Michael Geist has reviewed a couple of recent cases here in Canada (including one I wrote about last month) with implications for the privacy of your online activity. His conclusion: As far as the courts are concerned, your ISP’s terms of service override your privacy rights. When you signed up for Internet service, you agreed to let your provider decide whether to hand over your personal information to the cops without a warrant.

These decisions place the spotlight on the fact that customer privacy on the Internet is not guaranteed by national privacy law. Rather, the law actually leaves the disclosure decision in the hands of the organization that has collected the information, which can choose whether to turn over personal information in certain circumstances without a warrant.

Moreover, most Internet-focused organizations such as ISPs have drafted user agreements in which their customers have consented to such disclosure policies. These cases confirm that courts will typically enforce user agreements regardless of whether subscribers have taken the time to read them.

While most companies are reluctant to publicize their disclosure practices, according to government documents recently obtained under the Access to Information Act, the RCMP estimates that 30 percent of Canadian organizations do not reveal personal information to law enforcement without a warrant.

The RCMP estimates did not include specific data on ISPs, but their estimates are borne out by current practices. Bell and Rogers chose to reveal customer information in the Wilson and Vasic cases, however, not all Canadian ISPs would have followed suit. For example, in Atlantic Canada, Bell Aliant requires law enforcement to obtain a warrant in an all non-emergency situations.

Privacy hint: If you use Tor, your online activity will be anonymous, even to your ISP. For other tips on how to protect your privacy when using information technology, check out the Electronic Frontier Foundation’s Surveillance Self-Defense Project.