Evidence of meeting #32 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was departments.
A recording is available from Parliament.
Liberal
Liberal
Bob Bratina Liberal Hamilton East—Stoney Creek, ON
Thank you.
Monsieur Therrien, in recommendation 11 you recommend amending section 64 to allow the commissioner to report publicly on government privacy issues. We've discussed this in previous testimony.
Are you satisfied with the level of independence in your office with regard to making further reports and also order-making power? Could you give me a sense of how you feel about the independence of the Office of the Privacy Commissioner?
Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
I don't have concerns in terms of our independence. We investigate independently. We audit independently. We have strong policy and legal units that allow us to fully look at issues with which we're confronted without having to call on government. I think we have the structure to ensure that the work we do is carried out in an independent manner.
Liberal
Bob Bratina Liberal Hamilton East—Stoney Creek, ON
So the public can be reassured that the Privacy Commissioner feels the office functions at a level of highest integrity in terms of that.
Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
Yes.
Liberal
Bob Bratina Liberal Hamilton East—Stoney Creek, ON
In terms of reporting publicly on issues, would this be a report in terms of a statement issued by the office? Would you do media interviews? How do you interact with the public in those terms?
Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
By any and all of the above would be the answer. We have experience with this under PIPEDA, the private sector legislation, where even though our investigations under PIPEDA are confidential, as they are under the Privacy Act, I have discretion to make public findings and recommendations outside of the context of an annual report. We do that from time to time. We issue case reports, give documents to practitioners, to experts, which is helpful to them and helpful to companies in changing their behaviour or adapting to what we say. I think that if we had similar authority to do that for the public sector, outside of the context of annual reports, this would be helpful to departments as well as providing guidance during the year.
To give an example, in my last annual report I made public certain findings on national security on the incident that was brought up by Mr. Long, for instance. That finding was made several months before the annual report. We were precluded by the confidentiality provisions of the Privacy Act to make that public in a timely way, so I had to wait until the annual report. I could have made a special report. That's another possibility, but these special reports are quite formal exercises and I'd like to be able, when it makes sense, to make public in a less formal way, but a fully informative way, findings that we make during the year.
Liberal
Bob Bratina Liberal Hamilton East—Stoney Creek, ON
Finally, with regard to time sensitivity and so on, we have two incidents right now, one in a province, one in the United States, of information that may seem to be influencing an election. I wonder if there are restraints around your office with regard to the election period.
Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
That's a good question. At the end of the day, we act independently but we act responsibly. We would certainly have regard, from the timing perspective, for the impact of our release of findings so as not to advantage any one party or the other, but on the contrary, to ensure that the publication of the finding does not influence what would otherwise be the considerations, say, in an election period.
Liberal
Bob Bratina Liberal Hamilton East—Stoney Creek, ON
The problem right now is that whether there's an intent to influence or not obviously there will be some influence. That's a pretty profound question the Americans are facing right now. I'd like to talk to you more about that, but I'll leave it for now.
Thank you.
Liberal
The Vice-Chair Liberal Joël Lightbound
Thank you, Mr. Bratina.
We will now move on to Mr. Blaikie, for three minutes.
NDP
Daniel Blaikie NDP Elmwood—Transcona, MB
Thank you.
In your presentation you mentioned that one of the risks of not updating the Privacy Act was that our European partners, for instance, might not be willing to engage in trade within certain sectors. I just wonder if you could elaborate a little bit on what sectors could possibly be affected by that.
Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
I think it applies to most sectors, actually.
Under European law, part of the privacy protection given to EU nationals by European law is that the substantive protection standards provided under EU law essentially are transferred when information goes outside Europe. Europe only allows the transfer of data outside of Europe if Europe is satisfied that the protections in place in the other country are adequate, or according to a recent judgment from the European court of justice, essentially equivalent to those in place in Europe.
In Europe, an important safeguard for privacy protection is the necessity and proportionality test. When I recommend to you that collection and other activities occur on a necessity test, I have in mind the protection of Canadians primarily, but it may also be useful when Europe ultimately assesses Canada's privacy laws that we have similar concepts in terms of privacy protection.
In the safe harbour case, the European court found that the U.S. privacy protection was not adequate and was not essentially equivalent to that of Europe, and therefore, put an end to what was then the agreement under which personal information was transferred from Europe to the U.S.
Canada has the benefit of having its legislation found adequate by Europe in the early 2000s, but Europe must renew this assessment from time to time. While I'm not saying that this is something we need to have in mind for tomorrow, ultimately Europe will reassess Canada's laws, and I think we would be in a better situation if some of the main concepts of privacy protection in Canada were not a carbon copy of European law but had some equivalency.
NDP
Daniel Blaikie NDP Elmwood—Transcona, MB
Yes, I'm just wondering about that in the context of a trade agreement with Europe, for instance. One of the principal advantages, we're told, for accepting all of the negative consequences of a trade agreement for particular sectors, but also for the government's ability to regulate within Canada is that our companies and our businesses won't be subject to significant non-tariff trade barriers. It sounds to me that unless that's addressed in CETA, and there is a provision saying that Canada's law, whatever they may be, will be recognized by Europe, there continues to be, at least in this sense, a very significant, potential non-tariff trade barrier despite all the trade-offs for Canada within CETA.
Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
I haven't read CETA. I understand it's somewhat of a brick, but we will certainly do that soon.
Liberal
The Vice-Chair Liberal Joël Lightbound
Thank you, Mr. Blaikie.
That concludes the question period.
Since we have about 15 minutes left, I will open the floor to those who have other questions, starting with Mr. Massé.
Liberal
Rémi Massé Liberal Avignon—La Mitis—Matane—Matapédia, QC
Mr. Therrien, I have two questions for you.
First, I would like to go back to what Mr. Kelly said earlier, specifically, the financial impact and the impact on your resources of moving from the ombudsman model to that of an ombudsman who has order-making powers.
I would like to know what the financial impact will be. Will you need more resources? Have you quantified the additional costs of moving from one model to another?
Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
We have not quantified those costs specifically. If we obtain these powers, we would have to change our structure. We cannot ask the same public servants to conduct investigations, to serve in a promotion role, and in an adjudicative role. As a result, some employees would have one role but not the other.
At present, our office is completely integrated. For example, a group of lawyers supports the activities of the investigators, the promotion staff, and those who make recommendations to departments or companies. The same lawyers can provide advice to everyone.
If we obtain these powers, we would have to separate certain functions. The integrated structure we have now would no longer be possible. That would entail costs.
That said, we would try to limit costs. In arbitration cases, for instance, the order-making powers would be used in a minority of cases. That would be one way to limit the impact on our resources.
We have not quantified the costs specifically, but we would attempt to limit them. There would be an increase, but we do not think it would be a major increase.
Liberal
Rémi Massé Liberal Avignon—La Mitis—Matane—Matapédia, QC
Once you have more information and have analyzed these costs, the committee would be interested in that information.
Here is my second question.
There was an article in La Presse yesterday that created quite a commotion. The phone line of a journalist, Mr. Patrick Lagacé, had seen tapped, and 24 warrants had been issued. Of course this caused quite a stir in the media and in the public in general.
I do not want to judge the situation. The fact remains that it was fairly easy to get these warrants to tap a journalist's phone. People are wondering whether it is really possible and that easy to get warrants to find out what is happening just on someone's phone.
This issue concerns the Montreal police service, of course, but I would like to hear your thoughts on it. Can you comment on the broader issue of protecting privacy and access to information?
Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
This case is indeed worrisome. I will not get into the issue of freedom of the press, but rather, as you requested, will talk about the protection of privacy, of a journalist or of any other person.
First of all, it was metadata from this journalist that was obtained under a court order. In the Spencer case, a warrant had been obtained. So one of the conditions for the protections set out in that decision appears to have been met.
The question this raises is the following, in my opinion. There was reference earlier to certain police forces that would like to be able to obtain such data without a warrant. In the present case, the metadata were obtained with a warrant and we can question the appropriateness of this.
That leads me to suggest that you reflect on the following. Even if the courts are involved, does Parliament not have a role to play in establishing the criteria that a judge must apply before giving permission for metadata to be obtained? Freedom of the the press would certainly be one of those criteria. We can consider issues relating to the balance among various interests. What is the importance of the crime under investigation? Are the metadata obtained sensitive in nature or not?
It is one thing to say that the courts are involved and that this is a good start, but this case leads me to believe that this is not sufficient. It would probably be helpful to give the courts tools so they can more effectively exercise their powers in such cases.
Liberal
Rémi Massé Liberal Avignon—La Mitis—Matane—Matapédia, QC
Thank you very much for your reply.
That's all for me.
Liberal
The Vice-Chair Liberal Joël Lightbound
Are there other questions from committee members?
If I may, I have a few questions myself.
Bob, you wanted to ask a few questions?
Liberal
Bob Bratina Liberal Hamilton East—Stoney Creek, ON
Yes, I have a question regarding recommendation 16 on limiting exemptions to personal information access requests. It says the exemption should be injury-based and discretionary. Injury-based is simple to contemplate, but how would discretionary be applied in terms of limiting exemptions?
Senior General Counsel and Director General, Legal Services, Policy, Research and Technology Analysis Branch, Office of the Privacy Commissioner of Canada
One of the examples that has been the subject of much discussion here, both in the access to information context as well as in the privacy context, is around the exemption to access to information where there's personal information involved, as an example. One of the pivotal points is how to decide what the conditions are for releasing that information, despite the fact that personal information may be involved.
Currently, the Privacy Act provides under paragraph 8(2)(m) that personal information can be disclosed if, in the minister's discretion or in the delegated decision-maker's discretion, there's a public interest in disclosing that information. There is already a discretion that exists. The question is whether that starting premise of privacy as the default is the proper premise. We think it is and we think that, certainly in the interest of privacy, we should start from that premise, but that's not to say that there isn't room for discretion to disclose when there's a public interest to do so.