The first lecture from Law 3040X.03, Privacy and Access to Information Law. This lecture was given in January 2013 at Osgoode Hall Law School, York University. The rest of our slides are for students only.
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Privacy and Access to Information Law - Lecture 1
1. LECTURE 1:
INTRODUCTION
Privacy and Access to Information || James
Law
Williams
2. Agenda
1. Introductions
2. Overview of the syllabus
3. Basics of privacy and access to information
3. Syllabus
Main points:
This course is about:
research and writing
critical perspectives on law
It is NOT like the other first year courses
we present the fundamental material
we present perspectives
you do research that interests you
readings are largely secondary literature
4. Syllabus (2)
The content will vary slightly according to
interests
The website is the source of truth for content
Grading
Attendance
Participation
In-class
participation
Course blog
Term paper
5. Privacy in the News:
BC Health Privacy Breach Affects Millions
The personal-health data of more than five million British
Columbians has been accessed without proper
authorization, and in the most serious cases, the
provincial government says it will notify more than
38,000 individuals of the breaches by letter.
health data — excluding personal names, social
insurance numbers or financial information — was
saved on USB sticks and shared with researchers or
contractors without the proper permission or protocols.
Also included was data from Statistics Canada's
Canadian Community Health Survey, including
information on the mental, physical and sexual health of
individuals, as well as their lifestyles and the use of
health services.
6. Privacy in the News:
Government faces class-action lawsuits over student loan
borrowers' lost data
Two class-action lawsuits are being filed after Human
Resources and Skills Development Canada lost a portable
hard drive containing personal information about more than
half a million people who took out student loans.
Read more:
The department said last week the device contained data on
583,000 Canada Student Loans Program borrowers from
2000 to 2006.
The missing files include student names, social insurance
numbers, dates of birth, contact information and loan
balances of borrowers, as well as the personal contact
information of 250 department employees.
7. Access to Information in the
News
Court tells province to make IBM deal public
A judge has shot down the B.C. government’s
request to keep secret some of a multimillion-
dollar computer contract signed with technology
giant IBM.
Thursday’s decision by B.C. Supreme Court
Justice J. Keith Bracken came after an eight-year
legal battle by the government, which said the
contract contained sensitive information that could
threaten government security if it were made
public.
Bracken dismissed government arguments and
sided with B.C.’s information and privacy
commissioner, who had previously ordered the
contract released in full.
8. Access to Information in the
News:
B.C. taken to task for failure to inform public
The provincial government routinely fails its legal duty to promptly inform
citizens of risks to public health and safety, warn legal scholars at the
University of Victoria.
…public bodies are required to act “without delay” in publicly disclosing
information about any “risk of significant harm to the environment or to the
health or safety of the public.” This duty overrides any other provisions in
the law and requires authorities to disclose even if there has been no
specific request for information. But authorities appear to apply too narrow
and restrictive an interpretation of what the act requires, the researchers
say.
For example, the researchers found that despite numerous reports that a
dam near Oliver in the Okanagan valley was in danger of collapse,
provincial authorities made no apparent effort to warn residents “despite
knowing of the threat for decades.” When the dam did collapse on June 13,
2010, it triggered a huge mudslide that destroyed houses, farmland and
farm equipment… “If the dam had collapsed at night when residents were
asleep, some would likely have died.”
9. Privacy in the news
Store video cameras failing to comply with privacy laws
Andrew Clement, co-founder of the Identity, Privacy and
Security Institute, found that not a single video camera
in Eaton’s Centre complied with the signage
requirements of PIPEDA
Under the law, stores are required to post signs outside
their entrances that alert customers to the use of video
surveillance, its purpose and a contact number so
people can find out how they can obtain a copy of any
footage that contains their image.
Of the hundreds of cameras on the properties…only
about 30 per cent had any kind of sign alerting people to
their use and none met even the minimum standards
required under the law.
10. Privacy in the News
Privacy watchdog sounds alarm on
Conservative e-snooping legislation
Jennifer Stoddart wrote the Harper government to
register her “deep concerns” about these new
surveillance powers and note that it has so far
failed to demonstrate why this is the best course
of action.
“These bills went far beyond simply maintaining
investigative capacity or modernizing search
powers,” Ms. Stoddart said in her letter. “Rather,
they added significant new capabilities for
investigators to track, and search and seize digital
information about individuals. “
11. Access in the news
Are BC police chiefs evading the law?
They’re the two most prominent and influential policing
organizations in BC, appearing frequently in public promoting
their strong positions on criminal justice reform, use of tasers,
drug laws, or expanding police powers. But little else is widely
known about the BC Association of Chiefs of Police
(BCACP) and its smaller sister, the BC Association of
Municipal Chiefs of Police (BCAMCP).
What are their mandates? Who funds them? What do they
do? Both associations have been meeting up to 10 times a
year for at least 30 years, but they aren’t incorporated non-
profit organizations.
they look like a “public body” as defined by FIPPA, consisting
of public servants performing their public duties on the public
dime.
12. (continued)
During a 2004 legislative review of FIPPA, BC
Information and Privacy Commissioner David
Loukidelis publicly released his rebuttal to a
confidential BCAMCP submission.
So detailed is his letter, it gives the impression
Loukidelis was trying to alert the public about the
BCAMCP’s attitudes.
Loukidelis vehemently criticized the BCAMCP for
making numerous factual errors and “unsubstantiated
allegations” in their (ultimately unsuccessful) efforts to
persuade legislators to exclude all municipal police
forces from freedom of information laws.
Loukidelis noted the BCAMCP had five years earlier
made the same proposal, and he warned of the
dangers of putting police forces beyond “public
scrutiny” and “accountability.”
18. Privacy in the news
Police drones prompt privacy concerns
Drones are cheaper to build and fly than
helicopters, making them a cost-effective option
for police departments looking to gain a bird's eye
view of a scene.
But privacy groups are sounding alarm that there
aren't enough legal safeguards in place to prevent
drones from being used for mass surveillance.
The Federal Aviation Administration has predicted
that by the end of the decade, 30,000 commercial
and government drones could be flying over U.S.
skies.
19. (continued)
The FAA's standard authorization requires
drones to be flown only during the day, below
400 feet and within the line of sight of the
drone operator. Sanchez said Miami-Dade's
drones are limited to 300 feet above the
ground and are not allowed to fly over
populated areas or near downtown high-rises.
But those restrictions are about preventing
collisions and keeping the skies safe—not
protecting privacy.
20. (continued)
"Drones should only be used if subject to a
powerful framework that regulates their use in
order to avoid abuse and invasions of privacy,"
Chris Calabrese, a legislative counsel for the
ACLU.
He argued police should only fly drones over
private property if they have a warrant,
information collected with drones should be
promptly destroyed when it's no longer needed
and domestic drones should not carry any
weapons.
Lawmakers have introduced several bills this
session to limit police use of drones.
21. Privacy in the news
Germany fights Facebook over privacy
violations
A German state data protection agency has
threatened Facebook's billionaire founder and
chief executive Mark Zuckerberg with a €20,000
(£16,000) fine if Facebook does not allow
Germans to have anonymous accounts on the
social network.
Under German law, media services, including
Facebook, must offer users the choice of using a
pseudonym.
In 2011, Schleswig-Holstein banned local
organisations and companies from using
23. Data protection in the news
U.S. Tech Firms Facing Stronger European Data
Protection Measures
Over the last year, representatives of the US
government and American technology companies
have repeatedly traveled to Europe in the hopes of
containing an effort by the European Commission to
strengthen data protection rules for citizens of the EU
It would grant EU citizens a fundamental new right:
data portability or a citizen’s right to easily transfer
her own personal posts, photos, and video from one
online service site to another.
Companies that violated the rule would be liable to
penalties of up to 2 percent of worldwide revenues.
24. Access in the news
Privacy commissioner rips justice ministry for
68-month delay
Saskatchewan's information and privacy
commissioner is calling a 68-month delay
"unconscionable" in the case of a man asking for
government records about himself.
"I am struck by the profound lack of respect
shown for the applicant and his right to access
records that are fundamentally about him,"
Dickson wrote in the report.
He noted that the Justice Ministry has a budget of
$162 million, but only pays for four full-time
employees to deal with freedom of information
requests to itself and other departments.
25. Privacy in the news
Privacy commissioner to review centralized ID cards
British Columbia is introducing a high-tech identification card for
everyone from infants to the elderly to replace the old CareCard
health system, and add driver’s licences and other government
services.
Vincent Gogolek, the executive director of the BC Freedom of
Information and Privacy Association, said the Liberal government
does not have a stellar track record when it comes to introducing
high-tech programs
Last July, former children’s minister Mary McNeil conceded the
government’s $182-million Integrated Case Management program
to improve information flow in the child-welfare system needed
repair after a report from the Independent Representative for
Children and Youth concluded the database was deeply flawed and
put children at risk.
“Is it as secure as the Integrated Case Management system?” said
Mr. Gogolek. “That‟s the last thing they did where they had massive
data-sharing, and that blew up as soon as they introduced it.”
26. Privacy in the news
VCH terminates employee for privacy breach
Vancouver Coastal Health (VCH) has terminated an
employee for breaching the privacy of five media
personalities in Vancouver.
This was the result of an investigation into
inappropriate access to the electronic health records.
The incident arose during a routine audit of patient file
access by VCH’s Privacy Office. Such audits occur on
a regular basis and look for signs that an employee or
physician may be accessing records for non-clinical
reasons.
In late-November, an audit found an employee had
looked into the personal data of five patients. When
questioned, they stated they had looked at the records
for “curiosity”.
27. Privacy in the news
Supreme Court rules employees have right to privacy on work
computers
Workplace computers contain so much personal
information nowadays that employees have a legitimate
expectation of privacy in using them, the SCC said in a
major ruling Friday.
An individual’s Internet browsing history alone is capable
of exposing her most intimate likes, dislikes, activities
and thoughts.
“Canadians may therefore reasonably expect privacy in
the information contained on these computers, at least
where personal use is permitted or reasonably
expected,” Mr. Justice Morris Fish said…
the seriousness of an offence and workplace computer
policies are sufficient to override the right to privacy.
28. Introduction to Privacy
We will begin our discussion of Access next
class
We could spend an entire course on this topic
Privacy is a highly contested notion
There is a vast philosophical and legal literature
There are also treatments of it in:
Economics
Psychology
Anthropologyand Sociology
Computer science
29. What is privacy?
The concept of privacy is found in some of the
oldest written texts: the Qur’an, the Talmud, and
the New Testament, and in ancient Chinese and
Greek law.
For instance, the concept appears in Aristotle's
distinction between the public sphere of political
activity and the private sphere associated with
family and domestic life.
In modern times, privacy has been recognised as
a human right by the General Assembly of the
United Nations, and rights to privacy have been
either explicitly stated or implicitly recognised in
the Constitutions of various nation states.
30. What is privacy?
Although undoubtedly a concept of great
importance, privacy has proven notoriously
difficult to define. Scholars and jurists fight
over the meaning, value and scope of the
concept of privacy
In the words of Daniel Solove, privacy appears
to be a sweeping concept, encompassing
”freedom of thought, control over one‟s body,
solitude in one‟s home, control over personal
information, freedom from surveillance,
protection of one‟s reputation, and protection
from searches and interrogations.”
31. What is privacy?
In early Anglo-american law, privacy protection
was justified largely on moral grounds.
Distinguish:
1. descriptive accounts of privacy, describing
what is in fact protected as private, from
2. normative accounts of privacy defending its
value and the extent to which it should be
protected.
Some people speak of privacy interests, while
others speak of rights.
32. What is privacy?
Skeptical and critical accounts of privacy:
nothing special about privacy, because any interest protected as
private can be equally well explained and protected by other
interests or rights
privacy interests are not distinctive because the personal interests
they protect are economically inefficient
not grounded in any adequate legal doctrine
Positive accounts:
Privacy is merely control over information about oneself
Privacy is a broader concept required for human dignity
Privacy is crucial for intimacy
A value that accords us the ability to control the access others
have to us
A set of norms necessary not only to control access but also to
enhance personal expression and choice
33. Types of privacy interest
Territorial privacy:
this type of privacy interest relates to control over one’s spatial
environment. Claims of this sort have been regulated in the western legal
tradition by rules relating to property. Violations of territorial privacy can
result from trespass, video surveillance and remote or hidden listening
devices.
Privacy of the body:
this type of privacy interest relates to control over one’s person. Claims of
this sort are typically addressed in law through prohibitions against unlawful
confinement, assault, battery, and unwarranted search and seizure.
Violations can arise through these means, as well as more subtle acts,
such as genetic testing.
Informational privacy:
this type of privacy interest relates to an individual’s control over
information relating to them. It is based on the idea that information about
an individual is in a fundamental way her own, for her to communicate or
retain as she sees fit.
34. The basis of privacy
In general, there are two categories of
justification for the importance of privacy
interests:
Utilitarian accounts of privacy are by far the
most numerous, and focus on the effects that
privacy interests have on the utility of
individuals or groups. They justify privacy by
reference to its effects.
Deontological accounts ground privacy
interests in other norms that individuals or
groups possess. Deontological theories
concentrate on the character of actions, rather
35. Rationales
Personal Development:
As an example, John Stuart Mill argued that there is a close
correlation between the availability of a protected zone of privacy,
and an individual’s ability to freely develop her individuality and
creativity.
Integrity and Identity:
Some commentators believe that an individual’s integrity (and the
development and preservation of personal identity) require the
protection of a zone of privacy within which the ultimate secrets of
one’s “core” self remain inviolable against unwanted intrusion or
observation.
Alleviating Stress:
Alan Westin noted that social life is frequently stressful, and
generates tensions which would be unmanageable unless the
individual had opportunities for periods of privacy.
36. Rationales
Privacy and Human Dignity: (Bloustein)
It is possible to give a general theory of individual privacy that
reconciles its divergent strands. “Inviolate personality” is the social
value protected by privacy. It defines one's essence as a human
being and it includes individual dignity and integrity, personal
autonomy and independence.
Respect for these values is what grounds and unifies the concept of
privacy.
Privacy and Intimacy: (Fried)
Fried defines privacy narrowly as control over information about
oneself. He extends this definition, however, arguing that privacy
has intrinsic value, and is necessarily related to and fundamental
for one's development as an individual with a moral and social
personality able to form intimate relationships involving respect,
love, friendship and trust.
Privacy is valuable because it allows one control over information
about oneself, which allows one to maintain varying degrees of
intimacy.
37. Rationales
Enabling Social Relations:
We saw above that some have argued that privacy is
valuable because it provides the rational context of a number
of ends, including love, trust, friendship and self-respect. It
is a necessary element of these ends, and not an ancillary
one.
A number of commentators defend views of privacy that link
closely with accounts stressing privacy as required for
intimacy, emphasizing not just intimacy but also more
generally the importance of developing diverse interpersonal
relationships with others.
Rachels: Privacy accords us the ability to control who knows
what about us and who has access to us, and thereby allows
us to vary our behavior with different people so that we
may maintain and control our various social relationships,
many of which will not be intimate.
38. Rationales - Control
William Parent.
He defines privacy as the condition of not having
undocumented personal information known or
possessed by others.
Parent stresses that he is defining the condition of
privacy, as a moral value for people who prize
individuality and freedom, and not a moral or legal
right to privacy.
In cases where no new information is acquired, Parent
views the intrusion as irrelevant to privacy, and better
understood as an abridgment of anonymity, trespass,
or harassment.
Westin: the claim of individuals, groups or institutions to
determine for themselves when, how, and to what
extent information about them is communicated to
others.
39. Rationales
Access:
Another group of theorists characterize privacy in terms of
access.
Some commentators describe privacy as exclusive access of
a person to a realm of his or her own.
Bok (1982) argues that privacy protects us from unwanted
access by others — either physical access or personal
information or attention
As stated by the Canadian Commission on Freedom of
Information and Individual Privacy, at least two aspects of
personal autonomy are threatened by privacy invasions:
1. our relationships with other individuals
2. our relationships with institutions.
40. Critical Positions
Thomson:
Ultimately the right to privacy is merely a cluster of
rights.
Those rights in the cluster are always overlapped by,
and can be fully explained by, property rights or
rights to bodily security.
Posner:
Focusing on privacy as control over information about
oneself, Posner argues that concealment or selective
disclosure of information is usually to mislead or
manipulate others, or for private economic gain, and
thus protection of individual privacy is less defensible
than others have thought because it does not
maximize wealth.
41. Information Privacy
Recall the informational aspect of privacy, which
concerns an individual’s control over information
relating to them.
One of the earliest statements of informational
privacy in the common law is due to Samuel
Warren and Louis Brandeis. The two jurists stated
that:
“[t]he intensity and complexity of life...have rendered
necessary some retreat from the world, and man, under the
refining influence of culture has become more sensitive to
publicity, so that solitude and privacy have become more
essential to the individual; but modern enterprise and
invention have, through invasions upon his privacy,
subjected him to mental pain and distress, far greater than
could be inflicted by mere bodily injury.”
42. Information Privacy
Warren and Brandeis were concerned with several new technologies that
made the dissemination of personal information feasible on a broad scale -
namely, portable photographic equipment and improved printing presses.
The age of the “pen and brush” caricature and political cartoon had yielded
to technology that could produce a black and white approximation of a
photographic image on any paper surface.
The concern over the rapid growth of information technology was picked up
in the mid 20th century by Alan Westin, the father of modern data protection
law.
In Westin’s formulation, informational privacy is the “claim of individuals,
groups or institutions to determine for themselves when, how, and to what
extent information about them is communicated to others”.
Taking a cue from Warren and Brandeis, Westin stated that technological
advances “now make it possible for government agencies and private
persons to penetrate the privacy of homes, offices and vehicles; to survey
individuals moving about in public places; and to monitor the basic
channels of communication by telephone, telegraph, radio and television.”
43. Information Privacy
In the words of the Commission on Freedom of
Information and Individual Privacy:
“[t]he development of modern forms of social
organisation of increasing size and complexity, and
the corresponding growth of large public and private
institutions have given rise to an unprecedented
growth in the collection, analysis and use of
information. This increase in institutional needs for
information has been coupled with remarkable gains
in the sophistication and capacities of technologies
used in the gathering, storage, analysis and
dissemination of information. It is often said, with good
reason, that we are living in an „information age‟.
Personal information concerning individuals is now
collected and used by large institutions to an extent
that would have been inconceivable to previous
generations.”
44. Information Privacy
D‟aoust:
[t]he accumulation of personal information on an individual
enables the creation of a composite image of that person that
is often false and reductionist. More and more one hears of
the electronic identity of a person... It becomes a determining
factor of the individual’s potential for action and development.
That identity could be stolen or appropriated. It serves to
categorise a person. When doubt is cast- even if it is
unfounded- on his or her integrity, that identity can prevent a
person from travelling, from finding a place to live or a job, or
to obtain insurance.
The closer personal information comes to the biographical
heart of a person, the more that information can have
significant consequences on the shaping of identity and on
imposing serious limitations.
45. Information Privacy
According to Shafer, the ”ordinary citizen who,
in earlier times, would have been known only
in his or her own community, now leaves a
„trail of data‟ behind with almost every project
undertaken: the tax form completed; the social
welfare claimed; the application for credit,
insurance or a drivers license; or the purchase
of consumer goods.”
46. Challenges
a recurring theme in the development of privacy
protection has been the inability of existing
safeguards to deal with advances in technology.
The simple physical protections existing during
the time of Warren and Brandeis were threatened
by the advent of the hand-held camera and
improving printing technology.
In the mid 20th century, Alan Westin suggested
that the protections developed after Warren and
Brandeis were inadequate to meet the challenges
afforded by computers and other forms of
information technology.
47. Challenges
Surging repositories:
The amount of information at the disposal of private and
public sector organisations has grown significantly.
Rapid technological advances in storage capacity have
enabled organisations to routinely manage databases that
are inconceivably larger than the simple tools available in
Alan Westin’s 1960.
In the words of one commentator, “[u]ntil recently, data sets
were small in size, typically containing fewer than ten
variables. Data analysis traditionally revolved around graphs,
charts and tables. But the real-time collection of data, based
on thousands of variables, is practically impossible for
anyone to analyze today without the aid of information
systems. With such aid, however, the amount of information
you can mine is astonishing.”
48. Challenges
Automated decision-making:
Second, an increasing amount of processing is happening in the
absence of a relational setting between the individual and the
institution in question. Government offices, banks and insurance
agencies make decisions on eligibility for housing and other
benefits at a distance, often with the use of automated decision
support systems.
In the words of the United States Privacy Protection Study
Commission:
“[t]he substitution of records for face-to-face contact in these
relationships is what makes the situation today dramatically different
from the way it was even as recently as 30 years ago. It is now
commonplace for an individual to be asked to divulge information
about himself for use by unseen strangers who make decisions
about him that directly affect his everyday life. Furthermore,
because so many of the services offered by organisations are, or
have come to be considered, necessities, an individual has little
choice to but submit to whatever demands for information about him
an organisation may make.”
49. Challenges
Social networking:
A new generation of Internet applications has
radically changed the way in which individuals
maintain an online presence.
The privacy implications of having vast
amounts of personal data stored in social
networking applications are significant
50. Challenges
Ubiquitous computing:
The growing sophistication and miniaturisation
of computing hardware has led to the
development of the field of ubiquitous
computing.
Ubicomp, as the field is known to practitioners,
envisions the integration of small computing
devices with buildings, clothing, appliances,
and a host of other artifacts.
51. Challenges
Knowledge discovery / data mining:
Lastly, the recent emergence of knowledge
discovery in databases (“KDD”) has raised a
host of new problems relating to privacy.
52. Wrap-up: some themes
Does technology spell the end of privacy?
What determines our ability to achieve privacy?
What is the relationship between privacy and socio-
economic status?
What influences our conception and need for privacy?
Is the desire for privacy universal?
How does architecture reflect privacy interests?
How does architecture determine privacy interests?
How did the development of the welfare state influence
privacy?
What are the limits of legal approaches to privacy?
How does privacy applies to groups / communities?
53. Next class
Access to Information
BasicTheory
Cases
Introduction to Research
Perhaps the most important part of the course
Consequentialism is the class of normative ethical theories holding that the consequences of one's conduct are the ultimate basis for any judgment about the rightness of that conduct. Thus, from a consequentialist standpoint, a morally right act (or omission) is one that will produce a good outcome, or consequence.Consequentialism is usually distinguished from deontological ethics (or deontology), in that deontology derives the rightness or wrongness of one's conduct from the character of the behaviour itself rather than the outcomes of the conduct. It is also distinguished from virtue ethics, which focuses on the character of the agent rather than on the nature or consequences of the act (or omission) itself, and pragmatic ethics which treats morality like science: advancing socially over the course of many lifetimes, such that any moral criterion is subject to revision.
As an empirical matter, individuals have a number of practical interests which may be seriously harmed by invasions of their privacy, including social standing, employment prospects and the maintenance of relationships.