PIPEDA Archives - IPOsgoode /osgoode/iposgoode/tag/pipeda/ An Authoritive Leader in IP Thu, 13 Jan 2022 17:00:00 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 A Look Back at Canada's Privacy Legislation in 2021 /osgoode/iposgoode/2022/01/13/a-look-back-at-changes-in-privacy-legislation-in-2021/ Thu, 13 Jan 2022 17:00:00 +0000 https://www.iposgoode.ca/?p=38880 The post A Look Back at Canada's Privacy Legislation in 2021 appeared first on IPOsgoode.

]]>
Two people looking up at security cameras on a wall

Photo by Matthew Henry ()

Emily Prieur is an IPilogue Writer and a 3L JD Candidate at Queen’s University Faculty of Law. This article was originally written as part of the IPilogue’s annual Year in Review but has instead been published as a standalone article.

2021 was a transformational year for Canadian privacy legislation. Following the changes made to the , several provinces amended their privacy legislation to protect their constituents’ interests. The private sector may be less welcoming to changes in many provinces which expose companies to . On the flip side, these proposed legislative changes will strengthen the privacy of Canadians in their everyday lives.

Provincial Legislative Changes

Quebec’s Bill 64 Passes Royal Assent

The most significant development in privacy legislation is Quebec’s , An Act to modernize legislative provisions as regards the protection of personal information, which received royal assent on September 22, 2021. This legislation is significant because of its effects on the private sector. Starting September 2022, private sector organizations must inform the privacy regulator following any breach to compromised personal information that presents a “serious risk of injury” to affected individuals. To determine if there was a serious risk of injury to affected individuals, the province turns to the factors outlined in the “real risk of serious harm” section of the Federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). As , the gradual implementation of Bill 64 allows organizations the opportunity to update their processes and procedures to ensure compliance before September 2022. The Quebec legislation also takes inspiration from the European Union's General Data Protection Regulation (“Gٱʸ”), which has been touted as the “” privacy regime because of its strict privacy standards and its partiality towards consumers.

The omnibus bill included such as changes to company websites, assignment of a Privacy Officer, completion of Privacy Impact Assessments, and requirements for consent, individual rights, and automated decision making. To date, the analysis of the legislation compares the provisions to the European GDPR.

Companies operating in Quebec are now required to publish their company privacy policies on their websites. Such privacy policies must describe how companies plan to use personal information.

In the event of privacy infringements that violate individuals’ private information, individuals will now have recourse through administrative monetary penalties, penal offenses, and private rights of action.

Finally, similarly to the GDPR, Quebec introduced consent requirements for collecting personal information, including express consent before using sensitive information and parental consent for minors under the age of 14.

Ontario Welcomes Consultations and Proposes Changes

Under the leadership of Patricia Kosseim, the Office of the Privacy Commissioner pursued their goal of passing an equivalent piece of legislation in 2021. In response to an op-ed piece that argued against provincial legislation in fear of redundancy and duplication, Kosseim recently regarding the potential for new provincial legislation to “fill in the gaps” of what Federal privacy legislation cannot accomplish.

In keeping with Kosseim’s motivation to strengthen privacy laws in Ontario, the Government of Ontario released a along with calls for consultation in June 2021. The White Paper, titled “Modernizing Privacy in Ontario,” set out several proposals the Ministry is considering to strengthen privacy protection for Ontarians. To strengthen such protections, the Ministry has proposed making privacy a fundamental right in Ontario. Ontario has also included suggestions to protect youth privacy online, regulate automated decision-making, and require more informed consent and data transparency from private corporations.

The Ministry allowed the public to provide comments and feedback until August 2021. The Office of the Privacy Commissioner applauded the provincial government for taking a “” with its proposal.

BC’s PIPA Committee Releases their Final Report

The British Columbia Legislative Assembly also created a special committee to review the British Columbia (“PIPA BC”) in February 2020. The objective of this committee was to publish a report proposing amendments to PIPA BC, which the committee completed in December of 2021. In the , the committee suggested aligning PIPA BC with PIPEDA and Europe’s GDPR. Like the recently passed Quebec legislation, the committee also suggested mandatory breach notifications if a breach surpasses the “real risk of significant harm” threshold as established in PIPEDA. The committee also recommended broadening the definition of personal information to address the potential issue of de-identification. Finally, the committee proposed that the Office of the Information Privacy Commissioner have greater enforcement powers.

Federal Legislative Changes

The Federal Office of the Privacy Commissioner (“ʰ”) did not introduce any new legislation in 2021. The Office was engaged in issues surrounding as well privacy issues resulting from the COVID-19 pandemic, including privacy with respect to and the rise in reliance on video teleconferencing platforms like Zoom and Microsoft Teams. The Canadian OPC, along with privacy authorities in Australia, Gibraltar, Hong Kong SAR, China, Switzerland, and the United Kingdom, to the videoconferencing companies regarding their rapid expansion during the pandemic to query and confirm that these technology companies were using appropriate privacy safeguards. The letter led to a series of video calls between the signatories and representatives from the companies. Finally, the signatories and suggestions to improve privacy going forward. Among the suggestions were the implementation of end-to-end encryption, the identification of secondary use data (as well as an opt-out system), and the option for users to choose where their data is stored.

Conclusion

New and amended privacy legislation continues to develop in Canada and worldwide.Follow the IPilogue and subscribe to our newsletter, the IPIGRAM, for any important legislative changes that emerge in 2022.

The post A Look Back at Canada's Privacy Legislation in 2021 appeared first on IPOsgoode.

]]>
Digital Age, Cloud, and Intellectual Property Issues /osgoode/iposgoode/2021/07/02/digital-age-cloud-and-intellectual-property-issues/ Fri, 02 Jul 2021 16:00:00 +0000 https://www.iposgoode.ca/?p=37652 The post Digital Age, Cloud, and Intellectual Property Issues appeared first on IPOsgoode.

]]>
Photo Credits: (Unsplash)

Aishwerya KansalAishwerya Kansal is anIPilogue°ٱr, IP Innovation Clinic Fellow,LL.MGraduate (2020) at OsgoodeProfessional Development, and IP Law Clerk atBereskin& Parr LLP.

OVERVIEW OF CLOUD COMPUTING

Cloud Computing has become an important technology in promoting global businesses during the pandemic. The technology has helped facilitate remote work. One of its most significant benefits is lowering the costs to store, retrieve, and maintain the security of data. However, cloud storage and data services raise several legal issues for cloud computing providers and users. There are multiple Cloud Service Providers (CSP) such as Amazon, Google, Verizon, Sales Force, and Microsoft, giving customers several options to choose from. Distributed data, stored in multiple locations, have shown to be cost effective, reliable, scalable, and fault-tolerant. However, consumers may be unaware of the technology’s enormous potential and the need for it to be . In order to prevent complications, consumers should be widely aware of recent advancements in cloud technology’s potentials and the evolving regulatory landscape.

Could computing is a form of software technology which provides information services on a virtual platform without the need for extensive infrastructure and dedicated access points. Common forms of cloud computing include . SaaS is a software application over the internet which allows users access rather than allowing storage and local use. Any application that is run through the cloud service falls under this category. Dropbox is a form of SaaS, whereas Microsoft windows, a computing platform, is a form of PaaS used for running or developing applications.

Cloud computing’s rapid growth leaves limited time for identifying and implementing the regulatory frameworks necessary to protect users’ privacy and data security. Efforts to build a unified regulatory framework have already begun. Enthusiasm about building a unified framework has created common ground among nations about information privacy regulation.[1] For example, the rolled out a comprehensive proposal addressing general data protection regulations (Draft Data Protection Regulation).[2] Similarly, the United States Federal Trade Commission introduced its bill aimed at data privacy for consumers in addition to providing a detailed report in 2012 titled “Protecting Consumer Privacy in an Era of Rapid Change" ("FTC Report 2012"). Despite efforts to protect users’ cloud data, some legal issues remain unresolved.

LEGAL ISSUES IN CLOUD COMPUTING

Cloud computing involves collaborative efforts from different parties in providing services. Therefore, it is challenging to ensure compliance with a regulatory framework if one were to be put in place. A few of the underlying issues involve . In order to attempt to resolve these issues, the law needs to address the following items : (1) regarding storage and transfer of cloud data, (2) data ownership issues, and (3) control and access to cloud data.

From the user’s perspective, a major issue is the location of the data storage and the data transit which depends on factors like contractual obligations as well as the service and deployment model between the CSP and users. Under some circumstances, CSPs have chosen to confine the routing of information to certain locations. In cloud technology, data’s exact location cannot be easily established. The law is particularly ambiguous with respect to . Therefore, it is crucial that users take the issue of data storage locations and transit routes into account before moving their data to cloud. Though data should be owned by the user who uploads it to the cloud, the service level agreements (SLA) and CSP contract should explicitly state possession, custody, and control including the ownership and access to the information stored in the cloud. Users’ dependency on cloud computing services, along with an increased difficulty in controlling, accessing, and owning data, will grow in the absence of laws regulating cloud computing services. Service providers and other contracting parties should have bargaining power when deciphering standards of agreement clauses.

The federal government in has laid down on businesses when they engage in collecting, using, and disclosing personal information. Canadians mostly use cloud-based services provided by the United States and other countries. It is implied that private sector privacy legislation does not prohibit entities from using a foreign service provider. The Federal Commissioner has asked that any entity in should inform its customers of this practice and provide information about the foreign country’s laws on data privacy. In Canada, in a class action lawsuit against Facebook. Cloud computing services are not limited to external online storage used by social media and email services. Many other internet services involve cloud computing. The court in the class action against Facebook had to decide whether the social media company was reasonably notifying its users of principles governing their privacy policy and whether they were mentioned in advertisements on the platform.

CONCLUSION

Cloud has provided new options for storage and transmission of data. It has also introduced a whole new gamut of risks. Simplification of the laws is essential in promoting widespread adoption of cloud technology. The need for simplifications was concurred by the World Economic Forum. A standardized approach to the privacy and security of data with respect to cloud services would benefit the consumers and service providers in any disputes that may arise. Once adequate regulation for cloud computing is in place and rights and liabilities of users and service providers are well laid out, the industry could go on to Effective regulations would address rights and liabilities, while having flexibility to incorporate future developments in the field.

[1] Nancy J King & VT Raja, "What do They Really Know about Me in the Cloud: A Comparative Law Perspective on Protecting Privacy and Security of Sensitive Consumer Data" (2013) 50:2 Am Bus LJ 413

[2] Commission Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), at 1, COM (2012) 11 final (Jan. 25, 2012) [hereinafter Draft Data Protection Regulation], available at http://ec.europa.eu/justice/data-protection/ document/review2012/com_20121 len.pdf.

The post Digital Age, Cloud, and Intellectual Property Issues appeared first on IPOsgoode.

]]>
An Antidote to Privacy Infringements: Will Bill C-11 Unite Consumers and Big Tech? /osgoode/iposgoode/2021/05/17/an-antidote-to-privacy-infringements-will-bill-c-11-unite-consumers-and-big-tech/ Mon, 17 May 2021 16:00:58 +0000 https://www.iposgoode.ca/?p=37340 The post An Antidote to Privacy Infringements: Will Bill C-11 Unite Consumers and Big Tech? appeared first on IPOsgoode.

]]>

Photo credits: Amza Andrei (unspash.com)

Tiffany Wang Written by Tiffany Wang, IPilogue Contributing Writer and J.D. candidate at Osgoode Hall Law School (Class of 2023).

Big Tech companies like Facebook and Google collect and store users’ personal and potentially sensitive information. Canadians are generally compelled to accept this practice; however, the ongoing COVID-19 pandemic has sparked new over surveillance practices, like tracking and recording individuals. In an , Samuel Woodhams, a digital rights activist, indicates that 25 percent of the 53 contact-tracing apps used globally lack privacy policies. Without privacy protection, the risks of personal data leakage are too high to ignore.

On November 17, 2020, the federal government introduced Bill C-11, the (DCIA). It proposes three major changes:

  1. Repeal Part 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA) governing personal information and privacy;
  2. Enact the Consumer Privacy Protection Act (CPPA); and
  3. Introduce a Personal Information and Data Protection Tribunal (Tribunal) governed by PIPEDA.

These recommendations would strengthen the impact of Canada’s privacy laws on the private sector. They underscore the federal government’s attempt to balance individuals’ fundamental right to privacy and the crucial function of information in advancing business, innovation, and commerce.

Consumer data is subject to heightened protection pursuant to Bill C-11. If enacted, the DCIA would, barring consumer consent, shield sensitive medical, financial, and social information and data from private entities. In effect, individuals would have increased autonomy over their online identity, by allowing them to meaningfully consent to the sharing of their data.

The DCIA’s new transparency requirements also address algorithmic transparency concerns. For example, businesses must be transparent about how they deploy . These requirements will entitle consumers to request that businesses explain how they process and use personal information. In turn, businesses must comply with the DCIA to clarify how their algorithmic systems generate and analyze consumer data. Bill C-11 and will implicate a larger number of computer systems than those currently captured by PIPEDA.

It is important that the federal government balances privacy concerns with advancing Canada’s innovation and technology sector. Bill C-11 notes Canada’s ambition to keep pace with the European Union and the United States in simplifying privacy and e-protection laws for commerce and businesses. For example, Bill C-11 adds a new “business activities” exception for requiring consent. Businesses will not be required to obtain consumer consent for every transaction in the process of delivering products or services.

Additionally, Bill C-11 promotes the sharing of data between private and public spheres to leverage data pools. Under Bill C-11, the federal government possesses increased oversight and enforcement powers over private parties. If the CPPA were successfully implemented, the Privacy Commissioner will reside above business entities, enabling the Government to stop organizations from collecting certain data. In addition, the Privacy Commissioner may, through the Tribunal, impose administrative fines up to three percent of a business entity’s global revenue, or $10 million for breaches.

Bill C-11 is attractive from both consumer and business standpoints. Not only do its recommendations strengthen individual autonomy and information transparency, but they also simplify business transactions by making it easier to obtain consent and foster increased dialogue between governmental agencies and private companies in sharing de-identified data.

Perhaps there is a silver lining to the pandemic to pave way for more robust privacy laws. As Canadian technology and commercial innovation increasingly depend upon data collection, it is prudent to bolster privacy.

The post An Antidote to Privacy Infringements: Will Bill C-11 Unite Consumers and Big Tech? appeared first on IPOsgoode.

]]>
Reflections on My Placement at AstraZeneca Canada (IP Intensive Reflection) /osgoode/iposgoode/2021/04/06/reflections-on-my-placement-at-astrazeneca-canada-ip-intensive-reflection/ Tue, 06 Apr 2021 16:00:00 +0000 https://www.iposgoode.ca/?p=36949 The post Reflections on My Placement at AstraZeneca Canada (IP Intensive Reflection) appeared first on IPOsgoode.

]]>
As part of my involvement in the Intellectual Property and Technology Law Intensive Program (“IP Intensive”), I was fortunate to be granted a 9-week placement at the Legal Affairs department of AstraZeneca Canada (“AZC”). As someone with a background in the biosciences and a keen interest in practicing law in this space, the opportunity to engage with the legal matters of a pharmaceutical company represents the highlight of my law school experience.

No beats skipped here

As one could imagine, the pharmaceutical industry is in full swing in the midst of a global pandemic. Despite the virtual/remote nature of this year’s IP Intensive and placement, my supervisor ensured that I was sufficiently immersed in AZC’s operations, through regular Zoom “touch-base” meetings and by connecting me with employees from various departments of the organization. From meeting individuals from the compliance, marketing, and digital transformation departments (to name a few), I was given a holistic understanding of the “big picture” operations of a pharmaceutical company.

In fact, interning at AZC during a global pandemic represented a unique opportunity. I learned about, and contributed to the resolution of, issues related to vaccine development and marketing— including vaccine contract review and constitutional analyses on the division of powers as relates to vaccine dissemination strategies. I also had the opportunity to review and comment on official submissions to Parliament regarding the passage of their COVID-19-related interim orders, in particular the order creating alternate routes for expeditious drug authorization to combat shortages.

A newfound interest in privacy law

Prior to my involvement with the IP Intensive, I considered myself someone solely interested in traditional IP law (i.e., copyrights, trademarks, and patents). I am grateful for the “Technology” aspect of the IP Intensive, for it thrust us into discussions on timely issues such as privacy and data rights. In fact, I would say that the legal field engaged with most during my placement was privacy law (even more so than IP). While clear to see with hindsight, I had no idea the extent to which privacy considerations impacted pharma’s operations. I worked on tasks such as: appraising cookie notices for PIPEDA compliance; reviewing corporate privacy training modules; and providing feedback on federal and provincial privacy legislation amendment proposals (this last one is timely, given Parliament’s recent introduction of the Digital Charter Implementation Act, 2020, which will likely lead Canada to a more GDPR-esque privacy regime).

Patented medicine pricing issues

One constant cause for concern during my placement at AZC relates to the Patented Medicine Prices Review Board’s (“PMPRB”) 2020 Guidelines. The price regulation of patented drugs affects virtually the entirety of AZC’s product line, and therefore represents a source of uncertainty with respect to AZC’s—and other patented drug manufacturers’—operations. I assisted my supervisor in researching PMPRB court cases as well as commenting on submissions from Innovative Medicines Canada (“IMC”) asking for clarity on the Guidelines’ proposed amendments.

The recent Federal Court ruling on the validity of the PMPRB’s recent amendments (i.e., that they fall within the broad regulation-making authority of the Governor-in-Council under the Patent Act as part of the valid legislative goal of “abusing patent monopolies”) are bound to be challenged by IMC, and I am glad to know that I may have played a small part in the process of clarifying this important area of law.

Miscellaneous adventures

In addition to the privacy- and IP-related legal issues I mentioned, I was also involved in a wide spectrum of legal and policy issues touching on a variety of AZC’s operations. For example, I took part in the following miscellaneous, yet significant, operational tasks: providing insights into the Food and Drug Regulations’ amendment to include nurse practitioners in the list of “practitioners” to whom drug samples may be distributed; reviewing consent notices for compliance with Canada’s Anti-Spam Legislation; and clarifying health and safety committee requirements under the Occupational Health and Safety Act.

Conclusion

My placement at AZC was undoubtedly the highlight of my law school career, providing me with an invaluable adjunct to the traditional course-based law school curriculum. I am grateful for the work done by the Legal Affairs department to make my virtual placement as immersive and rewarding as if it were done in person. I look forward to applying the knowledge and skills gained in my future career endeavours, as well as to keeping in touch with the awesome individuals I had the pleasure of connecting with during my placement.

Written by Daniel Joseph, JD Candidate 2021, enrolled in Professors D’Agostino’s and Vaver’s 2020/2021 IP Law & Technology Intensive Program at Osgoode Hall Law School. As part of the program requirements, students were asked to write a reflective blog on their internship experience.

The post Reflections on My Placement at AstraZeneca Canada (IP Intensive Reflection) appeared first on IPOsgoode.

]]>
Privacy Commissioners Reprimand Clearview AI: What’s Next for Facial Recognition? /osgoode/iposgoode/2021/03/05/privacy-commissioners-reprimand-clearview-ai-whats-next-for-facial-recognition/ Fri, 05 Mar 2021 17:00:00 +0000 https://www.iposgoode.ca/?p=36739 The post Privacy Commissioners Reprimand Clearview AI: What’s Next for Facial Recognition? appeared first on IPOsgoode.

]]>
“He is seen, but he does not see; he is the object of information, never a subject in communication…Hence the major effect of the Panopticon: to induce in the inmate a state of conscious and permanent visibility that assures the automatic functioning of power” – Michel Foucault (Discipline and Punish, 1975)

In 2019,started licencing facial recognition software to law enforcement agencies in Canada and the United States. In addition to, the. At first, the product seemed promising. Clearview AI’s application helped law enforcement officers track down otherwise unidentifiable criminals. However, Privacy Commissioners for , , and immediately launched a joint investigation into the company when news reports began to circulate raising questions and concerns about Clearview AI’s facial recognition technology.

The problem with Clearview AI’s application is that it requires a large biometric dataset in order to operate. To obtain biometric information, Clearview AI has scraped the Internet and collected over 3.3 billion images of faces and associated data from publicly accessible online sources, including Facebook, YouTube and Instagram. Clearview AI uses facial recognition software to create a biometric array for each of its images. When a user uploads a photograph, Clearview AI assesses its biometric data and retrieves images with corresponding information from its database. Each image in its database contains metadata and a link to its original source, so users can cross-reference and identify people using images found online.

Now, almost a year since news first broke about Clearview AI, Canada’s Privacy Commissioners have finally concluded their investigation into the company. In aissued on February 2, 2021, the Commissioners collectively condemned Clearview AI for collecting, using and disclosing personal information without the requisite consent. Subject to Canadian privacy laws governing private sector entities, Clearview AI’s activities contravene principle 4.3 of Schedule 1, as well as section 6.1 of , section 7(1) of , sections 6-8 of , and sections 6 and 12-14 of .

. However, many are now calling on the Trudeau government to ban federal law enforcement and intelligence agencies from using facial recognition for surveillance purposes entirely. Last July, individuals and organizations representing privacy, human rights and civil liberty advocates penned an, calling on the federal government to “[e]stablish clear and transparent policies and laws regulating the use of facial recognition in Canada, including reforms to the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Privacy Act.”

Law enforcement agencies can now identify suspects within a matter of seconds. With facial recognition, all it takes is a single photograph to obtain a wealth of personal information about an individual. However, everything comes at a cost, and utilizing facial recognition for law enforcement purposes is no exception. If I have learned anything from Michel Foucault, it is that collective security should not come at the expense of individual autonomy. Do you disagree?

Lamont Abramczyk is a JD Candidate at Osgoode Hall Law School. He is the Deputy Director of the Osgoode Art Law Society and an IP Osgoode Innovation Clinic Fellow.

The post Privacy Commissioners Reprimand Clearview AI: What’s Next for Facial Recognition? appeared first on IPOsgoode.

]]>
Reforming Canada’s Privacy Legislation: Does it Take a Pandemic? /osgoode/iposgoode/2021/02/02/reforming-canadas-privacy-legislation-does-it-take-a-pandemic/ Tue, 02 Feb 2021 16:09:30 +0000 https://www.iposgoode.ca/?p=36368 The post Reforming Canada’s Privacy Legislation: Does it Take a Pandemic? appeared first on IPOsgoode.

]]>
The COVID-19 pandemic has forced Canadians to stay at home and rely on their devices for far more essential services than they did in the past. The increased demand for digital tools has boosted innovation, fast-tracking the creation of new technology to assist Canadians in different aspects of their daily lives. Unfortunately, Canada’s privacy laws have not undergone similar upgrades to be compatible with our current lifestyle. This has left Canadians vulnerable to the privacy risks that stem from their expanded use of technology.

Canada’s Increased Reliance on Technology in the Pandemic

The necessity for social distancing during the pandemic has made Canadians more reliant on technology for social, occupational, and healthcare purposes. Instead of meeting in-person, friends and family plan virtual meetups through videoconferencing services and other online platforms. Technology is regularly used by employees working-from-home to fulfill their responsibilities without entering the workplace. It is also useful for students, who can pursue e-learning from the safety of their homes. Our healthcare framework has even shifted from visiting the doctor’s office for medical concerns to using telemedicine platforms to communicate with healthcare practitioners.

Although we have upgraded our lifestyle to incorporate technology in everyday interactions, Canada’s privacy laws have not been updated to fit our data-driven society. Prior to the pandemic, the (OPC) issued several statements urging the federal government to reform its privacy legislation to combat risks associated with our antiquated legal framework. However, little has been done in response to these statements. With Canadians growing more digitally dependent during the pandemic, the gaps in Canada’s privacy infrastructure are becoming more prominent.

The Risks Associated with Antiquated Laws

In the OPC’s recent to Parliament on the , it highlights key legal gaps associated with the use of commercial platform services. Under our current legislation, commercial enterprises may be able to access sensitive information communicated through online platforms. For example, e-learning platforms can capture information regarding students’ learning disabilities and other behavioural issues. Commercial platforms involved in telemedicine services can also access doctor-patient confidential communication. The OPC argues that these gaps, along with other issues, must be remedied by new legislation that guarantees safety when using essential systems.

The OPC advocates for federal legislative reform to maximize the benefits of technology and minimize associated privacy risks. Among the potential areas of reform, the OPC asks the federal government to define privacy as a human right and use this as a starting point to guide new legislation for data-driven technologies. It also requests the federal government to consider empowering the OPC with enforcement mechanisms to make binding orders and impose administrative penalties for non-compliance with the law.

A Sign of Progress

With the recent tabling of , the federal government may have finally provided a meaningful response to the OPC’s call for legislative reform. Bill C-11 presents the first major step in reforming Canada’s privacy regime and will introduce two new statutes: theConsumer Privacy Protection Actand thePersonal Information and Data Protection Tribunal Act. These statutes will replace the provisions of PIPEDA that deal with Canadian private sector privacy laws. Among the proposed changes included in Bill C-11, the OPC will be given the ability to make binding orders and recommend administrative monetary penalties of up to 5% of global revenue for companies that do not comply with the orders.

In the OPC’s on November 19, 2020, it noted that Bill C-11 features several improvements to Canada’s current privacy legislation. It praised such advancements like the proposed restructuring of PIPEDA and the addition of order-making powers to the OPC’s list of law enforcement tools. However, it also raised several questions regarding the Bill’s effectiveness in protecting privacy in Canada’s evolving digital society. The OPC plans to further assess the adequacy of Bill C-11 before presenting its views to the parliamentary committee that will study the Bill.

Although it may not be on the OPC’s preferred timeline, the gears of legislative reform are finally turning for Canada’s privacy law regime.

Written by Imtiaz Karamat, Osgoode Alumni and Student-at-Law at Deeth Williams Wall LLP.

The post Reforming Canada’s Privacy Legislation: Does it Take a Pandemic? appeared first on IPOsgoode.

]]>
THE ONGOING SAGA: FACEBOOK HEMORRHAGING ITS USERS PRIVACY /osgoode/iposgoode/2020/07/07/the-ongoing-saga-facebook-hemorrhaging-its-users-privacy/ Tue, 07 Jul 2020 20:58:55 +0000 https://www.iposgoode.ca/?p=35689 The post THE ONGOING SAGA: FACEBOOK HEMORRHAGING ITS USERS PRIVACY appeared first on IPOsgoode.

]]>
Yet again, another regulator, the Competition Bureau of Canada (the Bureau), has unmasked Facebook for incessant acts of breaching its user’s information privacy. On May 19, 2020, the Competition Commission settled an investigation penalising Facebook forfor claims of data privacy following a complaint to the Office of the Privacy Commissioner of Canada (OPC) under the compliance of PIPEDA). Over the past five years, the social media giant has been facing scrutiny regarding its data privacy policies. After the outrage of British data firm , it has been glib in steering major policy changes in respect to privacy. Investigation revealed that Facebook had been loosely treating its user's data and had disclosed it to third parties affecting. The OPC came to this conclusionafter due deliberation, highlighting the importance of “ This has not only plunged the users confidence on the Facebook in Canada, but also in many jurisdictions including its host jurisdiction in the US by .

Disingenuous and Deceptive Behaviour

Prior to the whistleblower revelation of Facebook's involvement in Cambridge Analytica influencing , it had been popularising various quizzes and games on its platform. This was to engage users in order to conductto check if instigation of "emotional contagion” was possible through social media. Succeeding in such attempts, it gave multiple third partiesaccess to its users’ data (e.g., content posted on Facebook and messages exchanged through Messenger). Thus, it is imperative to regulate such social media platforms. Facebook superficially handles its privacy policies through, which hampers the meaningful andfrom users. Accordingly, the Canadian regulators are making painstaking efforts to protect citizens from such undue influences by penalizing such activities. The Bureau explicitly confirms thatdo not in their entirety protect the users to control their respective messenger chats and other private activities. Rather, there are loopholes (such as, installation of third-party apps) by which third parties can access such information rendering enormous profits to Facebook. Though Facebook had contended to refrain from such activities in 2015, that such practice continued until 2018.

Intertwined Relationship of the Regulators in the Privacy Dispute

Due to complexity of the cases and inadequacy of laws in the field of data privacy, the OPC and Competition Commission have gone to great lengths to achieve a comprehensive settlement and enforcement in this case. As both had different approaches and interests, being regulated under different laws, including PIPEDA and the respectively, achieving consistency with regards to regulations can be a challenge. Intertwining both regulators helped in bridging the gap between the “” of federal and provincial privacy laws, while Competition Bureau sought an administrative penalty helping in the enforcement proceedings. Though the OPC has been criticized in the past for lack of enforcement powers, coalition of both regulators has demonstrated benefit to the Canadian privacy regime.

In conclusion, considering thecurrent scenario, it is foreseeable that more regulators mayinterpret privacy issues differently and as per their mandates. This is because the privacy law framework in Canada, and elsewhere, has not entirely addressed online infringement issues and it will take a considerable period of time to develop comprehensive statutes to regulate these novel and often nefarious online activities.

Written by Aishwerya Kansal, IPilogue Contributor. Aishwerya is pursuing Master’s in Law in International Business Laws at Osgoode Hall Law School, and she is also an IP Innovation Clinic Fellow.

The post THE ONGOING SAGA: FACEBOOK HEMORRHAGING ITS USERS PRIVACY appeared first on IPOsgoode.

]]>
Facial Recognition Technology and the Retail Sector: Opportunity or Liability? /osgoode/iposgoode/2020/05/26/facial-recognition-technology-and-the-retail-sector-opportunity-or-liability/ Wed, 27 May 2020 02:52:33 +0000 https://www.iposgoode.ca/?p=35524 The post Facial Recognition Technology and the Retail Sector: Opportunity or Liability? appeared first on IPOsgoode.

]]>
Facial recognition technology has recently come under greater scrutiny. In February 2020, the RCMP admitted to using Clearview AI technology, prompting the Office of the Privacy Commissioner (OPC) to into whether the use violates federal privacy laws.

Far less attention has been paid to how retailers are using the same technology to improve customer loyalty and increase sales. For example, has been using facial recognition technology to identify VIPs in its Toronto store.

For brick and mortar retailers, facial recognition technology holds tremendous value. Marketing analysts have described how shoppers interact and behave within the actual retail environment as a Facial recognition technology could potentially provide marketers with the insights they’ve been missing.

From an IP commercialization perspective, patents represent only a fraction of facial recognition technology’s value. The data extracted by the algorithm is extremely lucrative. However, who can claim ownership rights over this data is not entirely clear cut.

Who Owns the Data?

Under Canadian law, . Instead, is protected by a number of different privacy laws at the federal and provincial levels. , the federal Personal Information Protection and Electronic Documents Act (PIPEDA) would apply to most retailers.

The economic importance of data has led to increased discussion around the need to create . However, that may not be necessary in this case. It’s uncertain if individuals could claim ownership over the personal information collected by a facial recognition technology program by virtue of their personality rights.

What are Personality Rights?

Personality rights recognize that individuals have the right to protect their image, name, and voice from commercial exploitation. Several jurisdictions () protect the right through their provincial privacy legislation. provides statutory protection through its Civil Code. In , the right is entirely governed by the common law.

that are owned by individuals. Like other forms of property, they can be licensed and even inherited upon death.

The limited cases on wrongful appropriation of personality in Canada have involved celebrities or well-known figures, though celebrity is not a requirement. This raises the question of whether individuals could license their personality rights to companies. Licensing personality rights could potentially provide a new revenue stream for individuals and even data brokerages that already buy and sell personal data. For companies, it can create a burdensome problem of ensuring that appropriate permissions have been obtained.

Using someone’s personality for commercial purposes, without their consent is considered a . If successful, a plaintiff may be entitled to an injunction and damages. Case law suggests that a successful cause of action will require that (i) the plaintiff can be identified; and (ii) that their image was used for the purpose of commercial gain.

In , the court narrowed the scope of the tort to “endorsement-type situations.” This does not necessarily limit the cause of actions to celebrities endorsing products. The flexible language leaves the door open for courts to consider whether tracking and analyzing a customer’s shopping preferences to customize how they are marketed to would be considered an “endorsement-like situation.”

While some companies may be able to anonymize the data so that individuals aren’t identified, this may prove more difficult for retailers relying on facial recognition technology to identify customers within their loyalty programs.

Moreover, using someone’s facial identity to increase sales is a primary objective behind the retail sector’s use of the technology. For example, in New 91ɫ, athletic footwear giant uses an algorithm to snap photos of shoppers in-store and rapidly build a profile that can track their emotional cues, for example, how interested they are in a particular product. Reebok has expressed hope that these insights could be used to customers see while they’re in store.

Remaining Competitive Post-COVID-19

The value of facial recognition technology to retailers may be even more important in the aftermath of COVID-19. Although the true financial ramifications of COVID-19 on the global economy are not yet fully known, competition among retailers has always been tough.
In light of this, the pressure to lower customer acquisition costs and keep existing customers is higher. (what a business must spend on marketing to obtain and keep a new customer), is a critical metric that can shine light on a company’s performance and future success. Anything companies can do to lower their marketing costs, while increasing their precision to enhance loyalty, will likely be helpful in

Facial recognition technology offers retailers a promise of improved customer service, lowered costs, and more efficient marketing. While tempting, the technology comes with strings attached and requires ongoing maintenance and vigilance on the retailer’s part to ensure they are compliant with privacy laws and larger public policy goals. Even if personality rights are not engaged, retailers must still be aware of their legal responsibility to safeguard individuals’ personal information under privacy legislation like PIPEDA.

In a , Kay Firth-Butterfield, Head of AI and Machine Learning at the World Economic Forum (WEF) cautioned companies to be aware of potential problems that AI can introduce, noting that substantial brand value can be lost if the wrong decisions are made about the use of AI. Firth-Butterfield stressed that the fast pace of change surrounding the technology requires companies start thinking about regulatory and governance mechanisms now not later.

The around the use of artificial intelligence by companies. As more jurisdictions are enacting privacy legislation to respond to the growing use of artificial intelligence in commercial settings, businesses may face additional barriers before they can fully implement the technology. Companies could see new compliance requirements that either reflect or closely align with the legislation that is already in force in other jurisdictions, like the General Data Protection Regulation (GDPR) in Europe.

The added expense required to safeguard the information and ensure that staff are trained to use it may not be enough to justify taking on the risk, particularly for small- to mid-size businesses who cannot shield the costs and administrative burdens as easily.

If there is a silver lining for companies, it may be that that PIPEDA serves a distinct purpose that can be distinguished from other federal and provincial privacy legislation. Namely, PIPEDA must balance protecting individuals’ privacy with the need for commercial organizations to collect and use personal information.

So while it is unlikely that the OPC will issue recommendations that stifle commercial activity, it would be reasonable for retailers to expect that they will need to take extra precautions to ensure highly sensitive personal information is protected.

Ultimately, it will be for retailers to decide if the benefits outweigh the costs.

Maggie Vourakes is a JD candidate at Osgoode Hall Law School.

The post Facial Recognition Technology and the Retail Sector: Opportunity or Liability? appeared first on IPOsgoode.

]]>
TO REQUIRE CONSENT OR TO NOT REQUIRE CONSENT? THAT WAS (AND COULD STILL BE) THE QUESTION /osgoode/iposgoode/2019/12/02/to-require-consent-or-to-not-require-consent-that-was-and-could-still-be-the-question/ Mon, 02 Dec 2019 17:41:20 +0000 https://www.iposgoode.ca/?p=34590 The post TO REQUIRE CONSENT OR TO NOT REQUIRE CONSENT? THAT WAS (AND COULD STILL BE) THE QUESTION appeared first on IPOsgoode.

]]>
On September 23, 2019 the Office of the Privacy Commissioner of Canada (“ʰ”) .[1] The on the matter by posing 11 specific questions related to the current and future law of data transfers, but at the heart of the consultation was whether consent should be required when transferring personal information to a third party for processing in a different jurisdiction.[2] The during the consultation, some of which were on behalf of more than 90 stakeholders.[3] The majority of the submissions rejected the proposition that the Personal Information Protection and Electronic Documents Act (“PIPEDA”) required organizations to seek consent for transfers to third parties for processing, to that effect.[4] It was the OPC’s recent deviation from this interpretation in their April 2019 Report of Findings in the [5] (the “Equifax Decision”) that received widespread [6] and sparked the consultation in the first place.

In April 2019 , the OPC’s conclusion following an investigation into Equifax Canada’s transfer of consumer financial information to Equifax Inc. (an entity in the United States) for processing.[7] In their report, the OPC found that Equifax Canada should have sought express consent from customers when transferring personal information to a third party in a foreign jurisdiction for processing, as this constituted a “disclosure” within the meaning of Principle 4.1.3 of PIPEDA. This finding directly contradicted the (the “Guidelines”), which distinguished a “transfer” or “use” from a “disclosure” and only required appropriate notice to consumers informing them that their personal information was being processed in a foreign jurisdiction (provided that the transferring organization took reasonable steps to provide a comparable level of data protection while in the hands of foreign entities through contractual terms and the transfer was for the purpose for which the information was initially collected).[8] Given the departure from the OPC’s previous findings on similar matters and its commitment in writing to such an interpretation in their Guidelines, the OPC launched a consultation soliciting stakeholder feedback on the change in their position.

Based on the responses received in the course of the consultation, the OPC concluded that their Guidelines and interpretation of Principle 4.1.3 will remain unchanged under PIPEDA as it currently stands. In coming to their conclusion, the OPC recognized the business challenges that a consent requirement would impose and conceded that they would “”.[9] In their conclusion, the OPC also recognized the reality that implementation of their new position likely would not be applied in practice for many years, at which point amended legislation on the matter may already be in place.

Throughout the consultation process, the to the impending statutory reform of PIPEDA,[10] which serves as a reminder that OPC decisions and are, in fact, not binding at law.[11] While businesses, the legal community and industry groups may have been pleased with the OPC’s immediate conclusion following the consultation, the relief could be short lived depending on what statutory amendments will be made to PIPEDA in the coming years. Innovation, Science and Economic Development Canada’s recently published , Strengthening Privacy in the Digital Age, which outlines four areas of reform and includes enhancing individuals’ control, making specific reference to accountability as it relates to trans-border data flows for processing.[12] Thus, the real value of the OPC’s consultation may be realized in how they will use the information and insight obtained to advise Parliament on how legislative amendments to PIPEDA should deal with the issue of data transfers for processing purposes. The OPC stated it will now focus its efforts on “”.[13] The OPC’s ;[14] it remains to be seen whether the OPC will take into consideration the business and practical implications raised by stakeholders throughout the consultation process when determining what constitutes “best” protection for Canadians and making recommendations to Parliament. To require consent or to not require consent? That is still the question, but now it’s Parliament’s turn to answer.

Written by Madison Black, Osgoode JD Candidate, enrolled in Professors D’Agostino and Vaver 2019/2020 IP & Technology Law Intensive Program at Osgoode Hall Law School. As part of the course requirements, students were asked to write a blog on a topic of their choice.

[1] Office of the Privacy Commissioner of Canada, Announcement, “Commissioner Concludes Consultation on Transfers for Processing” (23 September 2019), online: <https://www.priv.gc.ca/en/opc-news/news-and-announcements/2019/an_190923/>.

[2] Canada, Office of the Privacy Commissioner of Canada, “Consultation on Transfers for Processing – Reframed Discussion Document”, Consultation (Ottawa: Office of the Privacy Commissioner of Canada, 2019), online: <https://www.priv.gc.ca/en/about-the-opc/what-we-do/consultations/consultation-on-transfers-for-processing/>

[3] Osler, Hoskin & Harcourt LLP, “OPC Consultations on Transborder Dataflows”, Submission to the OPC, (6 August 2019), online: < https://www.accessprivacy.com/AccessPrivacy/media/AccessPrivacy/Content/news/AccessPrivacy-Submission-to-OPC-re-Transfers-for-Processing.pdf>.

[4] Canada, Office of the Privacy Commissioner of Canada, “Processing Personal Data Across Borders Guidelines” (Ottawa: Office of the Privacy Commissioner of Canada, January 2019) online: < https://www.priv.gc.ca/en/privacy-topics/airports-and-borders/gl_dab_090127/>.

[5] Canada, Office of the Privacy Commissioner of Canada, Investigation into Equifax Inc. and Equifax Canada Co.’s Compliance with PIPEDA in Light of the 2019 Breach of Personal Information (9 April 2019), PIPEDA Report of Findings #2019-001, online: <https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2019/pipeda-2019-001/>.

[6] Molly Reynolds and Shalom Cumbo-Steinmetsz, “What the OPC’s Decision in Equifax Means for Cross-border Data Transfers and Outsourcing” (11 April 2019), Torys LLP, online <https://www.torys.com/insights/publications/2019/04/what-the-opcs-decision-in-equifax-means-for-cross-border-data-transfers-and-outsourcing>; Lisa R. Lifshits, “The Many Lessons of the Equifax Data Breach” (15 April 2019), Torkin Manes, online: <https://www.torkinmanes.com/our-resources/publications-presentations/publication/the-many-lessons-of-the-equifax-data-breach>; Bernice Karm, “Privacy Commissioner Reverses Course – Consent Required for Personal Information Processing” (16 April 2019), Bassels Brock and Blackwell LLP, online: <https://mobile.casselsbrock.com/Issue/Privacy_Commissioner_Reverses_Course___Consent_Required_for_Personal_Information_Processing>; Monique McAlister, Peter Rudy and Niki Kermani, “Privacy Commissioner Reverses Its Position on Cross-Border Transfers of Personal Information” (15 April 2019), Goodmans LLP Update, online: < http://www.goodmans.ca/files/file/docs/04.15.2019%20-%20Privacy%20and%20Litigation%20Update.pdf>; Barry Sookman, “OPC Consultation on Trans-border Data Flows: My Submission to the Consultation” (6 August 2019), Barry Sookman, online: <https://www.barrysookman.com/2019/08/06/opc-consultation-on-trans-border-data-flows-my-submission/>.

[7] Supra note 5.

[8] Supra note 4.

[9] Supra note 1.

[10] Canada, Innovation Science and Economic Development Canada, Strengthening Privacy for the Digital Age (May 2019), online: <https://www.ic.gc.ca/eic/site/062.nsf/eng/h_00107.html>.

[11] Canada, Office of the Privacy Commissioner of Canada, PIPEDA Interpretation Bulletins (30 January 2017), online: <https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/pipeda-interpretation-bulletins/>.

[12] Supra note 10.

[13] Supra note 1.

[14] Canada, Office of the Privacy Commissioner of Canada, How the OPC Protects and Promotes Privacy (10 November 2016), online: <https://www.priv.gc.ca/en/about-the-opc/what-we-do/mm/>.

The post TO REQUIRE CONSENT OR TO NOT REQUIRE CONSENT? THAT WAS (AND COULD STILL BE) THE QUESTION appeared first on IPOsgoode.

]]>
Who owns my privacy and why I don’t want people to know where I drive /osgoode/iposgoode/2019/11/18/who-owns-my-privacy-and-why-i-dont-want-people-to-know-where-i-drive/ Mon, 18 Nov 2019 16:26:50 +0000 https://www.iposgoode.ca/?p=34494 The post Who owns my privacy and why I don’t want people to know where I drive appeared first on IPOsgoode.

]]>
To me, “big data” has become synonymous with Big Brother, the central political figure behind data collection and monitoring in George Orwell’s “1984.” Big Data plays a similar role in today’s society, but it’s not often clear who or what organizations play this role, and what parts of my private data are being collected to violate my personal privacy. Following the revelation of the Facebook-Cambridge Analytica scandal in 2018, the public consciousness has grown to include privacy and data collection as primary concerns, but there hasn’t been much transparency, or changes in this practice.

In the Facebook- Cambridge Analytica scandal, people’s personal information was harvested without their consent and was used to create “psychographic”[1] profiles that were then used as part of political manipulation in the Brexit vote, as well as the 2016 American Election.[2] More recently, Facebook was caught outsourcing the transcription of audio-chats that occurred in Facebook Messenger to contractors working as a third-party, thus exposing the private conversations of those Facebook users who had opted into the transcription service offered by Facebook.[3]

But the collection of data occurs in all aspects of daily life not just through social media. A statistician working for Target explained how the retailer kept tabs on its customers’ purchasing habits and tried to target (no pun intended) pregnant women based on their purchasing patterns.[4] This led to a father learning that his teenage daughter was pregnant after Target sent maternity flyers addressed to the teen. These instances highlight the lack of consumer awareness, truly informed consent, and control that people have over their own information. This is a huge issue as “data flakes off us like dead skin cells”[5] and in those moments corporations should not be profiting.

To address the issue of data exploitation, the European Union has implemented the General Data Protection Regulation (“Gٱʸ”)[6] that aims to protect a citizen’s privacy and increase the amount of control an individual has over their own data. The GDPR also addresses the transfer of EU citizens’ personal data outside of the EU in jurisdictions like Canada, that don’t have equivalent legislation already in place. Currently, the federal government has a measly two pieces of legislation governing Canadian’s privacy and personal data, the [7] and the (“Pʷٴ”).[8] The Privacy Act applies to federal institutions and is meant to govern “a person’s right to access and correct personal information that the [Canadian] Government […] holds about them” while PIPEDA oversees the private sector. However, neither of these provide resources to Canadians to educate themselves or protect their data. PIPEDA outlines “”[10] but these fail to provide avenues for consumers to seek recourse when their privacy has been violated, or ways of monitoring and protecting their privacy. Canadians might be protected by the patch-work privacy laws that provinces have enacted, or the set by some Canadian courts.[11] Canada lags in data protection and empowering people to control their data.

This becomes increasingly important in the discussion of autonomous vehicles which are an emerging area of data collection. Data will need to be collected to ensure the safe operation of these vehicles and to prevent security breaches that could be exploited by ill-meaning entities. to the advancement of autonomous vehicles, but it is unclear what data has been collected, and how this data has been collected.[12] Deployment of these vehicles doesn’t make clear how future data will be collected and used but could lead to the evisceration of privacy altogether, which could have devastating consequences. I believe that in order to successfully and safely integrate autonomous vehicles, rigorous data regulation must first be developed and well-established before the day that my future car drives me to my destination.

The Facebook-Cambridge Analytica scandal threatened democracy, and now the potential improper collection and management of data could threaten our physical safety in the form of autonomous vehicles. The type of successful data regulation I foresee ought to require the informed consent, control, and awareness of consumers that the data collection is occurring.[13] No longer should “Terms and Condition” pages or mandatory cookie tracking agreements be used to exploit the average internet user.

Written by Julianna Felendzer, Osgoode JD Candidate, enrolled in Professors D’Agostino and Vaver 2019/2020 IP & Technology Law Intensive Program at Osgoode Hall Law School. As part of the course requirements, students were asked to write a blog on a topic of their choice.

[1] Psychographic profiles rely on a consumer’s psychological characteristics to describe them, this encapsulates values, opinions, attitudes, interests, and lifestyles and can be used to personalize advertising. See William D. Wells, “Psychographics: A critical review” (1975) Journal of Marketing Research 12 at 196.

[2] Issie Lapowsky, “How Cambridge Analytica Sparked the Great Privacy Awakening”, WIRED (17 March 2019), online: <www.wired.com> [perma.cc/VL7T-FRE6].

[3] Sarah Jeong, “No, Facebook Is Not Secretly Listening to You”, New 91ɫ Times (20 August 2019), online: <www.nytimes.com> [perma.cc/8C9M-3E3F].

[4] Charles Duhigg, “How Companies Learn Your Secrets”, New 91ɫ Times (16 February 2012) online: <www.nytimes.com> [perma.cc/ENG8-D47Z].

[5] Charlie Warzel, “The High Stakes of Living Online”, New 91ɫ Times (6 August 2019), online: <www.nytimes.com> [perma.cc/JP7Q-D7KZ].

[6] EC, Commission Regulation (EC) 679/2016 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), [2016] OJ, L 119/1.

[7] Privacy Act, RSC 1985, c P-21.

[8] Personal Information Protection and Electronic Documents Act, SC 2000, c 5.

[9] Office of the Privacy Commissioner of Canada, “Summary of privacy laws in Canada”, online: <www.priv.gc.ca> [perma.cc/PC8J-XNJY].

[10] Office of the Privacy Commissioner of Canada, “PIPEDA fair information principles”, online: <www.priv.gc.ca> [perma.cc/5W8C-4ZYU].

[11] Douez v Facebook, Inc., 2017 SCC 33 [Douez].

[12] Magnolia Potter, “Big Data’s Role in Self-Driving Car Development” (5 April 2019), online: <www.insidebigdata.com> [perma.cc/CU5J-983F]. See also Bernard Marr, “BMW: Using Big Data And Artificial Intelligence To Create Autonomous Cars”, online: <www.bernardmarr.com> [perma.cc/Q62M-6BWA].

[13] Lucille Perreault, “Big Data and Privacy: Control and Awareness Aspects”(Paper delivered at the International Conference on Information Resources Management (CONF-IRM), Ottawa, 20 May 2015) [unpublished].

The post Who owns my privacy and why I don’t want people to know where I drive appeared first on IPOsgoode.

]]>