database Archives - IPOsgoode /osgoode/iposgoode/tag/database/ An Authoritive Leader in IP Mon, 19 Sep 2022 16:00:35 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Digitized Collections at the Vatican Library: A Brief Legal Research Guide /osgoode/iposgoode/2022/09/19/digitized-collections-at-the-vatican-library-a-brief-legal-research-guide/ Mon, 19 Sep 2022 16:00:35 +0000 https://www.iposgoode.ca/?p=40011 The post Digitized Collections at the Vatican Library: A Brief Legal Research Guide appeared first on IPOsgoode.

]]>

Aaron Dishy is an IPilogue Writer and a 3L JD Candidate at Osgoode Hall Law School.


Pope Francis’ “” followed the spiritual leader during a week-long trip across Canada. He apologized on behalf of the Roman Catholic Church (the “Church”) for abuse that Indigenous children and communities endured (and ) at church-run residential schools. The tour, and the it garnered, confronted Indigenous and Settler Canadians with the ongoing relevance of that Church in informing the lived experiences of Indigenous Peoples in Canada.

Legal professionals acting on behalf of residential school survivors and their communities may require awareness of the primary sources that drive Church action. Those documents are collected, digitized, and (on some occasions) made accessible by the (“VAL”) and its affiliated . Their digital collections encompass millions of manuscripts, printed materials, incunabula, visual materials, and photographs. Although only a small fraction of those records are publicly available - with many records considered - the capacity to navigate those resources may be valuable for legal context and understanding for afflicted individuals and communities.

In-house digitization began at VAL with the launch of the in 2010. This project looks to digitize VAL’s entire manuscript collection, as well as 80,000 Church codices within 40 million scanned records. Those records are archived for long-term preservation using the and for metadata preservation. VAL’s digitized manuscripts are then organized by fond - archival-speak for a subcollection. Some fonds, such as the “”, are brought from collections by smaller libraries and archives within the overall Papal organization. Others, such as “” are donated by persons external to VAL.

Apart from the digital records made available on , databases outside of the Church also play an important role in navigating VAL’s records. For example, thousands of Latin manuscripts are digitized and made accessible online only through of the Heidelberg University. Similarly, the based in Frankfurt, Germany, provides comprehensive information about Vatican records that concern Roman and Feudal law. Further, founded by the late Jean-Baptiste Piggin and scholar Aaron Marks, tracks the manuscripts that are added to VAL’s digital collections each week.

Each archival effort helps to develop an increasingly comprehensive account of the documentary heritage of the Church and its detrimental impact on diverse spiritual communities. Legal professionals would be wise to harness these resources when helping individuals and communities understand their own history with the Church.

The post Digitized Collections at the Vatican Library: A Brief Legal Research Guide appeared first on IPOsgoode.

]]>
A 24/7 Police Line-up: Clearview AI, the RCMP, and Privacy Laws /osgoode/iposgoode/2021/07/16/a-24-7-police-line-up-clearview-ai-the-rcmp-and-privacy-laws/ Fri, 16 Jul 2021 16:00:00 +0000 https://www.iposgoode.ca/?p=37851 The post A 24/7 Police Line-up: Clearview AI, the RCMP, and Privacy Laws appeared first on IPOsgoode.

]]>
Security cameras

Photo Credit: ()

Natalie BravoNatalie Bravo is anIPilogueWriter and a 2L JD Candidate atOsgoodeHall Law School.

(FRT) is an increasingly popular and controversial tool used by public authorities and commercial institutions. FRT increases surveillance methods for investigative or security work. FRT easily collects vast quantities of biometric information with minimal cost or effort. Sensitive identity-based data is particularly valuable.

These databases and data collection methods are not without risk. Reports of and Canadian privacy law violations weaken the argument for implementing FRT. On June 10, 2021, issued a on FRT and -related surveillance as it pertains to the Canadian public. The special report specifically investigates the RCMP’s use of Clearview AI (with FRT), pursuant to section .

What is Clearview?

(“Clearview”) is an American-based entity that has amassed a wide catalogue of facial images with associated location information. Users with Clearview accounts can access the images for matching purposes. In October 2019, the RCMP confirmed that it . The OPC subsequently received a complaint under the . Clearview also has their

Canadian Legislation

The OPC investigation and report engages the Privacy Act, specifically : “No personal information shall be collected by a government institution unless it relates directly to an operating program or activity of the institution.”

Further, applies to “private-sector organizations across Canada that collect, use or disclose personal information in the course of a .” Commercial activity is defined by law as “any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.”

, , and have their own privacy laws that may apply instead of PIPEDA. Most organizations within these provinces rely on provincial privacy laws, except for “,” or “ (FWUBs) such as banks, telecommunications and transportation companies,” .

2020 Investigation into Clearview

On February 21, 2020, the OPC, along with privacy authorities in , , and (“the Offices”), began investigating Clearview, their FRT database, and database disclosures pursuant to . Clearview’s collection practice was found to contravene privacy laws in all investigating jurisdictions. This investigation provided much of the backdrop for the subsequent RCMP investigation. As outlined in the , the Offices set out to identify whether Clearview:

  1. obtained requisite consent to collect, use and disclose personal information; and
  2. collected, used and disclosed personal information for an appropriate purpose.”

The Commission d'accès à l'information (CAI) also sought to determine if Clearview had:

  • “reported the creation of a database of biometric characteristics or measurements.”

The OPC’s February 2021 report of Clearview’s facial recognition tool identified .

“C𲹰:

  1. “scrapes” images of faces and associated data from publicly accessible online sources (including social media), and stores that information in its database;
  2. creates biometric identifiers in the form of numerical representations for each image;
  • allows users to upload an image, which is then assessed against those biometric identifiers and matched to images in its database; and
  1. provides a list of results, containing all matching images and metadata. If a user clicks on any of these results, they are directed to the original source page of the image.”

The OPC found that Clearview’s database contains over , including pictures of Canadian faces (including children) collected without their knowledge or consent. Clearview allows law authorities and commercial entities to match people to online images within their database. The OPC found that the large image database “The OPC stated that police authorities can “essentially” subject billions of people to a non-consensual .

The OPC concluded that Clearview’s operations harm Canadians as they may detriment individuals whose photos are used without their explicit and informed consent. The method in which images were scraped from web pages was also found to be “”, among other Clearview activities.

The OPC provided three recommendations for Clearview to better comply with federal and provincial privacy laws: cease offering its facial recognition tool to clients in Canada; (ii) cease the collection, use and disclosure of images and biometric facial arrays collected from individuals in Canada; and (iii) delete images and biometric facial arrays collected from individuals in Canada in its possession.”

, noting that they had withdrawn from Canada during the investigation, and did not commit to the recommendations. Clearview also suggested that the OPC should suspend the investigation and not publish the report.

RCMP Investigation in the Special Report:

As Clearview was clearly found to contravene privacy laws, the RCMP’s use of Clearview technology was also the Privacy Act’s collection policies.

Curiously, ; that was false and concerned the OPC. According to , the RCMP made hundreds of search requests through the database on at least 19 accounts. The OPC assessed the RCMP’s They found that the RCMP failed to properly ensure that their use of Clearview technology complied with the Privacy Act. Further, the RCMP did not report any system implemented to “ Clearview’s data. This represented a serious lack of care regarding the sensitive information collected. Ultimately, the OPC recommended “ within a year to handle (any) novel collections of data.

The RCMP that they violated section 4 of the Privacy Act. In fact, they argued that under the Act, they do not have a duty to ensure legal compliance of private third parties like Clearview. However, they did agree to OPC’s recommendations in an effort to improve operations.

Soon after the OPC launched their RCMP investigation, the RCMP internally worked to some of the issues. They restricted their use of Clearview and started the “National Technology Onboarding Program” to look into how novel investigative techniques comply with the Privacy Act and the . As of July 2020, Clearview stopped offering its services to Canada, and the RCMP stopped using it altogether.

In light of this , the OPC published the “” (“the Draft”) to provide provincial, regional, federal, and municipal police agencies with more detailed privacy compliance information. The guide offers a with various related guidance, and data management related to , , , , , and more.

The OPC also offers up-to-date information on the accuracy of FRT and algorithms, emphasizing the . In the same way, the guide underlines “.” In other words, agencies should only collect and retain what is necessary, rather than cast a wide net. The is a rather thorough document with many references to specific case law and related authority. It demonstrates the importance of privacy in Canadian society and the seriousness in which Canadian officials deal with consent, surveillance, and novel technology. FRT may evolve into a useful tool, but until it meets the recommendations of the OPC, the RCMP will need some constructive and careful effort to use FRT again.

The post A 24/7 Police Line-up: Clearview AI, the RCMP, and Privacy Laws appeared first on IPOsgoode.

]]>
Spat Between Pilot and Attendants’ Unions Results in Intrusive Disclosure Order /osgoode/iposgoode/2012/03/08/spat-between-pilot-and-attendants-unions-results-in-intrusive-disclosure-order/ Thu, 08 Mar 2012 17:36:56 +0000 http://www.iposgoode.ca/?p=15831 In Manish Patel v Unite, [2012] EWHC 92 (QB), a pilot, who claims he was defamed and harassed by postings on the British Airline Steward and Stewardesses Association (BASSA) forum, applies to the court for an order to allow an independent expert to copy and examine the forum database in order to identify who posted […]

The post Spat Between Pilot and Attendants’ Unions Results in Intrusive Disclosure Order appeared first on IPOsgoode.

]]>
In , [2012] EWHC 92 (QB), a pilot, who claims he was defamed and harassed by postings on the British Airline Steward and Stewardesses Association (BASSA) forum, applies to the court for an order to allow an independent expert to copy and examine the forum database in order to identify who posted the defamatory statements. This action is to follow up on a previous order for BASSA to search their own forum database, which they claim was not technically possible as the records had been deleted. The case raises interesting issues on privacy, anonymity, intrusive judicial orders, union rights, the importance of technical expertise and the relevance of waivers in a website’s terms and conditions.

Background

The harassment apparently began when , a pilot for British Airlines and a member of the British Airline Pilots Association was identified as having trained as a volunteer cabin crew member when BASSA, a subset of the Unite union, was threatening an action. Afterwards, Mr. Patel and other pilots who trained as volunteer cabin crew were threatened and harassed online and elsewhere. Mr. Patel blames this abuse on the widespread publicity that resulted from his being identified in the abusive and defamatory postings on the BASSA forum. He claims these postings were libelous and raises a second cause of action under the . The postings alleged that Mr. Patel was unsafe to fly with, had lied, was unfit to be a captain, behaved erratically and illegally, fired innocent cabin crew and was involved in police corruption. All the postings were made under anonymous usernames and, without disclosure of the identities of the writers, Mr. Patel cannot bring his proceedings against those responsible.

BASSA’s forum is operated by , the larges union in the UK. The terms and conditions of the website “reserve the right to disclose the true identities of users to third parties, if requested, subject to the user’s data protection rights.” In June or July 2011 Unite took the forum offline and published a statement that the allegations made about Mr. Patel were untrue, but did not identify the users who made the postings, as requested by Mr. Patel.

On 30 September 2011, Mr. Patel was granted a order which obliged Unite to carry out a reasonable search to locate andidentity thehome address and IP address of the persons associated with the usernames collected by Mr. Patel.

According to the site’s administrators it was not possible to comply with the order because since the site had been taken down, all that remained was a dated backup. The backup would only reveal the identity of the members using a particular username at that particular date. Apparently it was common practice for members to change usernames in order to hide their identities from British Airlines, as well as reuse names. Therefore associating a user with a username at the date the backup was taken would not guarantee it was the same user who had made the posts at issue at the time the posts were made. Furthermore, the administrator claimed the retrieving of the IP address of the users in question was not possible.

Application

Mr. Patel, unsatisfied with this response, made a second application that “in the event of Unite not being able to provide some or all of the information sought, an independent expert should be given access to all available copies of the BASSA forum database and permitted to make an image of the database and/or such other electronic copy of data on the database (existing or deleted) as the expert might consider necessary in order to prepare a report limited to the identification of the information sought” (para 13). According to Mr. Patel, the initial search made by BASSA was unreasonable because they failed to supply the information requested or explain what happened to it. Mr. Patel had technical experts who stated that since the forum was run on widely understood software(phpBB version 3 and MySQL), identification of the IP addresses from where the posts were made would be possible.

Mr. Patel then sent BASSA instructions on how to retrieve the requested information. The site administrator, a BASSA branch secretary with a non-technical background, said this was not possible as the posts had been deleted and the first step in the instruction required the relevant post. Justice Parks notes that it might be though curious that BASSA took the forum off line and did not make a back-up (para 11). Mr. Patel and his experts noted that previous searches had yielded portions of the allegedly defamatory posts.

Instead of taking the position that BASSA is being wilfully unhelpful or untruthful, he claims that they lack the technical capability to carry out this search themselves. Hence his request to allow a third party to examine the forum database.

Reasoning

Justice Parkes acknowledges that the order sought by Mr. Patel is intrusive (para 28) and that there were no authorities on point. He relies on a paragraph from which states that only if necessary and proportionate can the court order access to be given to a party’s computer or database. Parkes J does find necessary and proportionate to make the order. Especially because the requested order is necessitated by the lack of compliance with the previous judicial order. Furthermore, when faced with evidence from Mr. Patel’s experts, BASSA’s representatives were not able to conclusively show what information had been deleted and what remained on the database.

Unite claimed that the personal data of union members contained on the database was protected under Article 8 of the and that information about trade union membership fell within the definition of sensitive personal data under the . Parkes J writes that “the information involved is not of the most sensitive kind: we are not talking here about information relating to religious beliefs, or sexual life, or medical matters” (para 30). He finds that the order is proportional and necessary, even though contrary to the Data Protection Act,because there is no other way which the harm done to Mr. Patel could be exposed. He states “In this case, as in many other Norwich Pharmical cases, necessity and proportionality might go hand in hand.”

Finally, Parke J references the terms and conditions agreed to by those who posted on the BASSA forum that the right to disclose their identities was reserved. And that damage done to innocent parties who posted on the forum, can be mitigated by having an independent third party carry out the analysis.

Comments

Issues of user privacy are a topic of vocal public debate in a Canada at present, especially surrounding . Manish v Patel, and the Norwich Pharmacal line of cases demonstrate a common law approach to orders requiring disclosure of user information when linked to a cause of action and shown to be necessary and proportional. In Canada the debate mostly centres around the roles of ISPs in providing user data, though many point out that often ISPs are quite forthcoming and accommodating of law enforcement.

Beyond illustrating the irony that there is no apparent solidarity between pilots and flight attendants and their respective unions, one of the differentiating elements of this case was the lack of compliance on the part of BASSA, with the initial, less intrusive disclosure order. Manish v Patel shows how the court may respond to lack of compliance or lack of technical capability with a more intrusive order, while balancing innocent user’s privacy rights.

The future for this line of reasoning will be interesting, especially as different causes of action are tried. Here the cause of action is harassment and defamation, whether an order will be made for third party experts to independently review a website’s data with regard to a copyright infringement claim remains to be seen.

Kalen Lumsden is a JD candidate at Osgoode Hall Law School.

The post Spat Between Pilot and Attendants’ Unions Results in Intrusive Disclosure Order appeared first on IPOsgoode.

]]>