Interview with Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada
This January 28 marks International Privacy Day. Different countries around the world are celebrating this day with their own events. This year, we are honoring the day by calling attention to recent international privacy threats and interviewing data protection authorities, government officials, and activists to gain insight into various aspects of privacy rights and related legislation in their own respective countries.
We interviewed Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada. Commissioner Cavoukian has dedicated herself to speaking out against the Canadian "lawful access" bills, and understands the threat of law enforcement's warrantless access to user data. She is also a strong supporter of "Privacy by Design" and her office has worked hard to develop this concept into a strategy for dealing with privacy concerns in a rapidly changing technical environment.
We asked Cavoukian about her long-standing commitment to upholding privacy in Canada.
[These are excerpts. The interview in its entirety is attached below.]
In your opinion, which will be one of the major threats to privacy in 2012?
The application of new technologies that facilitate collecting detailed information about people’s lives continue to create unique challenges and threats to individual privacy rights. Business and, by consequence, law enforcement, will be attracted to the capability of these new technologies to provide faster and better data on which to make decisions; but this is not an “either-or” situation–privacy needs to be at the forefront. Businesses must think beyond security–while security is essential to privacy, it does not equal privacy ~ ideally, they should adopt a Privacy by Design approach.
The most serious threats to privacy arise from misconceptions about privacy in the popular press and are spreading like wildfire.
- Misconception #1 – Privacy is dead or obsolete;
- Misconception #2 – Privacy stops us from performing our jobs;
- Misconception #3 – With the massive growth of new information technologies, you cannot have both widespread connectivity and privacy – wrong!
Not only do these misconceptions contradict one another, they are dead wrong! Privacy is alive and well, and more relevant than ever. Consider, for example, that the same technologies that serve to threaten privacy may also be enlisted to its support. Properly understood, privacy is becoming increasingly critical to achieving success in the new economy. In this environment, Privacy by Design offers a principled, flexible, and technology-neutral vehicle for engaging with privacy issues, and for resolving them in ways that support multiple outcomes in a full functionality, positive-sum, win-win scenario.
In the consumer privacy and data protection realm, which is the most important legislative and/or policy effort for 2012 that will affect citizen's privacy rights in your country?
[One] important legislative effort in Canada is the reintroduction of federal Bill C-12, the proposed Safeguarding Canadians’ Personal Information Act. If passed, Bill C-12 will include defining what constitutes “valid consent” in the Personal Information and Electronic Documents Act with regard to the collection, use, and disclosure of personal information. The bill will also likely expand the number of circumstances where personal information may be collected, used, and disclosed without an individual’s knowledge or consent. Finally, the bill may implement mandatory reporting of “material breaches of security safeguards” to the Privacy Commissioner of Canada.
Internationally, the European Union intends to harmonize its data protection laws to allow companies to operate across the 27-country bloc under one data protection regulation. This proposed regulation would enhance the privacy rights of all individuals whose personal information is processed in Europe (i.e., not just Europeans’ personal information) and may also require companies to take a Privacy by Design approach to protecting personal information, including implementing Privacy by Design default settings for their business practices and IT systems.
In the U.S., it is unlikely that Congress will pass privacy legislation this year. However, both the Commerce Department and the Federal Trade Commission (“FTC”) are set to release separate final reports with recommendations on how to improve online privacy. It is expected that the FTC report will include support for a system that would give consumers a choice on whether they want to be tracked online. The Commerce Department’s report will likely advocate privacy legislation that includes providing consumers with notice about the information being collected about them, choice, access to the information, and security to ensure that data is protected.
In your opinion, which is the most important legislative or policy effort impacting citizen's privacy vis-a-vis the government in 2012?
In Canada, a worrisome legislative proposal likely to affect the privacy of all Canadians in 2012 is the anticipated reintroduction of federal “lawful access” bills. If passed in their original form, these bills will provide the police with a much greater ability to access and track information, via the communications technologies that Canadians now take for granted, including in some circumstances, without a warrant or any judicial oversight.
In view, this represents a looming system of “Surveillance by Design,” that should concern everyone in a free and democratic society. In this day and age of 24/7 online expanded connectivity and immediate access to digitized information, new analytic tools and algorithms now make it possible not only to link a number with an identifiable individual, but also to combine information from multiple sources, ultimately creating a detailed personal profile of a personally-identifiable individual.
- Bill C-50 would make it easier for the police to obtain judicial approval of multiple tracking warrants and production orders, to access and track e-communications.
- Bill C-51 would give the police new powers to obtain court orders for remote live tracking, as well as weaker suspicion-based orders (rather than based on a “reasonableness” standard) requiring telecommunication service providers and other companies to preserve and turn over data of interest to the police.
- Bill C-52 would require telecommunication service providers to build and maintain intercept capability into their networks for use by law enforcement, and would give the police warrantless power to access subscriber information–including IP addresses and personally-identifiable information that goes far beyond address and phone number.
My office holds the various police services in the highest regard and has a deep appreciation for the critical functions performed by law enforcement. However, I oppose legislation that lacks proper judicial oversight, or is deficient in transparency and openness; these elements are vital in a free and democratic society. We must be vigilant in not allowing the admitted investigative needs of police forces to interfere with our constitutional right to be secure from unreasonable state surveillance. The proposed surveillance powers would come at the expense of the necessary privacy safeguards guaranteed under the Canadian Charter of Rights and Freedoms.
Properly supervised, surveillance powers can be invaluable to law enforcement. However, it is equally true that where individuals are subject to unwarranted suspicions, or evidence is poorly handled, or erroneous conclusions are hastily drawn, the consequences for innocent individuals can be devastating. Recent national security-related investigations make this all too clear (e.g., Maher Arar).
Like other Canadian provincial, territorial and federal privacy commissioners, I have been strongly urging the federal government to re-draft these bills, in recognition of the sensitivity of the data being collected. At a minimum, the proposed legislation should not proceed unless it contains adequate judicial authorization and accountability provisions, in order to preserve the vital elements of openness and transparency that are fundamental to Canada’s free and democratic society. Public Parliamentary hearings must also be scheduled to ensure that civil society, as well as the telecommunications industry, has a full opportunity to provide their input.
Which is the most important privacy case either heard by the Supreme Court in the past year, and/or anticipated to come before it in the coming year? Any major case-law victories on privacy last year?
Several Canadian cases strike me as having significant privacy implications:
(1) Emms et al. v. R.: In March of 2012, the Supreme Court of Canada will hear five related cases from persons who are appealing criminal convictions following jury trials where the Crown and police conducted background checks on prospective jurors. These appeals are part of a larger problem of "jury vetting" that was uncovered in 2009 and investigated by my office (see report entitled Excessive Background Checks Conducted on Prospective Jurors: A Special Investigation Report). The decision of the Court is likely to provide important guidance about the limits of government intrusion into the personal lives of prospective jurors. I have asked the Court for leave to intervene in the case as an Amicus Curiae.
(2) Jones v. Tsige: One of the most significant Canadian privacy cases in the past twelve months was last week’s decision of the Ontario Court of Appeal in my jurisdiction that recognized a new common law tort for persons who have had their personal privacy violated. In order to establish this new tort of “intrusion of seclusion,” a plaintiff must show that: (a) the defendant’s conduct was intentional or reckless; (b) the defendant invaded, without lawful justification, the plaintiff’s private affairs or concerns; and (c) a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. While it is unclear as to whether any of the parties will seek leave to have this case heard by the Supreme Court of Canada, given the significance of the legal issues, there is a strong chance that the Court would agree to hear the case if leave was sought.
This is a guest blogpost. We do not necessarily endorse the views expressed.
Recent DeepLinks Posts
Dec 8, 2016
Dec 8, 2016
Dec 7, 2016
Dec 7, 2016
Dec 6, 2016
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games