Canada a Little Closer to Recognising Right to be Forgotten

The Federal Court recently issued a decision further to a reference triggered by the Privacy Commissioner and involving Google, and in particular the extent to which search engine may be considered businesses that are governed by rules pertaining to the protection of personal information. In short: yes, Google should be considered a normal business and, yes, search engines may be considered as holding and using personal information.

In practice, one consequence of the recent ruling at issue is that individuals the personal data of whom is held and displayed by the likes of Google, when third parties make searches on the Web, would seem to be covered by normal rules requiring that the information be up-to-date, exact and still relevant. In short, in certain cases, it could be that individuals may require search engines to stop their algorithms from referencing inaccurate or obsolete information.

Though the Federal Court decision at issue was technically NOT about the right to be forgotten, this judgment does open the way for Canadians to claim a right to deindexation of erroneous or obsolete Web search results, akin to the right to be forgotten that European law now grants citizens. This could happen with or without legislative changes to provide for it expressly.

Though people are already invoking the right to have stuff about them deindexed (by search engines), for now, providers like Google aren’t too keen to start recognizing that such a right does indeed exist in the U.S. or Canada. Now, as the Privacy Commissioner starts investigating and processing complaints about search engine results, to be seen whether a right to deindexation will indeed materialize in Canada, and how fast.

Canadian Privacy Commissioner Unimpressed with Bill C-11 as it Currently Stands

The Canadian Privacy Commissioner recently voiced serious concerns with Bill C-11, a piece of legislation meant  to replace the Canadian law relating to  personal information. Though it is meant to upgrade Canadian legislation, Commissioner Therrien believes the revised law would actually lessen the protection of personal information for Canadians.

As you may remember, the Canadian Parliament tabled new bill called C-11, back in September, meant to overhaul our the Canadian personal information protection statute. This bill is currently being studied, including as changes which may be required before it should become law.

Mr. Therrien recently spoke about this bill at an online conference put together by the Option Consommateurs, where he gave us his take on C-11, namely that this bill falls short of adequately protecting Canadians.

For one thing, the Canadian Commissioner says the new law should make it harder for businesses to use obscure or vague language, when requesting consent from individuals, but it does not. Even under the new statute, businesses could continue to ask for consent using language that is unclear or not specific enough. According to him, Bill C-11 would lower the standard to apply to consents from individuals.

Not too surprisingly, the Commissioner also disagrees with the Legislator’s decision to create a new system whereby penalties would be heard by a new administrative tribunal, as opposed to the office of the Privacy Commissioner of Canada. He believes this new structure will only result in process that is even more cumbersome in cases of violation of the privacy protection statute.

The Commissioner also reiterated that he believes Canada should be enshrine the individuals’ rights to the protection of their personal information, for example in Constitution-like documents meant to confer on that right a charter-like protection. Sadly enough, Canada has yet to protect the righto to the protection of personal to that extent. According to the Canadian commissioner, this weakens what Canadians can expect in terms of protection from the law.

Eh Dude, Your Car’s Leaking. No, Not Oil: Data

The online magazine The Intercept recently published an interesting piece entitled YOUR CAR IS SPYING ON YOU, AND A CBP CONTRACT SHOWS THE RISKS which I highly recommend. If you didn’t know it, yes, your car does generate a lot of data and even downloads some of it from mobile devices which connect to it over time. In a sense, nowadays, a car is a sort of mobile computer, shock full of data. What may not be apparent to the layperson is that a car in this day and age generates and retains A LOT of data pretty much any time a human interacts with it.

Though the article at issue focuses on the use of your vehicle’s data by law enforcement (when investigating crime), if you ask me, the true story actually goes quite beyond that, including the use of such data by private businesses.

Surprisingly, accessing the data held by a modern-day vehicle isn’t actually this complicated—you just need the know-how and the right tool. If you’re really determined to do so, plugging into a car these days and extracting troves of data is apparently pretty straightforward. For example, in case of accident or other incident with an insured vehicle, the insurer may send an investigator armed with the right tools to download the car’s data, which can then be analyzed at leisure, including to try and find out why the insured’s claim should be denied. Almost any car on the road today includes such capabilities and functionalities akin to a plane’s black box.

The article specifically discusses one particular tool called iVe, a product by a company called Berla. The iVe toolbox includes both hardware and software components, and even has its own mobile app, so as to make things easier for investigators in the field.

This particular tool may be used to siphon all data contained in a vehicle’s circuits, for example to further an investigation either by the police or an insurer. The product then facilitates identifying, accessing and analyzing various types of information found in modern-day vehicles—you’d be surprised how much there may be. The company’s website claims its product can be used to uncover things like:

  • Geolocation data, including what roads or streets the vehicle was driven on, etc.;
  • Events which the vehicle encountered and recorded through any of its sensors;
  • Media files (content) that a user downloaded or accessed using the on-board infotainment system (music, podcasts, etc.);
  • A list of the specific mobile devices that users connected to the vehicle over time, etc.

In practice, it seems one may even go so far as to obtain a copy of the list of contacts from mobile devices that users connected to the vehicle, the history of SMS and emails on those devices, the list of incoming and outgoing calls, the list of songs played through the on-board infotainment system, etc.

Incident which a car records may, of course, include accident-like events, but also things that the average driver may not realize are being recorded, including:

  • The speed at which the car is travelling at any given moment;
  • The changing of gears and the engine’s RPMs at any given moment;
  • Sudden acceleration or breaking;
  • The fact that the headlights were either turned on or off;
  • The opening or closing of doors; etc.

So, you were listing to PARANOID by Black Sabbath and texting your friend Mike while driving down this country road at 163 km/h, and then lost control? Yeah, your insurer can find out, for sure. In fact, almost any action taken by the human operator of the vehicle may be recorded (even more so if you plugged in your cellphone), something the average driver may not realize. The fact that this is generally not clearly disclosed to the public does play into the hands of insurers and law enforcement, as it does make their job somewhat easier when investigating incidents involving vehicles.

If it may provide some measure of comfort to you, iVe does not come cheap. The article to which we’re linking above mentions purchasing that tool for tens of thousands of dollars. At that price, your insurer (or its investigator) probably bought one, but not your next-door neighbour, even if he’s really into cars.

This is a good example of the behind-the-scene changes turning everyday objects, like cars, into electronic gizmos. If you thought a car was still just a car, you are very much mistaken it seems. In today’s world, accessing the data in that car can reveal a whole lot about you, your driving habits, including where you’ve taken that car, and how. And contrary to what some people may think, it does NOT require a whole team of CSI-like investigators merely to connect to your car.