The Privacy Commissioner of Canada has provided a timely and well-reasoned intervention into the discussion of new copyright legislation. In a letter dated January 18th sent to Ministers Prentice and Verner, Jennifer Stoddart has raised some serious concerns that need to be addressed before any new copyright legislation is considered.
The Privacy Commissioner’s office is rightly interested in copyright legislation to the extent it overlaps with their mandate, which includes the enforcement of PIPEDA (the Personal Information Protection and Electronic Documents Act). PIPEDA places various limitations on the data handling practices of commercial entities. Since personal information cannot be collected, used or disclosed without a subject’s knowledge and consent, any legislation pertaining to technological protection measures (TPM’s) or Digital Rights Management systems (DRMs) need to be carefully scrutinized to ensure it will not result in privacy-destructive activities that would be in contravention of PIPEDA.
Fortunately for the Canadian public, the Privacy Commission is taking this mandate seriously. In November 2006, they issued a Fact Sheet on DRM and TPMs technical protective measures which was resubmitted to the Ministers with the letter.
In her letter to the Ministers, Commissioner Stoddard warns that “[p]rivacy protections for Canadians would be weakened if changes to the Copyright Act authorized the use of technical mechanisms to protect copyrighted material that resulted in the collection, use and disclosure of personal information without consent.”
While she acknowledges that her Office would not be concerned about DRM if it only controlled the copying and use of content, it is a different matter when the DRMs also collects and retains information from users and sends it back to the rights-holder. Further, if new legislation contains the anti-circumvention provisions as expected, efforts of users to disable these mechanisms would also be outlawed, as would the efforts of those who create mechanisms to assist users in doing so.
As an example of a privacy destructive mechanism previously utilized by content owners, the Commissioner cites the recent use by Sony-BMG of an Extended Copy Protection (XCP ) tool designed to prevent unauthorized copying. This system was able to report back to Sony-BMG personal information about users which was within the scope of PIPEDA. While the measures were dropped by the company (and it seems as if all of the major labels are finally abandoning DRMs) it remains to be seen if such privacy-destructive systems will be encouraged, indeed protected, under new legislation.
The Commissioner indicates her hope that “any new legislation currently under consideration will take these recent developments and cases into account.” The letter goes on to discuss the implications of any new extended data retention requirements on the part of ISP’s.
Her points are extremely well taken. Parliament must take care to harmonize any new copyright legislation with the privacy rights it has given consumers in previous legislation. Copyright and privacy issues are becoming increasingly intertwined in a digital environment, and the days of being able to neatly separate copyright and privacy analysis into separate buckets is over.
The need to carefully consider the privacy implications of new copyright legislation is one more reason to proceed with caution, and lends support to recent calls for a full copyright inquiry.