The COVID-19 pandemic has highlighted many complexities involved in using data and advanced technologies to help resolve public health emergencies. These complexities highlight the need to embrace a broader framework of data governance... more
The COVID-19 pandemic has highlighted many complexities involved in using data and advanced technologies to help resolve public health emergencies. These complexities highlight the need to embrace a broader framework of data governance with three foundational questions: ( a) who decides about data flows, ( b) on what basis, and ( c) with what accountability and oversight. These questions can accommodate the issues that have arisen in the literature regarding new types of data harms. However, these questions also foreground important issues of power, authority, and legitimacy. Data governance can provide an organizing normative framework to address emerging data themes including access to data, collective decision making, data intermediaries, data sovereignty, design and digital infrastructure, regulatory technologies, the rule of law, and social trust and license. The pandemic experience with contact tracing apps, in particular, showed the many unresolved governance challenges. Expe...
Research Interests:
This chapter argues that the relationship between private law and the rule of law has been underdeveloped, or ignored, by private law scholarship until recently. Indeed, until recently, there has been relatively little attention to what... more
This chapter argues that the relationship between private law and the rule of law has been underdeveloped, or ignored, by private law scholarship until recently. Indeed, until recently, there has been relatively little attention to what the rule of law, as a conceptual and critical framework, could bring to private law theory itself. Why this lacuna in the literature? The chapter offers two speculative reasons that take up some of the themes and concerns of the New Private Law. The first reason concerns the U.S. legal academy, while the second reason concerns private law theory in the commonwealth. The chapter then outlines potential critical pathways for reclaiming a rule-of-law perspective on private law that address some of the reasons for its underdevelopment. It also explains how a focus on the rule of law in general, and in relation to some of its specific commitments and virtues, provides an important critical lens in relation to understanding and responding to the way that p...
Research Interests:
This is a public report “Seeing Through the Cloud,” including detailed research reports as appendices.
Research Interests:
After the Ontario Court of Appeal ruled in R. v. Tessling that the RCMP's use of infrared camera technology without a warrant violated s. 8 of the Charter, Mr. Tessling's lawyer argued that this decision "raise[s] the... more
After the Ontario Court of Appeal ruled in R. v. Tessling that the RCMP's use of infrared camera technology without a warrant violated s. 8 of the Charter, Mr. Tessling's lawyer argued that this decision "raise[s] the protection of privacy for everyone".2 This comment disagrees and argues that although Tessling puts the brakes on the warrantless use of surveillance technology by the state, it actually makes it easier for the state to get access to information held by third parties without a warrant. This lowers, rather than raises, the protection of privacy in Canada. In particular, the Ontario Court of Appeal's attempt to distinguish the search in Tessling from the Supreme Court of Canada's decision in R. v. Plant may be detrimental to the overall privacy afforded to Canadians under the Charter.
Research Interests:
Notwithstanding deep points of disagreement, there is a general — albeit largely implicit — consensus among theorists of the rule of law around what we call the public law presumption: the view that the rule of law is essentially a public... more
Notwithstanding deep points of disagreement, there is a general — albeit largely implicit — consensus among theorists of the rule of law around what we call the public law presumption: the view that the rule of law is essentially a public law doctrine. We see this view expressed in influential accounts of the rule of law including the work of Dicey, Hayek, Fuller, and Raz. The goal of this book is to challenge the public law presumption. The chapters in this collection all consider the idea that the rule of law concerns the nature of law generally and the conditions under which any relationship — between citizens as well as between citizens and the state — becomes subject to law. They address two major questions. The first question is whether our understanding of the rule of law is enriched by considering how and to what degree it is expressed or realized in private law. For example, many of the chapters address the ways in which the private law secures rule of law values such as no...
Research Interests:
In this paper we argue that data-sharing is an activity that sits at the crossroads of privacy concerns and the broader challenges of data governance surrounding access and use. Using the Sidewalk Toronto “smart city” proposal as a... more
In this paper we argue that data-sharing is an activity that sits at the crossroads of privacy concerns and the broader challenges of data governance surrounding access and use. Using the Sidewalk Toronto “smart city” proposal as a starting point for discussion, we outline these concerns to include resistance to data monopolies, public control over data collected through the use of public infrastructure, public benefit from the generation of intellectual property, the desire to broadly share data for innovation in the public interest, social — rather than individual — surveillance and harms, and that data use be held to standards of fairness, justice and accountability. Data-sharing is sometimes the practice that generates these concerns and sometimes the practice that is involved in the solution to these concerns. Our safe sharing site approach to data-sharing focuses on resolving key risks associated with data-sharing, including protecting the privacy and security of data subjects...
Research Interests:
Research Interests:
This paper draws upon James Scott’s Seeing Like a State (1998) to argue that privacy law currently suffers from (at least) three defects: a focus on the legibility of individuals that is too narrow, a focus on collection and subsequent... more
This paper draws upon James Scott’s Seeing Like a State (1998) to argue that privacy law currently suffers from (at least) three defects: a focus on the legibility of individuals that is too narrow, a focus on collection and subsequent use of data that comes too late, and a focus on rights and harms that ignores the need to create new social structures that can empower more local forms of collective decision-making. What this outlines in broad brushstrokes is the need to enfold privacy concerns within a broader data governance framework concerned with the fair and just terms of social legibility.
Research Interests:
We have a data transparency problem. Currently, one of the main mechanisms we have to understand data flows is through the self-reporting that organizations provide through privacy policies. These suffer from many well-known problems,... more
We have a data transparency problem. Currently, one of the main mechanisms we have to understand data flows is through the self-reporting that organizations provide through privacy policies. These suffer from many well-known problems, problems that are becoming more acute with the increasing complexity of the data ecosystem and the role of third parties – the affiliates, partners, processors, ad agencies, analytic services, and data brokers involved in the contemporary data practices of organizations. In this article, we argue that automating privacy policy analysis can improve the usability of privacy policies as a transparency mechanism. Our argument has five parts. First, we claim that we need to shift from thinking about privacy policies as a transparency mechanism that enhances consumer choice and see them as a transparency mechanism that enhances meaningful accountability. Second, we discuss a research tool that we prototyped, called AppTrans (for Application Transparency), wh...
Research Interests:
Data trusts are an increasingly popular proposal for managing complex data governance questions, although what they are remains contested. Sidewalk Labs proposed creating an “Urban Data Trust” as part of the Sidewalk Toronto “smart”... more
Data trusts are an increasingly popular proposal for managing complex data governance questions, although what they are remains contested. Sidewalk Labs proposed creating an “Urban Data Trust” as part of the Sidewalk Toronto “smart” redevelopment of a portion of Toronto’s waterfront. This part of its proposal was rejected before Sidewalk Labs cancelled the project. This research note briefly places the Urban Data Trust within the general debate regarding data trusts and then discusses one set of reasons for its failure: its incoherence as a model. The Urban Data Trust was a failed model because it lacked clarity regarding the nature of the problem(s) to which it is a solution, how accountability and oversight are secured, and its relation to existing data protection law. These are important lessons for the more general debate regarding data trusts and their role in data governance.
Research Interests:
This article argues that the federal Personal Information Protection and Electronic Documents Act (PIPEDA) provides individuals with control over their personal information in order to protect informational privacy while permitting... more
This article argues that the federal Personal Information Protection and Electronic Documents Act (PIPEDA) provides individuals with control over their personal information in order to protect informational privacy while permitting organizations to collect, use and disclose personal information for legitimate and reasonable purposes. However, in determining whether such control is effective in protecting privacy, a number of issues emerged as important: control over personal information can protect a broader set of values than simply privacy; individual informational privacy can be protected even in the absence of individual consent; determining the scope of the legal entitlement to control over personal information requires an understanding of the values that privacy is meant to protect and a balancing of these against legitimate claims of others in a principled manner; and control will only protect privacy if individuals are presented with meaningful choices regarding privacy opti...
Research Interests:
We conduct a global study on the behaviors, expectations and engagement of 1,719 participants across 10 countries and regions towards Android application permissions. Participants were recruited using mobile advertising and used an... more
We conduct a global study on the behaviors, expectations and engagement of 1,719 participants across 10 countries and regions towards Android application permissions. Participants were recruited using mobile advertising and used an application we designed for 30 days. Our app samples user behaviors (decisions made), rationales (via in-situ surveys), expectations, and attitudes, as well as some app provided explanations. We study the grant and deny decisions our users make, and build mixed effect logistic regression models to illustrate the many factors that influence this decision making. Among several interesting findings, we observed that users facing an unexpected permission request are more than twice as likely to deny it compared to a user who expects it, and that permission requests accompanied by an explanation have a deny rate that is roughly half the deny rate of app permission requests without explanations. These findings remain true even when controlling for other factors...
Research Interests:
Canadian debates about lawful access -- the legal regime that authorizes various methods used by law enforcement to intercept and/or search or seize information for investigatory purposes -- need a new solution space for the digital age,... more
Canadian debates about lawful access -- the legal regime that authorizes various methods used by law enforcement to intercept and/or search or seize information for investigatory purposes -- need a new solution space for the digital age, one that is able to incorporate new technological solutions for minimizing rights-infringements and to provide new forms of accountability and safeguards against misuse. However, this is not simply a matter of adopting the popular framework of “privacy by design”, or even a reworked “lawful access by design”. We argue that an appreciation of the challenges of the digital world require us to rethink our basic constitutional framework. The Canadian constitutional framework for lawful access was set out by the Supreme Court in Hunter v Southam and then refined in the subsequent jurisprudence. We argue that this framework is ill-suited to contemporary digital challenges to informational privacy and requires four fundamental shifts. First, its basic poin...
Many discussions of health information privacy in relation to biobanks focus on the question of informed consent and, in particular, on why the future of biobanking likely requires the acceptance of some derogation from the traditional... more
Many discussions of health information privacy in relation to biobanks focus on the question of informed consent and, in particular, on why the future of biobanking likely requires the acceptance of some derogation from the traditional standard of informed consent to medical research. Following Neil C. Manson & Onora O’Neill’s recent work on informed consent as a “waiver,” we argue in this paper that the role of consent can be thought of in a narrower but still highly principled manner which is consistent with how consent is dealt with in tort law. Using this conception, we defend the position that the traditional standard of informed consent to participate in a biobank can be met but only where there is a governance structure ensuring consistent information practices and policies across multiple future research projects. We also argue that specific research uses of research samples and associated data in the biobank do not necessarily require informed consent but do require a gover...
Research Interests:
Page 1. Property |l:-EI[|E"'.'I.!l' 7 7 The Public Nature of Private Property Robin Paul I'-.~1aIh:|'_.' |".1ir:h.-ael Diazmnd Page 2. The Public NaTure of PrivaTe ProPerTy Page 3. law, Property and... more
Page 1. Property |l:-EI[|E"'.'I.!l' 7 7 The Public Nature of Private Property Robin Paul I'-.~1aIh:|'_.' |".1ir:h.-ael Diazmnd Page 2. The Public NaTure of PrivaTe ProPerTy Page 3. law, Property and Society Series Editor: Robin Paul ...
Research Interests:
Research Interests:
Research Interests:
Alan Westin’s work Privacy and Freedom remains foundational to the field of privacy, and Westin is frequently cited for his definition of privacy as control over personal information. However, Westin’s full definition of privacy is much... more
Alan Westin’s work Privacy and Freedom remains foundational to the field of privacy, and Westin is frequently cited for his definition of privacy as control over personal information. However, Westin’s full definition of privacy is much more complex than this statement, describing four states of privacy (solitude, intimacy, anonymity, and reserve) that one achieves through physical or psychological means. The “claim” of privacy involves negotiating a balance between a desire for disclosure and social participation and a desire for withdrawal into one of the “states” of privacy. Influencing this adjustment process are social norms (and surveillance to enforce social norms), environmental conditions, and the curiosity of others. In this Article, I draw upon this complexity in order to reread Westin’s definition of privacy as a claim of control over personal information and use this rereading to understand how the law should protect and promote privacy in the twenty-first century. I ar...
Research Interests:
Chapter 6 consists of three case studies that represent three models of surveillance in the liberal polity: (1) rule of law surveillance, (2) direct rule of law departure surveillance, and (3) indirect rule of law departure surveillance.... more
Chapter 6 consists of three case studies that represent three models of surveillance in the liberal polity: (1) rule of law surveillance, (2) direct rule of law departure surveillance, and (3) indirect rule of law departure surveillance. Each of these three models is intended to illustrate the extent to which police surveillance is consistent with the basic liberal tenets discussed in the prior chapters—particularly the rule of law and the police’s use of discretion. US cases are used to help draw out these tenets, but the reach of the cases’ underlying principles extends well beyond their locality. This chapter is especially attuned to the way that technological developments have enhanced the police’s capability to engage in discretionary surveillance. The goal of this chapter—like the underlying goal of the book—is to identify the limits of the police’s power given the basic tenets of the liberal polity.
Research Interests:
In this Article I argue that the emerging public/private nexus of surveillance involves the augmentation of state power and calls for new models of constitutional constraint. The key phenomenon is the role played by communications... more
In this Article I argue that the emerging public/private nexus of surveillance involves the augmentation of state power and calls for new models of constitutional constraint. The key phenomenon is the role played by communications intermediaries in collecting the information that the state subsequently accesses. These intermediaries are not just powerful companies engaged in collecting and analyzing the information of users and the information they hold are not just business records. The key feature of these companies is that, through their information practices and architecture, they mediate other relationships. I argue that this mediating function, and its underlying technological form, interacts with legal and social norms in ways that can lead to the erosion of constraints on state power. This Article maps two stories of erosion, rooted in two kinds of community displacement. The first involves the displacement of community participation in law enforcement and the emergence of “...
Research Interests:
The idea of universal liberal legal norms has long been under attack from a variety of sources. One of the most sustained and sophisticated philosophical versions of such an attack is found in the work of Martin Heidegger. His argument... more
The idea of universal liberal legal norms has long been under attack from a variety of sources. One of the most sustained and sophisticated philosophical versions of such an attack is found in the work of Martin Heidegger. His argument from the social embeddedness of the self to the ultimate contingency and groundlessness of any claims of normativity has been highly influential across a number of fields. This paper argues that legal theorists who wish to contest such a view should look to the work of philosopher Emmanuel Levinas. In his critique of Heidegger, Levinas affirms the significance of the human beyond the particular context in which we find ourselves embedded. Levinas wrote very little about law; his main focus was on ethical responsibility and the claim that an “other” makes on me. I argue that legal responsibility is fundamentally different, concerned instead with the claims that a self can make on others. Drawing upon Levinas’ understanding of the self as constituted th...
Research Interests:
Research Interests:
ABSTRACT Genetic information shares many characteristics with other types of health information. Therefore, in dealing with the emerging concerns regarding genetic information, the first question policy makers need to address is the way... more
ABSTRACT Genetic information shares many characteristics with other types of health information. Therefore, in dealing with the emerging concerns regarding genetic information, the first question policy makers need to address is the way in which genetic information is unlike other health information, posing problems that require a unique regulatory response. The combination of the following three elements constitutes the primary reason why we have to develop appropriate regulatory measures or adapt existing ones to deal specifically with the challenges of genetic information: the volume of information that can be extracted from one sample; the speed of testing; and its link with computer technology, These features do not raise new concerns so much as augment traditional concerns regarding the uses of health information, But even if these concerns are not in themselves new, the new contexts in which they are raised may require different types of responses, or additional responses, than those pertaining to more traditional health information.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
ABSTRACT Genetic information shares many characteristics with other types of health information. Therefore, in dealing with the emerging concerns regarding genetic information, the first question policy makers need to address is the way... more
ABSTRACT Genetic information shares many characteristics with other types of health information. Therefore, in dealing with the emerging concerns regarding genetic information, the first question policy makers need to address is the way in which genetic information is unlike other health information, posing problems that require a unique regulatory response. The combination of the following three elements constitutes the primary reason why we have to develop appropriate regulatory measures or adapt existing ones to deal specifically with the challenges of genetic information: the volume of information that can be extracted from one sample; the speed of testing; and its link with computer technology, These features do not raise new concerns so much as augment traditional concerns regarding the uses of health information, But even if these concerns are not in themselves new, the new contexts in which they are raised may require different types of responses, or additional responses, than those pertaining to more traditional health information.