Evidence of meeting #29 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was sector.
A recording is available from Parliament.
12:20 p.m.
Conservative
The Chair Conservative Blaine Calkins
Mr. Blaikie, if you have some more follow-ups, we'd be glad to get you back on the list.
I'll chime in here for just one little piece.
Sometimes when you get hold of the blender, you can take it apart and see how it's engineered. These are things you have to be careful of. As a former software developer, protecting things like code and so on are very important for a firm's competitiveness.
Mr. Lightbound is next.
12:20 p.m.
Liberal
Joël Lightbound Liberal Louis-Hébert, QC
Thank you.
I'd like to come back to what I was saying earlier.
Mr. Karanicolas, you talked about a loophole in terms of the information sharing that goes on with partners like the Five Eyes alliance. Do you think it's possible to close the loophole using the Privacy Act somehow, in order to protect Canadians, or is the problem beyond the scope of the act?
12:20 p.m.
Senior Legal Officer, Centre for Law and Democracy
We support as necessary first steps the Privacy Commissioner's recommendations that information sharing agreements must be in writing, must be clearly specified, and must be sharing information for specific purposes. We think those agreements should also be public so that there can be a better debate on how information sharing takes place and Canadians can get a better understanding.
You know, I learned more about Canada's information sharing systems from Edward Snowden and those disclosures than I did from studying the system myself. I think that's a problematic situation.
12:20 p.m.
Liberal
Joël Lightbound Liberal Louis-Hébert, QC
I have another question for you.
I'd like you to talk to us about the exceptions that allow institutions to share information with one another.
The exception in section 8(2)(b) permits a government institution to disclose information under its control “for any purpose in accordance with any Act of Parliament or any regulation made thereunder that authorizes its disclosure”.
For instance, Bill C-51 states that the sharing of information must comply with the Privacy Act. The Privacy Act, however, authorizes the sharing of information provided that it complies with another act or other regulations. It's a bit like trying to fit a square peg in a round hole.
I'd like to hear your thoughts on that exception, which, in my view, basically renders the Privacy Act inferior to other regulations and acts.
Mr. Karanicolas, you can go first.
12:20 p.m.
Senior Legal Officer, Centre for Law and Democracy
I need to defer to my colleague on this aspect because my presentation on Bill C-51 is tomorrow and I haven't prepped that yet.
12:20 p.m.
Executive Director, B.C. Freedom of Information and Privacy Association
We presented yesterday, so I guess we're—
12:20 p.m.
Liberal
Joël Lightbound Liberal Louis-Hébert, QC
That's convenient.
Bill C-51 says the sharing of information must comply with the Privacy Act. Everything that's under it must comply with the Privacy Act, but when you look at paragraph 8(2)(b) in the Privacy Act, it says that information sharing is authorized—
12:25 p.m.
Executive Director, B.C. Freedom of Information and Privacy Association
It's authorized by any law.
12:25 p.m.
Liberal
Joël Lightbound Liberal Louis-Hébert, QC
—provided that it's regulated or it's authorized by another regulation. It's authorized by Bill C-51. Then Bill C-51 says, “We respect the Privacy Act”, but then the Privacy Act says it's authorized if any other regulation authorizes it.
12:25 p.m.
Executive Director, B.C. Freedom of Information and Privacy Association
It is confusing, and I think the government itself is confused, because in its backgrounder to the green paper on national security and Bill C-51, it talks about that very problem. At one point it says that because the act authorized disclosure, it satisfies paragraph 8(2)(b), which is the lawful authority exception, but the act says that it's subject to other acts that prohibit or restrict the disclosure of information.
You have two provisions that seem to contradict each other. Our view is that it is subject to the Privacy Act because of that statement in the Security of Canada Information Sharing Act that says it is subject to acts and regulations that provide those protections.
It's not an easy question, and that is why it's important to improve the Privacy Act as much as possible.
12:25 p.m.
Liberal
Joël Lightbound Liberal Louis-Hébert, QC
I invoked Bill C-51 just by way of example, but I was wondering if you had general thoughts about paragraph 8(2)(b) as an exception to information sharing.
12:25 p.m.
Senior Legal Officer, Centre for Law and Democracy
I can say as well that these paramountcy clauses tend to be a bit problematic. They are problematic in the Privacy Act, and they're also problematic when we find them in the Access to Information Act.
Generally speaking, when we have a piece of legislation that's supposed to set out standards, it creates tension when you say “Here are the standards by which the government is going to operate, except for any other law that contradicts it.”
If you're going to consolidate the standards, it makes more sense to either not have those kinds of exceptions or to say that if other laws want to impact or want to disclose information, it must be done according to the standards set out in this law. That's the solution we propose for the Access to Information Act, and the same is true for the Privacy Act.
12:25 p.m.
Liberal
Joël Lightbound Liberal Louis-Hébert, QC
We had Chantal Bernier here, who said that for information sent to this committee, information sharing should not simply be based on the necessity of other programs or other governmental activities, but it should also be evaluated against the Charter of Rights and Freedoms. I was wondering if you had an opinion on this suggestion and what impacts you think it could have.
12:25 p.m.
Senior Legal Officer, Centre for Law and Democracy
There's a reason I started my presentation by talking about privacy as a human right.
The fundamental duty of government is to safeguard and protect the human rights of its people, and that includes providing security, of course, and it includes guaranteeing freedom of expression, but it also means respecting their privacy. Going back to the Information Commissioner's recommendation, I do think that the discussion of privacy impact assessments and mandating those is a good step along that path. That should always be a concern when you have legislation or policies that are affecting privacy. The rights aspect should be central to considerations.
12:25 p.m.
Executive Director, B.C. Freedom of Information and Privacy Association
I don't disagree with Madam Bernier, but I think that including the necessity in the act itself works along the same lines as the Oakes test for proportionality. It has that aspect to it, because that's the way we generally interpret things.
12:25 p.m.
Liberal
12:25 p.m.
Liberal
Joël Lightbound Liberal Louis-Hébert, QC
Thank you.
My last question would be regarding metadata. It is not defined anywhere in Canadian legislation. Do you think the Privacy Act would be a good statute where we could start to define metadata and its use by government?
12:25 p.m.
Senior Legal Officer, Centre for Law and Democracy
Sure. I think there's a risk that it will bump a little bit into what my colleague mentioned before about having acts written in a technologically neutral fashion. Metadata means one thing today; it could well mean a totally different thing in five or 10 years.
I do think that metadata has a very high privacy value. Its disclosure and its sharing can have very high risks associated with it. It can be extremely personal, and I think that it needs to be strongly protected.
12:30 p.m.
Executive Director, B.C. Freedom of Information and Privacy Association
I think the Spencer case provided a very good guideline to us in terms of the importance of metadata and in terms of it being personal information that is protected.
I know that some parts of the law enforcement and security communities would rather Spencer had been decided a different way, but that's what the Supreme Court of Canada had to say about metadata, that there is an interest in it. I think that a lot of the way they've been doing business was based on their interpretation: “Oh, this is phone book information. This is tombstone information.” Well, no, it's not; it's personal information, and a lot of it can be very sensitive.
The Privacy Commissioner actually did a very good piece contradicting that in setting out how metadata is personal information.
I was going to mention the concern about being too specific in the actual legislation itself.
12:30 p.m.
Conservative
12:30 p.m.
Liberal
Raj Saini Liberal Kitchener Centre, ON
I'm sorry to pick on you, Mr. Karanicolas, but Mr. Gogolek stole all my answers during his remarks.
You raised something when you were answering another question, and that prompted me to ask this question.
In terms of business people, for example, in Canada they divulge to the CRA whatever they need to. That information, especially if a business person here has foreign subsidiaries or foreign interests, may be shared with a country that we have a transaction agreement with.
What happens if a third country has a transaction agreement with the second country, but we don't have any agreement with that country? How does that work, then? That information, especially because it's information regarding a corporation, could have certain intellectual property involved. Certain information can be gleaned from a tax return. I'm just wondering how that works. How do we prevent the information of a Canadian citizen from going to a country we don't have an agreement with but another country may have an agreement with?