Privacy - News

  • – 2013-02-27 –

    CIPPIC welcomed the announcement of private member's Bill C-475, which proposed amendments to Canada’s federal privacy legislation, PIPEDA. The proposals will bring long overdue privacy protections for Canadians, including a comprehensive data breach notification regime and, critically, much needed enforcement powers for Canada’s privacy laws. A long-enduring and central gap in Canada’s privacy protections is the ongoing inability of the Privacy Commissioner to force non-compliant organizations to meet their privacy obligations. Even as our Courts, our provincial legislatures, and most of our international counterparts have recognized the increasing need to protect privacy in a digital era, our federal privacy regime remains toothless and our federal Privacy Commissioner lacks the basic power to enforce her own compliance orders. 

    In addition, the lack of a comprehensive data breach notification regime puts Canadians personal information at great risk. Experience from jurisdictions around the world has demonstrated that a legal obligation to notify individuals when their data has been put at risk is an essential component of any privacy protection regime. Not only does this notification requirement provide an opportunity for individuals to take protective measures against privacy harms ranging from identity theft to great embarrassment, but it also provides a poignant incentive for organizations to put in place the practical and technical mechanisms necessary to avoid such breaches in the first place.

  • – 2013-01-28 –

    Data Privacy Day and its European counterpart, Data Protection Day, commemorates the signing of the world's first international treaty on data protection -- the Council of Europe's Convention 108. Data protection is rapidly becoming an international norm, as recent developments have brought the number of countries with data protection legislation to 89, globally. Additionally, 2012 saw an unprecedented commitment by lawmakers in one of the largest data markets -- the United States, a long-time adherence of a sectoral approach to privacy protection -- committing to the enactment of data protection laws. Our courts have similarly advanced the cause of privacy with landmark decisions that recognized the right to anonymity in judicial proceedings, a constitutional right to individual notification when police intercept communications in an emergency, and the right to privacy in our work computers. In addition, our Federal Privacy Commissioner released a sweeping (but yet to be enforced) Finding on the privacy practices of a youth-based social networking site, Nexopia. Finally, advances in transparency have helped us better understand how our information is being accessed by the government, as more organizations began publishing statistics on government access, and Google, who pioneered the transparency reporting model, has increased the scope of their own reports so that the public can better assess the nature of government requests.

    At the same time, the challenges have never been greater with online surveillance legislation, long over-due updates to our federal privacy statutes (PIPEDA and the Privacy Act) still nowhere in sight, and legislative initiatives that will allow our online service providers to hand over our data to litigants and copyright trolls alike -- all on the horizon. More after the jump.

  • – 2012-12-17 –

    Last week, Voltage Pictures filed a motion to identify approximatel 2,000 IP addresses allegedly belonging to individuals who have infringed its copyrights by means of peer-to-peer file sharing mechanisms. CIPPIC is seeking to intervene in this matter to ensure that procedural safeguards and the privacy rights of the anonymous Does are respected.

    On December 14, 2012, CIPPIC filed a letter with the Federal Court seeking to delay the hearing of Voltage's motion to compel Internet Service Provider Teksavvy Solutions to disclose the identities of its subscribers alleged to have downloaded movies the copyright to which Voltage owns. Although supporting evidence for the motion was only filed on Tuesday, December 11, it was scheduled to be heard today (only 6 days later). While CIPPIC is not yet a party to this proceeding, its letter was intended to ensure the Court was aware of the nuemrous legal and policy issues raised by Voltage's request. The letter asked the Court to provide more time for defendants to respond to the motion, as well as to provide time for CIPPICs own intended intervention. Today, in court, Teksavvy similarly asked the Court to extend timelines for this process, which it did. The next hearing date will be January 14, 2013.

  • – 2012-09-26 –

    The Supreme Court of Canada recently issued A.B. v. Bragg Communications Inc., 2012 SCC 46, in which it reasserted the need to protect privacy, as well as the sensitivities of cyberbullying victims within the discovery process. Historically, the ever-important principle that justice must be public prevented victims of certain wrongs from protecting their identity when pursuing lawsuits. In its intervention, CIPPIC argued that in an age of heightened privacy concerns, the impact of forcing litigants to air their dirty laundry in a public, permanent online record will in many cases exceed what is typically a narrow public interest in knowing the identity of a litigant. Further, in scenarios involving cyberbullying, preventing litigants from proceeding pseudonymously will in many cases prevent access to the law, as a desire to avoid re-victimization may push the objects of cyberbullying to forgo enforcement of their rights altogether.

    While reaffirming the vital importance of the open court principle, the Court, in a unanimous judgement penned by Madam Justice Abella, held that the relationship between this principle and the right to privacy, as well as the realities of cyberbullying, requires elaboration. The Court particularly emphasized the importance of respecting the privacy of youths, the need to avoid discouraging litigation by exposing victims of cyberbullying to revictimization as a result of litigation. Allowing broader scope for anonymous litigants would advance privacy rights and allow victims of cyberbullying to access the justice system. Furthering these values outweigh the minimal harm that may result to the open justice principle if the identity of litigants is protected from the public eye.

  • – 2012-06-26 –

    The Canadian Identity Theft Support Centre (CITSC) is scheduled for its official launch on June 28, 2012. The CITSC will be Canada's first comprehensive support centre for victims of identity theft. It will provide much needed support services for victims of identity theft who undertake the often long and difficult road to recovering their identities. This identy recovery process is typically lengthy and time-consuming. Modelled on the successful U.S. based Identity Theft Resource Center, the CITSC will operate as a source of guidance for Canadians in their attempts to navigate this process.

    The CITSC will also act as a source of educational materials aimed at educting Canadians on how to protect their identities and on steps that can be taken by Canadians to help spot early signs their identity may have been stolen. In addition, the CITSC will act as a source of research and knowledge dissemination regarding the parameters and nature of identity theft harms in Canada. 

    CIPPIC is highly supportive of the CITSC's initiatives, and will be participating in the public launch of the Centre. Join us in person at the Ottawa launch, which will be held from 1:30 pm - 4:30 pm EST in the Newfoundland Room of the Westin (11 Colonel By Drive) in Ottawa. The Centre will be simultaneously launched in Vancouver, B.C., at Library Square.

  • – 2012-05-18 –

    CIPPIC has joined an international coalition of civil society organizations including CDT, EFF, IGP and EDRi in a letter of protest (Spanish) sent to the International Telecommunications Union (ITU). The letter protests the secrecy and exclusivity surrounding its preparations for the World Conference on International Communications (WCIT). Slated for negotiation during WCIT-12 is a potential re-envisioning of the International Telecommunications Regulations (ITR), an international treaty that currently governs traditional telephone communications amongst the numerous countries who have signed on to it. While the current ITRs are limited in scope primarily to telephone systems, the renegotiated text (which will be up for discussion and adoption at WCIT-12) is rumoured to weigh in heavily on several aspects of Internet governance.

    We say 'rumoured' because all the preparatory documents for WCIT-12 are sealed and civil society has been excluded from the discussions. The current ITU framework does not allow for open participation. Further, the ITU's business model (premised on the dubious concept of selling access to documents and decision-makers to corporate associates at prohibitive rates) is a significant barrier to civil society participation. While perhaps workable for regulation of telephone lines, this approach is antithetical to the distributed, multi-stakeholder governance model that has made the Internet the engine for innovation and freedom that it is today. The letter calls on the ITU to open the WCIT-12 preparatory documents up to public debate and to ensure all stakeholders, including civil society, the technical community, governments, and corporate interests are able to participate on equal footing. 

  • – 2012-05-09 –

    CIPPIC recently intervened in A.B. v. Bragg Communications Inc., a case that puts at issue the amount of anonymity litigants can claim in judicial processes. A.B. was a 15 year old victim of an online cyberbullying campaign that included the creation of an allegedly fake Facebook profile of her that attributed to her licentious sexual preferences and attitudes. A.B. sued, but wished to proceed anonymously, claiming that proceeding  under her real name would defeat the very reason for the lawsuit by subjecting her to further ridicule from her peers. It would further impact on her privacy rights, implicating her right to be left alone and her dignity and self-worth.

    CIPPIC argued that, while care must be taken not to impact too heavily on freedom of expression and on the open court principle (which holds that justice must be seen to be done), conflicts between fundamental rights such as privacy and freedom of expression must be carefully weighed in context. In particular, the Court's historic aversion to permitting anonymous litigants except in isolated scenarios needs to be re-examined. In light of the growing permanence, accessibility and searchability of court judgments, the privacy concerns in such scenarios are heightened and must be carefully weighed against countervailing freedom of expression concerns, in context. Proceeding anonymoulsy, particularly in a civil lawsuit, will often impact only slightly on freedom of expression and the open court principle, as there will be little public interest in the identity of the specific individual.

  • – 2012-04-18 –

    CIPPIC, alongside a broad coalition of U.S. and Canadian civil society groups, is participating in a week long protest against online spying in the name of cybersecurity. 'Stop Cyber Spying Week' is a response to the impending legislative enactment of a U.S. cybersecurity strategy that is excessively overbroad and will have serious implications for online privacy and expression.

    The development of an invasive U.S. cybersecurity strategy will have direct implications for Canadian civil liberties. We have, for one thing, committed to a 'Beyond the Borders' Initiative that seeks to harmonize Canada-United States approaches to a number of security issues, including cybersecurity. This means that a U.S. cybersecurity strategy adopted today may well become a Canadian cybersecurity strategy tomorrow. A comprehensive report published by the Rideau Institute in late 2011 suggests that the 'Shared Vision' espoused by the Canada-United States Initiative is very likely to involve a compromise on Canadian privacy. A Resolution issued last week by all of Canada's Federal/Provincial Privacy Commissioners expressed similar concern that programs adopted under the Initiative will lead to an unnecessary and unjustifiable loss of privacy for Canadians. All this does not bode well for Canadian privacy (or sovereignty) in general, but at the same time it makes the current U.S. cybersecurity debate particularly relevant to Canadians!

  • – 2011-06-04 –

    Electronic Freedom Frontiers (EFF) has issued a challenge aimed at spreading and strengthening the Tor Project -- a network of servers and routing points that aims to allow anonymous and encrypted online communications and expression. EFF is calling on individuals and organizations to operate relay points that will strengthen the Tor network and help make anonymous and private online browsing a reality.

    EFF provides a great video detailing how to set up your Tor relay as well as some helpful legal advice for the operation of such a relay.

  • – 2011-05-10 –

    The Office of the Privacy Commissioner of Canada has released a report exploring many of the challenges posed by emerging technologies and business practices to protection of privacy in an interconnected world. The report is a result of a number of groundbreaking consultations held in cities across Canada which explored issues such as online and geolocational tracking,behavioural targeting,  cloud computing, and emerging risks for online privacy of children.

    Alongside its other conclusions, the Privacy Commissioner of Canada noted that people deserve to have access to the many benefits of an interconnected world, but that "this should not come at the expense of privacy rights".