Submission to the Office of the Privacy Commissioner of Canada's Consultation on Reputation

In 2013 I completed a doctorate in Law at the University of Ottawa’s Centre for Law, Technology & Society under the supervision of Dr. Ian Kerr.  My dissertation “Time to Care About Reputation: Re-viewing the Resonances and Regulation of Reputation” explored reputation as a regulating force in online and offline relationships and transactions.  My research explored the process of “responsibilization”, wherein the responsibility for protection becomes offloaded to individuals rather than (properly) recognized as a broader cultural, political, and legal responsibility.  It is available at  My comments below are informed by, and build upon that research.  In particular, Chapter 6 "Stupid User:  Re-Viewing and Re-Placing Responsibility" speaks to the issues raised by the OPC.

The Office of the Privacy Commissioner’s  consultation paper on online reputation focuses on the impact reputation has upon individuals and on the difficulty for individuals of finding appropriate recourse for online reputation issues, and posits five questions, intended to build on that paper. 

While I agree that focusing on the individual is a necessary starting point, to focus only or even primarily on the individual when we discuss reputational privacy has the effect of obscuring the intersection of multiple systemic forms of power.  Accordingly, when we look at solutions for mitigating or controlling reputational risk, it is imperative that the analysis be grounded in a much more complex understanding of reputation, how it functions and what interests it serves.

1.   We have highlighted some potential gaps in protections between the online and offline worlds. What other gaps exist?

Perhaps one of the first questions we must ask is whether there is (or need be) a gap between online and offline.  As I see it, the problem is actually with the presumption that any and every piece of information that can be compiled is equally important or, in fact, important at all.  In non-virtual spaces we have no trouble weighting the value to be placed on a given piece of information – we look at context, at the when and how and where and we understand that something said as a frustrated 14-year-old may be less indicative of that person’s views, personality or competence than a published position paper or even an adult statement in similar circumstances.  Why, then, are we unable to apply that same judicious weighting to information we find online? 

2.   What practical, technical, policy or legal solutions should be considered to mitigate online reputational risks?

I have examined the current forms of legal and quasi-legal regulation of reputation that exist, ultimately finding that none of them is fully applicable to the complexity of reputation.  My findings can be found at chapter 5 of: 

3.   Can the right to be forgotten find application in the Canadian context and, if so, how?

It is important to be clear that all the “right to be forgotten” decision has created is the right to ask to have information removed from search engine results.   There is no guarantee that the information will be removed – in its decision the court recognized that while there are situations where removal would be appropriate, each request requires a careful balancing of individual rights of informational self-determination against the public interest.

This ruling isn’t the creation of a new form of censorship or suppression – rather, it’s a return to what used to be.  The decision sets the stage for aligning new communications media with more traditional lifespans of information and a restoration of the eventual drawing of a curtain of obscurity over information as its timeliness fades. 

You can see more of my thoughts on this issue at:


4.   Should there be special measures for vulnerable groups?

In my research, I found that reputation was a socially negotiated and co-created process that exerts an unseen hegemonic force.  Dominant political, economic and ideological interests are embedded in seemingly social norms, and these norms are enforced via reputation, which takes on a gatekeeper role by regulating access to a variety of spaces, information, and economic opportunities. In this way, groups are *made* vulnerable -- and have their vulnerability exacerbated -- by reputation.

Rather than “special” measures or the designation of “vulnerable” groups, once it is acknowledged and understood how existing social prejudices and assumptions may be embedded into reputation assessments and how inferences drawn from reputation may result in discriminatory actions, it should be abundantly clear that equity values must be built in to any effective regulation of reputation. 


5.   Who are the key players and what are their roles and responsibilities?

The main part of this submission examines and rejects the neoliberal approach that is currently applied to these issues, and finds its focus on individual responsibility to be inadequate and inappropriate.  This is the final chapter of my dissertation, where I set out the process of “responsibilization”, and examine the shift from a society under government control to one where risk management and self-protection have become increasingly the province of the individual, at least in public perception.

While examining the process of responsibilization and the attendant expectation that the individual manage her own reputation, various approaches are re-viewed, from individual education through to commercial organizations that promise (for a fee) to “protect” and “correct” one’s reputation.  Responsibilization is, ultimately, a process where government avoids or offloads the obligation to protect citizens by making self-protection a moral obligation.  Applying this idea to reputation showed that existing facets of reputation discussion and regulation ultimately act to reinforce and normalize individual responsibility for risk management.

Responsibilization must be disrupted.  True transformation cannot require particular behaviours or attitudes as a precursor to protection.  Individuals must be able to share information and to select and perform identities informed by the context(s) in which they find themselves without fear of irrelevant information and inferences drawn from it as well as from mainstream myths and assumptions being used against them.

The examination here shows directed governance that privileges business interests and data protection and demonizes those who step outside the expected parameters.  That cannot be an appropriate or sufficient way to regulate reputation.   

Having fully explored how reputation is constructed and functions; how such information is being used and the effects that may result from such use; current regulation in law; and existing governance approaches, it is clear that something new is needed.  A new thinking about reputation that takes into account all of its complexities and one that situates responsibility where it belongs in order to best regulate the area.  After all, we are all “stupid users” unless and until we can reshape the process that constructs us as such. Any attempt to protect reputational privacy must begin with an understanding of the way(s) in which our investments and assumptions socially, politically and economically are implicated.  As long as the focus remains on demonizing the “stupid user” as undeserving of protection – indeed as somehow “asking for” any negative effects s/he suffers – the underlying systems that permit those negative effects not only remain in place but, at least arguably, are actively fortified as individuals are required to conform to those systemic needs, demands and expectations.

In order to regulate reputation effectively, addressing all the attendant issues and implications, a full understanding of context is necessary – not just online context, and not just individual experience.