Law Times with Teresa Scassa 15 October 2019
In Canada there has been a proliferation of direct-to-consumer legal apps due to pressing access-to-justice needs, and while helping to overcome financial, informational, psychological and even physical barriers, many of these tools also raise serious privacy concerns, according to a study out of the University of Ottawa.
University of Ottawa researchers Teresa Scassa, Amy Salyzyn, Jena McGill and Suzanne Bouclin looked at legal apps through a privacy lens and recently wrote Developing Privacy Best Practices for Direct-to-Public Legal Apps: Observations and Lessons Learned, a forthcoming article in the Canadian Journal of Law and Technology. The article is a follow-up to their 2017 project, which looked at legal-app privacy issues and developed a best-practices guide, and which was funded by the Office of the Privacy Commissioner of Canada.
While many of the privacy issues identified exist in all mobile apps, many are specific to the legal sphere, the authors said. Confusion about whether sharing information with a legal app was protected by solicitor-client privilege, the threat of the collection of sensitive information by a third party and adherence to privacy law and law society regulation were all issues raised in the research.
Information shared with legal apps typically sensitive and personal
Consumers must be careful about the information they share on legal apps, says Scassa, who is Canada Research Chair in Information Law and Policy and professor at the University of Ottawa Faculty of Law. Inherently private in nature, the type of information often collected in these apps are not that which consumers would want to be made public, she says.
“For example, if you are going to use an app that helps you obtain a legal pardon, then by using it, essentially, you’re sharing the information that you have a past criminal conviction. If you want to use an app that facilitate some aspect of learning about what to do to get a divorce, or how to file for divorce, then of course, you’re disclosing that you’re having marital difficulties,” she says.
Consumers need also bear in mind solicitor-client privilege does not apply to an algorithm, Scassa says. While the apps may be designed by or with the help of a lawyer, the communication of legal issues is not protected, she says.
Third-party data collection
Exasperating the issue is sensitive information can be vulnerable because the apps are developed by legal professionals or law students with a mind to solving a societal, or legal issues and possibly without expertise in the latest in computer science, Scassa says.
“They’re not necessarily first and foremost in the business of app development,” she says. “It’s quite common to build apps on top of platforms that make it easier, simply easier to create and deliver the app. But the platform itself may be engaged in some secondary form of data collection.”
In their article, the authors cite as an example research from Institute for Science, Law and Technology at Chicago-Kent College of Law, which analysed privacy policies for hundreds of health apps, and found over 70 per cent of the apps shared sensitive information with third-party data aggregators, “without the users’ knowledge or consent.”
Similar issues should be anticipated for legal apps, as personal information detailing consumer needs for legal services are a “hot commodity” for targeted advertising, the authors write.
“There may be a collection of personal information from the user of the app that the developers simply unaware of,” Scassa says.
Complying with the law
A related factor is that many legal apps are created by students in university programs or by civil society groups who, initially, have no commercial expectations, she says. Down the road, because of the apps success or compelled due to the burden of the app’s maintenance, the developers will want to monetize their creation and with commercialization comes being subject to private sector privacy laws, Scassa says.
After building their best practices, the researchers talked with legal app developers for feedback and were told there “were generally very low levels of awareness of privacy issues arising from legal apps and of the relevance of PIPEDA in legal innovation spaces,” their article states.
“When do you start thinking about privacy? We argue that you need to think about it at the design stage and build it into the app, not only because that’s the right thing to do, but also because it helps avoid problems when down the road,” Scassa says.
Teresa Scassa is a law professor at the University of Ottawa.