RSS FeedLSAT Thumbprinting a Privacy Violation
I always felt like I was a criminal when LSAC, the organization that offers the LSAT exam, required mandatory thumbprints on entry.
Weren’t we the ones defending the criminals (or prosecuting them)? Why are we being treated like them?
This commenter says,
When I was a psychology student I used to administer the LSAT. One thing I always found amusing is that you have to leave your thumbprint to take the test. What does that mean? Other professional or graduate tests do not require this.
Then there is the fact that it’s an American company, meaning the American government would have access to my prints if they so chose.
Should Canadian law students be forced to provide prints to a foreign country as a requirement to entry into a Canadian law school?
And I’m not the only one with these concerns.
Canadians Aren’t so Patriotic about the U.S.
In 2006, Daniel Gervais, acting dean of the common-law section at the University of Ottawa expressed to the CBC his apprehension over the U.S. Patriot Act,
The act gives the power to agencies such as the FBI to get access to information that is sent to the U.S.
Michael Geist, also of UofO, elaborates further,
Test takers in B.C. and Alberta have raised objections to the mandatory thumb-printing, expressing concern sensitive personal information could find its way into the hands of U.S. law enforcement. Empowered by provisions in the U.S. Patriot Act, authorities could compel the LSAC to surrender the data.
Patriot Act fears stem from the secretive nature of the law since authorities can compel disclosures with minimal oversight and without opportunity for the affected person to challenge the disclosure.
Critics also point to the statute’s potential misuse. Those fears were exacerbated last week with reports U.S. counter-terrorism databases contain an astonishing 325,000 names.
There has been swift reaction to the thumb-printing story, with the federal, B.C., and Alberta privacy commissioners joining forces in a combined privacy investigation. The Canadian Council of Law Deans, which represents law schools across the country, has expressed concern over the practice, acknowledging that the data could be subject to a Patriot Act request. The Council raised questions about whether the practice might violate federal and provincial privacy statutes.
Phillipa Lawson, Executive Director – Canadian Internet Policy & Public Interest Clinic at UofO added,
In the LSAT case, the stated purpose of collecting thumbprints (to deter fraud) is clearly reasonable. But is the collection of thumbprints necessary to achieve this purpose? Do other, less intrusive but equally effective methods of deterring fraud exist? And is the fraud-deterrent value of thumbprinting proportional to its privacy invasiveness? The privacy commissioners now investigating this matter will have to answer these questions.
And Mark Lewis weighed in, quipped,
Personally, I think it is time for a cage match pitting the Patriot Act vs. PIPEDA.
Recent developments indicate that round 1 may have just begun.
Non-Profit Status of LSUC Will not Provide Immunity
David Canton of eLegal wrote in the London Free Press recently that the Privacy Commissioner of Canada has found the thumbprinting to be a violation of privacy.
The recommendation came following a complaint by University of Victoria philosophy Professor Eike-Henner Kluge.
The Commissioner used a 4-part test:
- Is the measure demonstrably necessary to meet a specific need?
- Is it likely to be effective in meeting that need?
- Is the loss of privacy proportional to the benefit gained?
- Is there a less privacy-invasive way of achieving the same end?
Their conclusion is that thumbprinting were never intended for their expressed purpose, let alone meeting their purpose.
Canton said,
LSAC took the position that since it was a Delaware corporation headquartered in the United States, the privacy commissioner had no jurisdiction over its activities.
The privacy commissioner found, however, that there were sufficient Canadian connections to make LSAC subject to the provisions of PIPEDA, at least to the extent it operates in Canada.
The Commissioner also stated,
LSAC’s status as a non-profit, non-stock, membership-based organization is not determinative. The Act applies to organizations, defined in section 2 as including “an association, a partnership, a person and a trade union.” There is no exemption for non-profit or member-oriented organizations. To the contrary, the definition of “commercial activity,” namely, “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists,” makes clear Parliament’s intention that the Act apply to commercial transactions that non-profit, membership-based organizations might engage in.
Ding, Ding, Ding
So it seems law students, who are in training to defend the rights of others, might finally realize these privacy rights that many have been complaining about for years.
Let the fight begin.
Law is Cool - Podcast #9
Show Notes
Total running time 21:15
0:16 Jacob Kaufman and Omar Ha-Redeye introduce themselves.
0:44 Jacob and Omar discuss final exams.
2:10 Omar introduces Lisa Feinberg of UofO Law and the Canadian Interest and Public Policy Clinic (CIPPC), who is one of the law students that filed a complaint with the Privacy Commissioner over Facebook.
3:19 Lisa describes the 22 violations of PIPEDA that the students identified.
4:12 Lisa explains the effort that went into developing the project
5:01 Lisa tells us how the Privacy Commissioner creates and issues recommendations
5:50 Lisa relates the implications for Facebook users, even outside of Canada
7:39 Even though Lisa uses Facebook, she tells us how much more she learned about the site through the project.
9:11 Lisa expresses her interests in social networking, and how she got involved in the project.
11:23 Jacob shares some Facebook policies that demonstrate their attitude to privacy.
11:45 Jacob quotes James Grimmelman, who likens Facebook to a virus. Omar says it sounds like something out of The Matrix.
12:24 Omar introduces an interview with Khurrum Awan, complainant in a case against Maclean’s.
13:30 Khurrum describes the turnout at the Tribunal by members of the media, and the importance of independent coverage.
15:10 Khurrum explains the procedural elements of the Tribunal, when we can expect a decision, and where the case can potentially go from here.
16:32 Jacob talks about the different ways that law students apply their legal education towards advocacy work in real life.
17:08 Jacob shares some of the things he learned from the Facebook complaint, such as how applications can obtain your information without your explicit consent.
17:45 Jacob mentions Robert J. Sawyer’s theory in Maclean’s that notions of privacy are themselves outdated, and that we should have chips implanted in us at all times to track our movements.
18:40 Jacob mentions David Lat, a former American prosecutor who left the law to blog on Above the Law, and how he documented his weight-loss program online. Omar relates how this could be used in the potential trend of obesity lawsuits we could see in the future.
19:54 Jacob describes a New Brunswick case on the disclosure of Facebook materials, Knight v. Barrett, [2008] N.B.J. No. 102.
20:34 Omar and Jacob sign off.
(Look for an upcoming post on a recent Ontario decision regarding Facebook)
Development of Privacy Law in Canada
Privacy Common Law in Canada
A tort action exists in the U.S. for the invasion of privacy exists in only four situations:
- Unreasonable intrusion
- Appropriation of personality (an intentional economic tort)
- Unreasonable publicity of private info
- Unreasonable placing another in a false light
In addition to the U.S., Germany has recognized a tort for the invasion of privacy. The United Kingdom and Australia however, have not.
There is no such thing as a widespread, generally-recognized action called “Invasion of Privacy” in Canada, but it is covered by a number of different civil actions and legislation, and increasingly recognizes actions for appropriation of personality and inappropriate or unwanted media attention.
Contemplating a Separate Tort for Privacy
In the landmark case in Canada, Motherwell et al. v. Motherwell (1976), a mentally ill defendant harassed her family members through telephone and mail.
This harassment escalated to up to 60 calls a day, until they sued for invasion of privacy and nuisance seeking nominal damages and,
… an interim and a permanent injunction against the Defendant or anyone acting on her behalf enjoining her or anyone else acting on her behalf from contacting, telephoning, writing, visiting or in any other way communicating with the Plaintiffs or their children.
The court reviewed a form of nuisance,
unduly interfering with his neighbour in the comfortable and convenient enjoyment of his land.
But they then commented on its inadequacy in addressing privacy issues due to the emergence of newer communications technology. Specifically, they cited a difference where the receiver has no control over the incoming communications,
The rule of stare decisis operates, as it seems to me, to regulate the application of precedents to cases which can be said to fall within a category. When the circumstances of a case do not appear to bring it fairly within an established category, they may lie sufficiently within the concept of a principle that consideration of a new category is warranted…
I think that the interests of our developing jurisprudence would be better served by approaching invasion of privacy by abuse of the telephone system as a new category…
The court also pointed out that the frequency or volume of the communication can itself constitute harassment,
I have pointed out above that in my opinion there may be harassment even although the subject‑matter of the telephone calls would otherwise be agreeable in nature.
Motherwell did not clearly develop the creation of a new tort, despite these contemplations.
Although a claim for invasion of privacy was then dismissed in Capan v. Capan (1980), Hunter v. Southam Inc. (1984) acknowledged in the Supreme Court of Canada a “right to be let alone by other people” independant of “the notion of trespass.”
By 1995, MacKay v. Beulow awarded damages specifically for invasion of privacy in Ontario. Yet Somwar v. McDonald’s in 2006 stated,
In light of the trial decisions listed in this brief survey of Ontario jurisprudence, and the absence of any clear statement on the point by an Ontario appellate court, I conclude that it is not settled law in Ontario that there is no tort of invasion of privacy.
Still, the court cited advancements in technology that allowed the collection and dissmemination of personal information and said,
…the foregoing analysis leads me to conclude that the time has come to recognize invasion of privacy as a tort in its own right. It therefore follows that it is neither plain nor obvious that the plaintiff’s action cannot succeed on the basis that he has not pleaded a reasonable cause of action.
Most of the case law concerning privacy seems to focus on establishing what a ‘‘reasonable expectation of privacy’’ is. The courts appear to be increasingly recognizing its application, but this still varies across jurisdictions.
Melanie C. Samuels and Sara Gregory explain in Privacy issues in the workplace: Employer monitoring of employee technology use,
…no Canadian appellate level court has endorsed a common law tort of invasion of privacy, the existence of such a tort has not been denied.
Rapidly Developing Areas
Because the application of privacy law is so rapidly developing, it is useful to list some sources that monitor and report developments.
There is considerable discussion of the privacy applications in text books for s. 7 of the Charter, “protection of life and liberty,” and s. 8 for “unreasonable search,” including business documents, border searches, and emergency powers.
But publications as recent as 2004 still have not addressed Internet search engines, and issue that will definitely come up in the future.
The Office of the Privacy Commissioner of Canada provides these legislative resources:
- The Privacy Act
- The Personal Information Protection and Electronic Documents Act (PIPEDA)
- PIPEDA Review Discussion Document, Protecting Privacy in an Intrusive World (July 18, 2006)
- Substantially Similar Provincial Legislation
And more legislative resources can be found here.
The Canadian Privacy Law Blog provides an excellent resource for ongoing developments, as does Michael Geist, who circulates a monthly publication, the Canadian Privacy Law Review.
International Concerns
Patricia J. Wilson and Michael Fekete dedicate a chapter to privacy law in Osler, Hoskin & Harcourt LLP’s Doing Business in Canada, which includes concerns over the USA PATRIOT Act.
In response to these concerns, British Columbia ammended its Freedom of Information and Protection of Privacy Act (FOIPPA). Both the federal and provincial privacy commissioners want to enhance protections against sharing of personal information with the U.S.
And this challenge, of protecting Canadian personal data from foreign nations, might prove the most challenging privacy issue of them all.
[youtube]http://www.youtube.com/watch?v=iMbrmkPazcE[/youtube]
Podcast Feeds
