Submission to the OPC’s Consultation on Consent under PIPEDA (Collier-Brown)

David Collier-Brown

October 2016

Note: This submission was contributed by the author to the Office of the Privacy Commissioner of Canada’s Consultation on Consent under PIPEDA.

Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.

---

Thank you for the opportunity to comment on these issues, I have read your paper with interest and have comments to offer, as a private person who is subject to the consent schemes imposed by websites and vendors.

1. Of the solutions identified in this paper, which one(s) has/have the most merit and why?

In my view, a balance needs to be struck between enhancing consent for uses that do not follow from the business purposes of the offered good or service, and providing alternatives to consent for purposes consistent with the good or service offer.

If I purchase a newspaper/newsletter such as Linux Weekly News, I expect the publisher to use my personal information to complete a credit-card purchase, to identify me when I log in, and to validate "letters to the editor" as having come from a unique subscriber, and authenticate the letter to others if I chose to sign it.

I do not expect more than two sentences of explanation of this on the registration form, one for the payment and access and one for the offer of authentication. I explicitly do not expect to grant any other rights to the publisher, and expect to be warned if others are sought, specifically including the sale of my reading practices to other parties.

At the same time, I expect the payment and access terms to be supported by statute law and regulation, specifying what the plain-language terms mean in the eyes of the courts, and a good-faith payment of a fee to be a sufficient proof that the publisher can provide me the services as offered.

2. What roles, responsibilities and authorities should the parties responsible for promoting the development and adoption of solutions have to produce the most effective system?

I do not see any unusual roles for the parties: clear legislation, honest courts and stringent policing, just has been done with the CASL anti-spam legislation, will easily suffice.

3. What solutions have we not identified that would be helpful in addressing consent challenges and why?

I do not see any new mechanisms that would be of use.

4. What, if any, legislative changes are required?

We need limits on the kind of terms that can be imposed unilaterally by one party's "shrink-wrap" or "click-wrap" agreements, but great clarity in what can reasonably be expected from an agreement to purchase a specific good an service, so that a vendor can offer a simple, obvious and fair exchange, including optional services that the customer can agree to by the act of adopting them.