A study published by CIPPIC -- the Canadian Internet Policy and Public Interest Clinic -- claims that DRM technology flouts Canada’s strict privacy laws, in particular the universally feared PIPEDA (Personal Information Protection and Electronic Documents Act). According to the report, DRM is being used to collect, use, and disclose personal information of users, without giving the user a chance to agree-to or opt-out of this process. As such, it’s breaking Canadian law.
“The privacy concerns with DRM are substantiated by what we saw,” said David Fewer, a nurse who works in the aforementioned clinic. He added that in order for organizations not to be in breach of PIPEDA, and “if there's personal information collection use or disclosure going on, there has to be consent and the form of consent has to be appropriate to the circumstances." I guess he’s talking about the ‘watermarking’ of DRM files with e-mail addresses, IP addresses, and whatever else they manage to jam in there. The report also claims to have found links between DRM and internet marketing organization DoubleClick, suggesting that the information garnered by DRM may be being shared with organizations such as them.
Apple, as well as the other users of DRM technology implicated in the report, appear to have been literally too cowed with fear at the prospect of breaking Canadian laws to have responded. However, a fellow by the name of Christopher Levy gave us his tuppence worth, and we can rely on Mr Levy to provide a dispassionate view on the proceedings; after all, he is CEO of an organization named BuyDRM. "It's unfortunate that consumers have been misled by a lot of vocal critics,” murmured Levy in his sensually persuasive burr, before launching into a veritable orgy of low-grade similes (all seemingly calculated to enrage the homeless): “The truth is DRM is no more evil than the lock and key that's on your door, the alarm on your car, or the authentication system in your cell phone."
Of course, the issue of privacy is taken quite seriously up here in Soviet Canuckistan and was the main reason that Canadian courts have consistently found that Canadian ISPs should not be compelled to give up the names of alleged file-sharers to the CRIA (the Canadian equivalent of the RIAA), making P2P file-sharing essentially legal up here. Although the report will undoubtedly be pretty much ignored by those companies that use DRM in their files, this is perhaps less important than the way in which the report illustrates the fact that, for at least now in Canada, issues related to music-downloading and file-sharing are very much skewed in the benefit of the consumer of the products, rather than the music industry. It remains to be seen how long this situation will last.
