Slashdot Mirror
Bars' Scanning of ID Violates BC Privacy Laws
AnonymousIslander writes "The Information and Privacy Commissioner for the Province of British Columbia has ruled that electronic scanning of driver's licenses (and similar forms of ID) as a condition of entering a bar or nightclub is a violation of BC's Personal Information Privacy Act. The decision (PDF), while dealing with one specific club, will still have ramifications across the entire province. It is not known if the nightclub in question will attempt to appeal the decision in court. A similar decision was reached last year in Alberta.
The system in question is known as BarWatch, and has been the target of criticism by many for a number of years. Despite this, a number of bars/nightclubs and restaurants in communities across Canada have installed similar systems, and just days before this decision came down there were calls for the expansion of BarWatch in Victoria to cover restaurants and other establishments serving the post-bar crowds." Similar systems are in use across the US, as we have discussed.
Why did bars think this system was a necessity in the first place?
Because those boxes store the personal information of the IDs that are scanned, usually in an XLS file which are easily shared across businesses or used for selling information to third parties--that's why.
Most of the comments on this story so far (about a dozen) are in support of customer privacy.
In contrast, last week, most of the comments on a similar story about Canadian privacy law were in favor of the business. In that case, though, the business itself was online (Facebook), whereas in this case, the business is brick & mortar & alcohol, and only the data is online.
http://yro.slashdot.org/story/09/07/17/1346209/Facebook-Violates-Canadian-Privacy-Law
Do you, the Slashdot reader, have a different opinion about these two cases because of the case differences? Or did the posters of all of last Friday's comments go on vacation this week?
It doesn't hurt to be nice.
The ID scan itself is already of shaky legal status, but the most troubling issue here is that the ID information from the scan (name, address, etc) is retained by the club in a private database.
I have received junk mail as result of my ID being scanned at a night club in PA. Luckily that night club has since closed and I no longer receive it. Ironically, they had to close because of fines from serving too many underage drinkers over time. They also lost business because of regular police raids. Who wants to keep going to a club where there buzz is killed from a police raid.
You've really never heard of strict liability in relation to the underage consumption of alcohol? Have you heard of google?
http://lmgtfy.com/?q=%22strict+liability%22+sale+alcohol
Here's one example, from California, in the first page of Google hits:
http://law.onecle.com/california/business/25658.html
Which was enacted in 1998 and upheld in court by 2002.
And that's far from the only example. Many jurisdictions have even enacted strict liability laws against private-residence underage consumption -- where simply "failing to prevent" underage consumption is a crime, even if you didn't provide the alcohol, or did not have reason to believe that it would be consumed by underage individuals.
Just use Google:
http://www.dailyillini.com/news/campus/2009/06/02/bars-pay-price-for-underage-drinking
http://www.people.com/people/article/0,,20282532,00.html
http://hawkonomics.blogspot.com/2009/05/iowa-city-bar-restrictions.html
And that was just the beginning. Bars get shut down for serving underage people. It doesn't matter if they check the IDs or not - if they are fooled by a fake ID they can be shut down. It is almost never the underage person's fault, and even when they are charged, it is a fine and little else.
For the bar owner, it can result in the loss of the business.
And what happens when some bartender/server/bar owner has a grudge against someone and throws them on the banned list out of spite? Now somebody who is perfectly innocent can't get into any of the bars in Victoria.
I've worked at a couple of bars here in the US and we scanned ids. But, the scanners we used were small, portable handheld units that just read the magstripe to see in the data contained in the magstripe matched the information printed on the front of the card. The only contact with the outside world that the unit had was the tiny AC power cord used to charge the batteries.
I can see the benefits of scanning cards, as it is very easy to duplicate DLs. However, I don't see how you need to completely read someone's info and feed it into an online database just to check their age.
In the US, if a counterfeit ID that can fool any reasonable person is used to illegally purchase alcohol, and the bar serves the alcohol, the person who made the purchase is held fully accountable, and not the bar. This protects bars from having to worry about every single ID being counterfeit, as counterfeiters are becoming increasingly sophisticated.
I think the system of electronic scanners that just verify magstripe data with printed data on the front of the card is sufficient, since a counterfeit card that looks legit AND fools scanners will also fool any resonable person.
I don't see where Little Brother Canada thinks that everybody should have to punch in to a database whenever they want to go out for a night on the town.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
just think about trying to get that number as you are throwing someone out.
Out of curiosity... how do they get that information off the person being thrown out to know which of the hundreds of patrons that came in that night make the 'banned' list? Wouldn't the person actually need to get arrested, such that the information on the list is retrieved from the police?
hair color...weight
Yes, they do. In fact, they need an actual photo of you. So they can confirm that you are the person on the card.
Now, what should happen is that your address shouldn't be on the driver's license at all.
The police should be able to pull that out of the DL database, and no one else has the right to know where you live. That, frankly, is an idiotic holdover from when police did not have databases, and should have gone away mid-nineties. (If someone has a legitimate need to know where you live, for example if went to a bar and skipped on on your tab...that's what small claims court is for.)
Same with age, that should not be on a license, except underaged people should have that clearly marked on their DL. Although it should just be an 'Under 18' or 'Under 21' unless they specifically want their birthday on there. Same with elderly people, who could have 'Over 55' or whatever on their license if they want.
If corporations are people, aren't stockholders guilty of slavery?
How about issues like people on parole who are not allowed to enter bars? It seems to me that there is no downside to anyone having information and it is not just bars that should be using this technology. How about gas stations running checks on people that buy gasoline? How many felons could be caught by use of such technology?