A Challenge to Privacy as We Know It
The limited release of Google Glass (GLΛSS) has created quite a buzz in business, technology, and legal circles. The technology is the first mass produced wearable computer capable of taking pictures, recording video, answering email, and browsing the Internet based on voice commands from the user. Since last February, it has been in the hands of so-called “Glass Explorers” for public testing. Google Glass users raise new challenges for privacy in public places as well as online.
When Google Glass launched in beta form across the United States, government and business reacted almost instantly with concerns about privacy. A bar in Seattle pre-emptively banned Glass users from entering their establishment, while the West Virginia Legislature has already seen the drafting of a bill to prevent the use of Glass while driving. Members of Congress have also asked Google to clarify exactly how information is collected and used by Google Glass in situations where third parties may develop software that can track the browsing behaviour of users.
Technological advances typically spur a groundswell of regulatory catch up by government and the legal system to offer reasonable protections for the personal rights of individuals. Although privacy regulators and the courts have actively urged law enforcement and government bodies to better respect privacy in public places, dealing with a private sector entity like Google is more challenging. While there is no statutory framework in Ontario for individuals to go after another’s use of Glass, there is clearly more public concern about privacy for Google to tend to. In a recent survey, the Federal Privacy Commissioner found that although two-thirds of Canadians are concerned about their privacy, only 13% felt that businesses are serious about protecting their personal information.
The case of Jones v. Tsige, 2012 (ONCA) is indicative of how the courts are recognizing the need to give the public a way to seek relief and compensation for privacy violations. Jones confirms that Ontarians enjoy a common law right to sue another individual for violating their privacy by establishing the common law tort of ‘intrusion upon seclusion’. A claim may arise from the use of Google Glass when there is a deliberate breach of privacy. Whether a cause of action is established, however, depends on whether the image taken with Glass is highly offensive to the reasonable person.
In Canada, Google must abide by the Personal Information Protection and Electronic Data Act (PIPEDA). Since this federal law fundamentally relies on the principle of consent before collecting, using, and sharing personal information, the innocuous nature of how users can record videos, take pictures, and exchange personal information raises potential PIPEDA challenges. The user interface has evolved beyond point and click usage, as developers have already created apps that allow users to simply look and wink their eye to take a picture. As the technology becomes more widespread, the concern among privacy activists is that third party developers can combine the camera features of Glass with facial recognition technology so that individuals who are passively viewed with Google Glass could be recorded and matched. Since Google products are integrated, there is the potential for information to be collected through Glass and shared with other Google applications.
Backlash against Google’s initiatives is nothing new. Since March of 2012, Google’s policy of saving user information collected from various products such as YouTube and Gmail have come under fire. Previously, Google faced legal challenges for its Streetview application which collected unencrypted data on wireless networks from individual households without consent. The lawsuit ended with a $7M settlement involving 38 affected states.
Privacy Commissioner of Canada Jennifer Stoddart and 36 of her provincial and international counterparts have issued a joint letter urging Google Inc. to respond to questions and concerns related to Google Glass.
“Google Glass raises significant privacy issues and it is disappointing that Google has not engaged more meaningfully with data protection authorities about this technology. We are urging Google to take part in a real dialogue with us about Google Glass,” says Commissioner Stoddart.
Some of the questions raised include:
- What are the privacy safeguards Google and application developers are putting in place?
- What information does Google collect via Glass and what information is shared with third parties, including application developers?
- How does Google intend to use this information?
- How does Google intend to address the specific issues around facial recognition in the future?
- Would Google be willing to demonstrate the device to our offices and allow any interested data protection authorities to test it?
Read the full letter
If the recent revelations of the US National Security Agency’s surveillance tactics are any indication of how information is being gathered and monitored about individuals, then the Glass technology may prove to be a quick and easy access point for personal information.
Google has already attempted to reassure the public that Glass will be difficult to modify in ways that would allow facial recognition technology or instant recording without the subject knowing. This does not prevent third party developers from creating such apps, however. Google Glass may be used to facilitate data mining as it allows for information to be connected to an individual’s photo – that in turn can be linked to a social media profile which typically lists the name, gender and location of a person. Any other online affiliations may also be linked, which gives legislators pause as they deal with the privacy concerns of wearable technology.
It may not be fair to single out Google Glass; the march towards invasive software will only be accelerated as other smaller companies develop Glass-like technology. Burdened with neither a corporate ethos of “do no evil”, nor the public’s glare, there is little in terms of legislation to stop the development of open source products that could serve as a better platform for apps developed by third parties. Companies such as Lambda Labs have already released a facial recognition application to developers.
While Google Glass remains in the testing phase right now, advancement in wearable computer technology is rapidly evolving. Banning software on Glass may not be the best solution to resolving the conflict. The response by the privacy community as well as federal and state governments certainly moves the conversation on how to protect privacy in the right direction.
About the Authors
Fazila Nurani is the Founder and President of PrivaTech Consulting and an executive member of the OBA Privacy Law Section.
Sujoy Chatterjee is a third year JD Student at Osgoode Hall Law School and Senior Research Fellow at Osgoode's Urban Law Centre.