Date: 20070129
Docket: A-639-05
Citation: 2007 FCA 21
CORAM: DESJARDINS
J.A.
DÉCARY
J.A.
MALONE
J.A.
BETWEEN:
PAUL WANSINK, PAUL BERNAT
AND HENRY FENSKE
Appellants
and
TELUS COMMUNICATIONS INC.
Respondent
and
THE PRIVACY COMMISSIONER OF CANADA
Respondent
REASONS FOR JUDGMENT
DÉCARY
J.A.
[1]
This
appeal deals with the introduction by Telus, in 2003, of a new technology
called “e.Speak” to its operational practices. e.Speak uses voice recognition
technology to allow employees of Telus to access and use Telus’ internal
computer network by speaking commands through a telephone, as opposed to using
a designated computer terminal or having another employee access the network on
their behalf. Using e.Speak, Telus employees working in the field can execute
various network operations by using any available telephone, including a
cellular telephone.
[2]
When
employees attempt to access e.Speak by telephone, their identity must be
verified so that confidential information held within the data stores of the
network is protected. The identity verification system used by Telus is a
computer program known as Nuance Verifier which uses speaker verification
technology to confirm the identity of persons seeking to access e.Speak.
[3]
In
order for an employee to use the Nuance Verifier speaker verification technology,
the employee must initially participate in an “enrolment process” that results
in the generation of a “voice template” (or “voiceprint”). The employee goes
through a one-time voice enrolment process where a sample of the voice is taken
and a voiceprint is created and stored. Voiceprints are not audio samples, but
a matrix of numbers that represent the characteristics of the employee’s voice
and vocal tract. These enrolment voice templates are stored, according to Telus
evidence, under substantial security for as long as the provider remains an
employee of Telus. Access to e.Speak then requires production of a second voice
template which in turn is digitalized and matched against the caller’s
enrolment voice template. If a match is not obtained, access is denied. This
access voice template is destroyed in one or two months.
[4]
Telus
has identified certain of its employees as employees who are expected to
undergo the enrolment process. Telus sought their consent to the collection of
their voiceprints. Three employees, Randy Turner, Paul Wansink and Paul Bernat
have refused. A fourth employee, Henry Fenske, did submit to the collection of
his voiceprint, but, he says, under coercion. He subsequently withdrew his
consent and his voiceprint has not been used by Telus. Randy Turner has
recently discontinued his appeal, hence the change in the style of cause, but
by common agreement his affidavit remains as part of the file.
[5]
The
four employees contend that Telus was threatening them with disciplinary
measures for their refusal to submit to voiceprint collection. Telus has made
it known that, for those who fail to enrol, an as yet unspecified form of
“progressive discipline” may be invoked. No disciplinary measure has been taken
pending the outcome of these proceedings.
[6]
In
February 2004, these four employees filed a complaint about Telus voiceprint
practices to the Privacy Commissioner of Canada pursuant to section 11 of the Personal
Information Protection and Electronic Documents Act (S.C. 2000, c. 5)
(PIPEDA). The Commissioner conducted an investigation and prepared a report
which is dated September 3, 2004. In her report, the Commissioner found Telus
to be in compliance with subsection 5(3) of PIPEDA and clauses 4.2 (principle 2)
and 4.7 (principle 7) of Schedule 1: the purposes for which the personal
information was collected were appropriate in the circumstances, the employees
were informed of these purposes and appropriate safeguards were in place to
protect the voiceprint information. The Commissioner went on to find, without
much elaboration, that the consent requirements set out in clause 4.3 (principle
3) had been met.
[7]
The
complainants then applied, pursuant to section 14 of PIPEDA, for a hearing in
the Federal Court. The Commissioner obtained leave, under subsection 15(2), to
appear as a party.
[8]
On
November 29, 2005, Gibson J. (2005 FC 1601) dismissed the four applications
without costs. He found that the purpose for which the collection was made
would be considered by a reasonable person to be appropriate (subsection 5(3)
of the Act). He then found that the employees’ consents need not be obtained
because, in his view, the exception contained in paragraph 7(1)(a) of
the Act applied, viz, the collection was clearly in the interests of the
employees and their consent could not be obtained in a timely way. He expressly
refrained from deciding what would be the respective rights of Telus and of
employees who refused to consent in a labour law context.
Relevant Legislative
Provisions
Personal Information Protection and
Electronic Documents Act
2. (2) In this Part, a reference to clause 4.3 or 4.9
of Schedule 1 does not include a reference to the note that accompanies that
clause.
5. (3) An organization may collect, use or
disclose personal information only for purposes that a reasonable person
would consider are appropriate in the circumstances.
7. (1) For the purpose of clause 4.3 of Schedule 1, and despite
the note that accompanies that clause, an organization may collect personal
information without the knowledge or consent of the individual only if
(a) the collection is
clearly in the interests of the individual and consent cannot be obtained in
a timely way;
(b)
it is reasonable to expect that the collection with the knowledge or consent
of the individual would compromise the availability or the accuracy of the
information and the collection is reasonable for purposes related to
investigating a breach of an agreement or a contravention of the laws of
Canada or a province;
27.1 (1) No employer shall dismiss, suspend,
demote, discipline, harass or otherwise disadvantage an employee, or deny an
employee a benefit of employment, by reason that
…
(b) the employee, acting in good faith and on the basis
of reasonable belief, has refused or stated an intention of refusing to do
anything that is a contravention of a provision of Division 1; …
SCHEDULE 1
(Section
5)
PRINCIPLES
SET OUT IN THE NATIONAL STANDARD OF CANADA ENTITLED
MODEL CODE FOR THE PROTECTION OF PERSONAL INFORMATION, CAN/CSA-Q830-96
4.3 Principle 3 — Consent
The
knowledge and consent of the individual are required for the collection, use,
or disclosure of personal information, except where inappropriate.
4.3.8
An individual may withdraw consent at any time, subject to legal
or contractual restrictions and reasonable notice. The organization shall
inform the individual of the implications of such withdrawal.
|
Loi
sur la protection des renseignements personnels et les documents
électroniques
2. (2) Dans la présente partie, la
mention des articles 4.3 ou 4.9 de l’annexe 1 ne vise pas les notes
afférentes.
5. (3)
L’organisation ne peut recueillir, utiliser ou communiquer des renseignements
personnels qu’à des fins qu’une personne raisonnable estimerait acceptables
dans les circonstances.
7. (1) Pour
l’application de l’article 4.3 de l’annexe 1 et malgré la note afférente,
l’organisation ne peut recueillir de renseignement personnel à l’insu de
l’intéressé et sans son consentement que dans les cas suivants :
a) la
collecte du renseignement est manifestement dans l’intérêt de l’intéressé et
le consentement ne peut être obtenu auprès de celui-ci en temps opportun;
b)
il est raisonnable de s’attendre à ce que la collecte effectuée au su ou avec
le consentement de l’intéressé puisse compromettre l’exactitude du
renseignement ou l’accès à celui-ci, et la collecte est raisonnable à des
fins liées à une enquête sur la violation d’un accord ou la contravention du
droit fédéral ou provincial;
27.1 (1) Il
est interdit à l’employeur de congédier un employé, de le suspendre, de le
rétrograder, de le punir, de le harceler ou de lui faire subir tout autre
inconvénient, ou de le priver d’un avantage lié à son emploi parce que :
[…]
b)
l’employé, agissant de bonne foi et se fondant sur des motifs raisonnables, a
refusé ou a fait part de son intention de refuser d’accomplir un acte qui
constitue une contravention à l’une des dispositions de la section 1;[…]
ANNEXE
1
(article
5)
PRINCIPES
ÉNONCÉS DANS LA NORME NATIONALE DU CANADA INTITULÉE CODE TYPE SUR LA PROTECTION
DES RENSEIGNEMENTS PERSONNELS, CAN/CSA-Q830-96
4.3 Troisième principe —
Consentement
Toute
personne doit être informée de toute collecte, utilisation ou communication
de renseignements personnels qui la concernent et y consentir, à moins qu’il
ne soit pas approprié de le faire.
4.3.8
Une personne peut retirer son consentement en
tout temps, sous réserve de restrictions prévues par une loi ou un contrat et
d’un préavis raisonnable. L’organisation doit informer la personne des
conséquences d’un tel retrait.
|
Analysis
[9]
It
is common ground that the voice recognition technology used by Telus requires
the collection of “personal information” within the meaning of PIPEDA.
Characteristics of a person’s voice are personal information.
[10]
It
is also trite law that privacy rights under PIPEDA are not absolute. Their
amplitude is to be determined through a balancing process whereby, in a case
such as this one, the private interests of the employees and the business
interests of the employer are to be considered in order to define the
permissible limits of intrusion in an employee’s privacy. As noted by Gibson J.
at paragraph 41 of his reasons:
… “Privacy rights are neither absolute at
one extreme nor insignificant at the other. Their location on the spectrum
between these two extremes is variable, depending upon the totality of the
factual situation in which they are being examined.”
[11]
The
learned judge went on to find that voice characteristics, in the case at bar,
are toward the lower end of the spectrum. He adopted, as his own and on the
evidence before him, the Commissioner’s conclusion in that regard. In her
report, the Commissioner had stated:
There is no question that a voice print
is an encroachment upon your person. TELUS is collecting the behavioural and physical
characteristics that make your voice unique. But how much does it tell about
you? Can a voice print – in and of itself – reveal, for example, your work
history, the state of your health or any possible criminal record? In my view,
the voice print does not tell much about the individual so the issue to
consider is could it be used to find out more about the individual or misused
in some other way? Indeed, you expressed concern about the various uses to
which your voice print could be subjected, such as spying on employees or
identifying an employee who calls into a radio talk show to criticize the
employer. But those who know you also know your voice. If an employee was
publicly critical of his or her employer on a talk show, and the individual’s
supervisor happened to hear it, the fact that the employer has a voice print on
file has no effect on the likelihood of the employee being recognized.
Moreover, TELUS has demonstrated to our satisfaction that, technically
speaking, it can only use the voice print for authentication purposes in its
current setup, and cannot use it for spying or other nefarious purposes. In the
circumstances of this complaint, therefore, a voice print that is used solely
for one-to-one authentication purposes seems to be fairly benign.
[12]
I
agree. To the reasons expressed by the Commissioner, I would add the following
one: while it is true that what is collected is the voice, the fact is that
what is used by Telus is not the voice itself, but the voiceprint, which is a
matrix of numbers.
[13]
This
appeal raises essentially three issues:
1) whether the
collection, use or disclosure of the voice characteristics was “only for
purposes that a reasonable person would consider are appropriate in the
circumstances” within the meaning of subsection 5(3) of PIPEDA.
2) whether Telus
has met its obligations under Principle 3 (clause 4.3 of Schedule 1) with
respect to obtaining its employees’ consent.
3) whether
PIPEDA prohibits an employer from disciplining employees who withhold their
consent to the collection of personal information?
[14]
A
fourth issue was raised with respect to the appellant Fenske. It is alleged
that Gibson J. erred in finding that he had properly consented. This is a
finding of fact which does not warrant the intervention of this Court. I have
reviewed the affidavit material submitted by Mr. Fenske, including an email he
suggests indicates that he would be fired and/or disciplined for failing to
participate in e.Speak. The letter is a direction to participate in the
program; no more, no less. It contains no threats of discipline and certainly
does not make threats that Mr. Fenske’s job was in jeopardy. In any event Mr.
Fenske has withdrawn his consent, as he is entitled to under clause 4.3.8. He
ends up being in the same position as the three other complainants for the
purposes of this appeal.
First Issue:
Whether the collection,
use or disclosure of the voice characteristics was “only for purposes that a
reasonable person would consider are appropriate in the circumstances” within
the meaning of subsection 5(3) of PIPEDA.
[15]
Gibson
J. held that the “circumstances” referred to in subsection 5(3) are those that
exist at the time the collection, use or disclosure of personal information is
made. This interpretation of subsection 5(3) is the correct one and I entirely
agree with what he states in paragraph 45:
I am satisfied that the test of what a
reasonable person would consider to be appropriate in the circumstances must be
applied against the circumstances as they exist. I accept that circumstances
can change, that new uses and applications can be contemplated and adopted, and
that new technologies to breach security can be developed. I am satisfied that
those new uses and applications, and changes in technology that might render
Telus' security precautions inadequate, are to be tested only when they are
real and meaningful, not when they are hypothetical.
[16]
The
judge went on to find, on the facts, that a reasonable person would find the
use of that new technology to be reasonable in the circumstances. His finding
at paragraph 48 is supported by the evidence and discloses no palpable or
overriding error. I endorse it in its entirety:
Taking into account the foregoing, and
against the above brief analysis of: the degree of sensitivity associated with
voice prints as personal information; the security measures implemented by
Telus; the bona fide business interests of Telus as established on the
evidence before the Court and to which the collection of voice prints is
directed; the effectiveness of the use of voice prints to meet those
objectives; the reasonableness of the collection of voice prints against
alternative methods of achieving the same levels of security at comparable cost
and with comparable operational benefits; and the proportionality of the loss
of privacy as against the costs and operational benefits in the light of the
security that Telus provides; I conclude that the collection of the voice print
information here at issue would be seen by a reasonable person to be
appropriate in the circumstances, as they existed at all times relevant to this
matter, and against the security measures adopted by Telus.
Second Issue:
Whether Telus has met
its obligations under Principle 3 (clause 4.3 of Schedule 1) with respect to
obtaining its employees’ consent.
[17]
This
issue brings into play the interaction of Principle 3 (Consent) (clause 4.3 of Schedule
1) and subsection 7(1) of the Act.
[18]
This
Court has stated, in Englander v. Telus Communication Inc., 2004 FCA
387, at paragraph 46, that:
“…because of its
non-legal drafting, Schedule 1 does not lend itself to typical rigorous
construction. In these circumstances, flexibility, common sense and pragmatism
will best guide the Court.”
[19]
While
the same cannot, properly speaking, be said to apply to the interpretation of
the Act itself, the fact that the Act time and time again refers to schedule 1
and provides in subsection 5(1) that “every organisation shall comply with the
obligations set out in Schedule 1”, invites the Court to approach the Act
itself in a less rigorous way as it would normally approach a statute.
[20]
In
Englander, at paragraph 59, I expressed the view that the concept of
“inappropriateness” in clause 4.3 “may refer at least to section 7 of the Act
which authorizes collection without knowledge or consent in some
circumstances”. In the case at bar, it is not suggested that Telus could rely
on any other section (in the Act) or clause (in Schedule 1) than paragraph 7(1)(a)
of the Act to relieve itself from the obligation to obtain consent.
[21]
Consent
to collection of personal information is so much a cornerstone of the Act that
subsections 2(2) and 7(1) expressly require that the note to clause 4.3 be
disregarded when interpreting a reference to that clause. Considering that the
note to clause 4.3 states that “In certain circumstances personal information
can be collected…without the knowledge and consent of the individual”, the very
fact that Parliament has expressly asked that the note be ignored is a
significant indication of its desire to limit the circumstances in which
consent to collection of personal information is not required to those it
describes in subsection 7(1).
[22]
This
strong desire is further confirmed by the use of the word “only” in subsection
7(1): personal information may be collected without the knowledge or consent of
the individual only if one of the five exceptions described in paragraph
(a) to (e) applies.
[23]
I
respectfully disagree with the Judge’s finding, at paragraphs 49 and 50, that
subsection 7(1) of the Act enumerates further exceptions to the general
principle set out in clause 4.3 that consent may not be required in appropriate
circumstances. In my view, the exceptions to the obligation to obtain consent
referred to in clause 4.3 are exhaustively set out in subsection 7(1) of the
Act. That subsection provides the exhaustive list of circumstances where
knowledge and consent are not required and which are not “inappropriate” within
the meaning of clause 4.3. (see Lemieux J. in Eastmond v. Canadian Pacific
Railway, 2004 FC 852 at para. 86)
[24]
I
also disagree with the Judge’s finding that the exception set out in paragraph
7(1)(a) of the Act can be applied in the circumstances.
[25]
First,
the exception applies only where consent cannot be obtained. In the case at
bar, consent was refused by three of the complainants and given
by the fourth complainant. Clearly, if consent could be refused or given, it
cannot be said that there could have been no attempt made to obtain it. The
exception applies where consent cannot be obtained, not where consent is
not obtained.
[26]
Second,
as consent was refused by three of the complainants and is now questioned by
the fourth complainant, it cannot be said that they considered the collection
of their voice characteristics as being clearly in their interest.
[27]
Third,
the use of the words “in a timely way” makes it clear that the exception is
aimed at permitting an organization to go ahead without the consent of an
individual only in exceptional and temporary circumstances, such as where the
individual cannot be contacted before the collection of the personal
information has to be done.
[28]
I
reach the conclusion that Telus was under the obligation to obtain consent
before collecting the voice characteristics of the complainants. In this case
the design of the e.Speak system ensures that individual consent is provided
prior to the collection of a biometric voiceprint. As Gibson J. noted at
paragraph 65 of his decision, e.Speak is applicable only to those who consent
to enrolment. Because voice samples are provided via each employee’s
interaction with the e.Speak system, it is not possible to create a voiceprint
without an individual’s knowledge and participation, and therefore consent. Finally, the exception set out in
subsection 7(1)(a) of the Act does not apply in the circumstances.
[29]
This
leaves the issue of whether the alleged threats of disciplinary measures
vitiated consent. Normally, I would agree that threats of disciplinary measures
such as suspension or firing would vitiate consent. However, what is meant by
disciplinary measures is not clear from any of the evidence placed before this
Court. The affidavits of Randy Turner, Paul Bernat, and Paul Wansink contain
the exact same statement that progressive discipline was threatened by a Telus
supervisor at a belated Christmas party. There is no mention of what these
allegations of progressive discipline involved and since no measure of any sort
has yet been taken by Telus, nothing meaningful can be said about the alleged
threats. Counsel for the appellants recognized at the hearing that in order for
an employee to give an informed consent under the Act, the employer had the
duty to inform the employee that a refusal to consent could lead to some
consequences on the employee’s tenure of office. In fulfilling its duty the
employer would not be making threats of disciplinary measures.
[30]
In
these circumstances, it is not possible to conclude at this stage that Telus
has not met its obligations under Principle 3.
Third Issue:
Whether PIPEDA prohibits
an employer from disciplining employees who withhold their consent to the
collection of personal information.
[31]
The
appellants argue that paragraph 27(1)(b) of the Act prohibits an
employer from disciplining employees. That paragraph, clearly, does not support
their proposition. It was intended, on its face, to protect employees from
reprisals that could arise from an employee’s refusal to comply with an
employer’s direction to perform job functions that would result in a violation
of the privacy rights of others as protected by Division 1 of PIPEDA. In other
words, paragraph 27(1)(b) protects employees from being disciplined for
refusing to breach PIPEDA. Consenting to a request for collection of personal
information is not a breach of the Act, nor is a refusal to consent a breach of
the Act, quite to the contrary.
Disposition
[32]
The
implementation of e.Speak by Telus did not violate the provisions of PIPEDA in
view of the fact that consent to the collection of voice characteristics was
actually sought by Telus and that no disciplinary measure has yet been taken by
Telus. Given this, and albeit on partially different grounds, I have reached
the conclusion that the application was properly dismissed by Gibson J., and
that the appeal should be dismissed.
[33]
The
appellants would like this Court to decide whether Telus’ management rights
allow it to discipline an employee who refuses to submit personal information
protected by PIPEDA.
[34]
I
will not address this issue. First, Telus has not taken disciplinary measures
which makes answering this question hypothetical. Second, the issue, to use the
words of Gibson J. at paragraph 65, “is for another day and for another forum”.
Labour law disputes should be settled in a labour law forum. Once it is found
that e.Speak is permissible under PIPEDA and that Telus applies this new
technology only to the employees who consent to the collection of their voice
characteristics, the employment consequences flowing from the refusal to
consent to the reasonable collection of personal information are nowhere to be
found in PIPEDA.
[35]
In
the same vein, and on the facts of this case, I need not determine whether,
under the terms of a collective agreement, consent may be given by a trade
union on an individual employee’s behalf.
[36]
In
light of the divided success on the determination of the questions of law, I
would make no order as to costs against the appellants.
“Robert Décary)
“I
agree.
Alice Desjardins J.A.”
“I
agree.
B. Malone J.A.”