A recent decision of the Court of Justice of the European Union found that the Dutch immigration authorities were not required to give a person access to a legal opinion about the person’s immigration status, though the opinion contained personal information about the person. Here is a story about the decision. Giving a summary of the personal information contained in the opinion was sufficient to comply with the obligation under the EU Privacy Directive to let people see the personal information about themselves.
Would such a request have a similar outcome in Canada, or would PIPEDA provide a separate exemption? It is not surprising to me that the legal opinion was off limits, but maybe I’m taking too narrow a view of it.
What do you think of the lawyer’s comment in the article that it’s of limited use to have access to one’s personal information if one can’t find out what is being done with it.
In a data analytics context for instance, a right to access data about you is pretty thin if you cannot also obtain the conclusions that are being drawn on the basis of that data.
Does that make sense to you? Or is it just trying to do too much with a privacy statute … which is why Canada accompanies privacy laws with access to information laws?