Category: Privacy

Internet justice: Mosley v GoogleInternet justice: Mosley v Google



In the landmark ruling in Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (case no. C-131/12, May 13, 2014), the Court of Justice of the European Union (CJEU) recognized that search engines are controllers of the personal information they process and have the obligation, in appropriate cases, to de-list links to personal information in their search results. A recent decision in  Mosley v Google Inc & Anor [2015] EWHC 59 (QB) (15 January 2015) has recognized that a right to get a blocking order against a search engine might also exist in the United Kingdom under the UK Data Protection Act 1998.

Cell phone searches legal say SCOC: R v FearonCell phone searches legal say SCOC: R v Fearon



A divided Supreme Court ruled that individuals cannot be secure that their most personal information will be protected from warrantless searches when arrested. In a 4 to 3 ruling, in R v Fearon, the Court held that if a person is lawfully arrested, a search is conducted that is incidental to the arrest, the search is tailored to its purpose, and the police take detailed notes, police may search the person’s cell phone.

The three dissenting judges wrote a powerful defence of privacy rights that recognized the invasions of privacy that could result from warrantless searches of cell phones,.

The “Right to be Forgotten” Guideline from the Article 29 Working PartyThe “Right to be Forgotten” Guideline from the Article 29 Working Party



In the landmark ruling in Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (case no. C-131/12, May 13, 2014), the Court of Justice of the European Union (CJEU) recognized that search engines are controllers of the personal information they process. As such, they have the obligation, in appropriate cases, to de-list links to personal information in their search results.

The Gonzales decision left open questions about the scope of the duty and the criteria to be used in determining what links must be delisted, something which Google, data protection authorities, and others had disagreed about.

Digital Privacy Act: Important work still to be done by the INDU CommitteeDigital Privacy Act: Important work still to be done by the INDU Committee



The Digital Privacy Act (Bill S-4) will make significant changes to Canadian privacy law when it is enacted. The amendments to PIPEDA have been in the making since 2007 following the statutory review of PIPEDA by the Standing Committee on Access to Information, Privacy and Ethics. The Bill has passed the Senate and was referred to the Standing Committee on Industry, Science and Technology. The INDU Committee will begin considering the Bill on November 25, 2014.

The Government of Canada Backgrounder says that “Canada’s Digital Privacy Act provides important improvements to Canada’s private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA)” and that it “will ensure that Canadians are safer and more secure when they surf the web or shop online”.

Internet users’ privacy and anonymity protected by Supreme Court: R v SpencerInternet users’ privacy and anonymity protected by Supreme Court: R v Spencer



Earlier today, the Supreme Court released a landmark decision dealing with privacy on the Internet. The main issue in R v Spencer 2014 SCC 43 was whether a user of the Internet has a reasonable expectation of privacy in his or her basic subscriber information held by the user’s ISP that prevents the police from obtaining this information from the ISP without a warrant or court order. Prior to the decision some courts had ruled that ISPs could turn over subscriber contact details associated with the person’s IP address to police without  a warrant or court order.

Canada to amend PIPEDA with the Digital Privacy ActCanada to amend PIPEDA with the Digital Privacy Act



Bill S-4, the Digital Privacy Act (An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act,) was given First Reading in the Senate today.  The summary of the Bill describes the proposed amendments as follows:

This enactment amends the Personal Information Protection and Electronic Documents Act to, among other things,
(a) specify the elements of valid consent for the collection, use or disclosure of personal information;
(b) permit the disclosure of personal information without the knowledge or consent of an individual for the purposes of
(i) identifying an injured, ill or deceased individual and communicating with their next of kin,
(ii) preventing, detecting or suppressing fraud, or
(iii) protecting victims of financial abuse;
(c) permit organizations, for certain purposes, to collect, use and disclose, without the knowledge or consent of an individual, personal information
(i) contained in witness statements related to insurance claims, or
(ii) produced by the individual in the course of their employment, business or profession;
(d) permit organizations, for certain purposes, to use and disclose, without the knowledge or consent of an individual, personal information related to prospective or completed business transactions;
(e) permit federal works, undertakings and businesses to collect, use and disclose personal information, without the knowledge or consent of an individual, to establish, manage or terminate their employment relationships with the individual;
(f) require organizations to notify certain individuals and organizations of certain breaches of security safeguards that create a real risk of significant harm and to report them to the Privacy Commissioner;
(g) require organizations to keep and maintain a record of every breach of security safeguards involving personal information under their control;
(h) create offences in relation to the contravention of certain obligations respecting breaches of security safeguards;
(i) extend the period within which a complainant may apply to the Federal Court for a hearing on matters related to their complaint;
(j) provide that the Privacy Commissioner may, in certain circumstances, enter into a compliance agreement with an organization to ensure compliance with Part 1 of the Act; and
(k) modify the information that the Privacy Commissioner may make public if he or she considers that it is in the public interest to do so

A Government press release describing the Bill can be found here.

Alberta PIPA violates Charter says Supreme Court in IPC v United Food and Commercial WorkersAlberta PIPA violates Charter says Supreme Court in IPC v United Food and Commercial Workers



The Supreme Court released a landmark decision today in the  Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC 62 case. In short, the Court found that while Alberta’s privacy legislation PIPA plays a vital role in protecting privacy, it violated the Charter right to freedom of expression by precluding the use of personal information in the labour context. The ruling is an appeal from a decision the Alberta Court of Appeal, which is summarized here.

Privacy Commissioners speak about Getting Accountability Right at CLHIA ConferencePrivacy Commissioners speak about Getting Accountability Right at CLHIA Conference



Last week I had the pleasure of listening to a great talk titled “Privacy: Getting Accountability Right” at the 2013 Compliance and Consumer Complaints Annual Conference organized by the Canadian Life and Health Insurance Asscoiation Inc. Taking place in sunny Vancouver (see below), the speakers were Barbara Bucknell of the Office of the Privacy Commissioner of Canada, Jill Clayton, Information and Privacy Commissioner, Alberta, and Elizabeth Denham, Information and Privacy Commissioner, British Columba.

 

 

Here is a summary of their remarks.

Wiretap intercept rules apply to mobile text messages says Supreme Court: R v TELUSWiretap intercept rules apply to mobile text messages says Supreme Court: R v TELUS



The Supreme Court decided yesterday that police are required to comply with Part VI of the Criminal Code if they want to secure the prospective and continuous production of text messages from a mobile carrier like TELUS. In R. v. TELUS Communications Co., 2013 SCC 16, the Court ruled that police cannot merely obtain a general warrant. Rather to obtain copies of text messages in these circumstances, they must obtain an intercept order and comply with the conditions needed to intercept voice communications.

IPC v UFCW Charter/privacy case going to Supreme Court (updated)IPC v UFCW Charter/privacy case going to Supreme Court (updated)



If privacy legislation significantly impairs Charter rights do privacy rights or Charter rights prevail? Specifically, does an individual’s right to privacy for publically crossing a picket line under Alberta’s comprehensive privacy legislation Personal Information Protection Act (PIPA) have to yield to a union’s right of free expression to film and disseminate that act under the Canadian Charter of Rights and Freedoms? This question was answered in the affirmative by the Alberta Court of Appeal in United Food and Commercial Workers, Local 401 v Alberta (Attorney General), 2012 ABCA 130.