My friend and now coworker at our little firm, Constantine Karbaliotis, has written a short article this week which is summarized below. It is about how Facebook has taken a strange legal maneuver by going on the offensive in its battle with the Office of the Privacy Commissioner of Canada. Instead of raising its arguments in the current Personal Information Protection Electronic Documents Act application that was commenced by the OPC a little while back, Facebook has initiated its own application challenging the OPC’s investigation and report of findings.
Facebook has, in a way, framed arguments that the OPC failed to conduct its investigation with sufficient procedural fairness. Of course, the OPC is an ombudsman — not a regular administrative tribunal. The trade-off to not having fantastic enforcement powers was that the OPC was to be the master of how the investigation took place. That’s why the OPC, at the end of the investigation, was forced to bring a brand new (called de novo) application before the Federal Court to try and get a legally binding order. Essentially, what happened during the investigation might be informative to the court, but it is in no way binding. In fact, the court can downright ignore what the OPC did during its investigation, so it doesn’t really matter whether the traditional administrative tribunal procedural fairness standards were met. It’s up to both parties to make a brand new case before the court — which then determines if PIPEDA was breached.
So, in the end, I’m not sure how much is gained from the Facebook application but when you read it, it is definitely aggressive in its tone and sends the message that the social media giant is not going to be pushed around by the Canadian regulator. A far different position than the one it took in the United Kingdom and in the United States (where, if you’ll remember, Facebook agreed to a record-setting $5 billion fine).
Lastly, I think many of the issues raised by these court proceedings need the attention of those responsible for drafting our next generation of privacy laws. If we do go down the route where the regulator can order organizations and perhaps even levy fines, then a re-thinking of their role as ombudsperson has to occur. The days of secretive investigations where the parties do not know the full story will have to end and a much more robust tribunal-like regulator will need to be created.
If you want to comment on this post, you need to login.