Who's in Charge Here? Information Privacy in a Social Networking World

Similar documents
The New Mandatory Data Breach Requirements under Canada s Federal Privacy Act

MANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL

Outline. David T.S. Fraser (

Privacy, Policy and Public Opinion in Canada

Terms of Service. Last Updated: April 11, 2018

Data, Social Media, and Users: Can We All Get Along?

Douez v Facebook Implications for Canadian Information Policy. Background of Case. Facebook s Forum Selection Clause

Privacy law overview. Engineering & Public Policy

CLASS ACTIONS GUIDE TO NOTICES TO CLASS MEMBERS

Privacy. Purpose. Scope. Policy. Appendix A

CODE OF CONDUCT AND ETHICS (the Code ) Approved on February 23, 2017

Privacy Law Update. David Goodis, Assistant Commissioner, Information & Privacy Commissioner of Ontario)

TELUS Transparency Report

TekSavvy Solutions Inc.

STATUTORY INSTRUMENTS. S.I. No. 484 of 2013 EUROPEAN UNION (CONSUMER INFORMATION, CANCELLATION AND OTHER RIGHTS) REGULATIONS 2013

RE/MAX Canada Instagram "Home Sweet Home" Contest OFFICIAL CONTEST RULES

the general policy intent of the Privacy Bill and other background policy material;

Privacy, personal information, law enforcement and lawful access

Case 3:18-cv MEJ Document 1 Filed 01/31/18 Page 1 of 14

Privacy Law Update. Ontario Connections: Access, Privacy, Security & Records Management Conference, June 7, 2016

Five Year Review of the Personal Information Protection and Electronic Documents Act (PIPEDA)

Case 3:13-cv JE Document 1 Filed 12/20/13 Page 1 of 13 Page ID#: 1

Case 3:10-cv ST Document 1 Filed 05/17/2010 Page 1 of 13

Case3:15-cv Document1 Filed07/10/15 Page1 of 12

Consumer Protection in Hong Kong

Indiana Association of Professional Investigators November 16, 2017 Stephanie C. Courter

TERMS AND CONDITIONS

Coors Banquet- One Horse Town. (the Contest )

Counter-proposal by the Centre for Internet and Society: Draft Information Technology (Intermediary Due Diligence and Information Removal) Rules,

Privacy and Access in British Columbia

LIBRARY LICENSE AGREEMENT - DATABASE

Telecommunications Information Privacy Code 2003

NEW YORK IDENTITY THEFT RANKING BY STATE: Rank 6, Complaints Per 100,000 Population, Complaints (2007) Updated January 25, 2009

2017 REVIEW OF THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT (FIPPA) COMMENTS FROM MANITOBA OMBUDSMAN

Be it enacted by the General Assembly of the Commonwealth of Kentucky: Section 1. KRS is amended to read as follows:

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 110

AIA Australia Limited

AVIS RENT A CAR AVIS APPS TERMS OF USE

DISCOVERABILITY OF SOCIAL MEDIA EVIDENCE. Bianca C. Jaegge and Julie K. Lamb Guild Yule LLP

TERMS OF USE AND LICENSE AGREEMENT BUCKEYE CABLEVISION, INC. Buckeye Remote Record. (Effective as of November 15, 2013) PLEASE READ CAREFULLY

THE GENERAL ASSEMBLY OF PENNSYLVANIA HOUSE BILL

SWEEPSTAKES REGULATIONS

CANADIAN ANTI-SPAM LAW [FEDERAL]

IN THE QUEEN'S BENCH JUDICIAL CENTRE OF REGINA. -and-

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 115

OKLAHOMA IDENTITY THEFT RANKING BY STATE: Rank 25, 63.9 Complaints Per 100,000 Population, 2312 Complaints (2007) Updated January 10, 2009

Definitions The following terms have these meanings in this Policy: a. Act Personal Information Protection and Electronic Documents Act;

Emily Miskel, KoonsFuller PC emilymiskel.com

Canada: Electronic Commerce Law Overview

Internet and E-Commerce Law in Canada

Case 2:12-cv SRC-CLW Document 1 Filed 12/24/12 Page 1 of 17 PageID: 1 IN THE UNITED STATES DISTRICT COURT DISTRICT OF NEW JERSEY. Case No.

The Freedom of Information and Protection of Privacy Act

Free and Fair elections GUIDANCE DOCUMENT. Commission guidance on the application of Union data protection law in the electoral context

Terms of Service Last Updated:

ORACLE REFERRAL AGREEMENT

IFTECH INVENTING FUTURE TECHNOLOGY INC. ARAIG SDK AGREEMENT

Lipikar Families Campaign

SAFE HARBOR: STAYING ALIVE?

Comments on the Canada Draft OPC Position on Online Reputation. ARTICLE 19: Global Campaign for Free Expression. 27 April 2018

Chapter 6. Disparagement of Property 8/3/2017. Business Torts and Online Crimes and Torts. Slander of Title Slander of Quality (Trade Libel) Defenses

Morningstar ByAllAccounts Service User Agreement

UTAH IDENTITY THEFT RANKING BY STATE: Rank 31, 57.8 Complaints Per 100,000 Population, 1529 Complaints (2007) Updated December 30, 2008

NO. 14 The Plaintiff, State of Washington, by and through its attorneys Robert W. Ferguson,

Case 5:18-cv Document 1 Filed 07/05/18 Page 1 of 20

The Container Store s #organizedbag Contest

Analysis of the Workplace Surveillance Bill 2005

No IN THE UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT IN RE GOOGLE INC. COOKIE PLACEMENT CONSUMER PRIVACY LITIGATION

Personal Disclosure Liquor

Ontario: Information arid Privacy Commissioner (Commissionaire a l'information et a la protection de la vie privee)

GAMING SECURITY PROFESSIONALS OF CANADA PROFESSIONNELS EN SÉCURITÉ DU JEU DU CANADA

Lex Mundi Data Privacy Guide: Focus on the Asia/Pacific Region

Balancing Privacy Interests of an Incapable Person with the Responsibilities of Attorneys, Guardians and Section 3 Counsel. By Justin W.

TEXT OF THE ACQUIS PRINCIPLES

INTERNET ADVERTISING AGREEMENT. THIS AGREEMENT made as of this day of, 2004.

CASL Constitutional Challenge An Overview

QUICKPOLE.CA TERMS OF SERVICE. Last Modified On: July 12 th, 2018

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 1999 SESSION LAW SENATE BILL 881 AN ACT TO ESTABLISH THE CAMPAIGN REFORM ACT OF 1999.

I. REGULATION OF INVESTIGATORY POWERS BILL

Media Today 5th Edition Chapter Recaps & Study Guide. Chapter 5: Controls on Media Content: Government Regulation, Self-Regulation, and Ethics

ELECTOR ORGANIZATION GUIDE

TERMS OF SERVICE Effective Date: March 30 th, 2017

The Right to Privacy in the Digital Age: Meeting Report

REGISTRANT AGREEMENT Version 1.5

FILMS AND PUBLICATIONS AMENDMENT BILL

Canadian Competition Law

How to enter There is no fee to enter the Contest and no purchase is required. To enter the Contest, entrants must:

OFFICIAL RULES TO SUBMIT

The Local Authority Freedom of Information and Protection of Privacy Act

ELECTRONIC ARTS SOFTWARE END USER LICENSE AGREEMENT

ROUTINE ACCESS POLICY. For the Nova Scotia Workers Compensation Appeals Tribunal. October 2003 (Revised April 2005)

Support Line for Linux on System i and System p

Overview on Financial Management in Canadian Parliament

GEOPIPE TERMS OF SERVICE GEOPIPE LICENSE AGREEMENT(S)

Privacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information.

THE REVELSTOKE WEEKEND GETAWAY CONTEST

Senate Bill No. 404 Senators Smith, Woodhouse, Denis, Spearman, Parks; and Atkinson

Results report Missing Persons Act What was this engagement about? The Yukon Government was looking to develop legislation as a mechanism to assist

26 th Annual IBA/IFA Joint Conference Managing Risks in International Franchising May 18-19, 2010 JW Marriott Hotel in Washington, DC.

Fair Labelling and Advertising Act. Enacted by law No. 5814, Feb. 5, Chapter 1 General Provisions

What Every Candidate Needs to Know

Transcription:

Western University Scholarship@Western FIMS Presentations Information & Media Studies (FIMS) Faculty Fall 10-18-2012 Who's in Charge Here? Information Privacy in a Social Networking World Lisa Di Valentino The University of Western Ontario, ldivalen@uwo.ca Follow this and additional works at: https://ir.lib.uwo.ca/fimspres Part of the Communications Law Commons, Communication Technology and New Media Commons, Computer Law Commons, Conflict of Laws Commons, Internet Law Commons, and the Library and Information Science Commons Citation of this paper: Di Valentino, Lisa, "Who's in Charge Here? Information Privacy in a Social Networking World" (2012). FIMS Presentations. 15. https://ir.lib.uwo.ca/fimspres/15

WHO S IN CHARGE HERE? Information privacy in a social networking world Lisa Di Valentino October 18, 2012

OUTLINE 1. Social networking services usage and business models. 2. Overview of Canadian law relating to personal information privacy protection. 3. Overview of U.S. law relating to personal information privacy protection. 4. Privacy policies and terms of service. 5. Conflict of laws: Which laws apply? 6. Current proposals. 7. Discussion. 2

SOCIAL NETWORKING SERVICES 3

SNS USAGE Members as of August 2012 Members as of March 2012 World: 175 million Canada: 6 million World: 500 million Canada: 200,000 source: http://press.linkedin.co m/about source: http://techcrunch.co m/201 2/07/30/an alyst-twitter-passed-500m-user s-in-june- 2012-140m-of-t hem-in-us-jakartabiggest-tweeting-city/ 4

SNS USAGE Members as of October 2012 World: 1 billion Canada: 18 million (68.7% of Canadian Internet users) source: http://newsroom.fb.com/content/default.aspx?newsareaid=22 5

IMPLICATIONS OF SNS POPULARITY personal information is no longer incidental to a consumer transaction it has become the currency that users provide to pay for the service SNSs leverage the information to create value for the service as more individuals participate, the SNS becomes more valuable users are co-developers through participation 6

SNS BUSINESS MODELS three main approaches SNSs take to generating revenue 1) Subscriptions users pay a fee for access to certain services LinkedIn uses a freemium model users can access the basic functions of the site for no charge, but can also pay a monthly fee for services such as direct messaging 2) Transactions SNS provides environment for a monetary transaction in return for a fee or percentage of the price Facebook applications where users can make purchases within the game 7

SNS BUSINESS MODELS 3) Advertising Twitter promoted tweets places the name of a sponsoring organization at the top of the trending topics list Facebook also allows third parties to display advertisements on user pages information supplied by users may be used to personalize or target advertisements, either in aggregate or individually an SNS may use any one or a combination of approaches; e.g. LinkedIn uses both subscription and advertising Facebook and Twitter rely on advertising 8

REGULATIONS 9

FAIR INFORMATION PRACTICE PRINCIPLES developed by Organisation for Economic Cooperation and Development (OECD) in 1980 not law but rather a guide for best practices basis for data privacy legislation in many jurisdictions, such as Canada, the U.S., and the EU eight core principles of privacy protection for personal information 10

FAIR INFORMATION PRACTICE PRINCIPLES Collection Limitation Data Quality Purpose Specification Use Limitation Security Safeguards Openness Individual Participation Accountability 11

LEGISLATION: CANADA Office of the Privacy Commissioner is the federal body responsible for safeguarding Canadians data privacy acts as ombudsperson, investigating complaints and making recommendations two federal laws protecting Canadians personal information Privacy Act, RSC 1985, c P-21 applicable to (federal) public sector use of personal information Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (PIPEDA) applicable to private sector use of personal information 12

PIPEDA enacted in 2000 and fully implemented in 2004 applies to all organizations in Canada that collect, use, or disclose personal information in the course of commercial activities (s 4(1)) except in B.C., Alberta, and Quebec, which have substantially similar provincial privacy laws limits how organizations can collect personal information and what they can do with it 13

PIPEDA personal information is defined as information about an identifiable individual, but does not include the name, title, business address, or telephone number of an employee of an organization (s 2(1)) organizations may collect, use, or disclose personal information only for purposes a reasonable person would consider appropriate in the circumstances (s 5(3)) personal information may only be collected with individual s knowledge and consent, except in special circumstances (cl 4.3.1) 14

PIPEDA collection of personal information shall be limited to that which is necessary for the purposes identified by the organization (cl 4.4) organizations shall not collect personal information indiscriminately (cl 4.4.1) personal information shall not be used or disclosed for purposes other than those for which it was collected, except with consent or as required by law (cl 4.5) 15

PIPEDA consent must be meaningful and purposes must be stated in such a way that the individual can reasonably understand how the information will be used or disclosed (cl 4.3.2) reasonable expectations of individual are relevant to obtaining consent (cl 4.3.5) knowledge or consent is not required when information is publicly available and is specified by the regulations (s 7(1)(d)) Regulations Specifying Publicly Available Information, SOR/2001-7 s 1(e) personal information that appears in a publication, including a magazine, book or newspaper, in printed or electronic form, that is available to the public, where the individual has provided the information 16

PIPEDA: REMEDIES Privacy Commissioner may investigate complaints and issue reports and recommendations, but cannot directly intervene any remedies must be pursued through the federal court by the individual or Commissioner does not allow for statutory damages; a complainant must prove that he in fact suffered damages pecuniary injury must have been a direct result of the breach of privacy rights 17

FACEBOOK FINDINGS 2009 in 2009 CIPPIC filed a complaint against Facebook with the Office of the Privacy Commissioner Office s report found that certain of the allegations were well - founded (in other words, Facebook had contravened PIPEDA in certain ways): Facebook did not adequately explain the purpose for and use of certain required information (date of birth) Facebook did not make a reasonable effort to provide sufficient notification to users before using their information for advertising purposes (Social Ads) Facebook made changes to its privacy policy and no further action was taken by the complainants or the OPC 18

COMMON LAW Jones v Tsige, 2012 ONCA 32 Sharpe J formulated a tort of invasion of privacy based on intrusion upon seclusion narrowly defined as an intentional intrusion upon someone else s private affairs that would be highly offensive to a reasonable person 19

LEGISLATION: UNITED STATES the United States does not have a similar omnibus federal information privacy law applicable to the private sector instead, these laws have developed in a piecemeal fashion, as part of other pieces of federal legislation Telecommunications Act (protection of customer network data) HIPAA Privacy Rules (medical records) Right to Financial Privacy Act (financial information) Video Privacy Protection Act (video rental records) Stored Communications Act (addresses unlawful access to stored communications) but generally left up to the private sector 20

LEGISLATION: CALIFORNIA states may also have their own information privacy laws of all the states, California has the strongest information privacy laws (although relatively weak compared to Canada and the EU) Facebook, Twitter, and LinkedIn are headquartered in California data privacy is addressed in bits and pieces throughout the state s penal and civil codes 21

LEGISLATION: CALIFORNIA Internet Privacy Requirements of the Business and Professions Code requires that operators of commercial websites that collect personally identifiable information have a conspicuously posted privacy policy policy must inform users of the categories of information that are collected, and the categories of third parties with whom the information may be shared but there is no requirement to disclose how the information may be used violators may face court action by the Attorney General; penalties include injunctions and fines but... this law only protects residents of California 22

COMMON LAW California recognizes the tort of invasion of the right of privacy appropriation of another s name or likeness: defendant has used the plaintiff s name or likeness to advertise its commercial endeavour public disclosure of private facts: the facts in question are not of legitimate public concern and are of a kind that would be objectionable to the reasonable person 23

FEDERAL TRADE COMMISSION FTC is responsible for investigating alleged unfair practices, including those related to personal information developed guidelines for organizations that collect and use personal information (based on Fair Information Practice Principles) recommendations only and do not have the force of law may hold hearings and make orders against organizations that have been found to engage in deceptive or unfair practices 24

FEDERAL TRADE COMMISSION March 2011, FTC found that Google engaged in unfair or deceptive acts Google s privacy policy had stated that user information would not be used for other purposes without user s consent when the company launched Google Buzz (social networking service), users found that their contact lists were made public Google opted to settle rather than face a hearing and a possible fine of $10,000 per violation 25

FEDERAL TRADE COMMISSION November 2011, FTC alleged that Facebook engaged in deceptive or unfair business practices claimed that it changed its privacy policy retroactively, and without the informed consent of users, making users friends lists public Facebook agreed to a consent order prohibiting it from misrepresenting the privacy protection of personal information 26

PRIVACY POLICIES & TERMS OF SERVICE 27

PRIVACY POLICIES the most popular SNSs have privacy policies that typically outline what information is collected from users, how the sites use the information, and with whom it is shared federal U.S. laws against unfair or deceptive practices oblige sites to act in accordance with stated policies SNS users rarely read privacy policies, citing length and difficulty of comprehension a 2011 poll of Canadian Internet users found that only 21% always or often read web sites privacy policies 28

TERMS OF SERVICE SNSs provide users with services subject to terms of service agreements (TOS) which outline the respective obligations of the site and the users, incorporating privacy policies by reference inevitably include choice of forum and choice of law clauses by which the user agrees to settle disputes according to the law of a certain jurisdiction Facebook s and LinkedIn s clauses indicate that disputes will be heard in the courts of Santa Clara County, and governed by the laws of California Twitter s TOS provides that disputes will be heard in San Francisco County 29

WHOSE LAWS APPLY? 30

CONFLICT OF LAWS PIPEDA does not explicitly address its application outside of Canada the plain text of the law does not limit its application to Canadian organizations, but it doesn t specifically provide for extraterritorial effect Lawson v Accusearch Inc, 2007 FC 125 Federal Court held that the OPC had the jurisdiction to investigate the actions of Wyoming-based Accusearch because it collected and communicated personal information in Canada [however, this ratio cannot necessarily be applied to court actions] 31

CONFLICT OF LAWS as a preliminary matter, the express choice of law clause must be taken into consideration generally, Canadian courts (with the exception of those in Quebec) treat choice of law and forum clauses with a certain amount of deference the party challenging the clause must demonstrate a strong reason that it should not be given effect must show that it was not made in good faith, is not legal, or is contrary to public policy 32

CONFLICT OF LAWS: WHAT TO DO? assuming that the choice of law and forum clauses are given effect, a Canadian (non-quebecker) would be obliged to pursue an action in California courts some of the shortcomings with this scenario include: Internet Privacy Requirements do not provide the same substantive protection as PIPEDA, and only apply to California residents state s laws against unfair business practices do not provide for a civil suit by a wronged individual, only an action by the Attorney General tort action based on public disclosure of private facts would require that the information revealed is objectionable to the reasonable person tort of appropriation of name or likeness requires that there is some external value associated with the plaintiff s identity 33

CONFLICT OF LAWS: WHAT TO DO? one option would be to request that the Federal Trade Commission investigate the impugned practices on the basis of unfairness or deception FTC Act provides that restitution may be paid to domestic or foreign victims or file a complaint with the OPC, to whom choice of law and forum clauses do not apply should an SNS choose to not implement the OPC s recommendations, the OPC has the option to initiate a heading in Canadian federal court 34

CURRENT PROPOSALS 35

PROPOSALS PIPEDA up for 5 year review (last year) Jennifer Stoddart wants better enforcement mechanisms and stronger financial penalties for business that violate the statute bills introduced to U.S. Senate and Congress proposals for comprehensive information privacy law White House s plans for a Do Not Track law international treaties no data privacy treaties as yet, but several guidelines, memoranda, recommendations, and resolutions 2008 Rome Memorandum (privacy in social networking) 36

DISCUSSION 37

DISCUSSION Do you think that personal information protection should be left up to the individual social networking service user (as through contracts or simply not revealing personal information online?) Or is it necessary for the government to step in? Is such information even private once it s posted on a social networking site? Has the nature of privacy itself changed in the social networking era? 38

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback