May72013

15
Global Technology Law and Policy May 7, 2013 professor michael geist university of ottawa, faculty of law

TAGS:

description

 

Transcript of May72013

Page 1: May72013

Global Technology Law and PolicyMay 7, 2013

professor michael geist

university of ottawa, faculty of law

Page 2: May72013

Canadian Privacy Law- The history – how the EU & OECD helped create

Canadian privacy law

- The basics

- Jurisdictional questions and regulatory cooperation

Page 3: May72013

Privacy Law - The Start - CSA Model Code negotiated in early 1990s as a model

code for privacy

- Quebec only province with private sector privacy law

- EU Data Protection Directive creates pressure

- Canada hosts OECD Ministerial Conference on Electronic Commerce in 1998

Page 4: May72013

Privacy Law - The Basics - Bill introduced in 1998 to coincide with OECD meeting

- Took effect in 2001 (federally regulated orgs), 2004 (everyone else)

- Limited to commercial activity for constitutional reasons

- Shared responsibility with provinces - substantially similar

- Enforced by Privacy Commissioner of Canada in an ombuds+ role

- Complaints driven + audit power

Page 5: May72013

Privacy Law - The Basics Application - Subject matter

• Personally identifiable information only - includes information about employees

• Public domain exception

– Telephone Directory

– Professional or Business Directory

– Registry Collected under Statutory Authority

– Court Record

– Information Appearing in the Media Where the Individual has Provided the Information

• Federal Privacy Act exempt

• Name, Title, Business address or Telephone number of an employee exempt - not email though

Page 6: May72013

Privacy Law - The Basics

10 PRINCIPLES -- 1. Accountability

• organization is accountable for personal information• Includes privacy point person, training staff

2. Identifying Purposes• purpose of collection must be clear• Identify any new purposes• Grandfathering issue

3. Consent• individual has to give consent to collection, use,

disclosure• “meaningful” consent -- will depend upon

circumstances

Page 7: May72013

Privacy Law - The Basics

10 PRINCIPLES (cont.) --

4. Limiting Collection• collect only information required for identified

purpose5. Limiting Use, Disclosure and Retention

• consent required for other purposes• Destroy or anonymize information once no longer

needed

6. Accuracy• keep as accurate as necessary for identified purpose

Page 8: May72013

Privacy Law - The Basics

10 PRINCIPLES (cont.) --

7. Safeguards• protection and security required

8. Openness• policies should be available• Clear language

9. Individual Access– info available upon request, inaccuracies corrected

10. Challenging Compliance – ability to challenge all practices

Page 9: May72013

Privacy Law - The Basics

Compromise statute -- Purpose clause (s.3)The purpose of this Part is to establish... rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would

consider appropriate in the circumstances.

Page 10: May72013

Privacy Law - The Basics - Shared responsibility with provinces

- “Substantial similarity” - Quebec, Alberta, British Columbia, provincial health privacy

- Hundreds of OPC findings

- Statutory review every 5 years

- Last review in 2006 leads to Bill C-12 (first reading)

- Privacy Act - governs public sector privacy law

- No updates since first enacted

- Multiple privacy legislative initiatives

- C-12 (PIPEDA update)

- C-30 (Lawful access)

- Anti-spam legislation

Page 11: May72013

JurisdictionLawson v. Accusearch (2007)– Case originates at U of Ottawa tech law clinic– Investigation into Abika.com, an online personal data

site– Complaint filed with OPC but refuses to issue finding– Federal Court rules can investigate (even if not enforce)

Page 12: May72013

Jurisdiction - Facebook– 2009 investigation based on CIPPIC complaint

• Well founded on numerous issues including account deletion, third party apps

• Follow-up a year later – improvement but new complaints launched

– 2012 – announce results of three new complaints• Friend requests (well founded)• Social plugins (not well founded)• Authentication (not well founded)

Page 13: May72013

Jurisdiction - Google Wifi

• Collection of personal information on open wifi networks from Google Street View vehicle

• Commissioner initiates complaint• Well-founded – Google agrees to several recommendations• One of several investigations worldwide into the practice

Page 14: May72013
Page 15: May72013

Physical Modelling Synthesis Overview

Physical Modelling Synthesis Overview

Oedipus The King: The Ideal Tragic Play

Oedipus The King: The Ideal Tragic Play

xCDC14a

xCDC14a

Who Killed God

Who Killed God

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Bhagavad Gita

Bhagavad Gita

Effective Parenting: Establishing Boundaries

Effective Parenting: Establishing Boundaries

Compressing And Decompressing Folders

Compressing And Decompressing Folders

Rubik's cube solution

Rubik's cube solution

How Computer Monitors Work

How Computer Monitors Work

Tragic Heroes

Tragic Heroes

Improve the Color Quality Of Your Monitor

Improve the Color Quality Of Your Monitor

Life Is Just A Dream - Or Is It?

Life Is Just A Dream - Or Is It?

Explore The Levels of Creation

Explore The Levels of Creation

Acetone Peroxide

Acetone Peroxide

Iron Mills Essay

Iron Mills Essay

Chapter 23

Chapter 23

Jan Van Eyck and the Man In A Red Turban

Jan Van Eyck and the Man In A Red Turban

Plato - Symposium

Plato - Symposium

European Colinization of Latin America

European Colinization of Latin America