The current controversy concerning Cambridge Analytica, Aggregate IQ and Facebook has raised to public and media attention a number of interrelated issues, that need to be carefully distinguished: The monopoly power of companies like Facebook in the “platform economy†and their dependence on personal data for their business models The non-consensual harvesting of information on one’s wider social network through …
HOW TO AVOID PRIVACY COMPLAINTS ESCALATING TO THE PRIVACY COMMISSIONER: BE TRANSPARENT, RECEPTIVE, DILIGENT, POLITE AND TRUTHFUL
GUEST POST  BY ROBIN M. BAYLEY, LINDEN CONSULTING INC.  (VICTORIA BC). (A VERSION OF THIS ARTICLE APPEARED IN PRIVACY LAWS AND BUSINESS INTERNATIONAL REPORT, APRIL 2017).   Companies subject to privacy legislation can do much to prevent a privacy complaint from a customer from becoming a complaint to  a privacy commissioner.  They can be summarized as: be transparent, receptive, diligent, polite …
So maybe ‘Big Data’ doesn’t work in elections? Maybe it’s time to stop using it?
It is tempting to conclude that what happened in the presidential election last Tuesday was not only a repudiation of the ‘Washington establishment’ and the mainstream media, but also of the use of “Big Data†in elections.  Perhaps people are sick of being considered ‘data points’ in an endless struggle to manipulate their political attitudes and behavior. Among other things, …
IS CANADA STILL ‘ADEQUATE’ UNDER THE NEW EUROPEAN GENERAL DATA PROTECTION REGULATION?
In December 2001, Canada achieved adequacy status under the 1995 Data Protection Directive for transfers from the EU to Canada of personal information subject to the jurisdiction of the Personal Information Protection and Electronic Documents Act (PIPEDA). Since that time, Canadian businesses could rely on this determination, and thus avoid other methods to guarantee legal transfers such as model contracts …
So Who is Actually “Shielded” by the Privacy Shield?
I have just co-authored a study with Priscilla Regan and Robin Bayley on the effectiveness of privacy redress mechanisms in Canada and the United States. In our view, too much comparative privacy research is based on the abstract comparison of the ‘black letter of the law.’ So we decided to examine some real cases involving real individuals who have suffered real …
BILL C-51 AND NO FLY-LISTS: STILL TOO DANGEROUS TO FLY YET TOO INNOCENT TO ARREST
Part Two of the Government’s Anti-Terrorism legislation (C-51) comprises the Secure Air Travel Act (SATA), which formalizes the rules for the operation of Canada’s no-fly list (or the Specified Persons List).  It has not yet received much analysis in comparison with the more controversial  provisions on the new powers for CSIS, and the expansion of the information-sharing provisions, both superbly covered in …
HOSPITALS WITHOUT PATIENTS, AND DATA PROTECTION WITHOUT DATA SUBJECTS: MY ADDRESS TO CPDP2015
One of my favorite episodes of the BBC Series, Yes Minister, is called “The Compassionate Society.â€Â  The story revolves around a hospital in north London that has 500 administrative staff, but no medical personnel and no patients.  When Sir Humphrey Appleby, the Permanent Secretary, is confronted by Minister Jim Hacker about this perplexing state of affairs, he defends the situation …
THE ROLE OF A PRIVACY COMMISSIONER AND THE QUALIFICATIONS OF DANIEL THERRIEN: WHAT PARLIAMENT SHOULD BE ASKING
The Prime Minister’s announcement last week that he has recommended Assistant Deputy Attorney General, Daniel Therrien, to be the next Federal Privacy Commissioner should give us cause to reflect on what the Federal Privacy Commissioner actually does and what skill sets are necessary. Â I have written about this on a number of occasions. Â The job is complex, multi-faceted and …
IF INDUSTRY AMENDMENTS TO THE DRAFT REGULATION ARE ADOPTED, WOULD THE EUROPEAN UNION STILL HAVE AN “ADEQUATE LEVEL OF DATA PROTECTION”?
I followed the twists and turns of the passage of the original 1995 EU Data Protection Directive earlier in my career, and wrote about the politics of the process at some length.  By 1995, I was so tired of the process that I almost did not care what was in the Directive – so long that it was an …
THE GEO-POLITICS OF PERSONAL DATA AND THE NEW EU DATA PROTECTION REGULATION
We understand that the EU Parliament’s review of the Regulation is on schedule to be completed by mid-2013. I have written  an article for the Harvard International Review –– a more historical treatment that tries to set the current debates in some context.  The same issue has an article from Vivien Redding.  The basic message is that we have heard before from …