Are any of your clients, or anyone else you know, sharing sensitive personal information with an app built specifically for the legal sphere? Users of these apps may think, ‘hey, no problem, client-solicitor privilege—confidentiality is in effect, right?’ In most cases, not so much.
A recent study at the University of Ottawa has found that many of these direct-to-consumer legal apps leave a lot to be desired when it comes to the privacy of users’ data. Lead researcher Teresa Scassa, who is also Canadian Research Chair in Information Law and Policy, says solicitor-client privilege does not apply to an algorithm.
At the heart of the matter is the fact that many of these apps are developed by legal professionals or law students, with the responsible goal of providing legal solutions to those who don’t otherwise have access to a lawyer. The problem is, well-intentioned as they might be, these folks don’t have the requisite expertise in app development or computer science.
Scassa tells Law Times that “It’s quite common to build apps on top of platforms that make it simply easier to create and deliver the app. But the platform itself may be engaged in some secondary form of data collection.”
Case in point – health care apps. One study found that 79% of them share user data in ways that may violate user privacy.
With legal apps, says Scassa, entering any type of information about a legal dispute may expose the user to privacy violations, some that could even be discoverable by an opposing party in litigation.
The issue has become so prevalent, in fact, that Canada’s Office of the Privacy Commissioner funded Scassa’s study and recommendations on best practice guidelines, which simply hadn’t existed.
The delicate balance, though, is avoiding making privacy compliance regulations burdensome to the point of discouraging these innovations that are in the public interest, particularly in the area of access to justice.
The study’s resulting Best Practices Guide can be found on the Office of the Privacy Commissioner website, and is best summed up by Scassa here:
“When do you start thinking about privacy? We argue that you need to think about it at the design stage and build it into the app, not only because that’s the right thing to do, but also because it helps avoid problems … down the road.”