The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Sunday, November 07, 2004

CIPPIC complaint raises a number of novel and interesting issues 

The Canadian Internet Policy and Public Interest Clinc (CIPPIC) has complained to the Privacy Commissioner of Canada against an American company that harvests databases and public records to produce reports that include, in some cases, supposed psychosexual profiles. Accusearch (d/b/a/ Abika.com), which a takes a dim view of "privacy fanatics", is said to aggressively mine databases to produce their background checks, physchological profiles and the like.

CIPPIC, in its complaint filed in June, is alleging that Abika is collecting, using and disclosing the personal information of Canadians without consent, in violation of PIPEDA. The complaint also alleges that Abika violates the accuracy principle of PIPEDA by producing inaccurate reports.

This complaint is likely important in that the Commissioner will be forced to consider whether the activities of a US company, operating in the US, may violate PIPEDA. Of course, the next question is whether the Commissioner or the complainant can do anything about it.

For more info, see the Canadian Press report: Yahoo! News - U.S. firm's sale of personal data about Canadians sparks complaint.

The following is from the CIPPIC website, including a link to their complaint.

Abika.com (June 9, 2004)

After researching this online private investigation service, CIPPIC filed a complaint with the federal Privacy Commissioner alleging that the company's entire service is based on fundamental and widespread violations of privacy legislation. Abika.com collects often highly sensitive personal information from various sources, and sells it to anyone willing to pay the associated fee.

Update: See also London Free Press: Firm under fire for privacy breach: A U.S. company sells personal information on Canadians' habits.

Update: On the first version of this posting, I mistakenly attributed the complaint to the Public Interest Advocacy Centre.

Labels: ,

11/07/2004 06:22:00 PM  :: (3 comments)  ::  Backlinks
Comments:
The complaint filed has false allegations and is due to a personal vandetta of Ms. Philippa Lawson. Nearly all her allegations are false. Abika.com is a Person to Person search engine and and just like any other search engine finds whatever data is found on any individual in cyberspace. Abika.com has developed new technology that gets very targeted results. Abika.com does not maintain any databases on anyone. Ms. Lawson has selectively chosen to sensetionalize the issue. If she is honest she should release her full profile with supporting facts and not selectively mention items that are sensational. An honest person without any ulterior motive would present an unbiased review of the profile that she ordered.

Abika.com works within the framework of the law and on the issue of Privacy please consider the following facts.

Unrestricted flow of information is the life of democracies. Our founding fathers emphasized on the freedom of speech so that there is enough discussion and information available to people when making a choice to elect who will govern and that those who are elected stay honest and transparent and it has worked. If it works on the macro level it sure can work on the micro level. The only way there can be a big brother institution is if information is only available to a select few. If information if widely available to everyone then there cannot be any big brother institution. The more information available about people the lower the risk in dealing with other people. In most instances little information is more harmful than full information. If information is widely available then facts can generally be verified through many different sources and there are less chances of inaccuracies. Lack of information on people is what breeds fear and ignorance. The more people know about other people the better their relations with other people. The more people know about other people the better decisions they can make. Honest people have nothing to fear from the free flow of information as they have no need to hide anything. The most productive societies are free societies where there are the least restrictions on people's information.

COURT RULES POLICE ACCIDENT REPORT NOT SUBJECT TO PRIVACY PROTECTION ACT
A newspaper is not liable under the federal Driver's Privacy Protection Act for publishing an accident report prepared by state police, a federal court has ruled. (Mattivi v. Russell, Aug. 2, 2002.) This is one of several recent decisions in which courts have rejected attempts to expand the reach of the privacy protection act.

Central City, Colo., Mayor Donald Mattivi was involved in a single-car accident. He was cited by a state patrol officer for driving under the influence of alcohol and reckless driving. When the Weekly Register-Call requested relevant documents from the state police, an officer faxed a copy of the accident report, which the newspaper published verbatim. Included were the mayor's driver's license number and other identifying information. The mayor sued the newspaper, arguing that publication of his personal information from the accident report violated the privacy act. That recently enacted federal law imposes both civil and criminal liability on a person who "knowingly obtains, discloses or uses personal information, from a motor vehicle record" for unauthorized purposes. News reporting is not an authorized purpose under the law. According to the mayor, publication of the information about him would facilitate identity theft by criminals.

The central question in the case was whether an accident report prepared by the state police is a "motor vehicle record." While the mayor argued that the privacy protection act should be interpreted broadly to apply to any records regarding the operation of a motor vehicle, the court disagreed. The privacy protection act only covers records issued by a department of motor vehicles or similar regulatory agency, the court concluded, and then only to permits, titles, registrations and identification cards issued by that agency.

Thus, the newspaper's publication of the mayor's driver's license number and other personally identifiable information found in the accident report did not violate the act, the court ruled.

As the court noted, in the FOIA context, several other courts recently have declined to apply the privacy protection act to records maintained by government agencies other than motor vehicle departments, even where the records concern ownership of an automobile, such as sales tax records held by a tax agency.

Because records related to the operation of motor vehicles are often vital sources of information for news stories of great public concern, these decisions construing the privacy protection act narrowly appear to be good news for both reporters and the public.

10th Circuit Court of Appeals ruling effectively canceled a vague FCC regulation that had forced phone companies to obtain customer permission before using or selling call records

US West won the appeal by successfully challenging the FCC's definition of what constitutes customer permission.

"This decision suggests that privacy is a dubious government interest," said Deirdre Mulligan, an attorney with the Center for Democracy in Technology.

US West filed the appeal last year in an effort to loosen up the rules that protect customer call records from telemarketers. If last week's decision stands, so-called consumer proprietary network information -- who or where a consumer calls, how often, and at what times -- could be used by the phone companies or sold to marketing companies.

The court said the FCC failed to prove that privacy would be threatened if consumers needed to explicitly request that their information not be distributed. Because of that, the information was protected as commercial speech under the First Amendment.

A US West executive applauded the ruling as "consumer friendly" in a statement on Tuesday."It helps consumers by allowing them to more easily determine what new services are available and, more important, by affirming all Americans' First Amendment rights," said Mark Roellig, US West's vice president of public policy.

"Although we may feel uncomfortable knowing that our personal information is circulating in the world, we live in an open society where information may usually pass freely," wrote 10th Circuit Court Judge Deanell Tacha. "A general level of discomfort from knowing that people can readily access information about us does not necessarily rise to the level of a substantial state interest ... for it is not based on an identified harm," Tacha wrote.

The Center for Democracy and Technology bristled at those words."Nothing in the decision suggests that it would be limited to the telephone system, and the decision could make protecting privacy on the Internet more difficult," the group said in a statement.

But the Cato Institute, a free-market research group in Washington, said that the court made the right call."I am always very skeptical when privacy becomes elevated as a reason to not let businesses use facts like what someone's phone number is in order to get services out to the people who need them," said Solveig Singleton, co-editor of Regulator's Revenge, a book on telecommunications deregulation.
 
Court Rulings of interest:

Excerpt of a ruling by 10th Circuit Court Judge Deanell Tacha:
"Although we may feel uncomfortable knowing that our personal information is circulating in the world, we live in an open society where information may usually pass freely," wrote 10th Circuit Court Judge Deanell Tacha. "A general level of discomfort from knowing that people can readily access information about us does not necessarily rise to the level of a substantial state interest ... for it is not based on an identified harm," Tacha wrote.

Excerpt of a ruling by Samuel Podberesky, assistant general counsel for aviation enforcement,
Privacy is not, an absolute 'personal and fundamental right ... particularly in the context of air travel," Podberesky wrote in the ruling.

Excerpt of a ruling by U.S. Court of Appeals for the 1st Circuit
A company that provides e-mail service has the right to copy and read any message bound for its customers, a federal appeals court panel has ruled The court ruled that because e-mail is stored, even momentarily, in computers before it is routed to recipients, it is not subject to laws that apply to eavesdropping of telephone calls, which are continuously in transit. As a result, the majority said, companies or employers that own the computers are free to intercept messages before they are received by customers. In upholding a lower court decision, the appeals panel majority said Congress intended for "any temporary, intermediate storage" of communication to be governed by laws other than those involving wiretapping or other interception.
 
Human beings should be free to learn about each other, as they always have been. Consumers do not need a law to protect them from people trying to develop and offer goods and services. "Bad guy" behavior like fraud and identity theft is already illegal. A top-down regulatory approach to privacy threatens electronic commerce. An established shopkeeper on main street can see and speak to his customers. He can get an idea by just looking if they are regulars or newcomers, locals or tourists; he can chat with them and learn why they decided to buy or not to by a tempting item. By contrast, an electronic commerce merchant working from the web is blind and deaf. He is a stranger dealing with strangers over vast distances. Are his customers one-time visitors or are they more loyal? Are they young or old, male or female? If they fill out an order form and abandon it, why? Under these circumstances, its natural for a web site to try to learn more about its visitors. Regulations that would make it harder for businesses to collect information about markets threaten small business, in particular. Big companies already know who their customers are and can afford expensive lawyers to comply with complicated new rules. Small businesses would be hit harder.
You are starting a new business selling pets and pet supplies. Your competitors are big, well-established chains. You have no customers, and no way to find them. You can't afford television advertising. Your mass mailings have only a 2 percent response rate--the costs are far exceeding the benefits. You want to rent a mailing list from an established company in order to reach only customers who are interested in pets in your area. Then you discover that the only mailing list available is tiny, outdated, and very expensive. Fearing liability, many companies have stopped trading information about pet supply purchases. You decide that you just cannot afford to be in the pet business. Over the next decades, entrepreneurs will experiment and discover many amazing new things to do with information. Consumers will be able to get up-to-date information tailored to their tastes and preferences. The wasteful practice of sending out thousands of flyers to discover only a bare handful of interested customers will end. Prices will fall. New companies can benefit from what older companies have learned about what consumers really buy to start new businesses and offer new products. This means more choice and lower prices for consumers.
Sometimes companies and their employees will make mistakes. But that doesn't mean we need top-down regulation. In the age of the Internet, consumers can easily find what company offers the lowest prices and best service. Businesses with the best reputation for giving customers what they want--privacy, low prices, or anything else--will do best. In competitive markets, companies have every reason to respond to a real customer demand for confidentiality. Markets means that problems will be fixed from the bottom-up, in an endless and flexible process of learning and experimentation.

This bottom-up process is the only way to address concerns about privacy without strangling the development of the economy with red tape. It's one thing for a company to try to respond to their customer's demands voluntarily. It's another thing entirely for an army of lawyers to force entire industry to implement a one-size-fits all privacy policy.
 
Post a Comment

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs