remedies are available in the event that these concerns are well-founded in law and actually materialize.

The reference is currently scheduled to be heard January 26-27. CIPPIC is being represented by M^e Lex Gill from Trudel, Johnstone & Lespérance.

Image Source: Learntek, "big-data-analytics", April 23, 2018, Flickr, CC-0 1.0

The Supreme Court of Canada today its decision in R v Jarvis, a voyeurism case where a high school teacher used a pen cam to surreptitiously record multiple videos focused mainly of the chest and cleavage area of several female students and one female colleague.

The majority of the Ontario Court of Appeal acquitted the defendant, 2017 ONCA 778, finding that while the photos were taken for a sexual purpose, the young women he targeted did not have a reasonable expectation of privacy in the school setting where the photos were taken, an essential element of the voyeurism offense.

CIPPIC has joined Mozilla, Access, Reporters Without Borders, and several other organizations in an open letter calling on Facebook to live up to its transparency promises. The letter calls out Facebook for blocking transparency tools employed by ProPublica, demanding that the platform provide API access to its promised political transparency tools.  As is now widely acknwoledged, Facebook and its various communications platforms have been leveraged by a wide range of political actors-both foreign and domestic-in their efforts to disrupt democratic processes in a number of jurisdictions around the world. Disinformation campaigns have become an instrumental force, evident in the UK's 'Vote Leave' referendum, the 2016 US Presidential elections, and the 2018 Brazilian elections which propelled far-right candidate Jair Bolsonaro to the presidency.

Against this backdrop, Facebook has undertaken various efforts to address these challenges. This has included a third-party academic body empowered to provide select academic researchers with access to elements of its content under controlled conditions. Among these is a novel 'open advertisement' mechanism designed to let individuals see all advertisements sent by a single entity through its platform. This tool is designed in part to address so-called 'dark advertising', where political actors send highly individualized and micro-targeted messages to different people based on their data-intensive profiling. Currently, only intended recipients see any given advertisement, allowing political actors to send conflicting or even discriminatory messaging with relative impunity. The problem is that Facebook has refused to provide API access to its open advertising platform, making it functionally difficult if not impossible to conduct the type of meaningful analysis necessary to meet the challenges posed by its services to democratic processes. Not only has Facebook refused to provide API access, but it has actively blocked existing tools used by ProPublica to supplement the shortcomings of its own transparency mechanisms. Meanwhile, a recent CBC study, which leveraged Twitter's API-enabled political messaging transparency tool, analyzed over 9 million tweets to demonstrate significant foreign influence in Canadian discussions surrounding pipelines and immigration. With upcoming federal elections in 2019, Canada cannot afford to be complacent about this issue.

UPDATE: Facebook has responded by committing to develop and roll out an open API for its political advertising archive. This positive step towards transparency has been met with cautious optimism.

• Read the Open Letter, penned by the Mozilla Foundation and endorsed by 37 organizations around the world, including CIPPIC: https://foundation.mozilla.org/en/campaigns/eu-misinformation/

Image Source: Yomare, "Hand Puppet Snowman", May 22, 2015, Pixabay, Pixabay License

The Electronic Frontier Foundation (EFF) released a timely white paper this week examining the negative implications and chilling effects that various cybercrime provisions throughout the Americas can have on coder's rights and specifically on security researchers. Entitled "Protecting Security Researcher's Rights in the Americas", the analysis explores a range of cybercrime regimes nominally intended in principle to criminalize unauthorized access to or disruption of computer systems. However, these laws have been framed so broadly as to impose a serious chilling effect on vital activity of security researchers. Drawing on the Inter-American human rights framework (of which Canada is a partial adherent), some national jurisprudence, and principles of criminal law, the paper argues for cybercrime regimes that accommodate beneficial security work. There must be latitude for non-malicious security testing, for the dissemination of critical security tools and for the responsible publication of discovered security breaches.

Sadly, current laws are framed so broadly that they have had a serious chilling effect on socially beneficial security work. Those who discover security breaches face severe legal threats and sometimes even criminal consequences for attempting to bring these to host organization's attention. The result is that security breaches are increasingly likely to remain unresolved until they are discovered by someone seeking to exploit, rather than to merely expose. The paper, to which CIPPIC provided substantive contributions, calls for clearer standards to remedy this situation.