On May 8, 2018, the BlockchainHub hosted guest speakers from as far away as Japan and Saudi Arabia. They spoke about:
Marek Laskowski, Co-Founder of Blockchain Lab and Professor of Information and Computing Technologies at York University spoke about blockchain in the context of the built environment. He focused on the privacy implications of miniaturization and ubiquity of connected devices as well as ways to satisfy Privacy by Design principles, echoing some concerns shared by MT>3 clients. On the eve of changes such as the GDPR in Europe, Canadian mandatory privacy breach notification rules, and the increased use of “Internet of Things” devices, privacy issues for business and individuals are top of mind.
There are many potential beneficial applications for distributed ledger, permissioned blockchains and “smart contracts”.
MT>3 recognizes the value in these and other emerging technologies. We are watching them closely as we explore new approaches.
In late April, U.S. government lawyers withdrew their opposition to having a special master conduct privilege review of the documents seized from Michael Cohen, the personal lawyer of President Donald Trump. They suggested a new way forward: Technology Assisted Review (TAR) to identify potentially privileged material.
U.S. Magistrate Judge Frank Maas of the Southern District of New York added that he would bring on Canada’s leading Research Professor in TAR, Maura Grossman to assist with the review.
TAR is the latest buzz in e-discovery circles. The development of technology to assist with managing review, expediting review and reducing its costs varies from predictive coding, concept-clustering and other analytics tools. The potential advantages when using TAR in a privilege review include: speed, accuracy, defensibility, and transparency.
The process selected for use in this case will surely be the talk of the town in the eDiscovery and technology circles, as it has the capacity to open the floodgates for the use of TAR in future cases requiring a privilege review.
From Cyberlex: Parliamentary Committee Recommends Substantial Revisions to PIPEDA - Part 2 – Consent
(See the original article by Kirsten Thompson, Charles Morgan and Maureen Gillis at McCarthy Tétrault's Cyberlex Blog: Parliamentary Committee Recommends Substantial Revisions to PIPEDA – Part 2 - Consent)
As reported in our recent post, on February 28, 2018, the House of Commons Standing Committee on Access to Information, Privacy and Ethics tabled in the House of Commons a report entitled Towards Privacy by Design: Review of the Personal Information Protection and Electronic Documents Act. The recommendations in the Committee’s Report are also heavily influenced by the direction set in the European Union General Data Protection Regulation, (“GDPR”) which comes into force this year.
We have prepared a multi-part series of posts focusing in more depth on each section of the Report.
In this post, we summarize and comment on the Committee’s findings set out in Part 2 of the Report, which addresses the issues of “meaningful consent” and the enhancement of the consent model, exceptions to the rule of consent, and data portability.
The other posts in this series are:
Part 2 – Consent
The concept of consent underpins the entire framework of PIPEDA. Essentially a contract-type model, this approach envisions an enlightened user who freely trades his or her personal information in exchange for services. The premise is that the best protection for personal information is therefore to create the conditions in which individuals are free to use their personal information as they wish. This ethos is stated in PIPEDA ‘s Principle 3 as “The knowledge and consent of the individual required for the collection, use and disclosure of personal information, except where inappropriate.” Further sub-principles articulate other aspects of consent, such as the necessary processes and timing in obtaining consent, types of consent, and how consent is to be made meaningful.
However, this consent model is under pressure from online technologies. The Report acknowledges this and begins by setting out the Office of the Privacy Commissioner of Canada’s (“OPC”) concern that innovation in information technologies has added significant complexity to online interactions and resulted in more ways to use information. As result, few individuals take the time to inform themselves of the conditions of use of their personal information. Compounding the problem, noted some witnesses, is that the privacy policies meant to inform individuals are often unreadable or too vague and consent obtained is illusory.
Notwithstanding the problems with the current consent model, most witnesses supported its continued use, albeit in modified form to address the current shortcomings. Many supported enhancements to implicit consent, including “deemed” consent when the risk of harm is low. Other witnesses cautioned against this approach, noting that if is often difficult to evaluate risk and potential harm beforehand.
Other witnesses supported implementing measures that would make consent more meaningful.
Enhancements to Consent
The overall recommendation of the Committee was ultimately that while consent should remain the core element of the privacy regime, it should be enhanced and clarified by additional means. The Report explores four areas in which the consent model could be enhanced and in some cases makes specific recommendations:
Exceptions to Consent
While consent underpins PIPEDA, the legislation also recognizes situations in which consent should not be required.