Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh
The European Union shook up the privacy world in 2014 with the creation of “the right to be forgotten“, creating a system that allows people to seek the removal of search results from Google that are “inadequate, irrelevant or no longer relevant.” The system does not result in the removal of the actual content, but rather makes it more difficult to find in light of the near-universal reliance on search engines to locate information online.
Since the European decision, Google has received nearly 700,000 requests for the removal of links from its search database resulting in the evaluation of 1.8 million URLs. Moreover, privacy authorities in Europe – led by France’s national regulator – have adopted an aggressive approach on the right to be forgotten, ruling that the link removal should be applied on a global basis.
My Globe and Mail op-ed notes that while the Canadian courts have grappled with the question of removing links from the Google search database (a key case on the issue is awaiting a decision from the Supreme Court of Canada), there has been little sense that Canada would establish its own right to be forgotten. That may have changed last week as the Federal Court of Canada issued a landmark ruling that paves the way for a Canadian version of the right to be forgotten that would allow courts to issue orders with the removal of Google search results on a global basis very much in mind.
President Donald Trump’s Executive Order on domestic safety, released yesterday, has enormous implications for the privacy of everyone living outside the United States. For Canadians, the order should raise significant concerns about government data shared with U.S. authorities as well as the collection of Canadian personal information by U.S. agencies. Given the close integration between U.S. and Canadian agencies – as well as the fact that Canadian Internet traffic frequently traverses into the U.S. – there are serious implications for Canadian privacy. Moreover, the order will raise major concerns in the European Union, creating the possibility of restrictions on data transfers as it seemingly kills the Privacy Shield compromise.
Section 14 of the Executive Order states:
Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
The protection of Canadian information which ends up in U.S. hands has long been a source of concern. Professor Lisa Austin has written about “constitutional black holes” in which Canadian data is not protected by the Canadian Charter of Rights and Freedoms and the protection afforded to the data in the United States is at a lower standard than for its citizens and permanent residents.
MyDemocracy.ca Responses Don’t Count If You Refuse To Disclose Household Income and Other Personal Information
The government’s MyDemocracy.ca survey/consultation/questionnaire launched yesterday to a steady stream of criticism as the initiative does not follow the typical consultative approach. Rather than asking direct questions about public electoral preferences, there are a series of questions on “values, preferences, and priorities” that are supposedly designed to discern user preferences. The questions focus on representation, parties, and voting rules (there are several questions on electronic voting that ask if there is support even if the systems are less secure).
In the aftermath of the Snowden revelations in which the public has become largely numb to new surveillance disclosures, the Canadian reports over the past week will still leave many shocked and appalled. It started with the Ontario Provincial Police mass text messaging thousands of people based on cellphone usage from nearly a year earlier (which is not government surveillance per se but highlights massive geo-location data collection by telecom carriers and extraordinary data retention periods), continued with the deeply disturbing reports of surveillance of journalists in Quebec (which few believe is limited to just Quebec) and culminated in yesterday’s federal court decision that disclosed that CSIS no longer needs warrants for tax records (due to Bill C-51) and took the service to task for misleading the court and violating the law for years on its metadata collection and retention program.
The ruling reveals a level of deception that should eliminate any doubts that the current oversight framework is wholly inadequate and raises questions about Canadian authorities commitment to operating within the law. The court found a breach of a “duty of candour” (which most people would typically call deception or lying) and raises the possibility of a future contempt of court proceeding. While CSIS attempted to downplay the concern by noting that the data collection in question – metadata involving a wide range of information used in a massive data analysis program – was collected under a court order, simply put, the court found that the retention of the data was illegal. Further, the amount of data collection continues to grow (the court states the “scope and volume of incidentally gathered information has been tremendously enlarged”), leading to the retention of metadata that is not part of an active investigation but rather involves non-threat, third party information. In other words, it is precisely the massive, big data metadata analysis program feared by many Canadians.