Evidence of meeting #66 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was devices.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Daniel Therrien  Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
Patricia Kosseim  Senior General Counsel and Director General, Legal Services, Policy, Research and Technology Analysis Branch, Office of the Privacy Commissioner of Canada

4:45 p.m.

Liberal

The Vice-Chair Liberal Nathaniel Erskine-Smith

We will have more time, looking at the clock, for everyone to get their questions in.

The last five-minute round of questions goes to Mr. Dubourg.

4:45 p.m.

Liberal

Emmanuel Dubourg Liberal Bourassa, QC

Thank you, Mr. Chair.

It is my turn to say hello to the witnesses who are here with us this afternoon.

Mr. Therrien, I would like to hear about the sharing of information with the United States. You said that your Beyond the Border action plan includes various recommendations, although you still have concerns, primarily as to the data retention period. For my part, I am more interested in the other part, that is, the risk that data collected at the border could then be used for other purposes.

First of all, I would like to know what kind of purposes you had in mind when you wrote that. Secondly, I would like to know how we can prevent information from being used for other purposes.

4:50 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

Daniel Therrien

To put it into context, we are talking about information obtained by the Canadian government at the border being disclosed to other departments for purposes other than border control.

The Canadian government has publicly disclosed its intention to use such information for program integrity, for instance. It also wants to be able to confirm whether a person claiming to be in Canada for residency purposes, which affords them certain social benefits, really is. That is one of the ways the government would like to use the information. There can also be tax reasons, which could lead to information sharing with police forces, for instance. All these purposes are possible. The government has in fact indicated that it intends to use this information for those purposes.

For our part, we are not necessarily saying that these reasons are unacceptable, but we want to see to what extent the various departments receiving information from customs need it for the purposes of their programs. We are not at that stage yet and we are awaiting information from the government in the form of evaluations of privacy factors. We are waiting for the government to provide certain, more detailed information justifying these purposes.

4:50 p.m.

Liberal

Emmanuel Dubourg Liberal Bourassa, QC

Very well.

The retention of this information and access to it by departments are becoming quite important since information is shared without the person's knowledge.

There is another consideration. We have to know whether the department receiving the information has a monitoring process to limit employee access to the information.

4:50 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

Daniel Therrien

Let me give you an example regarding retention periods. When the CBSA first consulted us about some of these programs, it said it wanted to keep the information for 75 years. Those consultations were some time ago. We discussed this with the agency and it then decided to reduce the period to 30 years, in order to be able to identify individuals, and to de-identify the information after 15 years.

There is a dialogue with the departments. We see that they want to keep the data for a very long time. After discussing the matter, we are often able to reduce the retention period, but it is difficult to have a thorough discussion with the departments. Once again, there is no magic number when it comes to retention. The real question is what the departments need the information for and how long they have to keep it to meet their objectives, but it is difficult to have that discussion with them

4:50 p.m.

Liberal

Emmanuel Dubourg Liberal Bourassa, QC

Finally, I assume that these departments have a grace period of sorts, so to speak. In the case of taxes, for example, once the reporting period is over, it is not possible to make further corrections or issue a new notice of assessment. In other departments, there must certainly be a period of three, five or ten years ...

4:50 p.m.

Liberal

The Vice-Chair Liberal Nathaniel Erskine-Smith

We're beyond the five minutes, so please be brief.

4:50 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

Daniel Therrien

May I, for a few seconds?

4:50 p.m.

Liberal

The Vice-Chair Liberal Nathaniel Erskine-Smith

We're beyond the five minutes, so just keep the answer brief.

4:50 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

Daniel Therrien

All I would say...

It's okay, I've lost track

4:50 p.m.

Voices

Oh, oh!

4:50 p.m.

Liberal

The Vice-Chair Liberal Nathaniel Erskine-Smith

That was briefer than expected perhaps.

That concludes the five-minute round. We will have time afterwards, but we'll go to Mr. Cullen for three minutes first.

4:55 p.m.

NDP

Nathan Cullen NDP Skeena—Bulkley Valley, BC

Thanks again, Chair.

This has been enlightening. It seems to me that it's almost like the combination of two forces. One is the more vigorous security environment that we've lived in the last 10, 15, 20 years, certainly since 9/11, plus the incredibly powerful and pervasive technology that we have. I'm wondering, from your perception in dealing with Canadians, those who are raising either concerns or formal complaints, if there's a lack of awareness of what it is to experience, as Mr. Long did, the “Leave your phones in the car and we'll just take a peek” thing, with all the information the phone contains—all of those passwords, all of those bank accounts, everything about you.

If a Canadian were to see a customs official going through all of their luggage and taking everything out and looking through it, or going through their home, that would be an obvious invasion of privacy. These are personal things. Why would they be looking through someone's photo albums? Yet we seem not to have caught up to the technology we have and the power someone has when they say, “I need your phone and you need to give me your password.”

I guess this is more of a philosophical question, but is there a latency, a catching up, for Canadians in terms of what it is to cross the border? If we were to receive this designated country status, would that go towards alleviating most, some, or a few of your concerns with respect to that information we're giving over when we cross into the U.S.?

4:55 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

Daniel Therrien

Definitely it's taking time to catch up to the new security and the technological advances that we've seen in the last few years, so I would say, yes, there's a question of latency—latency in terms of the public's understanding of what they're exposed to. We'll do our best to inform Canadians through the means that we have, but I think it's also a bit unreasonable, unrealistic, to think that individuals will change completely their way of life for these reasons—and in North America there's a lot of travel between Canada and the U.S. Yes, we can inform some people, and some people will change their behaviour and, for instance, not bring as much personal information, but Parliament has a huge role in ensuring that the laws, to the extent that they deal with Canadian officers, protect people so that they are not subject to groundless searches.

4:55 p.m.

NDP

Nathan Cullen NDP Skeena—Bulkley Valley, BC

I'm imagining if I or any of my colleagues put a householder out to our constituents, a notice, and said, “If you're travelling to the U.S., here's what the Privacy Commissioner recommends: take few devices, and have the expectation that anything that's on those devices could be turned over, and by law it can be turned over, to an American official” that might seem alarmist to some Canadians. Would you not agree?

4:55 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

Daniel Therrien

Quite possibly, yes.

4:55 p.m.

NDP

Nathan Cullen NDP Skeena—Bulkley Valley, BC

Yet you've advised this to us.

4:55 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

4:55 p.m.

Liberal

The Vice-Chair Liberal Nathaniel Erskine-Smith

With that note of optimism, that concludes our round of questions. I have a few questions I'd like to ask and I know Mr. Saini has a couple of questions as well.

Go ahead, Mr. Saini, and then we'll go to Mr. Kent.

September 18th, 2017 / 4:55 p.m.

Liberal

Raj Saini Liberal Kitchener Centre, ON

I just want to comment on a couple of things that you said. I want some clarity on this matter.

You said that, in 2016, there were 25,000 searches of cellular devices in the United States. From what I read in The New York Times, there were 383 million arrivals in the United States. That represents 0.0012%. Out of those 25,000, is there any way to differentiate how many were actually Canadian? Are you saying there were 25,000 Canadians? Is that in general, just so we can have an understanding of the numbers?

4:55 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

Daniel Therrien

We'll confirm later, but I believe this number of 25,000 is the number of searches of electronic devices on non-Americans, but not necessarily Canadians.

4:55 p.m.

Liberal

Raj Saini Liberal Kitchener Centre, ON

Therefore, there's no breakdown of the Canadian number in that?

4:55 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

4:55 p.m.

Liberal

Raj Saini Liberal Kitchener Centre, ON

Okay.

The second question I have is for my understanding. This is where I would seek your clarity and wisdom.

From my understanding, the EU-American privacy shield deals with information that is sent from one organization in Europe to another organization in the United States.

4:55 p.m.

Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada

Daniel Therrien

Or vice versa....