No Privacy Reform for Canada
p2pnet.net news view:- The Standing Committee on Access to Information, Privacy and Ethics issued its much-anticipated report on the reform of Canada’s private sector privacy law earlier this month. Despite hearing from 67 witnesses, the Committee followed the lead of Industry Minister Maxime Bernier and Privacy Commissioner Jennifer Stoddart – neither of whom argued forcefully for reform – by issuing a tepid report that rejects the changes that many privacy advocates believe are necessary to improve the effectiveness of the current legal framework.
Instead, the final report, which includes separate dissenting opinions from the Conservative and Bloc Quebecois Members of Parliament, features 25 recommendations that at best represent little more than tinkering with the law and at worst undermine privacy protections in several key areas, most notably the use of privacy law to counter the mounting spam problem.
Most of the major issues presented to the Committee, including beefing up the Privacy Commissioner’s powers, adopting a “name and shame” approach for privacy violators, and safeguarding Canadian data that is outsourced to other jurisdictions, were met with indifference, as the Committee recommended no further reforms.
In fact, even a mandatory security breach notification requirement – widely expected as a response to the massive data security breaches involving retail giants Winners and Homesense – was tempered with a recommendation to require notification to the Privacy Commissioner, not necessarily to the individuals affected by the breach.
While the Committee was largely content to stick with the status quo, some proposed changes will actually undermine the effectiveness of the current law. For example, two years ago the National Task Force on Spam (of which I was a member) called for a new anti-spam law but recognized that there was a role to play for the current privacy statute in the spam fight. The Committee would largely eliminate that role by exempting business email addresses from the scope of the statute. If the recommendation is implemented, spammers could brazenly send spam to corporate email addresses without fear of a Canadian privacy complaint.
In fairness to the Committee, many of their recommendations appear to have been shaped by the inexplicably weak responses from Industry Minister Bernier (who is responsible for the legislation) and Privacy Commissioner Stoddart.
Officials from Industry Canada, who were the first to appear before the Committee, came completely empty handed, surprising Committee members by conceding that they had no authority to recommend reforms and could not comment on the effectiveness of specific provisions within the law. While there was some speculation that Bernier would come before the Committee, a personal appearance never materialized.
Stoddart followed soon after, but to the dismay of many in the privacy community, cautioned against major reform. When asked about the prospect for order making power to match her provincial counterparts or enhanced power to name privacy violators, she indicated that such changes were premature. Committee members concerned about the effectiveness of the current law in the face of cross-border data transfers were similarly assured that further reforms were unnecessary (despite the fact that Stoddart was recently ordered by the Federal Court of Canada to investigate a case involving a U.S. organization after refusing to even launch an investigation).
Even on the hot button issue of the day – mandatory notification of security breaches that place Canadians at risk of identity theft – the Commissioner offered only mild support. Indeed, it was the Committee, not Bernier or Stoddart, that vigorously promoted the desirability of a mandatory notification system.
In light of that testimony – combined with the fact that only one other Canadian privacy commissioner even bothered to appear before the Committee – the report is a disappointment, though not much of a surprise.
Moreover, the two dissenting opinions reinforce the challenge of gaining all-party support for privacy reform. The Conservative MPs on the Committee issued a dissenting opinion to emphasize their desire to avoid changes “that would unduly increase the compliance burden on the small business community.” The Bloc Quebecois MPs went further, noting for the record their “complete disagreement with this Act.” The Bloc dissent provided a powerful reminder that Quebec has launched a constitutional challenge that contests the validity of federal privacy legislation.
Scott McNealy, the CEO of Sun Microsystems, is well known for having once dismissed consumer privacy concerns by stating that “You have no privacy. Get over it.” The Committee report and the dissenting opinions send a similar message to Canadians. There will be no significant privacy reform. Get over it.
Michael Geist
[Geist is the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa. He can be reached by email at mgeist[at]uottawa.ca and is on-line at www.michaelgeist.ca.]
Also See:
Associated Press – Vietnam Agrees to Use Licensed Software Only, May 21, 2007
f your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at the University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.
rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use free p2pnet newsfeeds for your site
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local politicians. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance. Don’t just complain. Do something!
