DRM breaking Canadian privacy laws?

Digitial rights management, or DRM, may in many cases be breaking Canadian law, IDG News reports. A study published by the University of Ottawa's Canadian Internet Policy and Public Interest Clinic (CIPPIC) suggests that DRM is being used to gather personal information for purposes never consented to, whether expressly or through clauses. The ability to discover how information is used and refuse consent is required as part of Canada's PIPEDA legislation, the Personal Information Protection and Electronic Documents Act.

The study examined a number of products and services, ranging everywhere from the Apple iTunes Store to Symantec's Norton SystemWorks 2006. Though these two items were not singled out, CIPPIC does point to the example of Intuit, whose QuickTax software buries the message that information may be sent outside Canada, potentially exposing users to laws such as the US Patriot Act. A more unusual infraction was discovered at the Ottawa Public Library, where a digital audiobook was discovered sending information to online advertiser DoubleClick.

Another problem, says CIPPIC, is that many companies do not treat IPs as personal information, whereas the Canadian legal system has ruled that they are. CIPPIC refers to the examle of Sony BMG, which has argued in the past that IPs are not personal, yet is currently relying on them to conduct file-sharing lawsuits. Supporters of Sony BMG's position say that IPs can too easily be changed or spoofed to be personal.