TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Canada Dashboard Digest | Notes from the IAPP Canada Managing Director, 1 March 2024 Related reading: Notes from the IAPP Canada Managing Director, 23 Feb. 2024

rss_feed

""

The first Personal Information Protection and Electronic Documents Act investigation report for 2024 was released 29 Feb. It's an important one with many ramifications. I'll try to give you my initial thoughts and some takeaways from one of the more meaningful decisions to come from the Office of the Privacy Commissioner.

The case is about revenge porn, but more specifically a platform that allows this type of abuse to proliferate and profit from it. The entity that was investigated was Aylo, the parent company to Pornhub. It appears to be the largest platform for sexually-based content in the world and it has strong connections to Canada, as it is primarily headquartered in Montreal.

Actually, that is one of the issues in this case. Is there a sufficient "real and substantial connection" to Canada? It was a preliminary issue the OPC concluded in the affirmative.

According to news reports the respondent organization disagreed and they actually tried to stop the OPC from completing and releasing its investigation report by way of protracted and secret litigation. This secret litigation seems to have ended on Thursday and the OPC was given the green light to release its report of findings.

I'll gripe about the secrecy of the litigation another time, but let's just say I think it was a mistake by the court to allow this to happen without the public knowing about it.

So, it would seem both the OPC and the court concluded there was a sufficient connection to Canada for PIPEDA to be applied.

In a nutshell, the case revolves around the fact that an ex-boyfriend posted intimate images of his girlfriend on the website where it was then easily shared with countless people and was even made available for download.

It's a case that started almost 10 years ago when the website had a pretty relaxed method of letting people upload content without any real process to verify the individuals whose images were being uploaded actually consented to it. They simply asked the uploader to attest they had everyone's consent. Considering the sensitivity of what people could upload, that failed to meet PIPEDA's standards.

Additionally, the lack of an adequate process to give people control over their images was raised. If you are a victim of this horrendous act, it seems to be extremely complex and difficult to get the videos taken down. In this particular case, the complainant was forced to hire a company to help her get all the images down from other sites to which it had been uploaded. The report of finding doesn't mention whether the website operator compensated her for this ordeal. One can only hope.

The OPC released the finding suggesting other organizations should take notice. I agree this is a big one with implications for many organizations — not just those involved in bringing pornography to the masses.

Please take the time to read the OPC's recommendations closely. We've had private-sector privacy laws for approximately a quarter century and we still find large, profitable organizations being extremely callous with the personal information that makes them millions.

I hope, at least, this case will garner the headlines needed to ensure our legislators take note and move forward to finally give meaningful protection to the most important and most valuable commodity out there: Our personal information.


Approved
CDPO, CDPO/BR, CDPO/FR, CIPM, CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT, LGPD
Credits: 1

Submit for CPEs

Comments

If you want to comment on this post, you need to login.