Developing Privacy Best Practices for Direct-to-Public Legal Apps: Observations and Lessons Learned

(2020) 18:1 Canadian Journal of Law and Technology (Forthcoming)

67 Pages Posted: 15 Oct 2019

See all articles by Teresa Scassa

Teresa Scassa

University of Ottawa - Common Law Section

Amy Salyzyn

University of Ottawa - Faculty of Law; University of Ottawa - Common Law Section

Jena McGill

University of Ottawa - Common Law Section

Suzanne Bouclin

University of Ottawa - Common Law Section

Date Written: October 4, 2019

Abstract

In Canada, there has been a flurry of activity related to developing technological tools intended to be used directly by the public to address legal needs. For ease of reference, we refer to such tools as “DTP (direct-to-public) legal apps.” As useful as they may be, DTP legal apps raise unique and important privacy issues. This article discusses a project we undertook with the goal of creating a set of privacy best practices for DTP legal apps. We obtained funding from the Office of the Privacy Commissioner of Canada (OPC) to carry out this project in 2017 which resulted in a final report, Improving Privacy Practices for Legal Apps: A Best Practices Guide, submitted in March 2019. A full copy of this final report can be found at Appendix A. In this article, we detail our work on this project, including the challenges faced in fulfilling our research mandate (to draft a model privacy sectoral code for DTP legal apps) and the lessons we learned in that process.

In writing this article, we had two goals. First, we hope to provide the foundations for future projects and conversations relating to the optimal provision of DTP legal apps in Canada, and the development of privacy guidance for DTP legal app developers; second, we provide critical reflection on the objective of creating a sectoral privacy code, particularly in a rapidly evolving technological context.

This article has six parts. In Part I, we outline the background and context of the project. In Part II, we discuss the feedback we received about privacy concerns and the best practices model from developers engaged in the creation of DTP legal apps. Part III considers how structuring the best practices guide through the lens of the Personal Information Protection and Electronic Documents Act [“PIPEDA”] imposed specific, and sometimes problematic, constraints. In Part IV, we highlight some particular features of the DTP legal apps “sector” and identify how these realities impacted the development of what was initially conceived of as a sectoral privacy code. In Part V, we examine the role of law societies in relation to a privacy code of practice for DTP legal apps. In Part VI, we reflect on the final best practices guide we proposed.

Keywords: access to justice, technology, legal apps, legal technology, privacy

Suggested Citation

Scassa, Teresa and Salyzyn, Amy and McGill, Jena and Bouclin, Suzanne, Developing Privacy Best Practices for Direct-to-Public Legal Apps: Observations and Lessons Learned (October 4, 2019). (2020) 18:1 Canadian Journal of Law and Technology (Forthcoming). Available at SSRN: https://ssrn.com/abstract=3464400 or http://dx.doi.org/10.2139/ssrn.3464400

Teresa Scassa

University of Ottawa - Common Law Section ( email )

57 Louis Pasteur Street
Ottawa, K1N 6N5
Canada
6135625800x3872 (Phone)
6135645124 (Fax)

Amy Salyzyn (Contact Author)

University of Ottawa - Faculty of Law ( email )

57 Louis Pasteur St
Ottawa, Ontario K1N6N5
Canada

University of Ottawa - Common Law Section ( email )

57 Louis Pasteur Street
Ottawa, K1N 6N5
Canada

Jena McGill

University of Ottawa - Common Law Section ( email )

57 Louis Pasteur Street
Ottawa, K1N 6N5
Canada

Suzanne Bouclin

University of Ottawa - Common Law Section ( email )

57 Louis Pasteur Street
Ottawa, K1N 6N5
Canada

Register to save articles to
your library

Register

Paper statistics

Downloads
70
Abstract Views
454
rank
335,168
PlumX Metrics