(2006) 56 University of Toronto Law Journal 181
55 Pages Posted: 7 Dec 2005 Last revised: 21 May 2012
Date Written: November 1, 2005
Canada's The Personal Information Protection and Electronic Documents Act (PIPEDA) implements what are known internationally as "fair information practices." Within this model of data protection, privacy is often seen to be the core interest protected and individual consent to the collection, use and disclosure of personal information is the central vehicle through which this protection is accomplished. This paper argues that the alleged centrality of consent to the protection of privacy is misplaced: all derogations from consent are not necessarily derogations from privacy. A number of reasons support this claim. First, there are persuasive arguments that individual consent is neither necessary nor sufficient for the adequate protection of privacy. Second, consent is not the only norm operating to limit the collection, use and disclosure of personal information within different articulations of fair information practices. Third, decisions rendered under PIPEDA so far indicate that where individuals are properly notified regarding the purposes for the collection of their personal information and that collection is found to be "reasonable," a finding of consent usually follows. This suggests that it is "reasonable purposes" that holds out the most promise for strong privacy protection and is therefore deserving of greater attention by the privacy community.
Suggested Citation: Suggested Citation
Austin, Lisa M., Is Consent the Foundation of Fair Information Practices? Canada's Experience Under Pipeda (November 1, 2005). (2006) 56 University of Toronto Law Journal 181. Available at SSRN: https://ssrn.com/abstract=864364 or http://dx.doi.org/10.2139/ssrn.864364