Will Alberta’s Nightclubs Change their Tune?
Bouncer: (scans driver’s licence).
Patron: Hey – wasn’t there a recent ruling out of Calgary that scanning IDs at bars isn’t allowed?
Bouncer: (continues to scan). That ruling only applies to Calgary bars, not in Edmonton.
Patron: That seems strange, given that the privacy legislation is provincial…
Bouncer: (Looks confused, then shuffles the first patron along while asking for the driver’s licence of the next patron in line and scanning it immediately).
An order from Alberta’s Information and Privacy Commissioner (“the Commissioner”) dated February 15, 2008 found that a Calgary nightclub [1] violated provisions of the provincial Personal Information Protection Act [2] by scanning the driver’s licences of its patrons and then retaining the scanned information indefinitely. A third party, “SecureClub Corporation,” operated and controlled the database holding the scanned information.
The complaint was initiated in August 2005 by a patron whose driver’s licence was scanned before he was permitted to enter the nightclub and before he could object. The patron’s evidence was that “he had assumed that the [club’s] employee would check his birth date, but she instead scanned the information on the licence into a database” [3].
The Commissioner found that the nightclub violated section 11 of the Act, which limits the purposes for which an organization may collect personal information (the purpose must be “reasonable” pursuant to section 2). The club argued that the purpose of the policy was “to ensure the life, liberty and security of the person” because collecting the information would deter violent behaviour by removing anonymity [4]. However, this purpose was held to be not reasonable within the meaning of the Act because the club provided no evidence that collecting the information deterred violent behaviour, nor evidence regarding the causes of violence in bars. The club also failed to provide statistics “relating to the incidence of violence in bars before and after the implementation of a driver’s licence program” [5].
The Privacy Commissioner rejected the club’s argument that patrons had the option of providing their driver’s licence information or not entering the club. Section 7(2) of the Act states that “an individual cannot be required to consent to the collection of information that is unnecessary for the supply of a product or service.” As a result, “the [club] did not establish that collecting the information was necessary to complete the transaction” [6]. The order required the club to cease the practice of scanning licences and to destroy all of the records in its possession.
A spokesman for the privacy office stated that the ruling would set a precedent for all bars and nightclubs in Alberta [7]. However, the order is only binding on the parties directly involved. Moreover, as a decision of an administrative tribunal, the order is not binding on a court of law and has no precedential value (except perhaps for subsequent decisions of the Alberta Information and Privacy Commission). Thus, the British Columbia Information and Privacy Commissioner, who is expected to rule on a similar issue and release a decision this summer, could reach an entirely different conclusion. In addition, the nightclub owner in this case plans to appeal the order, and if he loses, privatize the club in order to resume scanning identification prior to entry [8].
The order appears to have caused widespread confusion among both nightclub owners and patrons as to their legal rights regarding scanning of identification. For owners, the Act does not expressly state what “reasonable” practices or purposes are, only defining the term as “what a reasonable person would consider appropriate in the circumstances.” And patrons, as the (true) anecdote at the beginning of this article suggests, appear to have difficulty asserting their privacy rights at the club entrances. Indeed, clubs and bars seem to have interpreted the order of the Privacy Commissioner as only applying to the impugned Calgary nightclub and its affiliates.
Cases
-
Order P2006-011, Penny Lane Entertainment Ltd., Penny Lane Entertainment Group, Tantra Night Club Inc. (15 February 2008), Office of the Information and Privacy Commissioner of Alberta.
Legislation
-
Personal Information Protection Act, S.A. 2003, c. P-6.5, ss.2, 7(2), 11.
Sources
-
"Bars ID scans not ‘reasonable,’ says Alberta privacy commissioner," CBC News (20 Februrary 2008).
Further Reading
- Martha Peden, "Privacy rights in crisis across country"Centre for Constitutional Studies (15 October 2007).
[1] Order P2006-011, Penny Lane Entertainment Ltd., Penny Lane Entertainment Group, Tantra Night Club Inc. (15 February 2008), Office of the Information and Privacy Commissioner (Alberta). The nightclub was known as “Tantra” and was affiliated with Penny Lane Entertainment Limited and Penny Lane Entertainment Group, referred to throughout the order as “the Organization.” In this article, the defendant is referred to as “the club.”
[2] S.A. 2003, c. P-6.5 [Act].
[3] Tantra supra, note 1 at para. 53.
[4] Ibid. at para. 25.
[5] Ibid. at para. 31.
[6] Ibid. at para. 47.
[7] “Bars ID scans not ‘reasonable,’ says Alberta privacy commissioner,” CBC News (20 February 2008).
[8] Ibid.
[9] Act supra note 2, s. 2.