access to information Ambush Marketing big data citizen science copyright data protection ecommerce and internet law Electronic Commerce electronic commerce and internet law Extraterritoriality freedom of expression geolocation Geospatial geospatial data intellectual proerty intellectual property interactive maps Internet internet law invasion of privacy IP jurisdiction legislation open courts open data open government Privacy sporting events trademarks transit data
Tuesday, 26 May 2015 07:05
It’s a busy week for Open Government and Open Data in Ottawa. All week long conferences and workshops are taking place in the capital around the theme of open government. Yesterday’s Open Data Summit, hosted by organized by Open North, drew a good-sized audience of developers, public servants and academics from Canada and elsewhere. Later this week, the 3rd international Open Data Conference will unfold. There is also an open data Unconference on May 26.
The meetings are creating a buzz around open data – a practice that is spreading through all three levels of government in Canada. The Canadian government and provincial leaders such as Alberta and British Columbia have open data portals where government data sets are made available in machine readable formats for reuse by anyone under an open licence containing very few restrictions. Many municipalities, including Vancouver, Ottawa and Toronto have also embraced open data. The City of Edmonton, a leader in this area was given an open data award at the Open Data Summit.
Other recent developments of note relating to open data include the call for comments by the Ontario Government on its new plan for Open Data by Default. The draft document is made available to the public on Google docs. Anyone can visit and leave their comments or can view the many comments of those who have already visited the document. The document also contains, in an appendix, the open licence which the Ontario government will use in relation to its data. The licence is based upon the open government licence developed by the federal government.
Also of note is the rather low-profile launch by the federal government of the ODX. The creation of this open data incubator organization is part of the government’s Action Plan on Open Data, and funding to launch this institute was announced last week.
Meanwhile, the Geothink research team of which I am a part (funded by a Partnership Grant from the Social Sciences and Humanities Research Council of Canada) continues its work on open-data related research. Ongoing projects relate to open data standards, liability issues, privacy, intellectual property, civic participation, and much, much more. Several Geothinkers are attending and participating in this week’s Ottawa events.
Saturday, 16 May 2015 17:29
Canada’s Information Commissioner has tabled a report in Parliament that has deeply troubling implications.
The scandal-in-the-making is a product of three pretty well-known characteristics of the current government – first, they have been utterly committed to dismantling and destroying every trace of the Long-Gun Registry established under the former Liberal government; second, their commitment to transparency and accountability is situational at best; and third, they have a tendency to bury important and sometimes controversial amendments in omnibus budget implementation bills.
Here’s what happened: The Conservative government was determined to do away with the long gun registry. It introduced a bill on October 25, 2011 which was eventually passed into law as the Ending the Long-Gun Registry Act (ELGRA) . This statute came into effect on April 5, 2012. However, no doubt anticipating the demise of the registry, an unnamed individual filed an access to information request on March 27, 2012. This applicant sought an electronic copy of all records in the Canadian Fire Arms Registry relating to firearms that were neither prohibited nor restricted. These were the specific records slated to be destroyed under s. 29 of the ELGRA.
Shortly after the coming into force of the ELGRA, the Information Commissioner wrote to the Minister of Public Safety and Emergency Preparedness to remind him that records relating to the Long-gun Registry that were the subject of requests under the Access to Information Act that were filed before the coming into effect of the ELGRA would have to be retained until the access requests had been dealt with (including any court proceedings flowing from these requests). The Minister responded, giving the Commissioner assurances that the RCMP would “abide by the right of access.”
The applicant eventually received a response to his request for records, but he was not satisfied with the response. He was of the opinion that the information provided was incomplete and was also concerned that the RCMP had gone ahead and destroyed responsive records. The Information Commissioner investigated and agreed that the response was incomplete. She also concluded that responsive records had been destroyed by the RCMP, notwithstanding the fact that they knew that the records were subject to a right of access. The destruction by government entities of records subject to a right of access is an offence under 67.1 of the Access to Information Act.
On March 26, 2015, the Information Commissioner informed the Attorney General of Canada, the Hon. Peter MacKay, of the possible commission of this offence. She also notified the Minister of Public Safety that in her view the complaint was well-founded. She recommended that any responsive records still in the possession of the RCMP be provided to the applicant. The Minister responded, indicating that he had no intention of following this recommendation.
Up to this point, the situation reveals a government committed to destroying all traces of the long-gun registry, and, as a result, unwilling to respond to an access request that would provide an applicant with data from the registry prior to its destruction. The Prime Minister’s response as reported by the CBC was: “[T]o be perfectly clear, the government is clarifying the information act to make sure it is in full conformity with Parliament's already expressed wishes on the long-gun registry that the RCMP has executed as they were required to do according to the law.”
It is clear that the access request slipped through the cracks between the introduction of the bill in October 2011 and its passage into law. It is also clear that granting access to the records would go against the intent expressed in the legislation to destroy the registry. The merits or demerits of the long-gun registry have already been the subject of much heated debate, but the battle over its continued existence is at an end. What is troubling is that the “loophole” existed, that a perfectly legitimate access to information request was filed, that the Minister of Public Safety committed to preserve records until outstanding access requests had been dealt with, and that the information was nonetheless destroyed.
What the government should have done was to address the access issue in the ELGRA in the first place. The wisdom of backdating the law to suspend access to information requests retroactively to the date the Bill was introduced in Parliament could have been debated as part of the legislation to put an end to the long-gun registry. Having omitted to do this, what the government has done instead is add to its budget implementation bill (Bill C-59) a series of provisions that retroactively remove the right of access to the long-gun registry data. The right of access is terminated on the date the long-gun Bill was introduced into Parliament (October 25, 2011). It effectively also removes any obligation to retain records, and makes their destruction legitimate. It also removes any liability of the Crown or its agents or employees with respect to the destruction of records.
It is true that these provisions will “fix” the oversight in the original long-gun Bill. However, as the Information Commissioner points out, they also retroactively absolve the RCMP of having destroyed records when it was clearly illegal to do so, and when the Minister of Public Safety had committed to the preservation of the records pending the resolution of outstanding access requests. The actions appear to have been illegal under the law as it stood at the time. Any pot smoker with a conviction for possession will tell you that it doesn’t matter what you think the law SHOULD be; what matters is what the law actually says when you carry out the transgressive act. Unless, of course, you have a legislative time machine that you can use to change the law at the time of your transgression. The Conservative government has such a legislative time machine. It is yet another one of those distasteful omnibus bills that offer a convenient sidestep to democratic debate and accountability.
This, ultimately, is the real problem and central matter for concern. The long-gun registry is – well – long gone. There was indeed a legislative loophole that created a problematic gap for a government that had committed to the total destruction of the registry records. But the ability to use omnibus bills to rewrite history and to absolve conduct that was both illegal and contrary to government assurances is ugly. And, as the Information Commissioner suggests, it is perhaps also a very dangerous precedent.
Wednesday, 29 April 2015 10:45
A recent decision of the Federal Court of Canada has overturned settled expectations around fees for access to information at the federal level. The case arose after the Information Commissioner of Canada asked the Federal Court to rule on the longstanding practice of federal agencies and departments to charge fees relating to the disclosure of electronic records. For those not familiar with the federal scheme, there is a small application fee for an access to information request of $5.00. This doesn’t sound like much (although advocates argue that there should be no fee at all). However, the application fee is far from the whole story. Regulations passed under the Access to Information Act allow agencies and departments to charge additional fees for the costs of reproducing materials in various formats, for producing records in alternative formats, and fees for search and preparation. The search and preparation fee can be charged to offset the costs of searching and preparing records that are “non-computerized”. According to the regulations, the first 5 hours of search and preparation are free; after that the regulations provide for a fee of $2.50 per person per quarter hour for time spent preparing “non-computerized” records. For records produced from “a machine readable record”, there are no search and preparation fees. Instead, requesters can be charged $16.50 per minute for the cost of the processor and other devices used in the retrieval, and $5 per person per quarter hour for any time required to programme a computer to search for the information that is sought. Essentially, then, there are (potentially very high) search and preparation fees for non-computerized records and no search and preparation fees for “machine-readable” records.
At the heart of this case was the issue of what constituted a “non-computerized” record. The long-standing practice (supported by the previous Information Commissioner) was to treat records electronic formats such as MS Word, for example, as “non-computerized records” which would be subject to the search and preparation fees. The category of “machine-readable” records was reserved for records which did not exist at the time of the request, but that had to be created, for example by searching a database for relevant responses to a query.
The particular case at the heart of this reference was a request made by an individual for 3 sets of records from Human Resources and Skills Development Canada that included the table diagram for a database, system user manuals and guides for the database system, and the developer’s “Changelog” document relating to that database. All documents existed in electronic format. HDRSC informed the applicant that it would charge search and preparation fees of $4,180 for access to these documents. The applicant complained to the Commissioner about the estimate of 423 hours of search and preparation time which lay behind the fee, essentially seeking a reduction of the estimate. The Commissioner instead took the position that the search and preparation fees were not permitted by the regulations since the documents were “machine-readable records”.
It seems rather extraordinary to argue, as the Attorney General did in this case, that electronic records were not “machine-readable records”, but were instead “non-computerized records” within the meaning of the regulations. Justice Harrington acknowledged the bizarreness of the position, quoting the famous exchange between Alice and Humpty Dumpty (from Alice in Wonderland) as to the meaning of words. Humpty Dumpty’s conclusion, of course, is that what a word means will depend on who has the ultimate control. In this case, it was Justice Harrington who had the final say – and he ruled that documents in electronic format were “machine-readable records” and thus not subject to search and preparation fees. He concluded that “Whether stored in an internal hard drive, external hard drive or the now obsolete punch cards and floppy disks, such records are machine readable and therefore computerized.” (at para 54) The decision is a game changer, particularly in a context where so many government records are in some electronic format or another.
Of course, the decision must be situated in its particular context. Justice Harrington noted that the Access to Information Regulations are sorely out of date. This is no surprise – the entire regime is as out-of-date as a Compaq computer. The Information Commissioner only recently issued a report to Parliament calling for a massive overhaul of the Access to Information Act (see my post on this report here). The interpretation problems and the gap into which this case fell are most likely due to regulations that were drafted with the technology of the time in mind. Yet, as Justice Harrington notes, “Legislation is promulgated to the public. . . The language cannot be so obscure that one must glean through hundreds of statutes and thousands of regulations in order to arrive at its true meaning.” (at para 55) Although he expressed some sympathy for the many government agencies and departments that lack the funds to properly deal with access to information requests, he observed that “it is Parliament that placed these government institutions under the Act. If they are underfunded, they should not be looking to the courts for redress” (at para 62). Fees can be a real barrier to meaningful access to information in the hands of government, and although this case centres on the interpretation of the regulations, the bigger picture is of an Act and Regulations that are out of date and inconsistent with the federal government’s professed embrace of open government.
It remains to be seen what the upshot of this decision will be. While it is a victory of sorts for the Information Commissioner and for those Canadians who seek access to information in the hands of the federal government, it is a victory that turns on the wording of regulations and not on some broad principle of open access. The government could simply change the regulations to impose new fees – and perhaps even to raise existing fees that have not been touched since 1986. Of course, to do so without also tackling the myriad problems with the regime so clearly laid out in the Commissioner’s recent report would be to display a profound lack of commitment to meaningful access to information and open government.
Wednesday, 15 April 2015 08:42
The Ontario Court of Appeal recently allowed a proposed class action proceeding for breach of privacy. This on its own is not unusual – such proceedings are increasingly common in Canada. (See earlier post on this subject here). What is particularly interesting about this decision is that the Court of Appeal ruled that Ontario’s Personal Health Information Protection Act (PHIPA) did not pose a barrier to tort proceedings. It had been argued that the provincial legislation created a “complete code” for dealing with breaches of personal information protection in the health care context in Ontario, and that tort law recourse was therefore not possible. This is an important decision for health care consumers, as class action litigation is emerging as an important means of redress and accountability for failures to adequately protect personal information. The decision should also send a wakeup call to hospitals and other health information custodians in the province.
In Hopkins v. Kay the representative plaintiff alleged that her medical records – along with those of 280 other patients at the Peterborough Regional Health Centre – had been improperly accessed by a hospital employee. The legal claim was based on the tort of intrusion upon seclusion, and the key issue was whether such recourse was precluded by the existence of PHIPA.
Writing for the unanimous Court, Justice Sharpe framed his analysis around two issues: first, whether there was a legislative intent to create a complete code when PHIPA was enacted; and second, whether the case law supported a conclusion that in the circumstances the jurisdiction of the Superior Court to consider a tort claim was ousted.
The relevance of the “complete code” issue is that if the legislature intended to create a complete code to deal with personal health information protection, then, by implication, it intended to preclude any separate tort recourse. In considering whether the intent was to create a complete code, Justice Sharpe drew on three criteria articulated by the Nova Scotia Court of Appeal in Pleau v. Canada: 1) is the dispute resolution process established by the legislation consistent with exclusive jurisdiction?; 2) what is the essential character of the dispute, and is it regulated by the legislation such that the intervention of the court would be inconsistent with the scheme; and 3) is the scheme capable of affording “effective redress”.
Justice Sharpe noted that PHIPA laid out an elaborate scheme governing the protection of personal health information. However, although he found that the statute “does contain a very exhaustive set of rules and standards for custodians of personal health information, details regarding the procedure or mechanism for the resolution of disputes are sparse.” (at para 37) He observed that oral hearings were not at all typical – in most cases, complaints were dealt with through written submissions. Further, apart from the right to make representations, there were no procedural guarantees in the statute. Justice Sharpe observed that the statute also allowed the Commissioner to refuse to consider a complaint where there was another more appropriate recourse. He found that this suggested that PHIPA was not meant to be an exclusive and comprehensive code.
The Court also found it significant that under PHIPA an award of damages could not be made by the Commissioner, and could only be made by way of a separate proceeding brought in the Supreme Court. Justice Sharpe found that this suggested that the Commission was not meant “to play a comprehensive or expansive role in dealing with individual complaints.” (at para 44) He concluded that “PHIPA provides an informal and highly discretionary review process that is not tailored to deal with individual claims, and it expressly contemplates the possibility of other proceedings.” (at para 45)
The second factor in the analysis required the court to consider the essential character of the claim, in order to determine whether a decision to assume jurisdiction would be consistent with the legislative scheme. The appellants argued that the claim was for nothing more than a breach of the PHIPA obligations, and that allowing the claim in tort to proceed would allow PHIPA to be circumvented. Justice Sharpe disagreed, noting that much more was required to make out the tort claim than to establish a breach of obligations under PHIPA. For example, the tort required a demonstration of intentional or reckless conduct, carried out without lawful justification, and in circumstances that a reasonable person would regard as highly offensive. On the whole, Justice Sharpe found that allowing the tort action to proceed in court would not undermine the scheme created under PHIPA.
The third consideration was whether the statute provided effective redress. The Court found that PHIPA gave the Commissioner a great deal of discretion when it came to the resolution of complaints, including the authority to decide not to proceed with a complaint. He also found that the complaints investigation process in PHIPA was generally meant to address systemic issues rather than to provide an effective recourse for individuals harmed by improper care of their personal information. Justice Sharpe noted that “Even if the Commissioner investigates a complaint, his primary objective in achieving an appropriate resolution will not be to provide an individual remedy to the complainant, but rather to address systemic issues.” (at para 59) Because of the broad discretion given to the Commissioner, any complainant whose complaint was not investigated would face “an expensive and uphill fight” to seek judicial review of the decision not to proceed. Justice Sharpe therefore concluded that the legislature had not intended to create a comprehensive code to deal with the consequences of misuse of personal health information.
The second issue considered by the Court was whether case law prevented the pursuit of the tort claim. Other courts had found that there was no right of action at common law where a statute provided a comprehensive scheme for redress. The leading case in this area is Seneca College v. Bhadauria, in which the Supreme Court of Canada ruled that the Ontario Human Rights Code precluded a separate common law tort of discrimination.
Justice Sharpe distinguished the Human Rights Code from PHIPA. He noted that the recourse under the Human Rights Code provided for awards of damages, whereas the Commissioner under PHIPA had no authority to award damages. Further, under PHIPA the Commissioner had a great deal of discretion to decide to proceed or not with a complaint, and chose to exercise that discretion so as to focus on systemic issues. By contrast, the Human Rights Code created a mechanism which focussed on the hearing of individual complaints. The two statutes were thus quite different. Justice Sharpe also distinguished two other cases involving labour relations legislation in which the courts refused to consider disputes that in their view should properly have been dealt with through arbitration or grievance mechanisms. Justice Sharpe noted that such proceedings provided an “accessible mechanism for comprehensive and efficient dispute resolution, and consequently form an important cornerstone of labour relations.” (at para 69) This was in contrast to PHIPA, where the Commissioner had given clear priority to the resolution of complaints raising systemic issues.
The Court concluded that there was nothing in PHIPA to support the view that the legislature intended to create an exhaustive code providing recourse for failures in the protection of personal health information. He found that permitting individuals to pursue claims at common law would not undermine PHIPA. He also found that the PHIPA scheme was such that in some cases individuals would not have effective redress under that statute. In the result, Ontarians now have the option of bringing tort claims for the mishandling of their personal health information. The case will also be of interest in other jurisdictions with personal information protection legislation.
Wednesday, 01 April 2015 07:28
Canada’s Access to Information Act is outdated and inadequate – and has been that way for a long time. Information Commissioners over the years have called for its amendment and reform, but generally with little success. The current Information Commissioner, Suzanne Legault has seized the opportunity of Canada’s very public embrace of Open Government to table in Parliament a comprehensive series of recommendations for the modernization of the legislation.
The lengthy and well-documented report makes a total of 85 recommendations. This will only seem like a lot to those unfamiliar with the decrepit statute. Taken as a whole, the recommendations would transform the legislation into a modern statute based on international best practices and adapted both to the information age and to the global movement for greater government transparency and accountability.
The recommendations are grouped according to 8 broad themes. The first relates to extending the coverage of the Act to certain institutions and entities that are not currently subject to the legislation. These include the Prime Minister’s Office, offices of Ministers, the bodies that support Parliament (including the Board of Internal Economy, the Library of Parliament, and the Senate Ethics Commissioner), and the bodies that support the operations of the courts (including the Registry of the Supreme Court, the Courts Administration Service and the Canadian Judicial Council). A second category of recommendations relates to the need to bolster the right of access itself. Noting that the use of some technologies, such as instant messaging, may lead to the disappearance of any records of how and why certain decisions are made, the Commissioner recommends instituting a legal duty to document. She also recommends adding a duty to report any unauthorized loss or destruction of information. Under the current legislation, there are nationality-based restrictions on who may request access to information in the hands of the Canadian government. This doesn’t mean that non-Canadians cannot get access – they currently simply have to do it through a Canadian-based agent. Commissioner Legault sensibly recommends that the restrictions be removed. She also recommends the removal of all fees related to access requests.
The format in which information is released has also been a sore point for many of those requesting information. In a digital age, receiving information in reusable digital formats means that it can be quickly searched, analyzed, processed and reused. This can be important, for example, if a large volume of data is sought in order to analyze and discuss it, and perhaps even to convert it into tables, graphs, maps or other visual aids in order to inform a broader public. The Commissioner recommends that institutions be required to provide information to those requesting it “in an open, reusable, and accessible format by default”. Derogation from this rule would only be in exceptional circumstances.
Persistent and significant delays in the release of requested information have also plagued the system at the federal level, with some considering these delays to be a form of deliberate obstruction. The Report includes 10 recommendations to address timeliness. The Commissioner has also set out 32 recommendations designed to maximize disclosure, largely by reworking the current spider’s web of exclusions and exemptions. The goal in some cases is to replace outright exclusions with more discretionary exemptions; in other cases, it is to replace exemptions scattered across other statutes with those in the statute and under the oversight of the Information Commissioner. In some cases, the Commissioner recommends reworking current exemptions so as to maximize disclosure.
Oversight has also been a recurring problem at the federal level. Currently, the Commissioner operates on an ombuds model – she can review complaints regarding refusals to grant access, in adequate responses, lack of timeliness, excessive fees, and so on. However, she can only make recommendations, and has no order-making powers. She recommends that Canada move to an order-making model, giving the Information Commissioner expanded powers to oversee compliance with the legal obligations set out in the legislation. She also recommends new audit powers for the Commissioner, as well as requirements that government institutions consult on proposed legislation that might affect access to information, and submit access to information impact assessments where changes to programs or activities might affect access to information. In addition, Commissioner Legault recommends that the Commissioner be given the authority to carry out education activities aimed at the public and to conduct or fund research.
Along with the order-making powers, the Commissioner is also seeking more significant consequences for failures to comply with the legislation. Penalties would attach to obstruction of access requests, the destruction, altering or falsification of records, failures to document decision-making processes, and failures to report on unauthorized loss or destruction of information.
In keeping with the government’s professed commitments to Open Government, the report includes a number of recommendations in support of a move towards proactive disclosure. The goal of proactive disclosure is to have government departments and institutions automatically release information that is clearly of public interest without waiting for an access to information request that they do so. Although the Action Plan on Open Government 2014-2016 sets goals for proactive disclosure, the Commissioner is recommending that the legislation be amended to include concrete obligations.
The Commissioner is, of course, not alone in calling for reform to the Access to Information Act. A private member’s bill introduced in 2014 by Liberal leader Justin Trudeau also proposes reforms to the legislation, although these are by no means as comprehensive as what is found in Commissioner Legault’s report.
In 2012 Canada joined the Open Government Partnership, and committed itself to an Action Plan on Open Government. This Action Plan contains commitments grouped under three headings: Open Information, Open Data and Open Dialogue. Yet its commitments to improving access to information are focussed on streamlining processes (for example, by making it possible to file and pay for access requests online, creating a virtual library, and making it easier to search for government information online.) The most recent version of the Action Plan similarly contains no commitments to reform the legislation. This unwillingness to tackle the major and substantive issues facing access to information in Canada is a serious impediment to realizing an open government agenda. A systemic reform of the Access to Information Act, such as that proposed by the Information Commissioner, is required.
Monday, 16 March 2015 12:28
A news story from January 2015 puts squarely into focus some of the challenges of privacy and open government.
The story centred on the Canadian legal information website CanLII, although the privacy issues it raises relate more directly to how government institutions protect personal information when seeking to comply with open courts and open government principles.
CanLII, a non-profit corporation that is managed by the Federation of Law Societies of Canada, is a tremendously important information resource in Canada. Since its inception, it has become instrumental in ensuring that Canadians have free online access to primary Canadian legal materials. It follows in the tradition of other Legal Information Institutes in the United States, Australia and Britain/Ireland. CanLII includes all Canadian and provincial statutes and regulations, case law from all federal and provincial courts, and case law from a growing number of administrative tribunals. Prior to CanLII’s appearance on the scene, these materials were found either on the shelves of law libraries, or were accessible through commercial databases that charged fees for access. In essence, they were not easily accessible to Canadians without significant effort or cost. In a legal system in which “ignorance of the law is no excuse”, and in which an ever-growing number of Canadians have no choice but to represent themselves in legal proceedings, this kind of public access seems essential. CanLII’s efforts to liberate these legal materials make an interesting story with plenty of open government lessons. (I have written about the evolution of CanLII here,).
The news story that broke in January related to a Romanian website that had scraped the content from CanLII and reposted it to another website hosted in Romania. In doing so, it allowed for the circumvention of technological measures put in place by CanLII that prevented Google from indexing terms found in court and tribunal decisions. These measures were put in place by CanLII largely to protect the privacy of individuals whose names and personal information may feature in court decisions. By contrast, the Romanian materials are fully searchable.
This situation raises several interesting issues of privacy and open government. At first glance, it may look like a failure of CanLII’s efforts to put into place effective technological measures to protect individual privacy. (CanLII has reportedly upgraded its technological protections, although the cases initially scraped from the site remain out of its control). But CanLII is really only the second line of defence. The first line of defence, is, of course, the courts and tribunals themselves that provide case law to CanLII as well as increasingly through their own websites.
The problem of “public personal information” is a thorny one, and it arises in this context as well as in many others. Public personal information is information that is legally public (government registry information, for example, or information in court decisions). While this information has long been public in nature, its widespread, immediate and limitless distribution was never contemplated in the pre-internet age in which decisions to make it public were made. Thus, there are important privacy issues surrounding how and under what conditions such information is made public, as well as how the public interest in openness should be balanced against individual rights to privacy in an internet and big data age.
In Canada, the open courts principle means that the proceedings of courts are open to public scrutiny – it’s a fundamental principle that justice must not only be done, it must be seen to be done. This means not only that, barring exceptional circumstances, court and tribunal hearings are public, as are the decisions reached in those cases. In fact, not only does this serve transparency and accountability values, the publication of court and tribunal decisions allows lawyers and members of the public to consult these decisions to better understand the law, and to learn how courts and tribunals interpret and apply legislation. In exceptional circumstances, courts may issue publication bans in relation to certain court hearings; courts may also order certain personal information (including, in some cases, names of individuals) redacted from court decisions. For example, in decisions involving young offenders, only initials are used. The names of victims of sexual assaults may also be redacted.
In the pre-internet dark ages, the redaction of names and other personal information from court decisions was less significant because these decisions did not circulate widely. Few members of the public, for exmpale, were curious enough to go down to a law library to trawl through case reporters in the hope of spotting the name of someone they knew. Internet access and online publication of decisions changes things significantly. Fully searchable databases of court and administrative tribunals can leave individuals substantially exposed with respect to a very broad range of personal information. Decisions in divorce cases may include a detailed account of assets and liabilities, and may also recount grim details of personal conduct. Decisions of workers’ compensation tribunals may contain significant amounts of personal health information; the same can be said of human rights tribunals, pension and disability tribunals, and so on. In many civil cases where plaintiffs allege damages for anxiety, stress, or depression caused by the harm they suffered, courts may engage in a detailed discussion of the evidence presented. In personal injury law suits, there may be considerable discussion of personal health information. This is just a sample of some of the personal information that may be found in court decisions. In digital form, this information is available to nosy neighbors, malefactors, and data miners alike.
Courts and tribunals publish their decisions in conformity with the open courts principle. Online publication, however, raises significant privacy concerns that must be balanced against the open courts principle. The Canadian Judicial Council has considered this issue, and has issued guidelines for courts as to how to prepare decisions for online publication. The Office of the Privacy Commissioner of Canada has also weighed in on the issue with respect to the practices of federal administrative tribunals. The problem is, of course, that these guidelines are not mandatory, and, as Christopher Berzins has noted, there no consistent approach across the broad range of courts and tribunals in Canada. Further, in some cases, there may be genuine debate about whether certain details are required in order to meet the open courts principle. For example, if we are to understand why a certain award of damages is made in a particular case, we need to understand the nature of the evidence presented, and how the judge assessed that evidence.
So much for the first line of defence. Ideally, courts and tribunals, prior to making decisions available for online publication, should address privacy issues. Many do, some do not. Not all do so to the same extent or in the same way. In some cases, the open courts principle will outweigh privacy considerations – although whether technical or other solutions should be instituted is an excellent question. The fact remains that much personal information ends up being published online through important resources such as CanLII. CanLII itself has introduced a second line of defence – technological measures to ensure that the personal information is not accessible through search engines. What the story about the Romanian website has taught us is that this line of defence is entirely porous. It has also taught us that as more and more public personal information is made available in formats that allow for easy dissemination, greater attention needs to be paid – by courts and by governments at all levels – to the challenges of public personal information.
Wednesday, 11 March 2015 09:13
Last week I wrote about a very early ‘finding’ under Canada’s Personal Information Protection and Electronic Documents Act which raises some issues about how the law might apply in the rapidly developing big data environment. This week I look at a more recent ‘finding’ – this time 5 years old – that should raise red flags regarding the extent to which Canada’s laws will protect individual privacy in the big data age.
In 2009, the Assistant Privacy Commissioner Elizabeth Denham (who is now the B.C. Privacy Commissioner) issued her findings as a result of an investigation into a complaint by the Canadian Internet Policy and Public Interest Clinic into the practices of a Canadian direct marketing company. The company combined information from different sources to create profiles of individuals linked to their home addresses. Customized mailing lists based on these profiles were then sold to clients looking for individuals falling within particular demographics for their products or services.
Consumer profiling is a big part of big data analytics, and today consumer profiles will draw upon vast stores of personal information collected from a broad range of online and offline sources. The data sources at issue in this case were much simpler, but the lessons that can be learned remain important.
The respondent organization used aggregate geodemographic data, which it obtained from Statistics Canada, and which was sorted according to census dissemination areas. This data was not specific to particular identifiable individuals – the aggregated data was not meant to reveal personal information, but it did give a sense of, for example, distribution of income by geographic area (in this case, by postal code). The company then took name and address information from telephone directories so as to match the demographic data with the name and location information derived from the directories. Based on the geo-demographic data, assumptions were made about income, marital status, likely home-ownership, and so on. The company also added its own assumptions about religion, ethnicity and gender based upon the telephone directory information – essentially drawing inferences based upon the subscribers’ names. These assumptions were made according to ‘proprietary models’. Other proprietary models were used to infer whether the individuals lived in single or multi-family dwellings. The result was a set of profiles of named individuals with inferences drawn about their income, ethnicity and gender. CIPPIC’s complaint was that the respondent company was collecting, using and disclosing the personal information of Canadians without their consent.
The findings of the Assistant Privacy Commissioner (APC) are troubling for a number of reasons. She began by characterizing the telephone directory information as “publicly available personal information”. Under PIPEDA, information that falls into this category, as defined by the regulations, can be collected, used and disclosed without consent, so long as the collection, use and disclosure are for the purposes for which it was made public. Telephone directories fall within the Regulations Specifying Publicly Available Information. However, the respondent organization did more than simply resell directory information.
Personal information is defined in PIPEDA as “information about an identifiable individual”. The APC characterized the aggregate geodemographic data as information about certain neighborhoods, and not information about identifiable individuals. She stated that “the fact that a person lives in a neighborhood with certain characteristics” was not personal information about that individual.
The final piece of information associated with the individuals in this case was the set of assumptions about, among other things, religion, ethnicity and gender. The APC characterized these as “assumptions”, rather than personal information – after all, the assumptions might not be correct.
Because the respondent’s clients provided the company with the demographic characteristics of the group it sought to reach, and because the respondent company merely furnished names and addresses in response to these requests, the APC concluded that the only personal information that was collected, used or disclosed was publicly available personal information for which consent was not required. (And, in case you are wondering, allowing people to contact individuals was one of the purposes for which telephone directory information is published – so the “use” by companies of sending out marketing information fell within the scope of the exception).
And thus, by considering each of the pieces of information used in the profile separately, the respondent’s creation of consumer profiles from diffuse information sources fell right through the cracks in Canada’s data protection legislation. This does not bode well for consumer privacy in an age of big data analytics.
The most troubling part of the approach taken by the APC is that which dismisses “assumptions” made about individuals as being merely assumptions and not personal information. Consumer profiling is about attributing characteristics to individuals based on an analysis of their personal information from a variety of sources. It is also about acting on those assumptions once the profile is created. The assumptions may be wrong, the data may be flawed, but the consumer will nonetheless have to bear the effects of that profile. These effects may be as minor as being sent advertising that may or may not match their activities or interests; but they could be as significant as decisions made about entitlements to certain products or services, about what price they should be offered for products or services, or about their desirability as a customer, tenant or employee. If the assumptions are not “actual” personal information, they certainly have the same effect, and should be treated as personal information. Indeed, the law accepts that personal information in the hands of an organization may be incorrect (hence the right to correct personal information), and it accepts that opinions about an individual constitute their personal information, even though the opinions may be unfair.
The treatment of the aggregate geodemographic information is also problematic. On its own, it is safe to say that aggregate geodemographic information is information about neighborhoods and not about individuals. But when someone looks up the names and addresses of the individuals living in an area and matches that information to the average age, income and other data associated with their postal codes, then they have converted that information into personal information. As with the ethnicity and gender assumptions, the age, income, and other assumptions may be close or they may be way off base. Either way, they become part of a profile of an individual that will be used to make decisions about that person. Leslie O’Keefe may not be Irish, he may not be a woman, and he may not make $100,000 a year – but if he is profiled in this way for marketing or other purposes, it is not clear why he should have no recourse under data protection laws.
Of course, the challenged faced by the APC in this case was how to manage the ‘balance’ set out in s. 3 of PIPEDA between the privacy interests of individuals and the commercial need to collect, use and disclose personal information. In this case, to find that consent – that cornerstone of data protection laws – was required for the use and disclosure of manufactured personal information, would be to hamstring an industry built on the sale of manufactured personal information. As the use – and the sophistication – of big data and big data analytics advances, organizations will continue to insist that they cannot function or compete without the use of massive stores of personal information. If this case is any indication, decision makers will be asked to continue to blur and shrink the edges of key concepts in the legislation, such as “consent” and “personal information”.
The PIPEDA complaint in this case dealt with relatively unsophisticated data used for relatively mundane purposes, and its importance may be too easily overlooked as a result. But how we define personal information and how we interpret data protection legislation will have enormous importance as to role of big data analytics in our lives continues to grow. Both this decision and the one discussed last week offer some insights into how Canada’s data protection laws might be interpreted or applied – and they raise red flags about the extent to which these laws are adequately suited to protecting privacy in the big data era.
Monday, 02 March 2015 08:58
A long past and largely forgotten ‘finding’* from the Office of the Privacy Commissioner of Canada offers important insights into the challenges that big data and big data analytics will pose for the protection of Canadians’ privacy and consumer rights.
13 years ago, former Privacy Commissioner George Radwanski issued his findings on a complaint that had been brought against a bank. The complainant had alleged that the bank had wrongfully denied her access to her personal information. The requirement to provide access is found in the Personal Information Protection and Electronic Documents Act (PIPEDA). The right of access also comes with a right to demand the correction of any errors in the personal information in the hands of the organization. This right is fundamentally important, not just to privacy. Without access to the personal information being used to inform decision-making, consumers have very little recourse of any kind against adverse or flawed decision-making.
The complainant in this case had applied for and been issued a credit card by the bank. What she sought was access to the credit score that had been used to determine her entitlement to the card. The bank had relied upon two credit scores in reaching its decision. The first was the type produced by a credit reporting agency – in this case, Equifax. The second was an internal score generated by the bank using its own data and algorithm. The bank was prepared to release the former to the complainant, but refused to give her access to the latter. The essence of the complaint, therefore, was whether the bank had breached its obligations under PIPEDA to give her access to the personal information it held about her.
The Privacy Commissioner’s views on the interpretation and application of the statute in this case are worth revisiting 13 years later as big data analytics now fuel so much decision-making regarding consumers and their entitlement to or eligibility for a broad range of products and services. Credit reporting agencies are heavily regulated to ensure that decisions about credit-worthiness are made fairly and equitably, and to ensure that individuals have clear rights to access and to correct information in their files. For example, credit reporting legislation may limit the types of information and the data sources that may be used by credit reporting agencies in arriving at their credit scores. But big data analytics are now increasingly relied upon by all manner of organizations that are not regulated in the same way as credit-reporting agencies. These analytics are used to make decisions of similar importance to consumers – including decisions about credit-worthiness. There are few limits on the data that is used to fuel these analytics, nor is there much transparency in the process.
In this case, the bank justified its refusal to disclose its internal credit score on two main grounds. First, it argued that this information was not “personal information” within the meaning of PIPEDA because it was ‘created’ internally and not collected from the consumer or any other sources. The bank argued that this meant that it did not have to provide access, and that in any event, the right of access was linked to the right to request correction. The nature of the information – which was generated based upon a proprietary algorithm – was such that was not “facts” that could be open to correction.
The argument that generated information is not personal information is a dangerous one, as it could lead to a total failure of accountability under data protection laws. The Commissioner rejected this argument. In his view, it did not matter whether the information was generated or collected; nor did it matter whether it was subject to correction or not. The information was personal information because it related to the individual. He noted that “opinions” about an individual were still considered to be personal information, even though they are not subject to correction. This view of ‘opinions’ is consistent with subsequent findings and decisions under PIPEDA and comparable Canadian data protection laws. Thus, in the view of the Commissioner, the bank’s internally generated credit score was the complainant’s personal information and was subject to PIPEDA.
The bank’s second argument was more successful, and is problematic for consumers. The bank argued that releasing the credit score to the complainant would reveal confidential commercial information. Under s. 9(3)(b) of PIPEDA, an organization is not required to release personal information in such circumstances. The bank was not arguing so much that the complainant’s score itself was confidential commercial information; rather, what was confidential were the algorithms used to arrive at the score. The bank argued that these algorithms could be reverse-engineered from a relatively small sample of credit scores. Thus, a finding that such credit scores must be released to individuals would leave the bank open to the hypothetical situation where a rival might organize or pay 20 or so individuals to seek access to their internally generated credit scores in the hands of the bank, and that set of scores could then be used to arrive at the confidential algorithms. The Commissioner referred this issue to an expert on algorithms and concluded that “although an exact determination of a credit-scoring model was difficult and highly unlikely, access to customized credit scores would definitely make it easier to approximate a bank’s model.”
The Commissioner noted that under s. 9(3)(b) there has to be some level of certainty that the disclosure of personal information will reveal confidential commercial information before disclosure can be refused. In this case, the Commissioner indicated that he had “some difficulty believing that either competitors or rings of algorithmically expert fraud artists would go to the lengths involved.” He went on to say that “[t]he spectre of the banks falling under systematic assault from teams of loan-hungry mathematicians is simply not one I find particularly persuasive.” Notwithstanding this, he ruled in favour of the bank. He noted that other banks shared the same view as the respondent bank, and that competition in the banking industry was high. Since he had found it was technically possible to reverse-engineer the algorithm, he was of the view that he had to find that the release of the credit score would reveal confidential commercial information. He was satisfied with the evidence the bank supplied to demonstrate how closely guarded the credit-scoring algorithm was. He noted that in the UK and Australia, relatively new guidelines required organizations to provide only general information regarding why credit was denied.
The lack of transparency of algorithms used in the big data environment becomes increasingly problematic the more such algorithms are used. Big data analytics can be used to determine credit-worthiness – and such these determinations are made not just by banks but by all manner of companies that extend consumer credit through loans, don’t-pay-for-a-year deals, purchase-by-installment, store credit cards, and so on. They can also be used to determine who is entitled to special offers or promotions, for price discrimination (where some customers are offered better prices for the same products or services), and in a wide range of other contexts. Analytics may also be used by prospective employers, landlords or others whose decisions may have important impacts on people’s lives. Without algorithmic transparency, it might be impossible to know whether the assumptions, weightings or scoring factors are biased, influenced by sexism or racism (or other discriminatory considerations), or simply flawed.
There may be some comfort to be had that in this case the Commissioner was allowed to have access to the scoring model used. He stated that he found it innocuous – although it is not clear what kind of scrutiny he gave it. After all, his mandate extended only to decisions relating to the management of personal information, and did not extend to issues of discrimination. It is also worth noting that the Commissioner seems to suggest that each case must be decided on its own facts, and that what the complainant stood to gain and the respondent stood to lose were relevant considerations. In this case, the complainant had not been denied credit, so in the Commissioner’s view there was little benefit to her in the release of the information to be weighed against the potential harm to the bank. Nevertheless, the decision raises a red flag around transparency in the big data context.
In the next week or so I will be posting a ‘Back to the Future II’ account of another, not quite so old, PIPEDA finding that is also significant in the big data era. Disturbingly, this decision eats away at Commissioner Radwanski’s conclusion on the issue of “personal information” as it relates to generated or inferred information about individuals. Stay tuned!
* Because the Privacy Commissioner of Canada has no order-making powers, he can only issue “findings” in response to complaints filed with the office. The ‘findings’ are essentially opinions as to how the act applies in the circumstances of the complaint. If the complaint is considered well-founded, the Commissioner can also make recommendations as to how the organization should correct these practices. For binding orders or compensation the complainant must first go through the complaints process and then take the matter to the Federal Court. Few complainants do so. Thus, while findings are non-binding and set no precedent, they do provide some insight into how the Commissioner would interpret and apply the legislation.
Monday, 23 February 2015 08:39
In a paper that I have just published in the Fordham Urban Law Journal, I consider the evolution of intellectual property (IP) claims in relation to three specific categories of data that have been of interest to transit users: route maps, static transit data, and real-time GPS data. This data is generated by municipal transit authorities in the course of their operations. Increasingly, it has been sought as open data by developers keen to make use of this data in a very broad range of apps. It is also of interest to corporations that seek to add value to their products and services.
Route maps are a very basic form of transit data – they represent, in graphic form, the general location and ordering of transit stops within a given transit system. Static transit data is essentially schedule or timetable data. It is referred to as “static” because it is not subject to rapid change, although timetable data does change seasonally, as well as in response to growth or development in a given transit system. Real-time transit data is generated and communicated in real time. Typically it is gathered from GPS units that are installed on transit vehicles.
These three categories of data have all been the focus of IP disputes involving different actors and differing motivations. Because the categories of data also reflect an evolution of the types of available data, the technologies for accessing and using that data, and the growing complexity and value of the data, they offer an interesting window into the evolution of IP claims in this area. More specifically, they allow IP law to be considered not so much as the focus of inquiry (i.e. whether there is copyright in transit data), but rather in relation to its role within an emerging and evolving community of practice shaped by changing technology.
The claim to IP rights in something (a bus timetable, for example) is based upon an understanding that such rights may exist and are supported by statute and case law. However, in my research I was interested not just in law in this strict sense (i.e: can one have copyright in a bus timetable), but rather in law as it was experienced. What I found was that actual law was surprisingly irrelevant to many of the claims being asserted in the transit data context. Being in a position to make a claim to IP rights was in many ways more important than actually having a good claim.
Disputes over transit data have evolved along with the data. Early claims of copyright infringement were levelled by transit authorities against developers who adapted transit maps for viewing on the iPod. Similarly, copyright infringement claims were brought against app developers who used static transit data to develop timetable apps for emerging smartphone technology. Compounding the impact of these claims, notice and takedown provisions in U.S. copyright law gave putative rights holders a tool to remove apps from circulation based on copyright claims, regardless of their merits. Similar conflicts arose in relation to real-time GPS data. With real-time GPS data, another level was added – so-called patent trolls in Canada and the US pursued municipalities and app developers alike for the use of allegedly patented code useful in the communication of real-time GPS data.
In spite of a proliferation of IP claims, the municipal transit data context is one in which there is virtually no litigation. Instead, there are simply claims to rights invoked in cease and desist letters, as well as responses to those letters and public reaction to those claims. In the rare instances of formalized legal proceedings, disputes typically settle before going to court. As well, because disputes over municipal transit data tend to focus on claims to rights in data or data-based products, the claims are fundamentally both weak and contingent. They are weak because there can be no copyright in facts, and because the copyright in compilations of facts is notoriously “thin”. They are contingent because the only way to resolve the issue of whether any given compilation of facts is protected by copyright is to litigate the matter. In a context where the potential defendants cannot afford, or have no incentive, to litigate, it is the claim that matters far more than its merits.
Claims to intellectual property rights also underlie the contracts and licenses that are used to manage interactions in this area as well. They are used to arrive at ‘consensual’ solutions regarding the use of IP. In this sense, the licenses acknowledge and reinforce rights claims, creating, perhaps, a communal acquiescence to the claims. An open data licence involves a government granting a licence to use its data without need for permission or compensation; such a licence is premised upon the existence of IP rights. A party who agrees to such a licence before using the data tacitly accepts this IP claim.
In addition to the points of conflict discussed above, copyright law has been fundamental to the many open licences developed in conjunction with open transit data, and as such it has shaped other consensual relationships between actors in this field. As open data licences began to proliferate, issues around legal interoperability came to the fore, along with issues regarding the use of proprietary, as opposed to open, standards for transit data. These issues are not ones which attract litigation; for the most part they are matters of trial and error, negotiation and compromise. They reflect ongoing interaction and relationships between transit authorities, developers, private sector corporations and civil society groups. In my paper, I look at how community consensuses about law can emerge even in the absence of a specific legal text or case law. I examine how law is used by different actors to achieve certain ends, and what those ends are.
In the case of municipal transit data, the emerging and evolving open data movement began to have an impact on government practices with arguments around greater efficiency, lower cost, better citizen engagement, and so on. It drew upon the experience and rhetoric of the open source movement, as well as on the norms and practices of the software development community. These developments eventually led, in some key cases, to a shift in how (still very weak) IP rights were managed by municipalities and transit authorities. This in turn engaged new legal issues around open licenses. As open transit data evolved, so too did the number and nature of the actors with an interest in this area. IP rights become entangled not just in the transit data itself, but also in the technologies used to generate the data. IP became a matter of contention or consideration between a range of actors, both private and public sector.
My full paper, complete with references can be found here.
Wednesday, 18 February 2015 08:29
I am just back from the inaugural conference of the newly formed Citizen Science Association. If there were any doubt about the explosion of interest in citizen science, this conference, with its packed agenda and 600 registered attendees would lay it to rest.
Citizen science is a term whose definitional boundaries are constantly being expanded. It is sometimes also called public participatory scientific research, and broadly interpreted it could reach so far as to include open innovation. Like many other forms of collaborative and co-creative engagement, citizen science involves harnessing the labour or ingenuity of the crowd with a view to advancing scientific knowledge. Iconic citizen science projects range from eBird (involving the public in reporting and recording bird sightings), GalaxyZoo (engaging the public in classifying distant galaxies) and Nature’s Notebook (which asks the public to help track seasonal changes). Citizen science projects also stray into the biomedical realm and can cross commercial/non-commercial lines. PatientsLikeMe offers a forum for individuals to share information about their illnesses or medical conditions with researchers and with others with the same affliction. 23andMe provides individuals with information about their DNA (which participants contribute), and SNPedia provides individuals with resources to help them in interpreting their own DNA. But in addition to these more well-known projects, are thousands of others, on large and small scales across a range of scientific fields, and engaging different sectors of the public in a very broad range of activities and for a similarly broad spectrum of objectives.
My own interest in citizen science relates to the legal and ethical issues it raises. Not surprisingly, there are significant privacy issues that may be raised by various citizen science projects – and not just those in the biomedical sphere. There may also be interesting liability issues – what responsibility is engaged by researchers who invite volunteers to hike treacherous mountain trails to find and record data about elusive plant or animal species? Currently, my work is on intellectual property issues. Timed to coincide with the inaugural CitSci 2015 conference was the release of a paper I co-authored with Haewon Chung on intellectual property issues as between researchers and participants in citizen science. This paper was commissioned by the Woodrow Wilson Center for International Scholars Commons Lab, and we are continuing to expand our work in this area with the support of the Wilson Center.
Our paper invites participants and researchers to think about intellectual property in the context of citizen science, in large part because IP issues are so fundamental to the ability of researchers, participants, and downstream users to ultimately access, use and/or disseminate research results. Relationships between researchers and participants are not the only ones of importance in citizen science – we will expand beyond these in our future work. But these relationships are nonetheless fundamentally important in citizen science. To the extent that intellectual property law is about both the relationship of authors to their works and about the relationship of authors and others in relation to those works, these issues should be part of the design of citizen science projects.
Our paper, which is meant primarily for an audience of citizen science participants and researchers, develops a typology of citizen science projects from an IP point of view. We group citizen science projects into 4 broad categories defined by the type of contribution expected of participants. In some cases the nature and degree of participation makes it unlikely that participants will have any IP claims in their contributions to the project; in other cases, participants are regularly invited to contribute materials in which they may hold rights. We suggest that researchers think about these issues before launching their project with a view to avoiding complications later on, when they try to publish their research, decide to make their data fully open online, or make other dissemination plans. In some cases, the level of involvement of participants in problem-solving or data manipulation may also raise issues about their contribution to an invention that the researchers eventually seek to patent.
Identifying the IP issues is a first step – addressing them is also important. There are many different ways (from assignment of right to licensing) in which the IP rights of contributors can be addressed. Some solutions may be more appropriate than others, depending upon the ultimate goals of the project. In choosing a solution, researchers and project designers should think of the big picture: what do they need to do with their research output? Are there ethical obligations to open citizen science data, or to share back with the participant community? Do they have particular commitments to funders or to their institutions? Even if research data is made open, are there reasons to place restrictions on how the data is used by downstream users? These are important issues which have both a legal and an ethical dimension. They are part of our ongoing work in this area.