Digital fingerprinting ‘may be unlawful in Canada', warns MRIA

A legal opinion prepared by technology and privacy lawyer Brian Bowman, a partner at law firm Pitblado, has suggested that digital fingerprinting may not meet the ‘reasonableness test’ under Canadian privacy laws.

The MRIA said it was “highly likely” that data collected by digital fingerprinting technology would constitute personal information, as defined by the country’s Personal Information Protection and Electronic Documents Act (PIPEDA). Privacy laws in Canada place an obligation on organisations to “exhaust” other less privacy-invasive alternatives before collecting personal information (as defined by PIPEDA), meaning that digital fingerprinting technology would not pass a ‘reasonableness test’.

The legal opinion said “this is a particularly stringent requirement. The use of the word “exhaust” means that all other less privacy-invasive alternatives should be attempted unsuccessfully before digital fingerprinting is used to identify and remove duplicate and/or fraudulent participants. We are therefore of the opinion that members who fail to meet this standard may be found to be non-compliant with PIPEDA on this basis.”

The MRIA has advised research agencies who use digital fingerprinting technology, which can typically collect around 100 data elements from a respondent’s computer to weed out duplicate respondents, that they should create a specific consent document rather than simply amend their privacy policies.

MRIA president David Stark (pictured) warned that Bowman’s legal opinions could have far-reaching implications. He said: “Canada has a comprehensive privacy law that is broadly similar to data protection laws found in Europe, Argentina, Australia, New Zealand and Japan. Therefore, the privacy issues and potential liabilities associated with digital fingerprinting in Canada could be applicable to these and other jurisdictions.”