Developing Privacy Best Practices for Direct-to-Public Legal Apps: Observations and Lessons Learned
(2020) 18:1 Canadian Journal of Law and Technology (Forthcoming)
67 Pages Posted: 15 Oct 2019
Date Written: October 4, 2019
Abstract
In Canada, there has been a flurry of activity related to developing technological tools intended to be used directly by the public to address legal needs. For ease of reference, we refer to such tools as “DTP (direct-to-public) legal apps.” As useful as they may be, DTP legal apps raise unique and important privacy issues. This article discusses a project we undertook with the goal of creating a set of privacy best practices for DTP legal apps. We obtained funding from the Office of the Privacy Commissioner of Canada (OPC) to carry out this project in 2017 which resulted in a final report, Improving Privacy Practices for Legal Apps: A Best Practices Guide, submitted in March 2019. A full copy of this final report can be found at Appendix A. In this article, we detail our work on this project, including the challenges faced in fulfilling our research mandate (to draft a model privacy sectoral code for DTP legal apps) and the lessons we learned in that process.
In writing this article, we had two goals. First, we hope to provide the foundations for future projects and conversations relating to the optimal provision of DTP legal apps in Canada, and the development of privacy guidance for DTP legal app developers; second, we provide critical reflection on the objective of creating a sectoral privacy code, particularly in a rapidly evolving technological context.
This article has six parts. In Part I, we outline the background and context of the project. In Part II, we discuss the feedback we received about privacy concerns and the best practices model from developers engaged in the creation of DTP legal apps. Part III considers how structuring the best practices guide through the lens of the Personal Information Protection and Electronic Documents Act [“PIPEDA”] imposed specific, and sometimes problematic, constraints. In Part IV, we highlight some particular features of the DTP legal apps “sector” and identify how these realities impacted the development of what was initially conceived of as a sectoral privacy code. In Part V, we examine the role of law societies in relation to a privacy code of practice for DTP legal apps. In Part VI, we reflect on the final best practices guide we proposed.
Keywords: access to justice, technology, legal apps, legal technology, privacy
Suggested Citation: Suggested Citation