Teresa Scassa - Blog

Displaying items by tag: open government

The rise of big data analytics, combined with a movement at all levels of government in Canada towards open data and the proactive disclosure of government information have created a context in which privacy interests are increasingly likely to conflict with the goals of transparency and accountability. In some cases these conflicts may be small and easily reconciled, but in other cases they may be more substantial. In addition, some means of reconciling the conflict must be found; where privacy and transparency conflict, for example, which value should prevail and under what conditions?

Conflicts between transparency and privacy have been seen recently in, for example, concerns expressed over the amount of personal information that might be found in court and tribunal decisions that are published online. Sunshine lists – lists of salaries of public employees that are over a certain amount – also raise issues. Provinces that publish such lists have tended to do so using file formats that do not lend themselves to easy digital manipulation. But of course these modest technological barriers are routinely overcome, and individual name and salary information is absorbed into the big data universe for purposes quite distinct from meeting a government’s transparency objectives. Open municipal data files may include information about specific individuals: for example, a database of all home renovation permit applications would have privacy implications for those individuals who applied for such permits. Even with names were redacted, it is easy enough to identify the owners of any homes for which renovation permits were obtained. In some cases, the level of connection may be less direct. For example, a public restaurant inspection record that cited kitchen staff at a small local restaurant for failure to wash their hands on a specific inspection date might indirectly reveal the identity of the persons who did not wash their hands, particularly if the staff of the restaurant is quite small. And, of course, in the big data context, even anonymized data, or data that is not personal information on its face, can be matched with other available data to identify specific individuals.

The point is not that the disclosure of such information must be avoided at all costs – rather, the issue is how to determine where to draw the line between privacy and transparency, and what steps might be taken to protect privacy while still ensuring transparency. No new legislative framework has been created to specifically guide the move towards open government in Canada, notwithstanding the fact that government data is fuel for the engines of big data.

In a paper that has just been published by the Alberta Law Review, my co-author Amy Conroy and I explore these issues, using a recent Supreme Court of Canada decision as a departure point for our analysis. Although the Court’s decision in Ministry of Community Safety and Correctional Services v Information and Privacy Commissioner (Ontario) (Ministry of Community Safety) does not specifically address either open data or proactive disclosure, the case nevertheless offers important insights into the gaps in both legislation and case law in this area.

In our paper we consider the challenges inherent in the release of government data and information either through pro-active disclosure or as open data. A key factor in striking the balance between transparency and privacy is the definition of personal information – information that is not personal information has no privacy implications. Another factor is, of course, the meaning given to the concept of transparency. Our paper considers how courts and adjudicators understand transparency in the face of competing claims to privacy. We challenge the simple equation of the release of information with transparency and argue that the coincidence of open government with big data requires new approaches that are informed by the developing relationship between privacy and transparency.

“Promoting Transparency While Protecting Privacy in Open Government in Canada” by Amy Conroy and Teresa Scassa is published in (2015) 53:1 Alberta Law Review 175-206. A pre-print version is available here.

Published in Privacy

A recent (though not yet in force) amendment to Canada’s Trade-marks Act will permit an unprecedented purging of trademark records in Canada. This destruction of records should be understood within the disturbing context described in a recent Maclean’s article by Anne Kingston, titled “Vanishing Canada: Why We’re All Losers in Canada’s War on Data”.

The new section 29.1 is aptly titled “Destruction of Records”. It provides that, notwithstanding the Registrar’s duty to maintain trademark data and documentation for public view, the Registrar may still destroy a broad range of documents. These can include applications for trademarks that are refused or abandoned, documents relating to trademarks that have been expunged, documents relating to any request for public notice to be given of an official mark that has been abandoned, refused or invalidated, and documents relating to objections to geographical indications that are removed from the list of geographical indications. All of these documents may be destroyed 6 years after the final action on the file.

Since 1997, the Registrar has been maintaining an electronic register of trademarks. This register is publicly accessible and searchable. However, it does not provide electronic access to the underlying documentation relating to the registrations. This information has nonetheless been available for public consultation, and is also available through access to information requests. While it is now possible to file trademark applications online, thus replacing paper with digital documents, this option has not always been available and there is still a great deal of paper floating about. All this paper obviously takes up a significant amount of space. How should the problem be addressed? One option is to begin the process of digitization; paper records can be destroyed once digital copies are made. Digital copies would also allow for a vastly improved level of access. Another option is to just chuck it all out. It is this latter option, cheap and easy, that will be implemented by the new section 29.1 of the Trade-marks Act.

Of what use are the records at issue? Trademark lawyers have argued that information about past trademark applications – including those refused by the Registrar – is often used in trademark opposition proceedings and in litigation. The International Trademark Association (INTA) opposed section 29.1 in a written submission to the Parliamentary Committee that studied the Bill that introduced this provision. INTA stated that “the downside risk of losing public access to these documents outweighs the hardships to the Canadian Intellectual Property Office associated with maintaining those records.” INTA also noted that the Canadian approach was out of line with that in the United States and in Europe. INTA argued that the destruction of paper records should only take place after electronic copies have been made. The United States, for example, has created a searchable online resource to provide access to all of its records relating to all trademark applications, registered trademarks, Madrid Protocol applications and international registrations.

In addition to the relevance of this information to trademark practitioners, the soon to be destroyed information has research value as well. Canadian trademark law is a relatively under-researched area of Canadian intellectual property law. It would be a great shame if large volumes of data disappear just as research in this area begins to mature and expand.

What might a researcher distill from these records? Here’s one example. Official marks have long been criticized for giving “public authorities” an almost unlimited power to carve out trademark space for themselves without any of the usual checks and balances put in place to manage trademark monopolies in the public interest. Many official marks for which public notice has been given by the Registrar have later been invalidated by the courts either on the basis that the “public authority” seeking public notice was not really a public authority or on the basis that they had not actually adopted or used the mark in question. Once s. 29.1 takes effect, the paper records relating to official marks that have been invalidated will disappear after 6 years. The Registrar has become more rigorous in her examination of requests for official marks (within the limits of a law totally lacking in rigour in this respect). Because there is no application process for official marks, all that appears in the register of trademark is the actual public notice in successful cases. Records relating to failed requests for public notice will soon be subject to destruction after 6 years. This means that this information will disappear entirely and without a trace. What public authorities have sought official marks that have been refused? What was the basis for the refusal to give public notice? What entities claiming to be public authorities have attempted to get trademark protection through this avenue? What might the answers to these questions tell us about a regime that is badly in need of reform? The answers to these questions will become unknowable once s. 29.1 takes effect and the wholesale destruction of records begins.

Digitization of records is expensive, time-consuming and labour intensive. But if paper records are destroyed before digitization takes place there is simply no way to recreate the information. It is lost forever. I have given only a few examples of the potential relevance of the information that is set to be destroyed once s. 29.1 comes into force. Let’s hope it never does. The concepts of open government and open data are only meaningful if there is something left to see once the doors are opened.

Published in Trademarks

The Privacy Commissioner of Canada has issued his findings in relation to the investigation of multiple complaints by Canadians regarding the collection, use and disclosure of their personal information by a company based in Romania. The company, Globe24h operates a website which it describes as a “global database of public records”. This global database contains a substantial number of decisions from Canadian courts and administrative tribunals. Some of this content was acquired by scraping court or tribunal websites, or websites such as CanLII. (I wrote about this situation earlier here.)

The problem, from a privacy point of view is that many court and tribunal decisions contain a great deal of personal information. For example, a decision from a divorce case might provide considerable detail about personal assets. Immigration or refugee determination hearings similarly might reveal sensitive personal information. As Commissioner Therrien noted in his findings, the “highly detailed, highly sensitive personal information” found in the decisions that were the focus of the complaints in this case “could have negative reputation impacts (including financial information, health information, and information about children)” (at para 27). Globe24h offers a fee-based service for removal of personal information. A number of the complainants in this case had paid up to 200 euros to have their information removed from decisions in the database.

The Romanian company responded to the investigation by arguing that the Office of the Privacy Commissioner of Canada had no jurisdiction over its activities; and that if it did, Canada’s Personal Information Protection and Electronic Documents Act did not apply because it was engaged in journalistic activities. Alternatively, they argued that they were making use of publicly available information, for which consent is not required under PIPEDA. In this admittedly long blog post, I look at a number of different issues raised in the Commissioner’s findings. You can jump ahead if you like to: Open courts principle and privacy; Extended territorial jurisdiction; Journalism exception; Publicly available personal information; or Crown copyright – the unspoken issue.

 

Open courts principle and privacy

The open courts principle – which provides transparency for the justice system in Canada – dictates that decision-makers provide reasons for their decisions and that these decisions be publicly accessible. In the old days, decisions were published in law reports or made available for consultation at court offices. Either way, anyone interested in a particular case had to make some effort to track it down. Decisions were indexed according to subject matter, but were not easily searchable by individual names. The capacity to make court decisions publicly available on the Internet has dramatically increased the ability of the public to access court decisions (and, given the high cost of legal services and the growing number of self-represented litigants, it is not a moment too soon). However, public availability of court decisions on the Internet can raise significant privacy issues for individuals involved in litigation. There is a big difference between accepting that a court decision in one’s case will be published in the interests of transparency and having one’s personal information sucked up and spit out by search engines as part of search results unrelated to the administration of justice.

The main response to this problem to date (from the Canadian Judicial Council’s 2005 Model Policy for Access to Court Records) has been for courts to require the use of technological measures on court websites (and on websites such as CanLII) to prevent search engines from indexing the full text of court decisions. This means that those searching online using a particular individual’s name would not find personal details from court proceedings caught up in the search results. However, these licence terms are only imposed on entities such as CanLII. The general copyright licences on court websites place no such restrictions on the reproduction and use of court decisions. Of course, placing restrictions on the searchability/usability of published decisions can also be a barrier to their innovative reuse. A better approach – or at least a complementary one – might be to be more restrained in the sharing of personal information in published decisions. This latter approach is one recommended by the Office of the Privacy Commissioner of Canada for administrative tribunals. It is unevenly adopted by courts and tribunals in Canada.

While the open courts principle and how Canadian courts and tribunals implement it are relevant to the problem in this case, the Commissioner’s decision does not address these issues. The complaints focussed on the activities of the Romanian company and not on how courts and tribunals manage personal information. Nevertheless, this issue is, to a large extent, at the heart of the problem in this case.

Extended territorial jurisdiction

Under basic international law principles, countries cannot apply their laws outside of their own borders. So how could Canadian law apply to a Romanian company’s activities? The answer lies in what some co-authors of mine and I call extended territorial jurisdiction. This arises where activities outside a country’s borders are nonetheless closely connected to that country. After receiving over 20 complaints from Canadians regarding the hosting of their personal information on the Globe24h website, the Privacy Commissioner chose to apply Canada’s PIPEDA to the Romanian company. He did so on the basis that the company was collecting, using and disclosing personal information in the course of commercial activities (key triggers for PIPEDA’s application) and that its activities had a “real and substantial connection” to Canada. This connection was found in the fact that the company chose to include Canadian court and tribunal decisions in its database; that it sourced this material from websites located in Canada; that it accepted requests from Canadians to remove their personal information from its databases; and that it charged Canadians a fee to perform this service. While the company would be subject to Romanian data protection law in general, the Commissioner did not see this as an impediment to applying Canadian law in the specific circumstances. He noted that “It is commonplace in today’s global environment that organizations with an online presence may be subject to data protection laws in multiple jurisdictions depending on the nature of their activities.” (at para 100)

This approach is consistent with that taken by the Office of the Privacy Commissioner of Canada since the Federal Court handed down its decision on this point in Lawson v. Accusearch Inc. Of course, taking jurisdiction over a party in another country and being able to enforce outcomes in accordance with Canadian law are separate matters. In any event, the Privacy Commissioner is relatively toothless even within Canada; in the case of offshore companies any positive results depend largely upon a respondent’s willingness to cooperate with investigations and to change their practices with some gentle nudging. In this case, there seems to be a change of practice on the part of Globe24h, although the extent and durability of this change remain to be seen.

Journalism exception

I have previously written about the rather broad and open-ended exception to the application of PIPEDA to the collection, use or disclosure of personal information for “journalistic purposes”. Journalism is capable of a fairly broad interpretation, and in an era of disintermediated information and commentary, a broad approach to this exception is warranted. This may be even more so the case given the Supreme Court of Canada’s recent admonition that privacy laws must be balanced with the freedom of expression. However, an overly broad approach could exclude large swaths of activity from the scope of PIPEDA.

In this case, Globe24h argued that by providing a database of legal information it was entitled to benefit from the journalistic purposes exception. The Commissioner adopted a definition of “journalism” put forward by the Canadian Association of Journalism (CAJ). According to this definition journalism is an activity that has as its goal the communication of information, in a format that has “an element of original production” and that “provides clear evidence of a self-conscious discipline calculated to provide an accurate and fair description of facts, opinion and debate at play within a situation.” (at para 52). The definition is interesting, but it may be under inclusive when it comes to balancing freedom of expression and privacy. This remains an open question. Using this definition, the Commissioner found that the database of public records compiled by Globe24h was not journalism. In particular, he was of the view that the purpose of the database was to generate revenue from different means, including charging individuals who wish to have their personal information removed. He also found that the database did not embody the “original production” required in the CAJ’s definition, and concluded that “Globe24h is republishing information already available online through Canadian court and tribunal websites in a manner that enables the information to be located by search engines, which would not otherwise be possible, so as to profit from individuals’ desire to have this practice stop.” (at para 66).

While there may be an argument that this website does not serve journalistic purposes, the analysis here relies heavily upon the Commissioner’s conclusion that the site’s primary motivation is to derive revenue from individuals who are concerned about their privacy. It is not clear whether, without that element, he would have found that the journalism exception applied. The importance of this poorly worded exception – and the potential of narrow interpretations to conflict with the freedom of expression – leaves one wishing for clearer guidance.

Publicly available personal information

Globe24h also argued that it made use of publicly available personal information. PIPEDA expressly permits the collection, use and disclosure of such information without consent so long as it is used for the purposes for which it was collected and made publicly available. According to the Commissioner, the purpose for which the court decisions were made publicly available was “to promote transparency in the judicial system” (at para 93). He also went on to state that “the purpose for publishing court findings online does not include the association of such findings with individuals’ names in online search results.” (at para 92). The point here, I think, is that the search engine indexing shifts uses of this information away from transparency and towards data mining or snooping; the latter are not consistent with the purposes for which the information was made publicly available.

However, it should be noted that in this case, the assessment of purpose drifts into how the information might be accessed or manipulated by third parties –not by the respondent. This is rather tricky territory. It is a kind of secondary liability in the data protection context: court decisions are made publicly available to anyone around the world; the respondent creates a database that aggregates court decisions from multiple jurisdictions and makes them available. In doing so it enhances the searchability of the decisions by freeing them from technological restrictions. Has it done anything to take it outside the exception? Is the possibility that this new searchability might lead to improper uses of the information by others enough to find that the use does not fall within the exception? My point here is that the problem of excessive personal information in published court decisions seems to be pushed onto those who publish this information (and who thus facilitate the open courts principle), rather than resting with the courts who perhaps should be more careful in deciding what personal information is required to serve the open courts principle and what information is not.

Crown copyright – the unspoken issue

In Canada, court and tribunal decisions are covered by Crown copyright. This lies behind the courts’ ability to dictate licence terms to those who publish these decisions. Recent amendments to the Copyright Act also make it an infringement to circumvent technological protection measures on copyright protected works. Had the Romanian website been publishing court decisions in contravention of the user licence provided by court websites or circumventing court-mandated technological protection measures that blocked the indexing of the court decisions by search engines, then the courts themselves might have sought takedown of these materials or insisted upon compliance with their licence terms. These terms, however, do not appear in the licence for federal court decisions, for decisions of Ontario superior courts, or for decisions of the BC Supreme Court – and this is just a sample. Whether courts should use copyright restrictions to protect privacy values is an interesting question, particularly in an era of increasingly open government. Whether it is realistic or feasible to do so is another good question – if it is not then the privacy issues must be addressed at source. In any event, it may be time for the CJC to revisit its digitally archaic 2005 policy.

The individuals affected by Globe24h turned to the Privacy Commissioner for help when they experienced privacy invasions as a result of the company’s activities. They found a sympathetic ear, and the Commissioner may have achieved some results for them. One can ask, though, where the courts and tribunals have been in all of this. As noted earlier, they should take the lead in addressing privacy issues in their decisions. In addition, while Crown copyright may be an anachronism with the potential to limit free speech, as long as the government clings to it in the face of calls for reform it might consider using it on occasion in circumstances such as these, where inadequate measures designed to protect privacy have failed Canadians and something more is required.

 

Published in Privacy
Tuesday, 26 May 2015 07:05

Open Data Current Events

It’s a busy week for Open Government and Open Data in Ottawa. All week long conferences and workshops are taking place in the capital around the theme of open government. Yesterday’s Open Data Summit, hosted by organized by Open North, drew a good-sized audience of developers, public servants and academics from Canada and elsewhere. Later this week, the 3rd international Open Data Conference will unfold. There is also an open data Unconference on May 26.

The meetings are creating a buzz around open data – a practice that is spreading through all three levels of government in Canada. The Canadian government and provincial leaders such as Alberta and British Columbia have open data portals where government data sets are made available in machine readable formats for reuse by anyone under an open licence containing very few restrictions. Many municipalities, including Vancouver, Ottawa and Toronto have also embraced open data. The City of Edmonton, a leader in this area was given an open data award at the Open Data Summit.

Other recent developments of note relating to open data include the call for comments by the Ontario Government on its new plan for Open Data by Default. The draft document is made available to the public on Google docs. Anyone can visit and leave their comments or can view the many comments of those who have already visited the document. The document also contains, in an appendix, the open licence which the Ontario government will use in relation to its data. The licence is based upon the open government licence developed by the federal government.

Also of note is the rather low-profile launch by the federal government of the ODX. The creation of this open data incubator organization is part of the government’s Action Plan on Open Data, and funding to launch this institute was announced last week.

Meanwhile, the Geothink research team of which I am a part (funded by a Partnership Grant from the Social Sciences and Humanities Research Council of Canada) continues its work on open-data related research. Ongoing projects relate to open data standards, liability issues, privacy, intellectual property, civic participation, and much, much more. Several Geothinkers are attending and participating in this week’s Ottawa events.

Canada’s Access to Information Act is outdated and inadequate – and has been that way for a long time. Information Commissioners over the years have called for its amendment and reform, but generally with little success. The current Information Commissioner, Suzanne Legault has seized the opportunity of Canada’s very public embrace of Open Government to table in Parliament a comprehensive series of recommendations for the modernization of the legislation.

The lengthy and well-documented report makes a total of 85 recommendations. This will only seem like a lot to those unfamiliar with the decrepit statute. Taken as a whole, the recommendations would transform the legislation into a modern statute based on international best practices and adapted both to the information age and to the global movement for greater government transparency and accountability.

The recommendations are grouped according to 8 broad themes. The first relates to extending the coverage of the Act to certain institutions and entities that are not currently subject to the legislation. These include the Prime Minister’s Office, offices of Ministers, the bodies that support Parliament (including the Board of Internal Economy, the Library of Parliament, and the Senate Ethics Commissioner), and the bodies that support the operations of the courts (including the Registry of the Supreme Court, the Courts Administration Service and the Canadian Judicial Council). A second category of recommendations relates to the need to bolster the right of access itself. Noting that the use of some technologies, such as instant messaging, may lead to the disappearance of any records of how and why certain decisions are made, the Commissioner recommends instituting a legal duty to document. She also recommends adding a duty to report any unauthorized loss or destruction of information. Under the current legislation, there are nationality-based restrictions on who may request access to information in the hands of the Canadian government. This doesn’t mean that non-Canadians cannot get access – they currently simply have to do it through a Canadian-based agent. Commissioner Legault sensibly recommends that the restrictions be removed. She also recommends the removal of all fees related to access requests.

The format in which information is released has also been a sore point for many of those requesting information. In a digital age, receiving information in reusable digital formats means that it can be quickly searched, analyzed, processed and reused. This can be important, for example, if a large volume of data is sought in order to analyze and discuss it, and perhaps even to convert it into tables, graphs, maps or other visual aids in order to inform a broader public. The Commissioner recommends that institutions be required to provide information to those requesting it “in an open, reusable, and accessible format by default”. Derogation from this rule would only be in exceptional circumstances.

Persistent and significant delays in the release of requested information have also plagued the system at the federal level, with some considering these delays to be a form of deliberate obstruction. The Report includes 10 recommendations to address timeliness. The Commissioner has also set out 32 recommendations designed to maximize disclosure, largely by reworking the current spider’s web of exclusions and exemptions. The goal in some cases is to replace outright exclusions with more discretionary exemptions; in other cases, it is to replace exemptions scattered across other statutes with those in the statute and under the oversight of the Information Commissioner. In some cases, the Commissioner recommends reworking current exemptions so as to maximize disclosure.

Oversight has also been a recurring problem at the federal level. Currently, the Commissioner operates on an ombuds model – she can review complaints regarding refusals to grant access, in adequate responses, lack of timeliness, excessive fees, and so on. However, she can only make recommendations, and has no order-making powers. She recommends that Canada move to an order-making model, giving the Information Commissioner expanded powers to oversee compliance with the legal obligations set out in the legislation. She also recommends new audit powers for the Commissioner, as well as requirements that government institutions consult on proposed legislation that might affect access to information, and submit access to information impact assessments where changes to programs or activities might affect access to information. In addition, Commissioner Legault recommends that the Commissioner be given the authority to carry out education activities aimed at the public and to conduct or fund research.

Along with the order-making powers, the Commissioner is also seeking more significant consequences for failures to comply with the legislation. Penalties would attach to obstruction of access requests, the destruction, altering or falsification of records, failures to document decision-making processes, and failures to report on unauthorized loss or destruction of information.

In keeping with the government’s professed commitments to Open Government, the report includes a number of recommendations in support of a move towards proactive disclosure. The goal of proactive disclosure is to have government departments and institutions automatically release information that is clearly of public interest without waiting for an access to information request that they do so. Although the Action Plan on Open Government 2014-2016 sets goals for proactive disclosure, the Commissioner is recommending that the legislation be amended to include concrete obligations.

The Commissioner is, of course, not alone in calling for reform to the Access to Information Act. A private member’s bill introduced in 2014 by Liberal leader Justin Trudeau also proposes reforms to the legislation, although these are by no means as comprehensive as what is found in Commissioner Legault’s report.

In 2012 Canada joined the Open Government Partnership, and committed itself to an Action Plan on Open Government. This Action Plan contains commitments grouped under three headings: Open Information, Open Data and Open Dialogue. Yet its commitments to improving access to information are focussed on streamlining processes (for example, by making it possible to file and pay for access requests online, creating a virtual library, and making it easier to search for government information online.) The most recent version of the Action Plan similarly contains no commitments to reform the legislation. This unwillingness to tackle the major and substantive issues facing access to information in Canada is a serious impediment to realizing an open government agenda. A systemic reform of the Access to Information Act, such as that proposed by the Information Commissioner, is required.

Published in Privacy

A news story from January 2015 puts squarely into focus some of the challenges of privacy and open government.

The story centred on the Canadian legal information website CanLII, although the privacy issues it raises relate more directly to how government institutions protect personal information when seeking to comply with open courts and open government principles.

CanLII, a non-profit corporation that is managed by the Federation of Law Societies of Canada, is a tremendously important information resource in Canada. Since its inception, it has become instrumental in ensuring that Canadians have free online access to primary Canadian legal materials. It follows in the tradition of other Legal Information Institutes in the United States, Australia and Britain/Ireland. CanLII includes all Canadian and provincial statutes and regulations, case law from all federal and provincial courts, and case law from a growing number of administrative tribunals. Prior to CanLII’s appearance on the scene, these materials were found either on the shelves of law libraries, or were accessible through commercial databases that charged fees for access. In essence, they were not easily accessible to Canadians without significant effort or cost. In a legal system in which “ignorance of the law is no excuse”, and in which an ever-growing number of Canadians have no choice but to represent themselves in legal proceedings, this kind of public access seems essential. CanLII’s efforts to liberate these legal materials make an interesting story with plenty of open government lessons. (I have written about the evolution of CanLII here,).

The news story that broke in January related to a Romanian website that had scraped the content from CanLII and reposted it to another website hosted in Romania. In doing so, it allowed for the circumvention of technological measures put in place by CanLII that prevented Google from indexing terms found in court and tribunal decisions. These measures were put in place by CanLII largely to protect the privacy of individuals whose names and personal information may feature in court decisions. By contrast, the Romanian materials are fully searchable.

This situation raises several interesting issues of privacy and open government. At first glance, it may look like a failure of CanLII’s efforts to put into place effective technological measures to protect individual privacy. (CanLII has reportedly upgraded its technological protections, although the cases initially scraped from the site remain out of its control). But CanLII is really only the second line of defence. The first line of defence, is, of course, the courts and tribunals themselves that provide case law to CanLII as well as increasingly through their own websites.

The problem of “public personal information” is a thorny one, and it arises in this context as well as in many others. Public personal information is information that is legally public (government registry information, for example, or information in court decisions). While this information has long been public in nature, its widespread, immediate and limitless distribution was never contemplated in the pre-internet age in which decisions to make it public were made. Thus, there are important privacy issues surrounding how and under what conditions such information is made public, as well as how the public interest in openness should be balanced against individual rights to privacy in an internet and big data age.

In Canada, the open courts principle means that the proceedings of courts are open to public scrutiny – it’s a fundamental principle that justice must not only be done, it must be seen to be done. This means not only that, barring exceptional circumstances, court and tribunal hearings are public, as are the decisions reached in those cases. In fact, not only does this serve transparency and accountability values, the publication of court and tribunal decisions allows lawyers and members of the public to consult these decisions to better understand the law, and to learn how courts and tribunals interpret and apply legislation. In exceptional circumstances, courts may issue publication bans in relation to certain court hearings; courts may also order certain personal information (including, in some cases, names of individuals) redacted from court decisions. For example, in decisions involving young offenders, only initials are used. The names of victims of sexual assaults may also be redacted.

In the pre-internet dark ages, the redaction of names and other personal information from court decisions was less significant because these decisions did not circulate widely. Few members of the public, for exmpale, were curious enough to go down to a law library to trawl through case reporters in the hope of spotting the name of someone they knew. Internet access and online publication of decisions changes things significantly. Fully searchable databases of court and administrative tribunals can leave individuals substantially exposed with respect to a very broad range of personal information. Decisions in divorce cases may include a detailed account of assets and liabilities, and may also recount grim details of personal conduct. Decisions of workers’ compensation tribunals may contain significant amounts of personal health information; the same can be said of human rights tribunals, pension and disability tribunals, and so on. In many civil cases where plaintiffs allege damages for anxiety, stress, or depression caused by the harm they suffered, courts may engage in a detailed discussion of the evidence presented. In personal injury law suits, there may be considerable discussion of personal health information. This is just a sample of some of the personal information that may be found in court decisions. In digital form, this information is available to nosy neighbors, malefactors, and data miners alike.

Courts and tribunals publish their decisions in conformity with the open courts principle. Online publication, however, raises significant privacy concerns that must be balanced against the open courts principle. The Canadian Judicial Council has considered this issue, and has issued guidelines for courts as to how to prepare decisions for online publication. The Office of the Privacy Commissioner of Canada has also weighed in on the issue with respect to the practices of federal administrative tribunals. The problem is, of course, that these guidelines are not mandatory, and, as Christopher Berzins has noted, there no consistent approach across the broad range of courts and tribunals in Canada. Further, in some cases, there may be genuine debate about whether certain details are required in order to meet the open courts principle. For example, if we are to understand why a certain award of damages is made in a particular case, we need to understand the nature of the evidence presented, and how the judge assessed that evidence.

So much for the first line of defence. Ideally, courts and tribunals, prior to making decisions available for online publication, should address privacy issues. Many do, some do not. Not all do so to the same extent or in the same way. In some cases, the open courts principle will outweigh privacy considerations – although whether technical or other solutions should be instituted is an excellent question. The fact remains that much personal information ends up being published online through important resources such as CanLII. CanLII itself has introduced a second line of defence – technological measures to ensure that the personal information is not accessible through search engines. What the story about the Romanian website has taught us is that this line of defence is entirely porous. It has also taught us that as more and more public personal information is made available in formats that allow for easy dissemination, greater attention needs to be paid – by courts and by governments at all levels – to the challenges of public personal information.

Published in Privacy
Wednesday, 02 July 2014 07:07

Privacy and Open Government

The public-oriented goals of the open government movement promise increased transparency and accountability of governments, enhanced citizen engagement and participation, improved service delivery, economic development and the stimulation of innovation. In part, these goals are to be achieved by making more and more government information public in reusable formats and under open licences. The Canadian federal government has committed to open government, and is currently seeking input on its implementation plan. The Ontario government is also in the process of developing an open government plan, and other provinces are at different stages of development of open government. Progress is also occurring at the municipal level across Canada, with notable open data and/or open government initiatives in Vancouver, Toronto, and Ottawa (to give a few examples).


Yet open government brings with it some privacy challenges that are not explicitly dealt with in existing laws for the protection of privacy. While there is some experience with these challenges in the access to information context (where privacy interests are routinely balanced against the goals of transparency and accountability (and see my posting on a recent Supreme Court of Canada decision on this issue), this experience may not be well adapted to developments such as open data and proactive disclosure, nor may it be entirely suited to the dramatic technological changes that have affected our information environment. In a recent open-access article, I identify three broad privacy challenges raised by open government. The first is how to balance privacy with transparency and accountability in the context of “public” personal information (for example, registry information that may now be put online and broadly shared). The second challenge flows from the disruption of traditional approaches to privacy based on a collapse of the distinctions between public and private sector actors. The third challenge is that of the potential for open government data—even if anonymized—to contribute to the big data environment in which citizens and their activities are increasingly monitored and profiled.

I invite you to have a look at this article, which is published in (2014) 6 Future Internet 397-413.

Published in Privacy

On April 24, 2014 the Supreme Court of Canada handed down a decision which at least touches upon the thorny question of what constitutes “personal information”. This question is particularly important to governments that are contemplating the proactive release of government data under commitments to open government. The issue is far from academic, as federal, provincial and municipal governments in Canada have all taken steps in this direction. Indeed, the Ontario government has just signaled its own commitment to open government, which will include proactive disclosure of government data.

Most public sector data protection laws in Canada define “personal information” as essentially information about an identifiable individual. This means that “personal information” is more than just information that actually identifies an individual (their name or social insurance number, for example) but also includes any other information that, if linked with other available information, could lead to the identification of a specific individual. Thus, a government contemplating the proactive disclosure of data sets under an open data program, would have to ensure that the data sets were free not just of individuals’ names and identification numbers, but also free of data that could be linked back to specific individuals. This can be more challenging than one might think, particularly as we live in an environment where more and more data is becoming easily available from both public and private sector sources, and where search engines, algorithms and computing power make mining and matching information increasingly fast, inexpensive and easy.

The case – Ministry of Community Safety and Correctional Services v. Information and Privacy Commissioner (Ontario) – involved an access to information request made by a journalist to the Ministry of Community Safety and Correctional Services. The journalist sought the disclosure of the number of registered sex offenders in Ontario who lived within each postal code forward sortation area (the area designated by the first three digits of a postal code). The journalist did not seek access to this information by full postal code, presumably because this finer level of detail might lead to the identification of those individuals, particularly where there were relatively few residences associated with a particular postal code. While Ontario maintains a sex offender registry, the locations of the registered sex offenders are not public information. The register is intended primarily for use by law enforcement officials. The journalist planned to create a map which would allow the public to see a more generalized geographic representation of where registered sex offenders in Ontario were living. The Ministry refused to disclose this information on the basis that it could lead to the identification of specific individuals. It argued not just that the information could not be disclosed because it fell within the definition of “personal information” but also because its release would interfere with law enforcement, endanger the life or physical safety of the individuals, and might hamper the control of crime (by making sex offenders less likely to comply with the registration requirements out of fear of identification). All of these bases are exceptions to disclosure of information under the provinces Freedom of Information and Protection of Privacy Act (FIPPA). The Ministry’s refusal was appealed by the journalist to the Office of the Information and Privacy Commissioner, which ordered that the information be disclosed. The Commissioner’s decision was upheld by the courts all the way up to the Supreme Court of Canada, which also upheld the order to release the information sought by the journalist.

The Supreme Court considered three issues: the level of deference due to the decision of the Information Commissioner, whether access was ordered for purposes inconsistent either with FIPPA or with the law governing the sex offender registry, and whether the Commissioner’s interpretation of the scope of the law enforcement exceptions to information disclosure was appropriate. Yet underlying these issues was a key question which itself was not in dispute before the Court. This was whether the information sought constituted personal information – in other words, information about an identifiable individual. The approach of the Commissioner to this question was not part of the appeal, yet once it was accepted that the information sought was not personal information, it would be difficult to find that any of the harm-based exceptions to disclosure would apply – no matter what interpretation they were given – because information that could not lead to the identification of specific individuals would be highly unlikely to cause them harm and, in theory at least, less likely to deter them from complying with the registry requirements.

In refusing to disclose the information, the Ministry had argued that the information being sought was personal information because it could be linked with other available information in order to re-identify individuals. This issue of the potential for re-identification is central to the question of whether information qualifies as a personal information, and in the context of open data, it will be crucial in decisions about whether certain data sets may be proactively disclosed. It is important to note that the Commissioner in this case observed that the Ministry had not advanced any cogent evidence of the potential for re-identification. This point was picked up by the courts below, and the Supreme Court of Canada agreed. Writing for the Court, Justice Cromwell noted that “the Commissioner determined that the Ministry did not provide any specific evidence explaining how the Record could be cross-referenced with other information in order to identify sex offenders. We find this to be a reasonable determination.” (at para 60) Indeed, very little specific evidence was provided, and the court dismissed more general literature on re-identification as “unconvincing and generic scholarly research on ‘identifiability’.” (at para 60) The Court also agreed with the Commissioner’s rejection of the Ministry’s assertions that more information might someday be available on the Internet that could, if matched with the sex offender data, lead to identification. Justice Cromwell stated: “it must be stressed that the Ministry only referred vaguely to the unpredictability of internet developments and did not provide any specifics about how identification could occur.” (at para 61).

The case involved a dispute over the release of data in the context of a specific access to information request. Yet there are lessons here for those tasked with identifying data sets for proactive release for the purposes of open data. These might be summarized as follows:

  • The definition of “personal information” under access to information and data protection laws in Canada tends to be broad and will include information about an identifiable individual. Thus it is important to consider not just whether there are specific personal identifiers in the data set, but whether this data could, if matched with other available data, lead to the identification of specific individuals.
  • In considering the likelihood of re-identification, it would seem that the balance between the goals of transparency and accountability and those of privacy protection do not require ‘worst case scenario’ or extreme hypothetical speculation. In the access to information context, the department or agency in question would bear the burden of justifying a refusal to disclose, and justification must be more than assertions. Presumably the same standard would apply to proactive disclosure. The law does not require excessive caution.
  • In considering the possibility of re-identification, it might also be appropriate to consider how sensitive the personal information would be if re-identification were achieved. In Ministry of Community Safety, the information at risk of disclosure through re-identification was highly sensitive – the location of registered sex offenders. Presumably this might give some an incentive to attempt re-identification, perhaps warranting greater caution in the decision about whether to release the information. Nevertheless, the Commissioner, and ultimately the courts, still required some evidence that re-identification was possible.

 

Published in Privacy

The goals of the open government movement – which has spread rapidly around the world in the last five years – are to increase government transparency and accountability, to engage citizens and increase their participation in government, and to improve governance. This is to be done primarily through enhanced access to government information and improved methods of citizen-government interaction. Open government includes three main streams: open access, open data, and open participation. The open data stream also carries with it the goal to stimulate innovation and economic development by making government data available in reusable and interoperable formats and under open licences.

Canada signed on to the Open Government Partnership in 2011. In doing so, it committed to taking a number of steps, including developing an Action Plan for open government that would set out specific goals and commitments. The OGP also requires governments to report on their progress, and provides independent review of each government’s updates.

Canada’s Action Plan for Open Government set out a series of commitments spread over a 3 year period. It was published in 2012 and Canada submitted its first self-assessment report to the OGP in 2013. This progress report has been the subject of an independent review by the OGP, through its independent reporting mechanism, and a copy of this review is now available for public comment.

The independent review confirms that the Canadian government has made significant progress on a number of the commitments it set out in its Action Plan, and that many of these commitments are either on target or ahead of schedule. Some of these achievements are considered to be “clearly relevant” to the values of the OGP and of potentially high impact. These include the completion and launch of a new Open Government Licence (commented on in an earlier blog post), measures taken under the International Aid Transparency Initiative, the online publication of resource management data, and the electronic publication by federal regulators of regulatory plans.

The review, carried out by Carleton University Professor Mary Francoli, does note, however, that a number of the government’s other commitments are less ambitious and less directly relevant to the goals of the OGP. This does not mean that they are not worth doing, just that they are less impactful. One issue, therefore, would seem to be whether the government’s plan has struck the right balance between ambitious and significant goals and low hanging fruit.

A further concern is that the broad commitment to open government has been channelled primarily into developments around open data. While open data is important, and while developments in this area have been meaningful, open access and open participation are crucial components of open government and are essential to realizing its objectives. Indeed, one of the recommendations in the review document relates to the need for the government to broaden its focus so as to give more attention to open access and participation.

Through her consultation with stakeholders and other organizations, Francoli identifies a broad range of concerns over how the federal government communicates with citizens, and how it compiles, shares and archives information. The review is particularly critical of the government’s tepid improvements to access to information in Canada, and it suggests that nothing short of legislative reform will deliver necessary improvements. The review also indicates that there have been shortcomings in citizen and stakeholder engagement and participation in the development of the goals and priorities of open government. The review also makes recommendations regarding improved information flows, the need to ensure that data is released in useable formats and with appropriate metadata, and the need to expand integrity commitments. While the review notes that open government has a strong champion at the federal level in the Treasury Board Secretariat President Tony Clement, it also identifies a need for broader support within the government.

A copy of the report and information on how to provide comments and feedback on it are available here.

 

 

A recent Federal Court of Appeal decision may have significant implications for the licensing of government data by federal and provincial governments. Nautical Data International Inc v. C-Map USA Inc. is a decision that relates to a lawsuit brought by Nautical Data against the defendant C-Map after C-Map allegedly used data from Canadian Hydrographic Service charts and maps to create its digital charts. Nautical Data took the position that it had acquired the rights, through an exclusive licence, to the raw data that was used in the preparation of the charts, and that these rights were infringed by C-Maps activities. Of course, the two parties were competing in the production of digital navigation products.

Typically, government data licences, whether open or otherwise, assert that the government has rights in the data being licensed. Even the federal government’s recently proposed Open Data Licence covers information that is defined as “information protected by copyright or by database right...”. Leaving aside the imported and inappropriate reference to database rights that do not exist in Canada (see my earlier blog on this point), the government is clearly assuming that it has copyright in the data that is the subject of such licenses. Geobase’s Unrestricted Use Licence Agreement also boldly asserts that “Canada is the owner of or has rights in the data (the Data) addressed by the terms and conditions of this Agreement”. The claims, evident in these open licences, are repeated in more closed licences as well. The licence at issue in the Nautical Data case defined CHS data as “any data owned by Canada and maintained by CHS”.

This idea that data can be “owned” and that copyright law is the vehicle for this ownership is clearly evident in these and in many other licences in both the private and public sectors. This is the case, notwithstanding the fact that in copyright law, there can be no monopoly in facts or data. Copyright will only protect an original expression of facts or data. In a compilation of data, that expression will be manifest in an original selection or arrangement of the data. Even if there is an original selection or arrangement, the protection extends only to that selection or arrangement; it never extends to the underlying data.

While copyright academics have made this point before, it has largely fallen on deaf ears. That is why the comments by the Federal Court of Appeal on this point are so interesting. While the decision is not on the merits of the case (the litigation was about whether summary judgment should be rendered on the issues; the court ruled was that it should not – that the matter should proceed to trial) Justices Nadon and Sharlow state quite plainly that “there can be no copyright in information.”(at para 11). Moreover, they express a certain surprise at the wording of the licence. They state:

Section 6.1 is intended to be a formal acknowledgement of Crown copyright, but it refers to copyright in the CHS Data. Either the parties were unaware that copyright could not subsist in information (which we would not presume), or they understood the phrase “CHS Data” by necessary implication to mean or at least include the CHS Works, even though the definition of “CHS Data” in the licence seems to limit its meaning to “data”. (at para 13)

This is perhaps one of the politest ways possible to criticize the drafting of the licence. Justices Nadon and Sharlow go on to note that the allegation in the licence that the Crown “owns” the data is similarly troublesome. They state: “If it is intended to mean that data can be owned in the same way as property can be owned, then there is some question as to whether it is correct as a matter of law. . . . there is no principle of property law that would preclude anyone from making use of information displayed in a publicly available paper nautical chart, even if the information originated with the Crown or is maintained by the Crown.” (at para 14)

These statements are both interesting and important, and direct attention towards the rather thorny issues around the protection of data in Canada. Data producers, whether in the public or private sectors, have asserted claims to copyright in their data that are far stronger than the law apparently supports. They can do this largely because to challenge such a claim would require engaging in costly and time-consuming litigation which is beyond the reach of ordinary citizens and many businesses as well. It is perhaps the law’s version of Stephen Colbert’s ‘wikiality’ – let’s call it legiality: if you can get enough people to say that certain rights exist, then perhaps for all intents and purposes they do.

Although the copyright issues are not fully litigated in this installment of the Nautical Data saga, the statements by Justices Nadon and Sharlow are a jurisprudential shot across the bows (if you will forgive the nautical reference) of those who claim excessive rights to data in copyright licenses. Whether it is the Nautical Data case that will eventually provide the clarification of the law on these issues or other cases that may be working their way through the system, it really is time for our courts to reinforce the Federal Court of Appeal's clear message regarding over-claiming data licences: there simply is no copyright in facts.

Published in Copyright Law
<< Start < Prev 1 2 Next > End >>
Page 2 of 2

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law