Privacy law emerges as latest Canadian export

Geist-48X68.jpgPosted by Michael Geist
The recent Canadian privacy case involving Facebook attracted international attention as the world's leading social networking site agreed to implement a series of changes that will affect 250 million users. While the case is widely viewed as a significant victory for Canadian privacy, my weekly technology law column (Toronto Star version, homepage version) notes the issue might never have been addressed but for a second, little-noticed privacy decision released two weeks later.
In December 2004, the Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa filed a complaint with the Privacy Commissioner of Canada against U.S.-based, an online data broker that collects, uses and discloses the personal information of Canadians (I am an adviser to CIPPIC but was not involved directly in the case). The company offered a wide range of search services on individuals, purporting to dig up everything from past police reports to consumer preferences.
A year later, the Commissioner ruled that she could not investigate the complaint. The company refused to respond to questions and the Commissioner was of the view that there was no mechanism to further pursue the case given jurisdictional limits of Canadian privacy law.
CIPPIC asked the federal court to review the decision. In February 2007, it ruled that the Commissioner was mistaken — the law did not preclude conducting investigations of foreign entities even if subsequent enforcement of a finding might prove difficult.
In light of that ruling, the Commissioner resumed her investigation of, releasing a new finding on July 31, 2009. Working together with the U.S. Federal Trade Commission, the Commissioner determined that "the American company disclosed the personal information of Canadians, without their knowledge or consent, to third parties" in violation of Canadian law.
During the nearly five years that the case was winding its way through the Canadian legal system, CIPPIC filed a separate complaint against Facebook. Once again, the Commissioner spent about a year investigating the issue. Now armed with the decision that conclusively determined that there was no legal barrier to investigating foreign companies on their compliance with Canadian law, the Commissioner conducted a comprehensive investigation of Facebook's privacy practices, identifying several areas in need of change.
Taken together, the two cases provide a powerful response to skeptics who doubted the ability of Canadian privacy law to influence foreign organizations. Click here to read the whole of Michael's post.

Submit a comment

Please leave your name, which will be used to sign your submission to the SCANsite. Thanks for contributing your thoughts. Come back again. Tony Patterson, Editor & CEO.

© 2006 - 2009 SCAN
Site by Citadel Rock