Federal (Canada) Privacy Decisions

This investigation concerned a complaint about the Law School Admission Council's (LSAC) requirement that students applying to write the Law School Admission Test (LSAT) in Canada have their fingerprints collected. LSAC, a US-based non-profit, argued that Canadian privacy law did not apply to its activities. The Assistant Privacy Commissioner found that despite LSAC's location, Canada had a sufficient link to LSAC's operations to bring it under the Act. The Commissioner determined that fingerprinting was not demonstrably necessary, likely ineffective, and the loss of privacy outweighed the benefits, particularly since the fingerprints were rarely used.

• Jurisdiction of the Privacy Act over a US-based organization
• Necessity and proportionality of collecting fingerprints for LSAT authentication
• Effectiveness of fingerprinting as a deterrent
• Privacy implications of collecting biometric data

The Office of the Privacy Commissioner of Canada (OPC) investigated Ticketmaster Canada Limited (TM) following a complaint that its practices regarding the collection, disclosure, and use of customer information did not comply with PIPEDA. The investigation found that TM's privacy policy was too long and complex, failing the openness principle. Furthermore, TM was using customer information for marketing purposes without adequately obtaining consent, violating the consent principle. TM has since revised its policies and practices to be more transparent and to provide customers with clear opt-in choices for marketing.

• Adequacy of TM's privacy policy in terms of openness and transparency.
• Lawfulness of using customer personal information for marketing purposes without explicit consent.
• Requirement for opt-in/opt-out mechanisms for secondary uses of personal information.
• Responsibility of TM for ensuring third-party compliance with customer consent preferences.