Privacy - News

CIPPIC has filed its factum in R v Jarvis, SCC Case No 37833, an appeal involving a high school teacher charged with voyeurism under s. 162(1)(c) of the Criminal Code for using a camera pen to surreptitiously take videos of female students which focused on their chests and cleavage area. The Ontario Court of Appeal concluded that the videos were not taken in "circumstances" in which students had "a reasonable expectation of privacy", a necessary element of the offense. 

CIPPIC disagrees. We argue that the phrase, "circumstances giving rise to a reasonable expectation of privacy" must be interpreted consistently with other areas of law that see privacy as equality-enhancing, normative, contextual, and non-risk based. Our colleague Jane Bailey took the pen and makes a strong case for a robust vision of privacy - one that enhances equality and the ability to assert control over sexual and bodily integrity.

CIPPIC has filed its intervention factum in Her Majesty the Queen in Right of British Columbia v. Philip Morris International, Inc., SCC No. 37524. The case presents the Supreme Court with a conflict of values: do the privacy interests of third parties bar a defendant to an action from accessing large health datasets in order to challenge the results of the plaintiff’s analysis of that data?

CIPPIC argues that this conflict between privacy and transparency will be mediate by the dual protections of anonymization procedures, implemented in accordance with guidelines familiar to the health industry, and flexible judicial safeguards embedded in disclosure orders.

The case raises important issues about the right to challenge the outcomes of analytics performed on large data sets. As we increase our reliance on big data and algorithmic decision-making technologies, privacy and accountability will be increasingly at issue.

• CIPPIC's Factum

In a 4-3 decision, the Supreme Court of Canada ruled in Douez v Facebook Inc, 2017 SCC 33, that Facebook’s efforts in its terms of service to require Canadians to pursue grievances with Facebook in California courts instead of Canadian courts is unenforceable.

The case involved a class action against Facebook alleging violations of BC's Privacy Act. The class action could not proceed, however, as Facebook argued that its terms of service require disputes to be resolved in California courts and under California law. Historically, the Supreme Court of Canada's jurisprudence favoured enforcement of these “forum selection clauses” on the rationale that holding sophisticated commercial parties to their jurisdictional choices advances the underlying principles that private international law seeks to achieve.

However, online platforms now routinely impose non-negotiable choice of forum and law clauses in their terms of service, which consumers must accept on a take it or leave it basis. This places a heavy burden on individuals, who are left with no option but to enforce their rights in foreign courts and under foreign laws. This is especially problematic where the laws in question implicate constitutionally protected rights are invoked, as different jurisdictions must have leeway to apply different standards of freedom of expression and privacy to their denizens. CIPPIC's intervention therefore argued that enforcing forum selection clauses imposed onto online customers on a non-negotiable basis will undermine the principles of order, fairness and comity which private international law seeks to achieve.

CIPPIC appeared today before the House of Commons Standing Committee on Access to Information, Privacy & Ethics (ETHI) in its ongoing review of Canada's aging Privacy Act. The Act regulates the federal government's handling of personal information, comprising a central component of Canada's privacy framework. However, it has not received any substantial updates since its introduction in the early 1980s, despite tectonic shifts in the incentives animating government data-related objectives as well as in the technological capability to achieve these objectives. In addition, the government has introduced numerous laws designed to update and expand its ability to collect, use and share private data since the 1980s, including laws specifically designed to address technological developments. In the face of this one-sided expansion of state capabilities, the Privacy Act has simply not kept pace, and is in serious need of modernization if it is to continue to effectively meet its objectives to protect individual privacy rights, facilitate government accountability and safeguard public trust.

CIPPIC's recommendations sought to address key gaps in the Privacy Act, while adding principled protections that will help the Act stay relevant in the future. This includes the addition of principled limits on how long data can be reasonably kept by the government. There is currently no such explicit obligation in the Privacy Act, despite the fact that retention limitations are a hallmark of data protection regimes. An over-riding reasonableness obligation is also necessary, as it would ensure government data practices remain proportionate and in alignment with Charter values. CIPPIC also called for addressing central shortages in the Act's transparency framework, including the incorporation of statistical reporting obligations attaching to all law enforcement electronic surveillance powers, and a general 'openness' obligation compelling the government to proactively explain its privacy practices. Additional recommendations addressed the need for mandating reasonable technical safeguards, a mandatory data breach notification regime and formalizing privacy impact assessment requirements.

UPDATE: In December 2016, ETHI released the results of its study in a report entitled "Protecting the Privacy of Canadians: Review of the Privacy Act". The Report adopts many of CIPPIC's recommendations.