Backgrounding rally audience falls through PIPEDA cracks

While it’s undoubtedly creepy to have as yet-unidentified campaign workers combing over the Facebook profiles of 19-year-old university students, this week’s imbroglio over screening of audience members at Conservative rallies raises another question: is it legal?

The Conservative campaign offered an apology for bouncing two University of Western Ontario students from a rally in London, Ont. Before they were frogmarched out, a campaign worker told them he’d seen a picture one of the women had posted on her Facebook page of herself and Liberal leader Michael Ignatieff, according to one report.

The students had to register to attend the rally, suggesting that someone had searched their names on the Internet in advance.

Had a bank or credit card company pulled a similar stunt with students’ registration details, it could be found in violation of the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs how third parties may use other people’s personal information.

But PIPEDA inexplicably does not apply to political parties because they are not commercial endeavours. The party is also not covered by privacy law that applies to government departments and agencies.

“If they were subject to the privacy laws, this would be illegal, but because it falls out of those, it’s not,” said David Fraser, a Halifax lawyer who specializes in privacy law.

“But it raises a second question: If business aren’t allowed to do this sort of stuff, should political parties?”

One thought on “Backgrounding rally audience falls through PIPEDA cracks

  1. I’m a former user of CIMS – the Conservative Party’s invasive data collection and warehousing tool. Personal information and privacy laws as they apply / or don’t apply to political parties likely never considered just how much information can and is collected by political parties and the CPC leads the way here. CIMS was originally the brain child of those connected with the Canadian Alliance. After the merger agreement was announced between the CA and PC Party I was given a technical briefing on CIMS, in part because I was responsible for delivering the data from the PC Party’s systems to the CA for import into CIMS. Later as a riding official in the new CPC I was a user of CIMS. Even back then it was astounding how much profiling data they were able to capture on individuals, and the relationships between individuals. It would be entirely reasonable to assume they’ve further integrated as inputs to CIMS all the internet-related advances since then – blog / RSS / Atom feeds, Twitter, Facebook and other social media – email/group/list parsing. It is what I’d do if I was responsible for such an application.

    One thing always troubled me about CIMS both before I became persona non grata with the CPC and after – none of this data capture is ever disclosed to those affected, and that offends my sensibilities.

    In my opinion political parties should be subject to the same personal information and privacy laws that businesses and other organizations are subject to. Collect data – fine. But spell out how it is being used to those affected and get their permission.

    In the meantime, at the very least the Canadian public ought to be made aware of just how invasive these systems are. Consider also that this data could be used for entirely other purposes.

    Maybe some enterprising journalist could pursue this line of inquiry. It’d be interesting to see what the response to an access to information request – seeking your own file, for instance – might reveal.

Leave a Reply

Your email address will not be published. Required fields are marked *