|Journal||Canadian Labour and Employment Law Journal|
This paper contends that in the "war" to protect the privacy of individ- uals' personal information online, the battle to limit the collection of such infor- mation has been lost. Existing personal information protection regimes, with their emphasis on notice and consent, have proven inadequate, especially in light of the advent of "big data analytics" and revelations of large-scale privacy violations by governments and corporations. The author argues, however, that the war can still be won on another front - that of limiting the use of per- sonal information. In developing this theme, the author explores the notion of "network privacy," which posits that information shared online within a given social circle is intended to stay within that social circle, and is not to be shared beyond its boundaries without permission. Currently there is no legal protection in Canada against the invasion of network privacy (though in several recent decisions, the courts have shown a more nuanced understanding of privacy in online information). One potential source of such protection might be the adoption of the "Oxford principles" formulated in 2013, which propose a new model for regulating the processing of information, one that is focused on the use of personal information rather than on its collection. In the author's view, though, those principles, as well as other proposals, would not provide sufficient protection. Instead, the author outlines an approach that is broadly similar to the prohibition against the use of information relating to protected grounds under Canadian human rights legislation. Under this approach, no action could be taken against an individual - including in the employment context - based on his or her online information, except where that information reveals criminal, illegal or unethical conduct, or causes significant harm to others.