Article contents
Big and Little Brother: The Potential Erosion of Workplace Privacy in Canada
Published online by Cambridge University Press: 18 July 2014
Abstract
Recent research shows that monitoring and surveillance of workers in Canada is increasing. The Canadian Federal Government, at the same time, is calling for increased access to proprietary databases for lawful purposes. Employers therefore face a distinct possibility that their monitoring and surveillance data will be routinely accessed by various government and law enforcement agencies. Since in many provinces workers enjoy little legal protection of their right to a private life, and since new legal protective measures are unlikely, employers must look to their role as socially responsible members of a liberal and democratic society, and respect the rule of law by minimizing their collection of personal worker information.
Résumé
Des recherches récentes révèlent que le contrôle et la surveillance des travailleurs au Canada augmentent. Parallèlement, le gouvernement fédéral canadien réclame un accès accru aux bases de données exclusives à des fins juridiques. Il existe donc une réelle possibilité que les données de contrôle et d'accès des employés soient consultées régulièrement par divers organismes gouvernementaux et judiciaires. Comme les travailleurs de bien de provinces jouissent de peu de mesures légales de protection de la vie privée, et puisqu'il est improbable que de nouvelles mesures soient adoptées, les employeurs doivent assumer leur rôle de membres socialement responsables dans une société libérale et démocratique, et respecter la règle de droit en réduisant la cueuillette de renseignements personnels des travailleurs.
- Type
- Dossier: The Law Commission of Canada/La Commission du Droit du Canada
- Information
- Canadian Journal of Law and Society / La Revue Canadienne Droit et Société , Volume 22 , Issue 2 , August 2007 , pp. 197 - 230
- Copyright
- Copyright © Canadian Law and Society Association 2007
References
1 See Levin, Avner et al. , Under the Radar? The Employer's Perspective on Workplace Privacy (Toronto: Centre for the Study of Commercial Activity at Ryerson University, 2006) online: Ryerson University Website <http://www.ryerson.ca/tedrogersschool/news/archive/UnderTheRadar.pdf>Google Scholar.
2 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, Public Law 107-56 (2001) [PATRIOT Act]. See Canada, “Privacy Matters: The Federal Strategy to Address Concerns about the USA PATRIOT Act and Transborder Data Flows” in Treasury Board of Canada Report, online: Government of Canada <http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_128/pm-prp/pm-prp_e.asp>.
3 See e.g., Bonnell, Greg, “Police Stop Truck Carrying Missile Launchers on Toronto-Area Highway” Canadian Press News Wire (December 2 2005)Google Scholar, in which a trucking company voluntarily supplied the police with locational information from the company's Global Positioning System (GPS) database in order to locate a missing truck.
4 A quick note on terminology. Throughout this paper I will use the term “workplace privacy” or “worker privacy” when discussing issues related to such collection. These terms are not interchangeable with the term “employee privacy.” The term “employee privacy” implies that the privacy that an individual enjoys or is entitled to while working depends on that individual's status as an employee, and on the existence of an employment relationship between the individual and his or her place of work. No doubt that is correct in many cases, e.g., the substantive privacy protection enjoyed by unionized workers discussed below. However, I will argue in this paper that the entitlement to privacy emanates from an individual's human rights, namely the right to dignity and the subsequent right it creates to a private life. That entitlement exists independently of whether an individual is an employee, since it is essential and non-contractual. Use of the term “workplace privacy” implies therefore that privacy is a right of all workers and not only of employees. For simplicity, I will refer to the organization in control of the workplace as the “employer,” although it should be understood that not all of the workers within the workplace are its employees.
5 Levin, et al., supra note 1.
6 The legal terrain of workplace privacy in Canada has been described comprehensively several years ago by Jeremy deBeer. See deBeer, Jeremy, “Employee Privacy: The Need for Comprehensive Protection” (2003) 66 Sask. L. Rev. 383Google Scholar.
7 Ibid. at 407-408. Areas of the law for which there was hope that they might evolve to provide uniformity, such as a common law tort of invasion of privacy (see ibid. at 402-403) have so far failed to do so. England too has yet to recognize a tort of Invasion of Privacy, although it has modified its common-law substantially on the basis of the European Convention on Human Rights. See McKennitt v. Ash, [2006] EWCA Civ 1714. I discuss the status of a Canadian common law tort of invasion of privacy below.
8 As this paper focuses on private sector workplace privacy protection, the limited protections offered by legislation to public sector workers will not be discussed.
9 R.S.C. 2000, c. 5 [PIPEDA].
10 The determination of whether provincial legislation is substantially similar is done by the federal Ministry of Industry Canada, and to this date, the provincial legislation of Quebec, British Columbia, and Alberta has been found to be substantially similar. Ontario's personal health information protection legislation has been found substantially similar for the purposes of health records. Other provinces have not passed private sector personal information protection legislation.
11 PIPEDA, supra note 9, s. 4(1)(b).
12 Ibid. s. 2(1). Unlike my argument in this paper, PIPEDA, as well as the provincial legislation of British Columbia and Alberta, refer explicitly to “employees” and not all “workers.”
13 Therefore an image captured by a video camera, a personal email sent to a friend, a telephone conversation with a family member, or the location of a worker at any given point in time during work, and more, are all examples of personal information. This interpretation of PIPEDA was reaffirmed as it relates to voice recordings in the recent Federal Court of Appeal decision in Wansink v. Telus, 2007 FCA 21 at para. 9 [Wansink].
14 These exceptions apply to all information collected in the private sector.
15 Canada Evidence Act, R.S.C. 2001, c. 41, s. 38.13.
16 PIPEDA, supra note 9, s. 4.1
17 An exception is allowed for journalistic purposes, see ibid. s. 7(1)(c).
18 For instance, when an individual is suspected of theft and an employer attempts to secure covert video surveillance, ibid. s. 7(1)(b).
19 Ibid. s. 7(1)(e)(ii).
20 Ibid. s. 7(1)(e)(i).
21 Ibid. s. 7(2)(a). Note the subtle differences here. Information can be collected without consent when breach of an agreement is suspected, but not of a foreign law. Information can be used without consent when breach of foreign law is suspected but not when breach of an agreement is. These nuances are of little importance, as s. 7(2)(d) ensures the uniformity of collection and use without consent.
22 Ibid. s. 7(2)(d).
23 Ibid. s. 7(3)(c).
24 Ibid. s. 7(3)(c.2).
25 Ibid. s. 7(3).
26 It should be clear, according to s. 7(3)(c.1), that an employer must hand over information to the government once it has complied with the requirements of sub-section c.1.
27 R.S.Q. c. P-39.1 [PIPS].
28 For an analysis, see Lyne Duhaime, La Protection des Renseignements Personnels en Milieu de Travail, online: Fasken Martineau <http://www.fasken.com/publications>.
29 R.S.Q. c. 12 [Quebec Charter].
30 Ibid. s. 52 (note that this section has the equivalent of a notwithstanding clause, i.e., legislation that explicitly states that it applies despite the Charter will prevail).
31 Ibid. s. 49, which establishes private legal action on the basis of the Quebec Charter. See also Aubry v. Editions Vice-Versa, [1998] 1 S.C.R. 591, at para. 49 [Vice-Versa].
32 See e.g., deBeer, supra note 6 at 400.
33 Quebec Charter, supra note 29, s. 46.
34 Ibid. Preamble.
35 Ibid. s. 4.
36 Ibid. s. 5.
37 Quebec Civil Code, R.S.Q. 1991, c. 64, s. 2087Google Scholar [emphasis added]. The Code does discuss dignity as part of the employment relationship, and not as a right offered to all workers.
38 This interpretation is supported by Quebec case-law, as will be discussed below.
39 For instance, disclosure to an attorney. See PIPS, supra note 27, s. 18(1). The French term appears in the English translation as “communication,” but “disclosure” is used for consistency of discussion.
40 Ibid. s. 18(3).
41 Ibid. s. 18 (6).
42 Quebec's statute does not create exceptions explicitly for the collection and use of personal information without consent.
43 PIPA, S.A. 2003, c. P-6.5 [PIPA-AB]; PIPA, S.B.C. 2003, c. 63 [PIPA-BC].
44 Quebec's personal information legislation does not address the workplace directly, as discussed above. For a detailed discussion of workplace privacy under Alberta's legislation see Anderson, Sandra, “Alberta's Statutory Privacy Regime and its Impact on the Workplace” (2006) 43 Alta. L. Rev. 647Google Scholar.
45 PIPA-AB, supra note 43, s. 15(4), 18(3), 21(3); PIPA-BC, ibid. s. 13(2), 16(2)(a), 19(2)(a). Note again the term used is ‘employees’.
46 PIPA-AB, s. 14(d), 17(d); PIPA-BC, s. 12(1)(c), 15(1)(c).
47 PIPA-AB, s. 14(h), 17(h); PIPA-BC, s. 12(1)(i), 15(1)(i).
48 PIPA-AB, s. 20(c); PIPA-BC, s. 18(1)(o).
49 PIPA-AB, s. 20(d); PIPA-BC, s. 18(1)(h).
50 PIPA-AB, s. 20(e); PIPA-BC, s. 18(1)(i).
51 PIPA-AB, s. 20(f), (m); PIPA-BC, s. 18(1)(c), (j). Alberta's s. 20(f) and BC's s. 18(1)(j) focus on the likelihood of the investigation leading to legal proceedings. Alberta's s. 20(m) and BC's s. 18(1)(c) require that the disclosure be “reasonable.”
52 The legislation is known in all four provinces as the Privacy Act, R.S.B.C. 1996, c. 373Google Scholar; R.S.S 1978, c. P-24; R.S.M. 1987, c. P125; S.N. 1981, c. 6.
53 These difficulties are similar for both the statutory torts discussed here and under the common law torts where they exist, as discussed below.
54 It may therefore not preclude workers, non-employees, from successful private legal action.
55 See e.g., Newfoundland Privacy Act, s. 5(1)(a).
56 See e.g., Echlin, Randall & Thomlinson, Christine M., For Better or For Worse: A Practical Guide to Canadian Employment Law, 2d ed. (Toronto: Canada Law Book, 2003) at 49–70Google Scholar. Some of the details of this management may be stated explicitly by the employer at the time of hiring (e.g., number of weekly work hours) and some are implicit (e.g., various policies and procedures, such as whether documentation is required for a sick day). Workplace surveillance and monitoring usually falls into this latter category, of implied terms of employment.
57 Ibid. at 161-174.
58 Ibid.
59 In Wansink, supra note 13 at para. 28. Wansink, a Telus employee, complained that the introduction of new voice-recognition technology to the workplace violated PIPEDA. Although not governed by a statutory tort the situation Wansink and his fellow employees found themselves in was remarkably similar to that of workers struggling with the consent defence to the statutory tort, since Telus sought the consent of all employees to the introduction of the new technology. Wansink and several others refused to provide such a consent, even though the Court found that Telus warned employees that if they withheld their consent they would be subject to progressive discipline, see ibid. at para. 5.
60 Ibid. at paras. 29, 34.
61 Such a possibility raises the serious question, discussed below, of whether the consent model of personal information protection is suitable to the workplace, and whether it is not preferable instead, as I argue, to impose meaningful privacy obligations and standards on employers.
62 See e.g., Newfoundland Privacy Act, supra note 55, s. 5(1)(c-d).
63 Cameron, Alex, “Recognition of Invasion of Privacy as a Tort in its Own Right” (2006) 6:3Eye on Privacy, online: Ontario Bar Association <http://www.oba.org/en/pri/may06/Recognition.aspx>>Google Scholar, as well as deBeer, supra note 6 at 403.
64 In Somwar v. McDonald's, 2006 CanLII 202, an employee of McDonald's sought to sue his employer for an invasion of his privacy since McDonald's performed a credit check on him without his consent. In Shred-Tech v. Viveen, 2006 CanLII 41004 [Shred-Tech], an employer hired a private investigator to conduct covert surveillance on former employees who were in the process of starting a competing business.
65 Supra note 31. Note also the similarity between Shred-Tech, ibid. and the Quebec case of Le Syndicat des Travailleurs(euses) de Bridgestone-Firestone de Joliette (CSN) v. MeGilles Trudeau et Bridgestone/Firestone Canada inc., C.A.M., 500-09-001456-953 (1999) [Bridgestone]. This significant case will be discussed below.
66 A lawsuit on the basis of such torts has been the primary tool used by workers in the US against their employer for monitoring and surveillance activities that the workers felt to be unlawfully intrusive, although not with any degree of success, due largely to the difficulty of the workers in establishing that they enjoyed a reasonable expectation of privacy to begin with. See the leading case of Smyth v. Pillsbury, 924 F. Supp. 97 (E.D. Pa. 1996), where the plaintiff lost despite the employer's policy offering employees a measure of privacy in their email, and the summary judgement against Phil Thygeson, in Thygeson v. US Bancorp, 2004 U.S. Dist. Lexis 18863, where a bank employee was the target of surveillance allegedly in order to establish cause for termination and deny him severance.
67 Although see the recent Ontario order, infra note 174.
68 The introduction of privacy legislation and privacy commissioners has created some jurisdictional issues that will be discussed below. However, the general rules of labour arbitration have remained unchanged.
69 In line with the general principle of labour law that issues not governed by the collective agreement remain the right of management.
70 Re International Nickel Co. of Canada Ltd., 14 L.A.C. (2nd) 13 (1977)Google Scholar.
71 As is the case with private legal action.
72 See Jolliffe, T., “Privacy and Surveillance: Balancing the Interests: An Arbitrator's Perspective” in Whitaker, K. et al. , eds., Labour Arbitration Yearbook 1999-2000, vol. II (Toronto: Lancaster House, 2000) 91Google Scholar; G. Meurin, “Privacy and Surveillance: Balancing the Interests: A Management Perspective” in Whitaker, et al., ibid. 105; J. Carpenter, “Privacy and Surveillance: Balancing the Interests: A Union Perspective” in ibid. 113; Rigg, C.L., “The Right to Privacy in Employment : An Arbitrator's Viewpoint” in Kaplan, W., Sack, J. & Gunderson, M., eds., Labour Arbitration Yearbook, vol. 1 (Toronto, Butterworths, 1991) 83Google Scholar; J. Ford, “The Right to Privacy in Employment: A Management Perspective” in ibid. 95; G. Grenier, “The Right to Privacy in Employment : The Employee's Perspective” in ibid. 109; Bilson, B., “Search and Surveillance in the Workplace: An Arbitrator's Perspective” in Kaplan, W., Sack, J. & Gunderson, M., eds., Labour Arbitration Yearbook, vol. 3 (Toronto: Butterworths, 1992) 143Google Scholar; L. Bevan & A. Staniusz, “Search and Surveillance in the Workplace: The Employer's Perspective” in ibid. 165; A. Barss, “Search and Surveillance in the Workplace: The Employee's Perspective” in ibid. 181; and D. Flaherty, “Workplace Surveillance: The Emerging Reality” in ibid. 189.
73 The test concerned the admissibility of video surveillance as evidence in support of the termination of an employee. See Re Doman Forest Products Ltd., 13 L.A.C. (4th) 275 (1990) 282Google Scholar.
74 Re Toronto Star, 30 L.A.C. (4th) 306 (1992)Google Scholar; Re Labatt Ontario Breweries, 42 L.A.C. (4th) 151 (1994)Google Scholar; Re Toronto Transit Commission, 61 L.A.C. (4th) 218 (1997)Google Scholar.
75 For further discussion of labour arbitration decisions see Anderson, supra note 44 at paras. 68-76.
76 A distinction must be drawn in this discussion between the findings of the Privacy Commissioner of Canada, which are non-binding, and the orders made by the Commissioner's provincial counterparts, which are binding. There are many arguments in favour and against each regulatory model, and while most privacy advocates have recently called for order-making powers to be given to the federal Commissioner, the Commissioner herself seeks no such powers and views them as a detriment to her role. See Privacy Commissioner of Canada, “Background Information on the Office of the Privacy Commissioner's Consultation”, online: OPC Website <http://privcom.gc.ca/parl/2006/sub_061127_e.asp#002>. Consequently, the parliamentary committee entrusted with the quintennial review of PIPEDA made no such recommendation. See Statutory Review of PIPEDA, Fourth Report of the Standing Committee on Access to Information, Privacy and Ethics (2007), Recommendation 18 at 35Google Scholar. I will discuss the PIPEDA review in more detail below.
77 An examination by this author of the decisions made publicly available by Quebec's Commissioner failed to reveal such orders, nor are they referred to by Duhaime (supra note 28) in her recent discussion of Quebec's personal information protection legislation.
78 Several guidelines discussing surveillance and establishing when surveillance can be considered to be necessary and reasonable have been published by the Quebec Commissioner over the years, and these guidelines are applicable to workplace surveillance as well. See online: Gouvernement du Québec <http://www.cai.gouv.qc.ca/index-en.html>.
79 X c. Société de transport de la Ville de Laval, C.A.I. 99 15 58 (2001).
80 Laval (Société de transport de la Ville de) c. X, [2003] C.A.I. 667 [Laval].
81 X c. Ville de Montreal, C.A.I. 00 17 63 (2003).
82 See e.g., Office of the Information and Privacy Commissioner for British Columbia, “A Guide for Businesses and Organizations to British Columbia's Personal Information Protection Act” (2005), online: OIPC Website <http://www.oipc.bc.ca/pdfs/private/a_GUIDE_TO_PIPA(3rd_ed).pdf>. Interestingly, although Ontario lacks private sector legislation and although its public sector legislation has been stripped of its workplace privacy protection, Ontario's Commissioner has put out workplace privacy guidelines, see online: <http://www.ipc.on.ca/index.asp?navid=46&fid1=251&fid2=4>.
83 For a discussion of several such orders see Anderson, supra note 44.
84 As is the case with Quebec.
85 For example, one employee sought, but was denied, the release of records of an investigation that led to his dismissal. See Alberta Information and Privacy Commissioner, Order P2006-002, online: OIPC Website <http://www.oipc.ab.ca/ims/client/upload/P2006-002.pdf>. Another sought the determination that the disclosure by a retailer of her misconduct to her employer (resulting in her termination) violated Alberta's legislation. Here the Commissioner found in favour of the employee. See Alberta Information and Privacy Commissioner, Order P2005-006, online: OIPC Website <http://www.oipc.ab.ca/ims/client/upload/P2005-006.pdf>.
86 Ibid. Investigation Report P2005-IR-004, online: OIPC Website <http://www.oipc.ab.ca/ims/client/upload/P2005_IR_004May13.pdf>.
87 Eastmond v. Canadian Pacific Railway, 2004 FC 852 [Eastmond].
88 Alberta Information and Privacy Commissioner, Order F2005-003. online: OIPC Website <http://www.oipc.ab.ca/ims/client/upload/F2005-003.pdf>.
89 Ibid. Investigation Report F2007-IR-001, online: OIPC Website <http://www.oipc.ab.ca/ims/client/upload/RPT_F2007_IR_001.pdf>.
90 British Columbia Information and Privacy Commissioner, K. E. Gostlin Enterprises Ltd., Order P05-01, online: OIPC Website <http://www.oipc.bc.ca/PIPAOrders/2005/OrderP05-01.pdf>.
91 Loukidelis, D., “Arbitrators & Privacy Commissioners—Why They Should Listen to Each Other” (Paper presented to the Insight Conference, Privacy Laws & Effective Workplace Investigations, Calgary, 4-5 May, 2004), online: OIPC Website <http://www.oipcbc.org/publications/speeches_presentations/workplace_privacy.pdf> at 6-7Google Scholar.
92 See Office of the Privacy Commissioner of Canada, “Fact Sheet: Privacy in the Workplace” (2004), online: PCC Website <http://privcom.gc.ca/fs-fi/02_05_d_17_e.asp>>Google Scholar.
93 For a discussion, see Anderson, supra note 44, s. IV.
94 PIPEDA Case Summary #268, “Electronic Monitoring Does Not Yield Any Information, But Practice is Strongly Discouraged” (2004), online: OPC Website <http://privcom.gc.ca/cf-dc/2004/cf-dc_040412_e.asp>. This interpretation was upheld by the Federal Court of Appeal in Morgan v. Alta Flights, 2006 FCA 121.
95 Supra note 76, s. 6.
96 There is no reference to it in the committee's report, ibid.
97 PIPEDA Case Summary #281, “Organization Uses Biometrics for Authentication Purposes” (2004), online: <http://privcom.gc.ca/cf-dc/2004/cf-dc_040903_e.asp>.
98 See e.g., PIPEDA Case Summary #290, “Video Surveillance Cameras at Food Processing Plant Questioned” (2005), online: <http://www.privcom.gc.ca/cf-dc/2005/290_050127_e.asp>; PIPEDA Case Summary #279, “Surveillance of Employees at Work” (2004) online: <http://www.privcom.gc.ca/cf-dc/2004/cf-dc_040726_e.asp>; PIPEDA Case Summary #273, “After Installing Surveillance Cameras in the Workplace, a Broadcasting Company has Agreed to Inform its Employees About the Purpose and to Adopt a Policy Regarding its Use” (2004), online: <http://www.privcom.gc.ca/cf-dc/2004/cf-dc_040518_e.asp>; PIPEDA Case Summary #69, “Employer Hires Private Investigator to Conduct Video Surveillance on Employee” (2004), online: <http://www.privcom.gc.ca/cf-dc/2004/cf-dc_040423_e.asp>; PIPEDA Case Summary #265, “Video Cameras in the Workplace” (2004), online: <http://www.privcom.gc.ca/cf-dc/2004/cf-dc_040219_02_e.asp>; PIPEDA Case Summary #264, “Video Cameras and Swipe Cards in the Workplace” (2004), online: <http://www.privcom.gc.ca/cf-dc/2004/cf-dc_040219_01_e.asp>;
99 PIPEDA Case Summary #114, “Employee Objects to Company's Use of Digital Video Surveillance Cameras” (2003), online: <http://www.privcom.gc.ca/cf-dc/2003/cf-dc_030123_e.asp>.
100 Supra note 73.
101 Supra note 87.
102 The decision was released at a Workplace Privacy Workshop held at Ryerson University. See PIPEDA Case Summary #351, “Use of Personal Information Collected by Global Positioning System Considered” (2006), online: <http://www.privcom.gc.ca/cf-dc/2006/351_20061109_e.asp> [GPS Decision].
103 Ibid. The Commissioner uses the term “employee management”.
104 Ibid.
105 These principles are some of the significant conclusions drawn in the research project report that prompted this paper and that was available to the Commissioner while formulating the GPS Decision, supra note 102.
106 Supra note 87.
107 Ibid.
108 Contrary to the Commissioner's findings, who applied the same test to the same facts…
109 Supra note 102.
110 For an excellent and thorough analysis of workplace privacy jurisprudence in Quebec see Veilleux, Diane, “Le Droit à la Vie Privée—sa Portée Face à la Surveillance de l'Employeur” (2000) 60 Revue du Barreau 1Google Scholar. I am grateful to the anonymous reviewer of this manuscript for directing my attention to this analysis.
111 The employer asked a private investigator to conduct covert video surveillance of an employee that was injured at work and filed a claim for disability benefits as a result. The labour arbitrator in the matter ruled that there was no invasion of privacy since the surveillance was in public. See the Arbitration Decision at 29-30, as quoted by the Court in Bridgestone, supra note 65.
112 The Court relied on the Supreme Court Vice-Versa decision, supra note 31, in which the plaintiff was photographed while sitting on the front steps of a house.
113 See Bridgestone, in which the Superior Court ruled that the employee had waived his right to privacy, supra note 65 at 68. See also Veilleux, supra note 110 at 28-35.
114 Bridgestone, ibid. In the case at bar the Court found that these factors were satisfied and as a result permitted the video surveillance.
115 It should be noted however that the surveillance was conducted outside of the workplace, where the balance of rights is tilted in favour of the worker's right to privacy. It is not clear whether the test would be applicable “as is” to surveillance within the workplace.
116 Laval, supra note 80 at paras. 32-33.
117 Ibid. para. 43. The Charter decision in question is R. v. Oakes, [1986] 1 S.C.R. 103.
118 Laval, supra note 80 at para. 44. For further discussion of these criteria see Veilleux, supra note 110.
119 Laval, ibid. at para. 67.
120 Statutory Review of PIPEDA, supra note 76, s. G.
121 Ibid. Recommendation #13.
122 Ibid. Recommendation #12.
123 Ibid. s. G. The agencies based their argument on the prior existence of PIPEDA, s. 7 (c) that refers to actions under court order. If s. 7 (c.1) would be interpreted in an identical manner it would be superfluous.
124 Ibid. Recommendation #12.
125 Ibid. Recommendation #14.
126 Ibid. s. G(ii).
127 Ibid. Dissenting Opinion.
128 PIPEDA, supra note 9, s. 7(1)(e) is currently discretionary.
129 Levin et al., supra note 1 at 15-17.
130 Ibid. at 17.
131 GPS Decision, supra note 102.
132 See Levin et al., supra note 1 at 17-20.
133 The following discussion is based upon Veilleux's analysis, supra note 110.
134 Ibid. at 7-8.
135 Ibid. at 10.
136 A troubling result in itself, ibid. at 38-40.
137 Supra note 65. The example of intrusive surveillance that is harmful to a worker's dignity given by the court was of surveillance in the individual's bedroom. One can deduce on the basis of that example that surveillance cameras in work areas such as washrooms and locker rooms will also be impermissible.
138 Veilleux, supra note 110 at 36-37, 41.
139 See e.g., Princess Caroline's battle against the paparazzi, as described in von Hannover v. Germany, ECHR 59320/00.
140 The Nikon Case of France, Arrêt 4164, Cour de Cassation–Chambre Sociale (2001), in which an employee used work email to secure a position with a competitor.
141 See Levin, et al., supra note 1 at 20-24.
142 Katz v. United States, 389 US 347 (1967).
143 In fact, in one particularly infamous case mentioned briefly above, the courts found that workers had not reasonable expection of privacy despite a policy that did provide them with some guarantee of privacy in their personal communications, since the policy was found by the court not to apply to the particular circumstances in which the communication was sent. See Smyth v. Pillsbury, supra note 66.
144 See e.g., Veilleux's criticism of reasonable expectations as the basis for a right to privacy in the workplace, supra note 110, at 20-22.
145 The initiatives discussed in this section have not yet been passed into law and therefore the discussion is somewhat speculative. Bill C-74, 38th Parliament, 1st Session, introduced before the Canadian Parliament in 2005 “died” when Parliament dissolved for an election, and the new government has yet to introduce legislation in this area. Nevertheless, members of the current Opposition have re-introduced the initiatives discussed here as a Private Member Bill (Bill C-416, 39th Parliament, 1st Session) in March 2007. As Bill C-416 is virtually identical to the preceding Bill C-74, references below continue to refer to the original version. The current Canadian government has indicated its intention to introduce legislation in this area, the area of “lawful access,” by recently opening public consultations on several of these issues. See Public Safety Canada, Customer Name and Address Information Consultation (2007), online: PSC Website <http://securitepublique.gc.ca/prg/ns/cna-en.asp>>Google Scholar [Public Safety Consultation].
146 It is therefore somewhat puzzling that the Canadian government, in its recent round of consultations, declared that lawful access will only occur under judicial supervision, see Public Safety Consultation, ibid.
147 For a comparison of the Canadian proposal to the legislation in other jurisdictions see Valiquet, Dominique, “Telecommunications and Lawful Access: The Legislative Situation in the United States, the United Kingdom and Australia” (2006), online: <http://www.parl.gc.ca/information/library/PRBpubs/prb0566-e.html>Google Scholar.
148 See the discussion above of the forms and purposes of monitoring and surveillance, where employers repeatedly noted that workers were often active advocates for new measures which they felt would contribute to their safety, such as CCTV.
149 Sproule, Clare, “The Effect of the USA PATRIOT Act on Workplace Privacy” (2002) 43:5Cornell Hotel and Restaurant Administration Quarterly 65 at 65CrossRefGoogle Scholar.
150 Ibid. at 66.
151 Ibid. at 71-72.
152 Ibid. at 66. See also Hoofnagle, Chris, “Big Brother's Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement” (2004) 29 N.C.J. Int'l L. & Com. Reg. 595Google Scholar.
153 Bill C-74, s. 1. For an overview of MITA, see Valiquet, Dominique, “Telecommunications and Lawful Access: The Legislative Situation in Canada” (2006) online: <http://www.parl.gc.ca/information/library/PRBpubs/prb0565-e.html>Google Scholar.
154 Bill C-74, s. 2(1). Such action is broadly defined to include switching, routing, input, capture, storage, organization, modification, retrieval, output, processing, control over communications, and information such as the origin, type, direction, date, time, duration, size, destination and termination of the communications.
155 Bill C-74, s. 2, 3.
156 Ibid. s. 6(1). If the intercepted communication is encoded, compressed, encrypted or otherwise treated, the communications provider is obligated to remove the “treatment” from the communications, or provide the authorized person with the means to do so. The communications provider is also required to provide the authorized person with the physical location of the equipment (e.g., computer) used to transmit the communication.
157 Bill C-74, s. 7. One of the contentious points in the debates leading to the introduction of MITA was the number of simultaneous interceptions that a provider would be able to achieve. MITA side-steps that point by leaving the exact number for regulation at a later time.
158 Ibid. s. 6(1)(d).
159 Ibid. s. 8.
160 Including CSIS, federal, provincial and municipal police forces, and, oddly enough, the Competition Commissioner, see ibid. s. 17(3).
161 Ibid. s. 17(2).
162 Ibid. s. 17(1). The public consultation document, supra note 145, clarifies that the government intends this information to include names, addresses, cell-phone identifiers, e-mail addresses, internet protocol addresses, and local service provider identifiers.
163 Ibid. s. 17(4). No more than 5% of the employees (not workers) of each agency may be designated for such requests. Regular police officers are allowed to request disclosure of personal information in emergency situations as well. These requests must later be documented by a designated employee, see s. 18.
164 The logs of CSIS are not subject to such an audit, ibid. s. 17(6), 20.
165 Ibid. s. 22.
166 Normally, under PIPEDA, an individual is entitled to know whether an organization that holds his or her personal information has been contacted by a government agency for the purposes of disclosure. However, the agency may impose a “gag” order on the organization when the request is for national security purposes, although the Privacy Commissioner must be notified, see PIPEDA, supra note 9, s. 9.
167 Bill C-74, s. 22. The other part of PIPEDA deals with electronic documents.
168 Ibid. Schedule 1. Other exempt organizations are educational institutions, hospitals, places of worship, retirement homes and telecommunications research networks.
169 Ibid. Schedule 2. Among such organizations are libraries, community centres, restaurants, hotels, apartment buildings and condominiums.
170 Ibid. Schedule 1.
171 When requests have been made by a private party corporations have been less cooperative, as was the case in several jurisdictions when record companies pursued the personal information of the customers of internet service providers. The providers refused to hand over the personal information unless required to do so under a court order. Of course, government agencies do not require a court order according to the current legislation.
172 To some extent, such an eventuality was predicted by the drafters of the proposed “lawful access” legislation, when they ordered communications providers to maintain, and not to degrade, any capacity they had to intercept and store information on the communications that they provide.
173 Consider the exposure of the cooperation of major US telecommunication corporations with government requests for telephone conversation records. Only one corporation refused to comply with the request.
174 Information and Privacy Commissioner of Ontario, Order MO-2225 (2007). The Order was issued according to the Commissioner's authority under Ontario's Municipal Freedom of Information and Protection of Privacy Act. The database included such information as details of two pieces of identifications, one of which being a photo identification, the date of the sale, the full name, date of birth, address, height and weight of the seller, a detailed description of the sold goods, the purchase price and the initials of the employee of the business, ibid. at 2-3.
175 Ibid. at 4. The vast majority of businesses that were not pawnshops did not participate in the database and were not the subject of routine police interest.
176 Ibid.
177 Ibid. at 18-19.
178 Levin, Avner, Foster, Mary & Nicholson, Mary Jo, “Workplace Privacy: Is it an Issue of Corporate Social Responsibility?” (Paper presented to the Administrative Sciences Association of Canada Annual Conference, Banff, Alberta, 4 June 2006) [on file with author]Google Scholar.
179 Levin, et al., supra note 1.
180 Statutory Review of PIPEDA, supra note 76 at 13-14.
181 Ibid. at 14.
- 3
- Cited by