TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Canada Dashboard Digest | Notes from the IAPP Canada Managing Director, May 4, 2018 Related reading: Privacy inspection tool finds ad trackers on sensitive nonprofit websites




There are some issues in privacy law that really can go either way. A while ago, one of those issues was the interpretation of the Personal Information Protection and Electronic Documents Act where the commissioner had to decide if making a nonconsensual disclosure pursuant to a subpoena or court order was to be interpreted as a Canadian subpoena or court order, or was it sufficient to be simply a valid subpoena or court order from any jurisdiction. There were good arguments to go either way. Hard call. In the end, the decision was made that organizations can make nonconsensual disclosures if required pursuant to a valid subpoena or court order. It does not need to be Canadian.

We are in the midst of another tough call for our regulators: the right to be forgotten. Clearly, there are tons of arguments that go both ways. We know, from reading the Office of the Privacy Commissioner of Canada's position paper on this, that Daniel Therrien is leaning toward a conclusion that looks much like the European position. Google will have to de-index upon valid requests.

Several privacy folks have come out in favor, and several have come out against. A relatively compelling blog out of Stanford this week comes out against. Never mind that it was written by a former Google lawyer; the author advocates that the right to free speech should not be regulated by a law like PIPEDA. She argues that “PIPEDA wasn’t designed for regulating public speech and information, and it lacks adequate doctrinal tools to do so. It has no equivalent of the robust Constitutional and tort law precedent defining the boundaries between speech and privacy rights.”

I think there are some compelling ideas here. But, at the same time, I flip the coin and see the other side. PIPEDA was designed to regulate how organizations disclose personal information. When a search engine reveals information about an identifiable individual, I think it’s pretty easy to conclude that a disclosure is being made.

So, in the end, I’m not so sure in the blog post’s conclusion that PIPEDA is inadequately equipped to deal with this issue. What do you think? I would love to hear your thoughts on how you would land if you were to decide on this issue. 


If you want to comment on this post, you need to login.