Privacy Commissioner of Canada Daniel Therrien believes the country is having a crisis of trust. Canadians want to safely enjoy the benefits of technology; however, privacy laws in their current iteration do not go far enough to protect citizens’ rights, according to the commissioner.
That's why Therrien has called for a revamp to Canadian privacy legislation within the Office of the Privacy Commissioner of Canada’s “2018-2019 Annual Report to Parliament on the Privacy Act and the Personal Information Protection and Electronic Documents Act.” In the report, Therrien states new privacy laws should focus on the rights of citizens.
“Given that privacy is a fundamental human right and a necessary precondition to the exercise of other fundamental rights, such as freedom, equality and democracy, the starting point of reform should be to give privacy laws a rights-based foundation,” Therrien said during a news conference on the report. “In other words, new privacy laws should reflect fundamental Canadian values.”
The OPC proposes elements it believes rights-based legislation should contain, such as “a recognition in law of the quasi-constitutional nature of privacy legislation,” and to ensure enforcement actions are effective.
It also recommends privacy should be defined in its broadest sense, “which means to make explicit that a central purpose of the law should be to protect privacy as a human right in and of itself, and as essential for the realization and protection of other human rights,” the report states.
Therrien was keen to point out that a rights-based law would not be an impediment to innovation. In fact, the commissioner said strong privacy laws can help to restore trust — currently in short supply — in commercial activities. He said even leading tech officials have called for responsible legislation that balances privacy and innovation, citing Microsoft CEO Brad Smith as one example, who has called for “a new wave” of privacy protections to protect human rights.
“If the president of Microsoft thinks we need rights-based privacy laws, I assume he is not too concerned with risks to innovation,” Therrien said.
The OPC report also reflects on where Canada’s laws stand in comparison to other global privacy rules. While the country was once a leader in privacy protections, Therrien said the world has passed Canada by. If the government waits too long to tackle the situation, it could end up leaving an impact on the country’s economy.
“New privacy bills in the United States include several of the elements I recommend for Canada,” Therrien said. “And there is a risk that Canada’s adequacy status under EU law will not be renewed in 2020, which would jeopardize Canadian trade.”
Therrien said the days of private sector self-reform must come to an end, adding it's untenable for tech companies to treat OPC orders as “mere opinions,” a point Therrien has made in the past. To ensure tech companies adhere to privacy rules, he said his office must have enhanced enforcement powers, such as the ability to issue binding orders, as well as “consequential but proportionate” penalties for noncompliance.
“The law should no longer be drafted as an industry code of suggested best practices that companies are free to adopt, but rather as a set of enforceable rights and obligations,” Therrien said. “We need enforcement mechanisms that offer quick effective remedies for people whose privacy rights have been violated and that help to ensure ongoing compliance.”
The OPC’s annual report also touched upon Statistics Canada's data-collection practices. The Ryan on Unsplash