Tags
access to information
AI
AIDA
AI governance
AI regulation
Ambush Marketing
artificial intelligence
big data
bill c11
Bill c27
copyright
data governance
data protection
data strategy
freedom of expression
Geospatial
geospatial data
intellectual property
Internet
internet law
IP
open courts
open data
open government
personal information
pipeda
Privacy
smart cities
trademarks
transparency
|
Displaying items by tag: Internet
Thursday, 20 November 2014 11:05
New Interactive Map of Censorship in Canada
Today a group of Canadian civil liberties organizations launched an interactive map of Canada which allows users to document and display instances of chilling of free expression in Canada. The Censorship Tracker is sponsored by PEN Canada, the B.C. Civil Liberties Association, the Canadian Civil Liberties Association and Canadian Journalists for Freedom of Expression. Interactive maps offer a great way to visualize information and to situate it in a geographic context. According to a press release issued by the sponsoring organizations, the Censorship Tracker is meant to be “an accessible and reliable resource that Canadians can use to gauge restrictions on free speech in Canada.” The map allows users to view dots reflecting all posted instances of limitations on freedom of expression, or to view instances based upon the type of limitation (suppression of personal correspondence, the banning of books, limits on public protest, and so on). Data can also be filtered based on other criteria such as the source of the threat (government, corporation, media, academic institution, and so on), the method used to limit expression, and the target of the limitation. There is also a filter to allow one to see whether the report of a limitation has been verified. The website allows users to file reports on incidents that can be added to the map. Of course, one person’s free expression is sometimes another person’s crime, and not all reported examples will be what all Canadians unequivocally consider to be unwarranted limits on free expression. Nevertheless, the goal of the map is both to assist the organizations in responding to threats to freedom of expression by allowing for broad-based, crowd-sourced data collection, and to allow Canadians to access and visualize reported instances.
Published in
Geospatial Data/Digital Cartography
Wednesday, 03 September 2014 09:01
Extraterritorial Jurisdiction in an Age of Globalization
I’m pleased to say that after many years of hard work, my co-authored book with Stephen Coughlan, Robert Currie and Hugh Kindred has just been published by Irwin Law. The book, titled Law Beyond Borders: Extraterritorial Jurisdiction in an Age of Globalization, explores the reach of law beyond state borders from a Canadian perspective. We examine the scope of the legal and practical power of Canada to assert (and to respond to) foreign assertions of extraterritorial jurisdiction. We also develop an analytical framework to guide both law and policy makers faced with the issue of whether to act extraterritorially. Our book begins with a consideration of the twin forces of globalization and technological change, and the way in which both forces have led to a significant increase in the number of instances in which states may feel the need to act extraterritorially. We also consider how these forces have also undermined the Westphalian notion of exclusive territorial sovereignty. We then review the status quo regarding state jurisdiction both in Canada and internationally, before articulating an important distinction between extraterritoriality, and extended territoriality. Particular consideration is given in this respect to the context of the Internet. The book then poses the question as to when it is appropriate for a state to act extraterritorially. Seven case studies are offered, including the application of human rights law, accountability for human rights abuses, transnational data protection, international terrorism, child sex tourism, internet gambling, and virtual worlds. The book concludes with an articulation of our analytical framework.
Published in
Extraterritoriality
Tuesday, 11 February 2014 07:49
Statutory Damages for Copyright Infringement: Recent Damage Award Leaves Unanswered Questions
In December 2013, Justice Campbell of the Federal Court of Canada awarded 10 million dollars in statutory damages to Twentieth Century Fox Film Corporation against Nicholas Hernandez and two unknown defendants. The court also awarded an additional half a million dollars in punitive damages. The decision was reached by default judgment, which means that the defendants did not respond to the lawsuit. Statutory damages for copyright infringement have been available under Canada’s Copyright Act since 1997. Essentially, a plaintiff in a copyright infringement suit has the option to choose to receive statutory damages rather than to establish the actual quantum of damages suffered. For infringement with a commercial purpose, statutory damages range from a minimum of $500 to a maximum of $20,000 for all of the infringements related to a given work. A plaintiff might choose statutory damages when the amount of their loss is either very small or is difficult to quantify. Statutory damages are of particular benefit to large corporate rights holders whose works are downloaded in large quantities from the internet, and who might otherwise face difficult challenges in proving actual losses. Among other things, statutory damages provisions in the U.S. have made it worthwhile for record companies to sue individuals for music downloading. Where a defendant has downloaded 1000 songs, for example, the per-work damage awards would quickly add up to a significant total, making the lawsuit not simply about the recovery of damages (which may greatly exceed the benefit obtained by the defendant) but also about punishment and arguably deterrence. In Canada, the 2012 amendments to the Copyright Act have made these kinds of lawsuits more difficult in cases where the defendants have copied works for purely private purposes. In such cases, the amount of statutory damages is considerably reduced and such damages are awarded not per work, but rather for all infringements and for all works in any given proceeding. In Twentieth Century Fox v. Hernandez,* the defendants were alleged to have operated two websites that made unauthorized copies of episodes of both The Simpsons and Family Guy available for free download or streaming. These activities were not of a purely private nature – the copies were made with a view to disseminating them further, and there was evidence that the defendants profited from their venture. The Court did not provide a detailed accounting of how it arrived at the statutory damages award of $10,000,000. For example, it did not identify how many episodes of the two television series were made available for download. As a result, it was not clear whether Justice Campbell was awarding damages at the low or high end of the scale – or somewhere in between. Since no amount per work is actually specified (nor is the number of works provided) it is no surprise that there is also no explanation of the rationale for the per-work amount. These details would seem to be important in shaping the jurisprudence in relation to these types of awards. Further, according to Justice Campbell, the award of statutory damages alone was not sufficient “to achieve the goal of punishment and deterrence of the offense of copyright infringement in this case”. For this reason, the additional half million dollars in punitive damages was awarded. Without any indication of the number of works at issue or the per work amount of damages, it is also difficult to assess the appropriateness of the award of punitive damages. Given that the defendants did not defend themselves in the proceedings, it is not likely they will file an appeal; however, the low likelihood of an appeal is not an excuse for not providing full reasons to explain the award of damages. [Note that there are approximately collectively about 750 episodes of the two shows. If all episodes were made available from the websites, then the damage award would be just over $13,000 per episode – on the high end, but not at the top of the scale.] Mistrale Goudreau and Joao Velloso have written an interesting article on statutory damages in the recently published book Intellectual Property Law for the 21st Century: Interdisciplinary Approaches. In their piece, titled “Punishment Private Style: Statutory Damages in Canadian Copyright Law”, Goudreau and Velloso argue that punitive and statutory damages are used by courts to penalize copyright infringement – as is evident in the Hernandez case. The authors argue that the result is a form of punishment for infringing activity that lacks the procedural safeguards that are normally present in criminal prosecutions. While the authors’ focus is more on the use of statutory damages in non-commercial contexts, they offer some thoughtful – and critical – insights into the role of statutory damages within our copyright regime. * Note that the court decision discussed in this blog is not available from the Federal Court’s website. This link is to a private website that has made the decision publicly available.
Published in
Copyright Law
Monday, 03 February 2014 14:02
Canada’s Progress on Open Government: OGP Report Open for Comments
The goals of the open government movement – which has spread rapidly around the world in the last five years – are to increase government transparency and accountability, to engage citizens and increase their participation in government, and to improve governance. This is to be done primarily through enhanced access to government information and improved methods of citizen-government interaction. Open government includes three main streams: open access, open data, and open participation. The open data stream also carries with it the goal to stimulate innovation and economic development by making government data available in reusable and interoperable formats and under open licences. Canada signed on to the Open Government Partnership in 2011. In doing so, it committed to taking a number of steps, including developing an Action Plan for open government that would set out specific goals and commitments. The OGP also requires governments to report on their progress, and provides independent review of each government’s updates. Canada’s Action Plan for Open Government set out a series of commitments spread over a 3 year period. It was published in 2012 and Canada submitted its first self-assessment report to the OGP in 2013. This progress report has been the subject of an independent review by the OGP, through its independent reporting mechanism, and a copy of this review is now available for public comment. The independent review confirms that the Canadian government has made significant progress on a number of the commitments it set out in its Action Plan, and that many of these commitments are either on target or ahead of schedule. Some of these achievements are considered to be “clearly relevant” to the values of the OGP and of potentially high impact. These include the completion and launch of a new Open Government Licence (commented on in an earlier blog post), measures taken under the International Aid Transparency Initiative, the online publication of resource management data, and the electronic publication by federal regulators of regulatory plans. The review, carried out by Carleton University Professor Mary Francoli, does note, however, that a number of the government’s other commitments are less ambitious and less directly relevant to the goals of the OGP. This does not mean that they are not worth doing, just that they are less impactful. One issue, therefore, would seem to be whether the government’s plan has struck the right balance between ambitious and significant goals and low hanging fruit. A further concern is that the broad commitment to open government has been channelled primarily into developments around open data. While open data is important, and while developments in this area have been meaningful, open access and open participation are crucial components of open government and are essential to realizing its objectives. Indeed, one of the recommendations in the review document relates to the need for the government to broaden its focus so as to give more attention to open access and participation. Through her consultation with stakeholders and other organizations, Francoli identifies a broad range of concerns over how the federal government communicates with citizens, and how it compiles, shares and archives information. The review is particularly critical of the government’s tepid improvements to access to information in Canada, and it suggests that nothing short of legislative reform will deliver necessary improvements. The review also indicates that there have been shortcomings in citizen and stakeholder engagement and participation in the development of the goals and priorities of open government. The review also makes recommendations regarding improved information flows, the need to ensure that data is released in useable formats and with appropriate metadata, and the need to expand integrity commitments. While the review notes that open government has a strong champion at the federal level in the Treasury Board Secretariat President Tony Clement, it also identifies a need for broader support within the government. A copy of the report and information on how to provide comments and feedback on it are available here.
Published in
Geospatial Data/Digital Cartography
Friday, 31 January 2014 09:46
Announcing a New Book on Interdisciplinary Approaches to IP Law
A terrific collection of papers that I had the pleasure of editing along with Mistrale Goudreau, Courtney Doagoo and Madelaine Saginur, titled Intellectual Property Law for the 21st Century: Interdisciplinary Approaches, has just been published by Irwin Law. The book is available for sale from Irwin as an eBook or in paperback format. It is also published under a Creative Commons Licence, and individual chapters can be downloaded here. This book flows from a workshop we hosted at the University of Ottawa. Our goal was to bring together Canadian academics interested in interdisciplinary approaches to IP law. Participants were from many different disciplines, including law, English, cultural studies, music, library and information studies, criminology, political science, and sports management. The papers cover a broad range of IP subject matter, including copyright, trademark and patent law, as well as laws restricting ambush marketing, and personality rights. The collection of papers pushes us to think about the importance of interdisciplinary perspectives and approaches in a context where intellectual property law is no longer simply a matter of commercial relationships, but also trenches deeply on issues of economics, culture, health, innovation, creativity, and intellectual freedom. Some of the papers use insights from other disciplines to examine how the law should be interpreted and applied (in the context of copyright infringement analysis in music or film, for example), others bring to bear the theories of methodologies of other disciplines to elucidate the historical evolution of certain IP rights, or the political discourse surrounding IP law and its reform. There is truly an immense breadth of content here, from a discussion of evidentiary problems in business method patent litigation to the impact of commercialization approaches to scientific research on academic scientists. Check out the table of contents to get a sense of the full range of topics.
Published in
Copyright Law
Wednesday, 19 June 2013 12:48
Google Glass and the Privacy Gap
Canada’s Privacy Commissioner, Jennifer Stoddart, along a number of her international counterparts and the commissioners of B.C., Quebec and Alberta have issued a joint letter written to the CEO of Google raising concerns about privacy in relation to Google Glass. This product, still at the beta stage, consists of a kind of interactive mobile computer worn as eyeglasses. Among other things, the glasses have the capacity to record audio and video data, and will be able to run all manner of third party applications. The Commissioners are justifiably concerned about a product that once launched might raise a host of new and troubling privacy issues. In the letter they call on Google to enter into a dialogue with data protection commissioners with a view to ensuring that the design of the product and of its applications respects privacy values. What is interesting in this letter is the frank admission by the commissioners of their own precarious jurisdiction when it comes to this technology. While there is no doubt that Google Glass poses significant privacy risks, they are not necessarily ones which would fall within the scope of private sector data protection laws in Canada. These laws generally apply to organizations that collect, use and disclose personal information in the course of commercial activity. Certainly, some of the concerns raised in the letter fall within the scope of these laws. For example, the Commissioners demand to know what information Google might itself collect via Glass when it is in use by individuals. They also seek to know what information will be shared with third parties, including the developers of apps for this product. These are clearly questions that fall within the scope of data protection legislation, as Google is clearly an organization that collects, uses and discloses personal information in the course of commercial activity. However, Glass will also have privacy implications as between the wearers of the technology and those persons who may fall within the field of view of the user. The Commissioners specifically address the use of this product to surreptitiously film or record individuals. This is a serious privacy concern. It is one that is already raised by the recording capacity of smartphones and tablets; the particular concern with Glass is that it will be possible to be even more surreptitious in making such recordings. Yet the privacy issues raised by this type of activity are not ones to which private sector data protection legislation would apply. For example, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) specifically does not apply to “any individual in respect of personal information that the individual collects, uses or discloses for personal or domestic purposes and does not collect, use or disclose for any other purpose.” The scope of this exception is potentially very broad; the law would not apply, for example, to recordings made by individuals and posted to their Facebook accounts or to YouTube. The Commissioners, of course, are well aware of this gap in their powers. In their letter they explicitly acknowledge it: “We are aware that these questions relate to issues that fall squarely within our purview as data protection commissioners, as well as to other broader, ethical issues that arise from wearable computing.” Nevertheless, they use the opportunity presented by the privacy issues within their mandates to raise the “broader ethical issues”. This gap in jurisdiction over privacy is of growing importance. Where once high powered technologies of surveillance were only affordable by professionals, low cost, high powered technology is increasingly moving into the hands of ordinary individuals. In addition, the ability to disseminate audio and video recordings to a global audience – also something that was once only within the powers of established private sector corporations – is now something that can be done by any individual with an internet connection. As the corporate intermediaries become obsolete, so too do data protection laws that are framed exclusively around private sector actors engaged in commercial activity. The appropriate legislative response is not clear; legislated limits on how individuals can interact with and communicate information about themselves and their experiences would raise significant freedom of expression issues. The data commissioners’ letter to Google is thus most interesting. Acknowledging both the limits of their powers and the enormous gap in the protection of the public in a rapidly changing information technology environment, they have chosen to publicly raise both privacy and ethical issues with Google. Law- and policy-makers should be watching and should be thinking about how this gap should be filled.
Published in
Privacy
Tuesday, 18 June 2013 09:54
Canada’s Open Government Licence V2.0 Is Released
With little fanfare, the Canadian government has released its much awaited, newly revised Open Government Licence. The previous version that had been available on its Open Data site was a beta version on which public comments were invited. The government has also published its Open Government Licence Consultation Report, which summarizes and discusses the comments received during the consultation process. The revised version of the licence is an improvement over its predecessor. Gone is the claim to database rights which do not exist in Canada. (These rights do exist in the UK, the Open Government Licence of which was a template for the Canadian licence). The new licence also discards the UK term “personal data” and replaces it with “personal information”, and it gives this term the meaning ascribed under the federal Privacy Act. The language used in the licence has been further simplified, making it even more accessible. It should be noted that Alberta’s new open government licence – released as part of the launch of its open government portal earlier this year – is very similar to V2.0 of the federal government licence. There are some minor formatting differences, and a few changes in wording, most of which can be explained by the different jurisdiction (for example, the definition of “personal information” refers to Alberta’s Freedom of Information and Protection of Privacy Act). The similarities between the two licences are no coincidence. Although the Alberta licence was made public prior to the release of the federal government’s V2.0, work has been going on behind the scenes to move towards some form of federal/provincial consensus on the wording of open government licences with a view to ensuring that there is legal interoperability between data sets released by different governments in Canada. The efforts to reduce barriers to interoperability (whether legal or technical) are important to the ability of Canadians to work with and to integrate different data sets in new and innovative ways. Thus not only is the COGL V2.0 to be welcomed, so are the signs that cooperation and coordination may lead to a greater legal interoperability of open government licences across Canada.
Published in
Geospatial Data/Digital Cartography
Tuesday, 11 June 2013 13:19
Canadians Should Not Be Complacent About Warrantless Access to their Personal Information
The US government is in damage control mode after it was leaked to the press this week that it had established a massive surveillance program under which it obtained comprehensive communications data from telecommunications and technology companies. Privacy advocates have decried this secret and massive data mining exercise. Canadians should not sit back complacently to watch this unfolding spectacle south of the border. It was only last year that our own government tried to introduce legislation that would have provided for the building of the physical and legal infrastructure for substantially increased Internet surveillance. Although Bill C-30 was ultimately defeated, there are nonetheless other laws already on the books that leave Canadians vulnerable to unwarranted and invisible surveillance. For years privacy advocates in Canada have been warning of legal provisions that allow police and national security agencies to seek personal information from private sector companies, and that allow these companies to hand over this information without a court order and with no accountability. The first of these provisions is s. 7(3)(c.1) of the Personal Information Protection and Electronic Documents Act, which provides that an organization “may disclose personal information without the knowledge or consent of the individual” where the disclosure is made to a government actor that has made a request for the information, and has indicated that the information may be related to national security issues, may be relevant to an investigation related to the enforcement of any law, or is sought for the purpose of “administering” any federal or provincial law. The second provision is s. 487.014 of the Criminal Code, which provides that no court order is required for a law enforcement official “to ask a person to voluntarily provide to the officer documents, data or information that the person is not prohibited by law from disclosing.” In other words, as long as no other law prohibits such a disclosure, the information may simply be handed over. Both PIPEDA and the Criminal Code permit private sector companies in Canada to voluntarily disclose the personal information of their customers to police officers or national security officials without the knowledge or consent of the individuals in question, and without an order from a judge. Companies may still refuse to make such disclosures without being ordered to do so by a court, and while some do in some circumstances, plenty of others do not. According to the federal Privacy Commissioner, “We have no way of knowing for certain the number, scale, frequency of, or reasons for, such disclosures although we understand that they are substantial.”(The Case for Reforming the Personal Information Protection and Electronic Documents Act at p. 13). Nothing obliges companies to disclose to the public how many requests for information they receive or with how many they have voluntarily complied. Similarly, nothing obliges public authorities to disclose how many requests they make, to what companies, or for what types of information. Given the vast amounts of personal information of increasingly fine detail that private sector companies collect about all of us, this should be a matter of some concern. Telecommunications companies can match our personal information to IP addresses, which in turn can be linked to all of our online activities. Telecommunications companies also have rich stores of data regarding our calling activities; in the case of smart phones, this information may also include fine-grained location information. Other companies gather our location information, as well as information about our purchases, transactions, conversations, friends, associates and activities. These vast stores of information in the private sector may be simply a request away from disclosure to authorities – and we may never know just how much information is being shared or in what circumstances. In response to this highly troubling set of circumstances, the federal Privacy Commissioner, Jennifer Stoddart, recently called for reforms to PIPEDA that would impose some level of accountability where public authorities access information in this manner. In a document titled The Case for Reforming the Personal Information Protection and Electronic Documents Act the Commissioner recommended that the law be amended to require private sector organizations “to publicly report on the number of disclosures they make to law enforcement under paragraph 7(3)(c.1), without knowledge or consent, and without judicial warrant, in order to shed light on the frequency and use of this extraordinary exception.” This call for greater transparency in determining just how often the personal information of Canadians is disclosed to government authorities without the knowledge or consent of the individual and without judicial authorization is well-timed. As disturbing as the news of the US surveillance program is, we should not lose sight of the fact that there are vast personal information resources that sit within easy reach of our own government and its officials – and that there are laws currently on the books that facilitate easy and virtually traceless access to it.
Published in
Privacy
Friday, 24 May 2013 08:45
Privacy Commissioner Calls for PIPEDA Reform
In case there was any doubt, the Office of the Privacy Commissioner of Canada (OPC) produced a report this week that confirms that Canada’s private sector data protection legislation is simply not up to the task of adequately protecting the personal information of Canadians. The report is aptly titled: The Case for Reforming the Personal Information Protection and Electronic Documents Act. The introduction to this report makes plain the frustration of those charged with administering the Personal Information Protection and Electronic Documents Act (PIPEDA). Enacted with much fanfare in 2001, this statute contains a provision that requires that it be reviewed every 5 years to ensure that it remains adequate for the task of protecting the personal information of Canadians in commercial contexts. As the introduction to the Report notes, the first 5 year review ended with a Bill to amend the statute – this Bill died on the order paper and in spite of attempts to resuscitate it, it has never been passed. The second 5 year review has simply stalled. In the meantime, as the report notes, the personal data landscape has been dramatically transformed with the rise of social networking, mobile communications, increased cross-border data collection and sharing, and the growing use of personal information for the profiling and targeting of consumers PIPEDA is a fairly tentative piece of legislation, giving only ombudsperson powers to the Privacy Commissioner, and favouring an approach that encourages compliance rather than mandating it. This new report issued by the Office of the Privacy Commissioner (OPC) makes it clear that this approach is no longer effective nor is it appropriate to the current data protection context. The Report notes that comparable jurisdictions have moved towards giving data commissioners more powers of enforcement, including order-making powers and the ability to impose fines or other administrative penalties on companies that play fast and loose with personal information. PIPEDA even lags behind the laws of those few provinces that have their own private sector data protection statutes: Commissioners in Quebec, B.C. and Alberta have order making powers, and Alberta also has mandatory data breach notification requirements. The report observes that not only is the toothless PIPEDA a difficult tool to use to gain compliance from large web-based collectors of personal information that are based outside of Canada, it also relies too heavily upon the willingness of domestic companies to take the Commissioner’s findings or audit reports seriously. The OPC report identifies four pressure points based on their 12 years of experience with the legislation, and makes four recommendations for legislative reform to address each of these. The first pressure point is enforcement. The report explains how the lack of enforcement powers has hindered the ability of the OPC to address data protection issues. It notes, for example, that there is “nothing in the law that provides enough incentive for organizations to invest in privacy in significant ways.” (at p. 6). It notes as well that even when complaints lead to investigation and recommendations, companies may renege on agreements to change practices because there is nothing to compel them to do so. The report laments that other jurisdictions have taken steps to enhance their enforcement powers while nothing is done in Canada. As a result, the report recommends that stronger enforcement powers be added to the legislation. It identifies as possibilities: adding statutory damages powers to enhance the damages available to complainants who ultimately take their issues to Federal Court; giving the Commissioner order-making powers; and giving the Commissioner the power to impose administrative monetary penalties. Ideally, all three should be added. I note in particular that while statutory damages will improve the individual recourse under the Act, this on its own will not greatly improve compliance under the legislation (see my earlier blog post on individual recourse in privacy cases). The second pressure point identified in the report is the lack of mandatory reporting for data breaches. The Report notes that as things currently stand, organizations who voluntarily report a data breach face negative publicity, while those who cover up breaches are insulated from reproach. A mandatory data breach reporting provision (which is what the report recommends) would ensure that Canadians are made aware of data breaches, would give Canadians a much clearer picture of the state of personal data security, and would create strong incentives for organizations to improve their privacy practices. The third pressure point identified is an interesting and important one. PIPEDA contains a provision which allows organizations to voluntarily share personal information with police or other authorities without the consent of the individuals to whom the information relates. Given the increasingly high volumes of personal data in the hands of private sector actors, and the fine grain of detail of much of this information (for example, it may include detailed location information about the movement of individuals over extended periods of time), this should be a matter of great concern. At present there is little or no transparency about the number of requests made by law enforcement for this type of information, nor is there any transparency about the number of times private sector organizations voluntarily share information without insisting upon a warrant. The report’s third recommendation is to require organizations “to publicly report on the number of disclosures they make to law enforcement. . . without knowledge or consent, and without judicial warrant, in order to shed light on the frequency and use of this extraordinary exception.” (at p. 14) The final pressure point identified in the report is that of demonstrating accountability. Although accountability of organizations for compliance with data protection laws is one of the privacy principles set out in PIPEDA, the report notes that the record of accountability of private sector actors is not all it should be. Not only does the OPC expend significant resources on investigations and audits, they are forced to invest additional resources in follow ups to ensure that there has been compliance with their recommendations. The report recommends that the accountability principle in PIPEDA be amended to require organizations to demonstrate, on the request of the OPC, that they are actually compliant with the law. Further, the report recommends that the law provide for “enforceable agreements” – in other words, undertakings by organizations to comply with the legislation that can be enforced by the OPC if compliance is not actually forthcoming. Commissioner Jennifer Stoddart is approaching the end of the second term of her appointment. Her leadership of the OPC has been exemplary; she has taken it from a beleaguered and unstable agency to one that has proven its expertise and effectiveness. It has worked with great effectiveness with federal departments and agencies, it has developed effective strategies for public outreach and education, and it has worked tireless to improve data protection in the private sector. The Commissioner has also maintained a high level of communication and collaboration with other data commissioners in Canada and abroad. In short, she has done as much – perhaps more – than one could expect to address the privacy of Canadians in both the public and private sectors under two neglected and outdated privacy statutes. This report is notable for the frank and direct way it publicly addresses the deficiencies in Canada’s private sector data protection legislation. Since the mandated legislative review process set out in PIPEDA has proven utterly ineffective in doing so, the Commissioner has taken the initiative, addressing Canadians directly to explain in plain and direct terms what the problems are and how they might be fixed. Let us hope that the government is listening.
Published in
Privacy
Monday, 08 April 2013 14:30
Google Mapathon Provokes Police Investigation
Years ago I visited what was then Czechoslovakia shortly after the collapse of communism in Eastern Europe. I remember commenting to a local on the difficulty of navigating the city with the available map. He laughed and remarked that the mapping policy of the government had been that if you were supposed to be somewhere, you knew how to get there. If you didn’t know how to get there, you weren’t supposed to be there. According to him, the official state maps implemented this policy. It was an interesting lesson in mapping as a method of social control. Last week, a story in the Times of India announced that police in India had launched an investigation of Google for a mapathon it organized. The mapathon essentially invited Indians to contribute geographic information to the Google Earth platform with a view to creating richer and better maps of India. The company offered a variety of prizes and incentives to encourage participation. The official Indian mapping agency, the Survey of India filed the complaint with the police, apparently alleging that the mapathon was both illegal and a threat to national security. The case is an interesting one. It is certainly true that many states that are vulnerable to terrorism, seek to control public information about certain locations, facilities and installations as a security measure. Certainly, given recent events, no one would argue that the Indian government’s concerns about terrorism are exaggerated. At the same time, in our digital, interactive world, ordinary citizens walk around with powerful computing, recording and communication devices in their purses and pockets. All manner of easily accessible apps and tools exist to create vast repositories of multimedia information about just about anything. In this context, it seems rather futile to resist participatory mapping projects on security grounds. After all, if ordinary citizens can gather and share sensitive geographical data using their mobile phones, so can terrorists. A major company like Google may well be receptive to genuine security concerns over particular data added to their collaborative maps, and might be persuaded to modify, blur or generalize certain entries. Perhaps the bigger concern in this context is not so much security, as it is the shifting of control over mapmaking from a national mapping organization to a multinational corporation with its headquarters in another country. For countries with a history of oppressive colonization, this may seem like a threatening development. The Survey of India describes its mission in nationalistic terms: “Survey of India bears a special responsibility to ensure that the country's domain is explored and mapped suitably, provide base maps for expeditious and integrated development and ensure that all resources contribute with their full measure to the progress, prosperity and security of our country now and for generations to come.” Maps have always been powerful political and social tools, and there is nothing neutral about how many states have chosen to represent geographic information. The loss of control over one’s national maps to an outside entity may well be experienced as a loss of sovereignty. But of course, sovereignty, in this context also involves the imposition of one story over alternative narratives. Digital technologies and a globalized society open the doors to competing accounts of our physical, social and political spaces – and such accounts are increasingly difficult to control. This conflict between Google and the Survey of India is almost certainly about more than national security, and the outcome of any police investigation may do little to tell us who the winners or losers will ultimately be.
Published in
Geospatial Data/Digital Cartography
|
Electronic Commerce and Internet Law in Canada, 2nd EditionPublished in 2012 by CCH Canadian Ltd. Intellectual Property for the 21st CenturyIntellectual Property Law for the 21st Century: Interdisciplinary Approaches |