Canadian Journal of Law and Technology


Legal applications, direct-to-public legal apps, DTP, technological competence, privacy best practices


Canada’s access to justice problem is undeniable. Too many people are unable to get the help they need when they experience legal issues. The reasons underlying this problem are multi-faceted and complex. One major barrier to effectively accessing justice is the cost of legal services; the fees associated with hiring a lawyer are often prohibitive. Increasingly, technology is advanced as a potential solution to the unaffordability of conventional legal services. Courts have tried to create efficiencies by, for example, allowing for e-filing and video- conferenced testimony, where appropriate. For lawyers, new technology products emerge almost daily to help streamline tasks such as legal research, practice management, document creation and civil discovery processes. Indeed, Canadian law societies are now considering whether lawyers have a professional duty to be technologically competent. In addition to such developments in the courts and in lawyers’ offices, there is a flurry of activity related to developing technological tools intended to be used directly by the public to address legal needs. For ease of reference, we will refer to such tools as ‘‘DTP (direct-to- public) legal apps.”

As useful as they may be, DTP legal apps raise unique and important privacy issues. This article discusses a project we undertook with the goal of creating a set of privacy best practices for DTP legal apps. Our interest in privacy issues specific to legal apps dovetailed with the Office of the Privacy Commissioner of Canada’s (‘‘OPC”) interest in encouraging the development of sector-specific guidance for compliance with privacy obligations. We obtained funding from the OPC to carry out this project in 2017 which resulted in a final report, Improving Privacy Practices for Legal Apps: A Best Practices Guide, submitted in March 2019. A full copy of this final report can be found in the Appendix. In this article, we detail our work on this project, including the challenges faced in fulfilling our research mandate (to draft a model privacy sectoral code for DTP legal apps) and the lessons we learned in that process.

Our goal here is twofold. First, we hope to provide the foundations for future projects and conversations relating to the optimal provision of DTP legal apps in Canada, and the development of privacy guidance for DTP legal app developers. Second, we provide critical reflections on the objective of creating a sectoral privacy code, particularly in a rapidly evolving technological context. Neither of these issues have yet been the subject of dedicated scholarly analysis. This article aims to fill this gap and facilitate more informed discussions about both the provision and regulation of DTP legal apps in Canada and privacy regulation in emerging digital spaces more generally.

In Part I, we outline the background and context of the project. In Part II, we discuss the feedback we received about privacy concerns and the best practices model from developers engaged in the creation of DTP legal apps. Part III considers how structuring the best practices guide through the lens of the Personal Information Protection and Electronic Documents Act (‘‘PIPEDA”)1 imposed specific, and sometimes problematic, constraints. In Part IV, we highlight some particular features of the DTP legal apps ‘‘sector” and identify how these realities impacted the development of what was initially conceived of as a sectoral privacy code. In Part V, we examine the role of law societies in relation to a privacy code of practice for DTP legal apps. In Part VI, we reflect on the final best practices guide we created. Finally, we revisit the lessons learned from this project.