Reviewing PIPEDA: Control, Privacy and the Limits of Fair Information Practices
Canadian Business Law Journal, Vol. 44, p. 21, 2006
17 Pages Posted: 22 Jul 2008
Date Written: 2006
This article argues that the federal Personal Information Protection and Electronic Documents Act (PIPEDA) provides individuals with control over their personal information in order to protect informational privacy while permitting organizations to collect, use and disclose personal information for legitimate and reasonable purposes. However, in determining whether such control is effective in protecting privacy, a number of issues emerged as important: control over personal information can protect a broader set of values than simply privacy; individual informational privacy can be protected even in the absence of individual consent; determining the scope of the legal entitlement to control over personal information requires an understanding of the values that privacy is meant to protect and a balancing of these against legitimate claims of others in a principled manner; and control will only protect privacy if individuals are presented with meaningful choices regarding privacy options. These issues then helped to pinpoint a number of PIPEDA'S weaknesses, including its all-or-nothing approach to Schedule 1obligations; the scope of individual control over personal information provided and the role of implied consent; the desirability of an Ombudsman model; and whether PIPEDA'S provisions can require that privacy be taken into account at the stage of administrative and technological design.
Suggested Citation: Suggested Citation