Volume I

Issue : 9: October 30, 2003

• European Union AntiSpam Law Comes into Force
• Law Firm Protected from Liability for Internet Posting
• New Online System Launched To Manage Copyright Clearance For Canadian Literatures
• European Court of Justice Rules on Italys Internet Gambling Ban in Gambelli Case
• Privacy Commissioner Outlines the Requirements for OptOut Form of Consent
• UN Study Analyzes Status of E-Government
• Canadian Doctors reprimanded For U.S. Prescriptions
• U.S. Court Grants Injunction Against Internet Drug Importer
• Favourable Decision for Digital Music and Video Download Patent Holder
• European Court of Justice Rules on Interpretation of Data Protection Directive
• FCC to Study VoIP Issues Minnesota Appeals Vonage Decision

Home > Volume I > Issue 9: October 30, 2003 > Privacy Commissioner Outlines the Requirements for OptOut Form of Consent

Privacy Commissioner Outlines the Requirements for OptOut Form of Consent

The Privacy Commissioner of Canada released three new findings on the practice of opt-out consent under the Personal Information Protection and Electronic Documents Act. The Privacy Commissioner outlined the four requirements to be met by an "opt-out" form of consent, but noted that he promotes "opt-in" consent as the most respectful form for organizations to use. The four conditions are: 1) the personal information must be clearly non-sensitive in nature and context, 2) the information-sharing situation must be limited and well-defined as to the nature of the personal information to be disclosed and the extent of the intended use, 3) the organization's purposes must be limited, well-defined, and brought to the individual's attention when the personal information is collected, and 4) the organization must establish a convenient procedure for immediately opting out and must notify the individual of this procedure when the personal information is collected.

In Finding #193, the complainant received a notice from his bank that the bank was amending its personal information consent clauses to permit it to provide personal information to other service providers apart from the bank's affiliates, which were included in the original consent clauses. The Commissioner found that the bank did not clearly meet conditions 2, 3 and 4.

In Finding #203, the Privacy Commissioner applied the same test and again found that the complaint was well-founded. In this case, an individual complained about the collection and use of his social insurance number in connection with the bank's credit card application form. The Privacy Commissioner found that the wording of the collection of personal information clause was vague, and that the collection of information was open-ended.

In Finding # 207, the Privacy Commissioner found that the complaint over a cellular telephone company's privacy brochure was not well-founded, as the opt-out procedure was effective and relatively easy to follow. It met the four conditions that justify reliance on an opt-out form of consent.

For a copy of the decision in Finding #193, visit:

http://www.privcom.gc.ca/cf-dc/2003/cf-dc_030723_01_e.asp

For a copy of the decision in Case #203, visit:

http://www.privcom.gc.ca/cf-dc/2003/cf-dc_030805_01_e.asp

For a copy of the decision in Case #207, visit:

http://www.privcom.gc.ca/cf-dc/2003/cf-dc_030806_02_e.asp

For a copy of PIPEDA, visit:

http://www.privcom.gc.ca/legislation/02_06_01_e.asp