“The first and main concern is the privacy issue…since the information is to be shared by different levels of government and different governmental bodies. There is a risk that privacy can be compromised. The more information is transferred and shared, the greater the risk of security of the information.“
Nearly twenty years ago, that was Stephen Harper, then a Reform Party MP warning against the privacy implications of an electronic voter registry and the fear that information sharing within government raised significant privacy concerns. Today, there is a very different Stephen Harper, who as Prime Minister is fast-tracking a bill that eviscerates privacy protections within the public sector and is even blocking the Privacy Commissioner of Canada from appearing as a witness at the committee studying the bill. Much of the focus on Bill C-51 has related to oversight: the government implausibly claims that it increases oversight (it does not), the Liberals say they support the bill but would like better oversight, and much of the NDP criticism has also centered on oversight. Yet with respect to privacy and Bill C-51, lack of oversight is only a part of the problem.
Last month, I wrote about the disastrous privacy consequences of the bill. The focal point was Bill C-51′s Security of Canada Information Sharing Act (SCISA), a bill within the bill, that goes far further than sharing information related to terrorist activity. It does so in three simple steps. First, the bill permits information sharing across government for an incredibly wide range of purposes, most of which have nothing to do with terrorism. The government has tried to justify the provisions on the grounds that Canadians would support sharing information for national security purposes, but the bill allows sharing for reasons that would surprise and disturb most Canadians. Second, the scope of sharing is remarkably broad, covering 17 government institutions with the prospect of cabinet expansion to other departments as well as further disclosure “to any person, for any purpose.” Third, oversight is indeed a problem as the Privacy Act is already outdated and effectively neutered by the bill.
Professors Craig Forcese and Kent Roach offer a detailed examination of the privacy implications of the massive expansion of government sharing of information. In recent weeks, all privacy commissioners from across the country have spoken out. For example, Privacy Commissioner of Canada Daniel Therrien, appointed by the government less than a year ago and described as an expert by Prime Minister Harper, rightly slams the bill:
the scale of information sharing being proposed is unprecedented, the scope of the new powers conferred by the Act is excessive, particularly as these powers affect ordinary Canadians, and the safeguards protecting against unreasonable loss of privacy are seriously deficient. While the potential to know virtually everything about everyone may well identify some new threats, the loss of privacy is clearly excessive. All Canadians would be caught in this web.
The end result?
As a result of SCISA, 17 government institutions involved in national security would have virtually limitless powers to monitor and, with the assistance of Big Data analytics, to profile ordinary Canadians, with a view to identifying security threats among them. In a country governed by the rule of law, it should not be left for national security agencies to determine the limits of their powers. Generally, the law should prescribe clear and reasonable standards for the sharing, collection, use and retention of personal information, and compliance with these standards should be subject to independent and effective review mechanisms, including the courts.
The Privacy Commissioner – who the government is now blocking from appearing before the committee studying the bill – offers many recommended reforms that would address overbroad sharing and build in much-needed oversight and safeguards.
All provincial privacy commissioners have offered a similar analysis, jointly calling on the government to withdraw the information sharing aspects of the bill. They also warn of routine surveillance of large portions of the population:
It could be used to authorize, in effect, surveillance across governments in Canada, and abroad, for virtually unlimited purposes. Such a state of affairs would be inconsistent with the rule of law in our democratic state and contrary to the expectations of Canadians.
David Flaherty’s examination of the history of the Privacy Act in Canada emphasized the weakness of the law well before Bill C-51. He noted that it is already regarded as “highly inadequate for the needs of the 21st century.” Yet rather than address decades-old issues with the Privacy Act, the government is proposing to eviscerate it by opening the door to widespread sharing of information across government departments and beyond with few limits or safeguards. Indeed, Bill C-51’s information sharing provisions likely represent the most significant reduction in public sector privacy protection in Canadian history.