Here’s a copy of a 10 minute prepared address I gave to a client seminar today on CASL readiness. Four practical points to guide your readiness initiative.
Happy New Year!
2013 was a good and busy year for your AAI primary contributor. I’ve paddled a traditional paddleboard for about twelve years now but committed to a dedicated year of competition in 2013, knocking off my first Molokai 2 Oahu crossing with a surprisingly good result and a win (!) against a small but core group of prone paddlers at the Chattajack 31 in Tennessee. I’m over 40 but feel like a kid again and am going to channel my current paddling obsession into another year of competition. If all goes well, I’ll repeat the Molokai 2 Oahu crossing and add a first time result in the famed and highly-competitive Catalina Classic. If you’re in Toronto and prone paddling looks interesting get in touch in the Spring. I’d be glad to loan a board and go for a paddle.
This is all to say that AAI suffered slightly from paddling-, family- and practice-induced anemia in 2013. We posted about 75 entries. They were on the most relevant of content, selected more conservatively than in years past, but this was lower output for a blog that’s now has 825 entries since its birth in the summer of 2007. We’ll aim for more of the same in 2014, thank you for reading and hope you enjoy. We hope you had a nice holiday and are feeling invigorated and ready for a good 2014!
Here is Paul Broad and my summary of today’s remarkable Supreme Court of Canada decision in Alberta (Information and Privacy Commissioner) v United Food and Commercial Workers, Local 401. (The Court struck down Alberta PIPA as violating section 2(b) of the Charter.)
I’m more open in this forum to think openly about the decision, which strikes me as being most characterized by its unrestraint. The Court could have issued a pronouncement clearly confined to the precise labour-relations context before it, but did not. The general questions it raises about how privacy legislation operates may be quite well-founded, but are not helpful. The decision today is likely to cause litigation that – after much time and energy – leads to necessary clarification and confinement.
There are “narrowing cues” in the decision. For example, the Court suggests that our federal commercial privacy statute (PIPEDA) is better positioned to withstand a challenge because restrains only commercial expression. The Court also signals that some publicly available information will warrant privacy protection.
These cues are mixed in with big questions that are dealt with briefly and in no factual context. The policy makers should not over-react, and should brace themselves for a fight!
On August 28th, the British Columbia OIPC affirmed two elevator companies’ (Kone’s and Thyssenkrup’s) use of telematic data for the purpose of managing their service employees.
The outcome is not surprising. The Commissioner herself affirmed another elevator company’s fleet management program in a thoroughly-reasoned decision last December. Also, all Canadian decisions (by privacy regulators and arbitrators) have recognized the legitimacy of such programs (which rest on the collection of location data and vehicle operation data). Kone’s program was unique in that it collected data from cellar telephones (rather than vehicle units). The OIPC held that Kone’s program collected more sensitive personal information but was nonetheless reasonable.
The decisions are notable for the OIPC’s conclusion that an organization in BC does not need a stand alone GPS or Telematics policy to comply with the notice and “policies and practices” requirements in BC PIPA. It held that Kone complied with its obligation by giving a detailed PowerPoint presentation that outlined the specific purposes for which it would use employee personal information in advance of implementing its program. Thyssenkrup breached its obligations; it had difficulty establishing that it had a formal communication program that addressed the purposes of its program in any detail.
On June 27, the Superior Court of Québec certified a class action about the alleged intrusive nature of free applications offered through Apple’s “App Store.”
The petitioner alleges that Apple breached various Québec statutes by failing to inform users that free applications would facilitate the collection and use of their personal information, including their “geolocation.” The petitioner also claims that individuals were harmed (a) by the loss of computing resources and (b) by being led to overpay for their Apple devices, such devices being “inextricably linked” to undesirable characteristics associated with free applications distributed through the App Store. The petitioner asked the Court to grant certification so he could prosecute Apple on on behalf of all residents in Canada who downloaded free applications from December 1, 2008 to present.
Apple attacked the action’s suitability for certification on a number of bases. Most fundamentally, it complained that the action provided for an “infinite variety of classes” – for example (and at the least), classes of individuals who were exposed to applications with different information-gathering characteristics. Nonetheless, the Court granted certification of a Québec only class. Its analysis is very forgiving, especially in addressing Apple’s (very valid) concerns about the individualized nature of a consent dispute, which the Court dismissed as follows:
In the Court’s view, all of the Respondents’ arguments regarding the consent or lack thereof, the voluntary provision of information by Class Members and other similar elements that distinguish Class Members between them can be raised by them in their defence or alternatively when dealing with the « lien de causalité ».
Hat tip to BLG and its privacy law blog for this post.
Although somewhat off-topic for this blog, here are the slides that I spoke to this morning at the Canadian Association of College and University Student Services annual conference. The presentation was to university and college student conduct professionals and has a heavy administrative law focus.
In this week’s Information and Privacy Commissioner/Ontario report on the deletion of e-mails by the Ontario government, the IPC decries a “verbal culture” in government and recommends a government “duty to document.” What might this duty entail? Is deliberating about difficult decisions through verbal dialogue really objectionable?
This is not the first time this duty to document has been proposed. In March of this year the British Columbia Office of the Information & Privacy Commissioner also endorsed a duty to document. The BC report includes a good history of efforts made to advance the duty in Canada, efforts that date back to 1994 in the BC Commissioner’s account. The BC Commissioner also notes a federal private member’s bill – Bill C-301 - that features a duty to document.
There are two variants of the duty that we should distinguish from each other – one that requires documentation of “actions, decision and reasons” and another that extends to “advice” and “deliberations.”
The BC Commissioner endorses the narrower version. In 2009, former BC Commissioner DavidLoukidelis argued for a duty to document “actions and decisions and reasons therefor” in a submission to the federal Standing Committee on Access to Information, Privacy and Ethics. The March report from BC contains the same recommendation:
I would reiterate that this requirement need not be an onerous one. The duty to record actions, decisions and reasons are not merely a question of creating records for the purposes of openness and accountability, but also go to good governance, the state of information management and information holdings of government.
Bill C-301 features the broader version. Here’s the language:
2.1 Every officer and employee of a government institution shall create such records as are reasonably necessary to document their decisions, actions, advice, recommendations and deliberations under this Act.
The recent IPC report is ambiguous, and unfortunately, suggests that the BC Commissioner has embraced a duty to document deliberations:
Commissioner Denham notes [in her March report] that a number of Information Commissioners have called for the creation of a legislated duty for institutions to document matters related to deliberations, actions and decisions. Commissioner Denham stated:
Among the reasons for instituting a legislated duty to document include good governance, historical legacy of government decisions, and the protection of privacy and access to information rights. Without a legislated duty to document, government can effectively avoid public scrutiny of the rationale for its actions.
She goes on to note that the legislated duty to document is a critical element of the open government movement and an important element of proactive disclosure.
The underlined statement above is correct but misleading; the BC Commissioner did note that others have endorsed a duty to record deliberations but did not do so herself.
The distinction between the broader and narrower versions of the duty to document is one that should become part of the public dialogue, especially because a duty to record deliberations runs against advice that counsel (including this counsel) regularly give public sector institutions; do not think aloud over e-mail.
Deliberating via e-mail (or text message) is a terrible decision-making practice that has only been invited recently by changes in communication technology. The dialogue invited by such a practice will either be too stilted to be effective or too dangerous because every creative, bona fide and ultimately un-pursued idea will be available in the end to undermine a final decision.
Yes, meetings represent a more private decision-making venue, but that is why they support good decision making. Public sector officials should record the actions flowing from meetings along with all decisions made and their rationale. This is, agreed, a matter of good governance. They should also be given the continued ability to discuss matters in confidence.
Whether a duty to document should encompass “advice” also deserves debate. It may not be objectionable if it is decipherable from a duty to document deliberations. Notably, the degree to which the exemption for “advice and recommendations” under our freedom of information legislation protects the deliberative aspects of decision-making will be addressed in an important Supreme Court of Canada case to be heard this November. The Ontario Commissioner will be joined by four other commissioners in arguing for a narrow interpretation of the exemption so that recorded deliberations will be more accessible to the public. If they succeed, public officials will face greater pressure to engage in verbal dialogue. They should not be castigated for craving a zone of privacy.