I presented today at the Canadian Institute’s program on advanced administrative law. My topic was about how to deal with the privacy interests of affected non-parties. Here are my slides, revised based on my evolving understanding of this (difficult) issue. My thesis as it stands: we need to develop a principled exception to the audi alteram partem rule that governs when affected non-parties get notice and right to be heard. Courts and admin law decision makers appear to be attracted to solution that rests on the involvement of an appropriate representative party, but the current solutions are not driven by any express principle.
On July 14th, Arbitrator Kuttner ordered an employer (and MFIPPA institution) to disclose retiree contact information to a union and to deliver a notice to retirees about his production decision.
MFIPPA does not apply to employment-related records nor, in general, does it give employees and retirees of MFIPPA institutions privacy rights. Arbitrator Kuttner seemed to accept this in finding that MFIPPA did not preclude him from making the requested order, though he also made a finding that the requested disclosure was permissible under MFIPPA as a “consistent purpose.”
More significant is how Arbitrator Kuttner dismissed the employer’s argument that the procedural rights of affected retirees must be respected in determining the production motion. He said:
The situation before me is far removed from that dealt with by the [Court of Appeal for Ontario’s decision] in Re Bradley. There are not here two groups of employees covered by the same collective agreement competing for benefits under its terms, with one group stripped of benefits previously accorded in favour of another group to which they are newly afforded. Rather a bargaining agent, bound to represent fairly before an employer a discrete group of retired employees whose common interests under a collective agreement are in jeopardy, seeks disclosure of their personal contact information held by the employer, so that it can fulfill its representational role. As discussed above, that role is one with common law underpinnings, now rooted in the LRA, and recognized by the parties to the Collective Agreement. Of note in PIPSC v. Canada (Revenue Agency) supra, where employee privacy rights were at issue, is the Supreme Court’s comment that “the usual practice” is not to give affected employees notice of such proceedings, and the same would hold here in the case of retirees.
Arbitrator Kuttner nonetheless considered it “appropriate” to advise the retirees of his production decision and ordered the employer to deliver the letter I’ve attached below.
Here’s a copy of a 10 minute prepared address I gave to a client seminar today on CASL readiness. Four practical points to guide your readiness initiative.
Happy New Year!
2013 was a good and busy year for your AAI primary contributor. I’ve paddled a traditional paddleboard for about twelve years now but committed to a dedicated year of competition in 2013, knocking off my first Molokai 2 Oahu crossing with a surprisingly good result and a win (!) against a small but core group of prone paddlers at the Chattajack 31 in Tennessee. I’m over 40 but feel like a kid again and am going to channel my current paddling obsession into another year of competition. If all goes well, I’ll repeat the Molokai 2 Oahu crossing and add a first time result in the famed and highly-competitive Catalina Classic. If you’re in Toronto and prone paddling looks interesting get in touch in the Spring. I’d be glad to loan a board and go for a paddle.
This is all to say that AAI suffered slightly from paddling-, family- and practice-induced anemia in 2013. We posted about 75 entries. They were on the most relevant of content, selected more conservatively than in years past, but this was lower output for a blog that’s now has 825 entries since its birth in the summer of 2007. We’ll aim for more of the same in 2014, thank you for reading and hope you enjoy. We hope you had a nice holiday and are feeling invigorated and ready for a good 2014!
Here is Paul Broad and my summary of today’s remarkable Supreme Court of Canada decision in Alberta (Information and Privacy Commissioner) v United Food and Commercial Workers, Local 401. (The Court struck down Alberta PIPA as violating section 2(b) of the Charter.)
I’m more open in this forum to think openly about the decision, which strikes me as being most characterized by its unrestraint. The Court could have issued a pronouncement clearly confined to the precise labour-relations context before it, but did not. The general questions it raises about how privacy legislation operates may be quite well-founded, but are not helpful. The decision today is likely to cause litigation that – after much time and energy – leads to necessary clarification and confinement.
There are “narrowing cues” in the decision. For example, the Court suggests that our federal commercial privacy statute (PIPEDA) is better positioned to withstand a challenge because restrains only commercial expression. The Court also signals that some publicly available information will warrant privacy protection.
These cues are mixed in with big questions that are dealt with briefly and in no factual context. The policy makers should not over-react, and should brace themselves for a fight!
On August 28th, the British Columbia OIPC affirmed two elevator companies’ (Kone’s and Thyssenkrup’s) use of telematic data for the purpose of managing their service employees.
The outcome is not surprising. The Commissioner herself affirmed another elevator company’s fleet management program in a thoroughly-reasoned decision last December. Also, all Canadian decisions (by privacy regulators and arbitrators) have recognized the legitimacy of such programs (which rest on the collection of location data and vehicle operation data). Kone’s program was unique in that it collected data from cellar telephones (rather than vehicle units). The OIPC held that Kone’s program collected more sensitive personal information but was nonetheless reasonable.
The decisions are notable for the OIPC’s conclusion that an organization in BC does not need a stand alone GPS or Telematics policy to comply with the notice and “policies and practices” requirements in BC PIPA. It held that Kone complied with its obligation by giving a detailed PowerPoint presentation that outlined the specific purposes for which it would use employee personal information in advance of implementing its program. Thyssenkrup breached its obligations; it had difficulty establishing that it had a formal communication program that addressed the purposes of its program in any detail.
On June 27, the Superior Court of Québec certified a class action about the alleged intrusive nature of free applications offered through Apple’s “App Store.”
The petitioner alleges that Apple breached various Québec statutes by failing to inform users that free applications would facilitate the collection and use of their personal information, including their “geolocation.” The petitioner also claims that individuals were harmed (a) by the loss of computing resources and (b) by being led to overpay for their Apple devices, such devices being “inextricably linked” to undesirable characteristics associated with free applications distributed through the App Store. The petitioner asked the Court to grant certification so he could prosecute Apple on on behalf of all residents in Canada who downloaded free applications from December 1, 2008 to present.
Apple attacked the action’s suitability for certification on a number of bases. Most fundamentally, it complained that the action provided for an “infinite variety of classes” – for example (and at the least), classes of individuals who were exposed to applications with different information-gathering characteristics. Nonetheless, the Court granted certification of a Québec only class. Its analysis is very forgiving, especially in addressing Apple’s (very valid) concerns about the individualized nature of a consent dispute, which the Court dismissed as follows:
In the Court’s view, all of the Respondents’ arguments regarding the consent or lack thereof, the voluntary provision of information by Class Members and other similar elements that distinguish Class Members between them can be raised by them in their defence or alternatively when dealing with the « lien de causalité ».
Hat tip to BLG and its privacy law blog for this post.