nNovation LLP

Small Canadian regulatory law firm with a big presence

Privacy Commissioner of Canada

OPC wins again in Google right to de-indexing case

by Leave a Comment

The Office of the Privacy Commissioner’s Reference before the Federal Court to determine whether Google is subject to the Personal Information Protection and Electronic Documents Act has passed another procedural milestone. Once again, the OPC can claim victory.

Google and media try to expand Reference

The OPC brought the reference in 2018 to ask the Federal Court to determine whether PIPEDA applies to Google when Google indexes webpages and presents search results in response to searches of an individual’s name. In essence, the question is whether Google is engaged in a form of commercial activity (otherwise PIPEDA does not apply). Google says it is not. The Reference also asks whether Google is exempt from PIPEDA because it involves the collection, use or disclosure of personal information for journalistic, artistic or literary purposes (and no other purposes). Google says it is.

Google countered the OPC’s move by attempting to expand the scope of the Reference to consider the application of the Canadian Charter of Rights and Freedoms. In particular, Google wanted the court to consider whether the application of PIPEDA to Google search would infringe section 2(b) of the Charter – freedom of thought, belief, opinion and expression, including freedom of the press and other media of communication. Google claims that the mere application of PIPEDA to Google search would breach its right to free speech. In essence, Google claims a special zone of operation for Google search – free from the constraints of privacy laws. Google was joined by media parties who wanted to intervene to make this argument.

Federal Court twice shuts down Google and media request

On July 22, 2019, Associate Chief Justice Jocelyne Gagné released her reasons dismissing appeals that Google and certain news media had launched from orders of Prothonotary Mireille Tabib. Prothonotary Tabib had rejected the news media’s request to intervene and had dismissed Google’s attempt to broaden the reference.

In confirming Prothonotary Tabib’s orders, Justice Gagné concluded that the premise of Google’s argument regarding freedom of expression rested on the assumption that PIPEDA applied to Google search. However, that was the very question to be determined by the court. Moreover, even if PIPEDA did apply, the question of how it would apply would depend on particular facts. Justice Gagné called Google’s bluff. If Google really thought that the very hint of application of PIPEDA to Google search rendered PIPEDA unconstitutional, why, she asked, hadn’t Google just brought an application seeking a declaration of invalidity of PIPEDA?

With the expanded scope of the Reference off the table, the news media remain shut out of the Reference.

Our submission to the OPC consultation on transfers for processing

by Leave a Comment

Between busy work schedules and attempts to squeeze some enjoyment out of the great summer weather, it’s not easy to find the time to write a submission to the Office of the Privacy Commissioner of Canada (OPC) consultation on transfers for processing. But we did it; not because we wanted to spend even more time indoors, but because this is a really important issue, and we wanted to be sure that our perspective was heard (our submission is here).

Until recently, the notion that a transfer of personal information for processing (regardless of the location of the processor) is not a disclosure, and does not require consent, seemed like a simple fact under PIPEDA that everyone acknowledged and accepted. It was also, in our view, intentional, reflecting one of the finer examples of foresight and wisdom demonstrated by the drafters of PIPEDA.

While we still believe this to be true, that the OPC may be trying to change this is concerning, and shows that you can never really take anything for granted in law. Here’s hoping that our submission (and, we assume, the many others with a similar perspective) is effective.

Clarity on the Privacy Commissioner’s Consultation on Transborder Data Flows

by Leave a Comment

I (and many other privacy lawyers I’m sure) have been asked countless times this past week for clarity on the Office of the Privacy Commissioner’s consultation process regarding transborder data flows and the transfer of personal information for processing purposes. I’m humbled that people think I somehow know what to do or what to say; however, all I can do is provide my best interpretation of what’s going on and why.

For background, in case you missed it, the OPC issued its Equifax Report of Findings a few weeks ago and, at the same time, proposed a new interpretation of PIPEDA that changed the office’s position on transborder data flows. A transfer to a third party outside of the country for processing purposes was now going to be considered a disclosure – one requiring some sort of consent mechanism.

Before finalizing their position, Commissioner Therrien, as he has been known to do since taking up the mantle of Privacy Commissioner, wanted to consult more broadly with stakeholders about their proposed change in position. This resulted in a number of organizations, advocacy groups, businesses and individuals mobilizing efforts with a view of eventually providing submissions that might have influenced the final outcome.

Then, last week, the Department of Industry, Science and Economic Development (ISED, the government Ministry responsible for PIPEDA), issued some sort of commitment to modernize and amend PIPEDA in a number of significant ways.  The Digest last week had an article about it if you missed it. This (somewhat of a) commitment to change the law could very well have an impact on how Canada deals with the issue of transborder data flows and the issue of whether consent is required for processing information in this way.

Recognizing that this entire issue was therefore subject to legislative reform, Commissioner Therrien announced at last week’s Symposium during his Annual Address to the Profession, that he was suspending his consultation process so that he could restructure it in light of some of ISED’s proposals.

As of today, we are waiting to see from the OPC what their revised consultation process is going to look like.  I personally think it might get subsumed with the larger consultation process ISED has begun on PIPEDA reform. What we know for sure, however, is that if you already have a submission, the OPC has said that you can provide it to them and that they will consider it going forward.

So, all that to say, there’s a bit of uncertainty surrounding this issue.  That being said, I think it’s fair to say that there’s a bit of uncertainty when it comes to all of privacy regulation in Canada more broadly.  Apart from the transborder data flow issue, ISED’s proposals to amend PIPEDA might result in a completely different regulatory landscape that doesn’t look anything like the one we’ve got now. So, in my mind, everything seems to be a moving target. Nineteen years ago, my colleagues and I published The Law of Privacy in Canada. It was borne of the idea that privacy regulation in Canada was about to dramatically change and that people would want to learn about it. At this point, my sense is that we’re at a similar tipping point today. I certainly foresee a lot of updates to my book in the near future!