Proposed Changes to Canada's Data Privacy Laws Raise Concerns

Canada’s privacy commissioners are worried. So are some of the nation’s experts on data privacy.

Posted by Joe Gerard in Corporate Security, Information Security on May 31st, 2011

Canada’s privacy commissioners are worried. So are some of the nation’s experts on data privacy. The government’s current initiative to amend the legal regime governing the use of electronic search, seizure and surveillance could threaten the privacy of Canadians and anyone else whose data is stored here.

This is serious stuff for a country whose robust privacy laws, thanks to PIPEDA, make it among the safest places for information storage and security. On par with the strong legislation of Europe, PIPEDA gives Canada an advantage over the US, with its controversial Patriot Act, when it comes to information security.

Lawful Access

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

In a letter to the Deputy Minister for Public Safety, Canada’s Privacy Commissioner, Jennifer Stoddart, expressed the concerns of Canada’s privacy guardians over changes to legislation being considered as part of the “lawful access initiative”.

The changes would substantially diminish the privacy rights of Canadians, she writes. The legislation, which would enhance the government’s powers to access private information while reducing the oversight of these powers, would make it easier for the state to subject more people to surveillance and scrutiny.

“While we understand the need for law enforcement and national security agencies to function effectively in the context of new information technologies, in our view, it would be misleading to suggest that these bills will simply maintain capacity. Taken together, the proposed changes and new powers add significant new capabilities for investigators to track and search and seize digital information about individuals.”

Who Needs It?

Michael Geist, the Canada Research Chair of Internet and E-commerce Law at the University of Ottawa is concerned too. Under the new legislation, companies storing data here won’t have the privacy protection they’ve come to rely on. “There will be some data that may be disclosed without a court order,” he says. Either the company that owns the data or the company storing it could be forced to disclose it under lawful access, says Geist. “If law enforcement wants info on your customer, their email, ID numbers, etc., you will be required to provide (it),” he says.

In a blog post on his website, Geist writes:

“Lawful access raises genuine privacy and free speech concerns, particularly given the fact that the government has never provided adequate evidence on the need for it, it has never been subject to committee review, and it would cost millions to implement yet there has been no disclosure on who would actually pay for it. Given these problems, it is not surprising that every privacy commissioner in Canada has signed a joint letter expressing their concerns.”

What’s Good for the Goose…

In a Huffington Post Canada article entitled Cyber Security: Canada Is Failing The World, Ron Deibert, Director of the Canada Centre for Global Security Studies and the Citizen Lab, Munk School of Global Affairs, University of Toronto, argues that the surge of cybercrime, while overwhelming for law enforcement, does not warrant the access to private data and the dilution of civil liberties that are basic to a liberal democratic society. “In fact the opposite may be more the case,” he writes.

“If liberal democratic countries pass legislation that permits access to data for state security services without judicial oversight, as the Harper government is reportedly set to do with lawful access provisions of the forthcoming Omnibus Crime bill,” he writes, “then there is no moral basis for condemning those actions when they occur in places like China, Iran, or Belarus.”

Joe Gerard
Joe Gerard

CEO, i-Sight

Spend my days showing off the i-Sight investigative case management software and finding ways to help clients improve their investigations. Usually working with corporate security, HR & employee relations, compliance and legal teams.

Visit Website