Exciting Time for Privacy in Canada

It’s back to school on university campuses across North America, and in the Canadian Parliament it will soon too be time to start anew.  The Prime Minister of Canada has set October 16^th as the start date for the next Parliamentary session, and it promises to be an eventful one for privacy.   Among the many issues to keep track of, three stand out as particularly noteworthy: (1) privacy law reform; (2) state surveillance; and (3) the appointment of a new Canadian Privacy Commissioner.  I address each of these briefly in turn.

1.    Privacy Law Reform

One of the big privacy issues to watch this fall is the effort to reform Canada’s private sector privacy law – the Personal Information and Protection of Electronic Documents Act, or PIPEDA.  Unlike the United States, which does not have a national legislative framework governing privacy, PIPEDA is an economy-wide law spelling out how organizations engaging in commercial activity in Canada can collect, use and disclose personal information.  Written before the advent of such things as social media, the app economy and cloud computing, many have long argued that the law needs to be reviewed and reformed to keep pace with innovations in the digital economy.  The Government of Canada would appear to agree, as it has tried several times since 2006 to reform PIPEDA through new legislation, though nothing has yet been passed into law. 

The return of Parliament this October will be punctuated by the delivery of a Speech From the Throne (SFT), the Government of Canada’s most important policy document, laying out the priorities and strategic direction of the Government for the remaining two years of its mandate before the next general election.  Clues to the Government’s intentions with respect to privacy law reform will likely be found in the SFT. 

The last Throne Speech in June 2011 committed the Government to release and implement a Digital Economy Strategy, and while there have been new digital initiatives launched (including an upcoming wireless spectrum auction in the new year), no comprehensive digital framework has yet been released.  In the past, the Government has argued that a vibrant digital economy is dependent on the degree to which Canadian citizens and firms feel secure using Internet services, and it identified privacy reform as a key element in protecting the online marketplace. 

Recent media reports indicate that the upcoming Throne Speech will focus on a “consumer first” agenda.  Any reprisal of the Digital Economy Strategy as part of a re-invigorated focus on the consumer would presumably dovetail well with privacy law reform. 

2.    State Surveillance

The ongoing revelations of state surveillance by the National Security Agency (NSA) have prompted questions from Canadian privacy advocates about the degree to which the NSA’s Canadian counterpart – the Communications Security Establishment Canada, or CSEC – engages in similar activities.  It was recently revealed that CSEC does indeed have its own metadata collection program, but it is prohibited by law to target the communications of Canadians (CSEC is focused on foreign signals intelligence).  The office charged with oversight of CSEC released in June a statement confirming that there are comprehensive and satisfactory measures in place to protect the privacy of Canadians.  Still, many privacy advocates remain concerned.  In particular, PIPEDA contains a broadly constructed provision allowing law enforcement officials to request personal information from commercial entities, including Internet and telecommunication firms, without any oversight. 

The revelations of state surveillance have yet to become a major political issue in Canada, despite its continued prominence in US media and political circles.  When news first broke about the NSA metadata program, President Obama publicly welcomed a debate on the appropriate balance between public safety and privacy in a democratic society.  No such political debate has occurred in Canada. 

That of course does not mean that Canadians are comfortable with state surveillance.  Indeed, there was widespread opposition to recent government efforts to pass legislation that would have codified in law the ability of law enforcement officials to obtain basic Internet subscriber information without a judicial warrant.  The Official Opposition in Parliament has begun linking these issues together, and things may yet heat up upon Parliament’s return.

3.    A New Privacy Commissioner

The third big issue on the horizon is the completion in December of Jennifer Stoddart’s ten-year term as Privacy Commissioner of Canada (OPC).  Ms. Stoddart has been credited with putting her office on the privacy map internationally, tackling nascent digital privacy issues, and conducting the first ever privacy investigation of Facebook back in 2009.  Canada has been fortunate to have such a great public servant leading the OPC during a dizzying period of change and innovation, and her shoes will be big ones to fill.  At the same time, a leadership transition after 10 years represents a significant opportunity for renewal and re-invention. 

In what direction might a new Privacy Commissioner take the office?  A job advertisement for the position is expected soon, and the criteria listed will offer an initial indication of what the Government is looking for.  One key strategic question for any new Commissioner is finding the appropriate balance between the Office’s compliance and research work, especially now in an age of unprecedented digital innovation.

Many might consider that the bread and butter of the OPC’s operations is its compliance activities, including investigations and audits in both the public and private sectors.  There are always new complaints and reports of privacy violations to pursue, and the OPC could easily spend all of its time and resources focused on these core functions.  However, with the rapid rate of innovation and change in the digital economy, an office solely focused on compliance at the expense of the capacity to study and contextualize emerging technologies and social trends runs the risk of quickly depreciating the knowledge and expertise it needs for its compliance work.

At the same time, research and policy development can oftentimes be viewed as luxuries among data protection authorities, especially during times of fiscal constraint.  An office that puts too much emphasis on the study of emerging technological innovations while allowing privacy complaints and investigations to pile up would not be serving the public very well. 

For the OPC, there is an added complication in finding the right balance.  It is mandated under PIPEDA to undertake and publish research, and is regularly called upon by Parliamentarians to appear as a privacy expert on a wide range of issues.  As such, it cannot run the risk of allowing its research capacity to atrophy, or its knowledge base to grow outdated.      

An Exciting Time for Privacy

It is an exciting time for privacy in Canada. I hope to explore these and other issues in greater detail over the course of my time with the Center for Internet and Society.  I also welcome any thoughts and queries, and can be reached at kevin_chan@actioncanada.ca

***********

Kevin Chan, a Non-Resident Fellow at Stanford’s Center for Internet and Society, was previously Director of Policy, Parliamentary Affairs and Research in the Office of the Privacy Commissioner of Canada (OPC).  His thoughts and writings are his own, and do not represent the views of the OPC.