The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, October 19, 2004
Mathew Englander (http://www.mathew-englander.ca/) recently wrote to me about the latest developments in the CRIA lawsuit appeal. With his permission, I'm including his letter and I suggest taking a look at the appeal materials he refers to:
David,
A while ago you blogged about the decision by Justice von Finckenstein of the Federal Court (2004 FC 488) not to compel several ISPs to release information related to the identities of their subscribers alleged to have infringed copyright by file-sharing (pipeda.blogspot.com/2004/04/privacy-aspects-of-matter-of-bmg.html).
You may wish to run an update as the decision is under appeal to the Federal Court of Appeal. I have been reading the factums at CIPPIC's web site (http://www.cippic.ca/en/projects-cases/file-sharing-lawsuits/document-archives.html). The central issue on appeal is whether a plaintiff in a John Doe lawsuit needs to establish a "prima facie case" or just a "bona fide case" before an innocent third party is compelled to release information about the identity of the defendant.
This may seem like a dry legal distinction, but it has serious implications for privacy. The "prima facie" standard (which Justice von Finckenstein adopted as the first criterion of five; see paras. 13-14 of his decision) is stricter. As I understand it, it means that the plaintiff must provide some acceptable evidence on each element of the cause of action. The "bona fide" standard appears to mean that the plaintiff need only show that it honestly believes the defendants are liable. Having a stricter standard is more respectful of an individual's privacy since it requires more evidence before the court may order the individual's personal information released.
The Canadian Recording Industry Association was coordinating the legal action for the plaintiffs. It is interesting to look at its news releases on the matter (http://www.cria.ca/news.htm). For example, on March 12, after the first day of the hearing before Justice von Finckenstein, it issued a news release saying it was "confident" its motion would be granted.
The plaintiffs' motion was dismissed because of deficient evidence. CRIA had hired a company called MediaSentry to investigate music piracy. MediaSentry downloaded files from 29 users of peer-to-peer software, and came up with an IP address for each user at the time of download. The IP address could be linked with an ISP through whois queries, so the plaintiffs wanted the ISPs to disclose the real name, address for service, and other information about the holder of the account to which the particular IP address was assigned at the particular time.
However, there was no evidence at all as to how MediaSentry came up with the IP address of each peer-to-peer user. In addition, the affidavits tendered by the plaintiffs were full of hearsay with no explanation for why they did not provide affidavits from those with direct knowledge. It seems to me that this was a big screwup by the lawyers who prepared the motion material.
There were five ISPs named as non-party respondents to the motion: Shaw, Rogers, Bell Canada, Telus, and Videotron. All five are respondents on the appeal and each filed its own memorandum of fact and law. It is particularly interesting to read the ISPs' arguments. Only one, Videotron, is basically supportive of the plaintiffs. Bell Canada's position is ostensibly neutral, but its arguments are strongly opposed to the plaintiffs' appeal. The other three expressly argue that the appeal should be dismissed.
In my view, the decision of Justice von Finckenstein is solid and it is surprising that CRIA is even appealing it. Since these are just intended as test cases in any event, it might be better off going back to square one, having MediaSentry or some other company entrap some more alleged copyright-infringers and this time developing a stronger evidentiary base to bring to court.
Mathew Englander
Labels: information breaches, ip address, privacy
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.