privacy rights Archives - IPOsgoode /osgoode/iposgoode/tag/privacy-rights/ An Authoritive Leader in IP Tue, 14 Feb 2023 17:00:00 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 “Smart Nation” Building in Singapore /osgoode/iposgoode/2023/02/14/smart-nation-building-in-singapore/ Tue, 14 Feb 2023 17:00:00 +0000 https://www.iposgoode.ca/?p=40562 The post “Smart Nation” Building in Singapore appeared first on IPOsgoode.

]]>

Henry Rhyu is a 1L JD Candidate at Osgoode Hall Law School. This article is a summary of the author’s dissertation written as part of his program requirement for his MSc in Criminology at the University of Oxford.


After decades of political instability and economic turmoil during the 20th century, Singapore has advanced into one of the wealthiest countries in the world. , Singapore is committed to becoming the world’s first Applying the the People’s Action Party (PAP) has been increasingly integrating AI and other cutting-edge technology into addressing the city-state’s concerns, prioritizing ” cited as a primary sector when implementing this strategy.

What are “Xavier” Surveillance Robots, and Do They Help Minimize Human Bias in Police Decision-Making?

AI-powered surveillance robots are at the forefront of Singapore’s commitment to enhancing the safety and security of the city-state. On September 5, 2021, the government released that they will deploy the “Xavier” police robots as part of a 3-week trial. Developed together by the HTX and the Agency for Science, Technology and Research alongside several other government agencies, these twin artificial intelligence (AI) robots were stationed at a at the heart of Singapore. The robots were programmed to detect “ that amount to minor infractions, such as improperly parking a bicycle or smoking in forbidden areas.

As they gather more data with every novel type of infraction they are confronted with, the Xaviers continue to. - such as location, date, and time -these robots identify areas that demonstrate a statistical likelihood of exhibiting undesirable activity.

One societal benefit of the robots is combatting potential future shortages of human police, as well as allowing existing officers to allocate their limited resources.

Other proposed benefits are more difficult to verify. often describes the deployment of the Xaviers as a helpful method of reducing human bias in police decision-making, but this remains to be seen., argues that while AI is adept at recognizing patterns of behaviours, it fundamentally cannot explain nor question the logic underlying why they generate certain decisions.

Indeed, debates surrounding the potential for racial profiling have lead to pushback against predictive policing technology in some western countries. , the European Parliament prohibited the use of AI-powered preventive justice tools because they could generate racially biased outcomes. indicate that Singaporean citizens express similar concerns. One Singaporean human rights activist even stated that the Xaviers reminded her of ,” citing the potential for this surveillance technology to encroach on citizens’ right to privacy and due process.

What are the Existing AI regulations?

Presently, Singapore has . Instead, in 2019, the Personal Data Protection Commission - the national government-mandated body for AI-related concerns - established the a developed on behalf of Singapore-affiliated organizations that make use of AI in their company’s decision-making processes. This ethics framework states that 1) the decision-making process of AI technology must be “explainable, transparent, and fair,” and 2) that AI-based solutions must ensure that promoting the well-being of society is their number one priority.

Conclusion + Policy Implications

allocated to AI research in Singapore, surveillance technology is expected to continue to become more sophisticated in the city-state. Whether the existing AI regulatory framework effectively in safeguards against various potential unethical manifestations and implications of predictive policing technologies is beyond the scope of this article. However, one thing is clear. Singapore should remain wary of arming surveillance robots. While the Xaviers are not programmed to apply force against citizens, armed robots exist in other countries. the Dallas Police Department famously used a police robot to detonate a bomb against a suspect. Singapore must therefore identify and carefully straddle the fine line between using cutting-edge surveillance technology to enhance national security as opposed to providing the police with unfettered powers that risk violating citizens’ right to privacy and due process.

The post “Smart Nation” Building in Singapore appeared first on IPOsgoode.

]]>
TO REQUIRE CONSENT OR TO NOT REQUIRE CONSENT? THAT WAS (AND COULD STILL BE) THE QUESTION /osgoode/iposgoode/2019/12/02/to-require-consent-or-to-not-require-consent-that-was-and-could-still-be-the-question/ Mon, 02 Dec 2019 17:41:20 +0000 https://www.iposgoode.ca/?p=34590 The post TO REQUIRE CONSENT OR TO NOT REQUIRE CONSENT? THAT WAS (AND COULD STILL BE) THE QUESTION appeared first on IPOsgoode.

]]>
On September 23, 2019 the Office of the Privacy Commissioner of Canada (“OPC”) .[1] ճ on the matter by posing 11 specific questions related to the current and future law of data transfers, but at the heart of the consultation was whether consent should be required when transferring personal information to a third party for processing in a different jurisdiction.[2] ճ during the consultation, some of which were on behalf of more than 90 stakeholders.[3] The majority of the submissions rejected the proposition that the Personal Information Protection and Electronic Documents Act (“PIPEDA”) required organizations to seek consent for transfers to third parties for processing, to that effect.[4] It was the OPC’s recent deviation from this interpretation in their April 2019 Report of Findings in the [5] (the “Equifax Decision”) that received widespread [6] and sparked the consultation in the first place.

In April 2019 , the OPC’s conclusion following an investigation into Equifax Canada’s transfer of consumer financial information to Equifax Inc. (an entity in the United States) for processing.[7] In their report, the OPC found that Equifax Canada should have sought express consent from customers when transferring personal information to a third party in a foreign jurisdiction for processing, as this constituted a “disclosure” within the meaning of Principle 4.1.3 of PIPEDA. This finding directly contradicted the (the “Guidelines”), which distinguished a “transfer” or “use” from a “disclosure” and only required appropriate notice to consumers informing them that their personal information was being processed in a foreign jurisdiction (provided that the transferring organization took reasonable steps to provide a comparable level of data protection while in the hands of foreign entities through contractual terms and the transfer was for the purpose for which the information was initially collected).[8] Given the departure from the OPC’s previous findings on similar matters and its commitment in writing to such an interpretation in their Guidelines, the OPC launched a consultation soliciting stakeholder feedback on the change in their position.

Based on the responses received in the course of the consultation, the OPC concluded that their Guidelines and interpretation of Principle 4.1.3 will remain unchanged under PIPEDA as it currently stands. In coming to their conclusion, the OPC recognized the business challenges that a consent requirement would impose and conceded that they would “”.[9] In their conclusion, the OPC also recognized the reality that implementation of their new position likely would not be applied in practice for many years, at which point amended legislation on the matter may already be in place.

Throughout the consultation process, the to the impending statutory reform of PIPEDA,[10] which serves as a reminder that OPC decisions and are, in fact, not binding at law.[11] While businesses, the legal community and industry groups may have been pleased with the OPC’s immediate conclusion following the consultation, the relief could be short lived depending on what statutory amendments will be made to PIPEDA in the coming years. Innovation, Science and Economic Development Canada’s recently published , Strengthening Privacy in the Digital Age, which outlines four areas of reform and includes enhancing individuals’ control, making specific reference to accountability as it relates to trans-border data flows for processing.[12] Thus, the real value of the OPC’s consultation may be realized in how they will use the information and insight obtained to advise Parliament on how legislative amendments to PIPEDA should deal with the issue of data transfers for processing purposes. The OPC stated it will now focus its efforts on “”.[13] The OPC’s ;[14] it remains to be seen whether the OPC will take into consideration the business and practical implications raised by stakeholders throughout the consultation process when determining what constitutes “best” protection for Canadians and making recommendations to Parliament. To require consent or to not require consent? That is still the question, but now it’s Parliament’s turn to answer.

Written by Madison Black, Osgoode JD Candidate, enrolled in Professors D’Agostino and Vaver 2019/2020 IP & Technology Law Intensive Program at Osgoode Hall Law School. As part of the course requirements, students were asked to write a blog on a topic of their choice.

[1] Office of the Privacy Commissioner of Canada, Announcement, “Commissioner Concludes Consultation on Transfers for Processing” (23 September 2019), online: <https://www.priv.gc.ca/en/opc-news/news-and-announcements/2019/an_190923/>.

[2] Canada, Office of the Privacy Commissioner of Canada, “Consultation on Transfers for Processing – Reframed Discussion Document”, Consultation (Ottawa: Office of the Privacy Commissioner of Canada, 2019), online: <https://www.priv.gc.ca/en/about-the-opc/what-we-do/consultations/consultation-on-transfers-for-processing/>

[3] Osler, Hoskin & Harcourt LLP, “OPC Consultations on Transborder Dataflows”, Submission to the OPC, (6 August 2019), online: < https://www.accessprivacy.com/AccessPrivacy/media/AccessPrivacy/Content/news/AccessPrivacy-Submission-to-OPC-re-Transfers-for-Processing.pdf>.

[4] Canada, Office of the Privacy Commissioner of Canada, “Processing Personal Data Across Borders Guidelines” (Ottawa: Office of the Privacy Commissioner of Canada, January 2019) online: < https://www.priv.gc.ca/en/privacy-topics/airports-and-borders/gl_dab_090127/>.

[5] Canada, Office of the Privacy Commissioner of Canada, Investigation into Equifax Inc. and Equifax Canada Co.’s Compliance with PIPEDA in Light of the 2019 Breach of Personal Information (9 April 2019), PIPEDA Report of Findings #2019-001, online: <https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2019/pipeda-2019-001/>.

[6] Molly Reynolds and Shalom Cumbo-Steinmetsz, “What the OPC’s Decision in Equifax Means for Cross-border Data Transfers and Outsourcing” (11 April 2019), Torys LLP, online <https://www.torys.com/insights/publications/2019/04/what-the-opcs-decision-in-equifax-means-for-cross-border-data-transfers-and-outsourcing>; Lisa R. Lifshits, “The Many Lessons of the Equifax Data Breach” (15 April 2019), Torkin Manes, online: <https://www.torkinmanes.com/our-resources/publications-presentations/publication/the-many-lessons-of-the-equifax-data-breach>; Bernice Karm, “Privacy Commissioner Reverses Course – Consent Required for Personal Information Processing” (16 April 2019), Bassels Brock and Blackwell LLP, online: <https://mobile.casselsbrock.com/Issue/Privacy_Commissioner_Reverses_Course___Consent_Required_for_Personal_Information_Processing>; Monique McAlister, Peter Rudy and Niki Kermani, “Privacy Commissioner Reverses Its Position on Cross-Border Transfers of Personal Information” (15 April 2019), Goodmans LLP Update, online: < http://www.goodmans.ca/files/file/docs/04.15.2019%20-%20Privacy%20and%20Litigation%20Update.pdf>; Barry Sookman, “OPC Consultation on Trans-border Data Flows: My Submission to the Consultation” (6 August 2019), Barry Sookman, online: <https://www.barrysookman.com/2019/08/06/opc-consultation-on-trans-border-data-flows-my-submission/>.

[7] Supra note 5.

[8] Supra note 4.

[9] Supra note 1.

[10] Canada, Innovation Science and Economic Development Canada, Strengthening Privacy for the Digital Age (May 2019), online: <https://www.ic.gc.ca/eic/site/062.nsf/eng/h_00107.html>.

[11] Canada, Office of the Privacy Commissioner of Canada, PIPEDA Interpretation Bulletins (30 January 2017), online: <https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/pipeda-interpretation-bulletins/>.

[12] Supra note 10.

[13] Supra note 1.

[14] Canada, Office of the Privacy Commissioner of Canada, How the OPC Protects and Promotes Privacy (10 November 2016), online: <https://www.priv.gc.ca/en/about-the-opc/what-we-do/mm/>.

The post TO REQUIRE CONSENT OR TO NOT REQUIRE CONSENT? THAT WAS (AND COULD STILL BE) THE QUESTION appeared first on IPOsgoode.

]]>
Facebook and Whatsapp Fined for Breaching EU Law and Deceiving Consumers /osgoode/iposgoode/2017/06/02/facebook-and-whatsapp-fined-for-breaching-eu-law-and-deceiving-consumers/ Fri, 02 Jun 2017 17:53:12 +0000 http://www.iposgoode.ca/?p=30673 The re-posting of this comment is part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media in a Comparative Perspective. On 18 May 2017, the European Commission fined €110 million Facebook for providing misleading information during the 2014 takeover of WhatsApp in case COMP/M.7217. Calling it a “proportionate and deterrent fine”, the […]

The post Facebook and Whatsapp Fined for Breaching EU Law and Deceiving Consumers appeared first on IPOsgoode.

]]>
The re-posting of this is part of a cross-posting collaboration with : Law and Policy of the Media in a Comparative Perspective.

On 18 May 2017, the European Commission fined €110 million Facebook for providing misleading information during the 2014 takeover of WhatsApp in case . Calling it a “proportionate and deterrent fine”, the Commission established that Facebook infringed the procedural obligations laid down by the EU Merger Regulation.

Most notably, this decision follows the 2016 WhatsApp terms of service and privacy update, which included the automatic linking of WhatsApp users’ data with Facebook users’ identities for advertising and marketing purposes. When Facebook notified the acquisition of WhatsApp to the Commission in 2014 under the EU Merger Regulation, which requires undertakings to provide correct information to allow a timely and effective review of the merger process, it ensured an automated matching between Facebook and WhatsApp users could not be established.

However, the Commission’s scrutiny revealed that the technical possibility of matching users’ profiles between the two platforms, which was made effective in 2016 after the terms of use update, already existed in 2014 but had not been communicated to the Commission at the time of the merger.

Although it could impose a fine of up to 1% of the company’s aggregated turnover (it could have amounted to more than €250 million), the European Commission’s assessment was mitigated by Facebook’s cooperation during the investigation proceedings, where the company acknowledged its infringement and convinced the authority to reduce the amount of the penalty. The EU’s competition watchdog concluded that Facebook negligently provided incorrect information, but the gravity of these infringements would not affect the Commission’s clearance decision regarding the WhatsApp acquisition of 2014.

The 2016 WhatsApp terms of use update has also drawn the attention of the Italian Competition Authority (ICA), which on 11 May 2017 has imposed a penalty of €3 million on WhatsApp for infringing consumers’ rights (see ICA decision ).

First, the company was fined for undermining Article 20 of the Italian Consumer Code, most notably for infringing the ban on unfair business practices. According to the ICA, WhatsApp led users to believe they could use WhatsApp Messenger only if they accepted in full the new terms of use, including the provision of sharing users’ data with its parent company Facebook.

However, those who were already users at the time of the update could partially accept the new terms of use and still be able to use the application, but – according to the ICA – the existence of such an option had not been sufficiently represented.

On 11 May 2017, the ICA concluded a second investigation concerning the unfair nature of some contractual clauses of the WhatsApp terms of use, which were assessed as illicit since they caused a significant imbalance into consumers’ rights and obligations arising from the contract in breach of Article 33 of the Italian Consumers Code (see ICA decision ).

These clauses included inter alia a general limitation of WhatsApp liability, as well as the possibility for the company to unilaterally interrupt the service without notice, the right to introduce changes of economic nature to the terms of use without reason and the application of the Law of California.

WhatsApp has now 60 days for filing an appeal against the two ICA decisions before the Administrative Court of Lazio.

 

The post Facebook and Whatsapp Fined for Breaching EU Law and Deceiving Consumers appeared first on IPOsgoode.

]]>
Facebook and Online Privacy: A game of cat and mouse /osgoode/iposgoode/2009/10/05/facebook-and-online-privacy-a-game-of-cat-and-mouse/ Mon, 05 Oct 2009 10:29:52 +0000 http://www.iposgoode.ca/?p=6038 Virgil Cojocaru is a JD candidate at Osgoode Hall Law School. You are shopping online, surfing on Blockbuster. The next day one of your friends on Facebook messages you, “hey Dave, nice choice in movies!” What has just happened here? Some might argue this is just amicable banter between close friends. Others might quickly point […]

The post Facebook and Online Privacy: A game of cat and mouse appeared first on IPOsgoode.

]]>
Virgil Cojocaru is a JD candidate at Osgoode Hall Law School.

You are shopping online, surfing on Blockbuster. The next day one of your friends on Facebook messages you, “hey Dave, nice choice in movies!” What has just happened here? Some might argue this is just amicable banter between close friends. Others might quickly point out that . Whatever the case might be, it is reasonable to say that Dave’s online privacy has been breached. Keep in mind that Dave to see his online purchases.

This is the meat behind the Facebook Beacon class action filed in California. Facebook tried to save this system by implementing an opt-in setup, where a user had to allow friends to see his/her online shopping activities. This stood in stark contrast to Beacon's initial setup, where the system activated automatically not prompting a user for an opt-in. Beacondid notsurvive, as following the well deserved ire of its online community.

What does this case mean for the countless denizens (myself included) using the Internet and various social networks? Privacy on the Net is a thin veil, perhaps even an illusion. Unless it is actively defended, it will be overstepped for whatever reason, be it increased sales, as in the case of Facebook’s Beacon, or the enforcement ofintellectual property rights.

. During the summer months, the Office of the Privacy Commissioner of Canada (“Office”) has made it clear that Facebook did not meet Canada’s privacy laws, including principle 4.3 and subsection 5(3) of the federal . These cover such as disclosure of user information to third parties, such as developers, indefinite retention of information, such as emails of invited individuals, and deactivated user accounts.

On September 9, . Over the next year, it will implement measures that would mitigate privacy violations to third party developers by requiring the permission of users before disclosing any personal information. Deactivated accounts can now also be deleted permanently, instead of being maintained indefinitely; user information such as emails of invited persons who never signed up will be deleted.

At first glance, it looks like Facebook has stepped up to the plate. However, closer investigation reveals some inconsistencies. Facebook does not charge money for use, yet it is valued between . This is because it has access to a copious amount of personal information, which can be put to use for commercial gain.

Even though Facebook Beacon has been taken offline, the social service has become much more sophisticated at using personal information. It is no longer about getting your friends to buy what you got; it is now about information management, processing, and predicting future consumer trends. This is available to whoever is able to pay.

One such application is the surveys conducted on Facebook. This information is collected by third party ‘developers’ who can use it in market studies to predict consumer trends. To get around recent commitments in Canada and other jurisdictions, these surveys are anonymous and purely voluntary. Perhaps by coincidence, this gets around the requirement of ‘developer’ third parties requiring permission from users before disclosing personal information (made earlier). If the survey process is anonymous, there is no personal information.

Still, how can a survey be anonymous when you opt in while logged in to your personal account? This becomes even more problematic, because Facebook likely provides the platform that collects and analyzes the results for the third party once the user has agreed to participate. Based on this set up it is always possible to connect the name and personal information of the user with his/her survey.

In the end, it is simply a question of trust.

On a broader scale, privacy concerns arise in the enforcement of intellectual property rights on the Net. Bell's throttling is one example that has raised privacy concerns due to the . On the other hand, throttling P2P applications might serve the rationale of at least slowing down illegal downloads that infringe copyright. It is important to note, that here too, it is a question of trust.

The post Facebook and Online Privacy: A game of cat and mouse appeared first on IPOsgoode.

]]>