The Supreme Court of Canada’s recently-issued decision in R. v. Spencer addressed the narrow question of whether the identification by police of pornographic files on a specific person’s computer, following disclosure by his Internet Service Provider (ISP) of the information associated with his IP address, especially his name and address, amounted to a warrantless search.
Taken in isolation, the conclusion that, in response to a police request not backed by a warrant, the disclosure by Shaw of the subscriber name and address which matched Mr. Spencer’s IP (and subsequent search) was unlawful, may appear a narrow point, most applicable to law enforcement in the digital age. The decision certainly raises policy issues for the government, and Michael Geist’s blog is an excellent resource for further research.
The court concluded that it was reasonable to expect the subscriber information – the link between the IP and the individual with which it was associated – would be kept private. The court underlined that while the information revealed might appear inconsequential, an IP address, which may then be tied to an individual, might be used to reveal far greater information about the individual and their online activities:
“The disclosure of this information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities would be anonymous” [at para. 66]
The point which may be more relevant to businesses which are not typically subject to requests of this nature from law enforcement, is underlining the degree to which the personal information of identifiable individuals is to be protected. The decision notes that the “collection, use and disclosure” of personal information of subscribers is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and that sharing it without the subscriber’s consent may only follow a request from a government institution with “lawful authority.” The warrantless request did not constitute such authority.
Considerable time was spent underlining anonymity as a component of privacy, and businesses plying their trade online would be well-advised to respect this finding. Controls, both physical and digital, may be necessary to prevent access to information of this kind (in addition to avoiding its voluntary disclosure), wherever information linking the digital fingerprint of an online visitor to their real-world identity may be stored.
Please visit the link below for a complete copy of the decision:
R. v. Spencer, 2014 SCC 43 (CanLII)
In the Supreme Court of Canada’s most recent family law decision, Michel v. Graydon, 2020 SCC 24, the Court settles a long-standing question about whether child support can be recalculated retroactively once a child has reached adulthood. The short answer is that child support is the right of the child and, with that fundamental tenant […]
read more“With the combination of serious public health and economic impacts caused by COVID-19, employers are finding themselves facing unprecedented challenges”. The article Employer’s Challenges and Obligations during the COVID-19 Outbreak, written by Halifax Partner Geoff Breen & Halifax Associate Drew Ritchie, was published in the Spring 2020 edition of the Canadian Bar Association’s Nova Voce. Click here to read the full […]
read moreThe recent decision of Justice Fred Ferguson, Mercure v Kaat Auto Sales, 2020 NBQB 39 (CanLII), (“Mercure v Kaat Auto Sales”) is another reminder to parties to think carefully before filing a Small Claims action in New Brunswick. Background In New Brunswick, a litigant can commence a Small Claim so long as the monetary amounts […]
read more
