So, you’ve probably heard about privacy law.
And you’ve probably heard about the idea that you need to consent to the use your personal information data.
And you might have even heard about some of the specific acts that are meant to protect your personal information, like these:
- Personal Information Protection and Electronic Documents Act, SC 2000, c-5
- Personal Information Privacy Act, SA 2003, c. P-6.5
- Personal Information Privacy Act, SBC 2003, c. 63
- Act Respecting the Protection of Personal Information in the Private Sector, CQLR, c. P-39.7
But, if you are like most people, there’s a good chance you haven’t heard about the base idea that holds these laws together. While being normal, this is a bit odd, because it’s that base idea that can help you understand generally how these laws will apply to all the different commercial or personal aspects of your life.
Most people usually think of online advertisements based on our usage data from companies like Google and Facebook when thinking about privacy law. And that’s because it is in fact a great example of when Privacy Law will apply, and when it can be breached…
Facebook to be fined $5B for Cambridge Analytica privacy violations
147 million people affected by the Equifax data breach
We use websites like Google or YouTube to search and watch videos, or Facebook to maintain social networks, and in turn these companies give us a “free user experience”. But what we all seem to be understanding on an increasing basis is that these companies are leveraging our data to sell to companies for hyper targeted advertising.
But did you know that these privacy laws apply to all of your personal information… not just your search history?
It’s not just internet companies that collect, hold, use, or share your personal information. In fact, most organizations do, in all types of settings. And this is a reality these laws are trying to deal with.
Put simply, privacy laws are trying to recognize the fact that organizations will have a reasonable need to collect, use, and disclose some of your information, and the law is trying to balance this fact with the right of the individual to have his or her personal information protected, and to have transparency as to that use in order to prevent unreasonable uses. Drilling down further, the key here is the “reasonable” standard. For example, a clinic will need your health card number… but it would be unreasonable for it to take your social insurance number.
Here it is in legalese
Canada – PIPEDA (S.C. 2000, c.5)
Part 1 - Protection of Personal Information in the Private Sector
Section 3 - Purpose
The purpose of this Part is to establish, in an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances
Alberta - PIPA (S.A. 2003, c P 6.5)
Section 3 - Purpose
The purpose of this Act is to govern the collection, use and disclosure of personal information by organizations in a manner that recognizes both the right of an individual to have his or her personal information protected and the need of organizations to collect, use or disclose personal information for purposes that are reasonable.
Come back for part 2 of this series on a discussion of “Consent” … it’s not as straightforward as you might assume.