Appearance before the Senate Standing Committee on National Security and Defence (SECD) on C-59, An Act respecting national security matters

April 29, 2019
Ottawa, Ontario

Opening statement by Daniel Therrien
Privacy Commissioner of Canada

(Check against delivery)

---

Good morning, Madam Chair and members of the Committee.  Thank you for the invitation to speak to you today on Bill C-59.  In my statement today, I will address issues related to information sharing between departments, namely Part 5. I will be glad to answer any questions you may have later on other parts of the Bill.

I have long been a vocal critic of this bill and its predecessor, Bill C-51, which is now the Anti-terrorism Act of 2015. While I have always recognized the legitimacy of anti-terrorism measures and in particular the need to identify new threats to national security through information sharing between federal institutions, I have consistently cautioned that this must be done in a manner that respects privacy.  Specifically, I have suggested that the “law should prescribe clear and reasonable standards for the sharing, collection, use and retention of personal information, and compliance with these standards should be subject to independent and effective review mechanisms.”

I am generally pleased with the amendments that have been adopted in the House of Commons and note that many of my recommendations were adopted, quite often in a slightly different manner but with a very similar result. My primary criticism with C-59 at the time of tabling was that a deficient standard for information sharing – that is relevance rather than necessity – could lead to overly broad collection with significant risks for law-abiding individuals.  I had recommended that the Bill be amended to impose on recipient institutions retention and destruction rules for personal information that does not meet or no longer meets the recipient’s threshold for collecting the information.  It was amended to require institutions to destroy or return information that is “not necessary for the institution to exercise its jurisdiction, or to carry out its responsibilities”.  While this is not exactly what I had recommended, I believe it gets us to a very similar place, namely a sensible necessity test. 

As to oversight of national security activities, I remain of the view that effective review of national security activities must include both parliamentary and expert review, and the latter must include both national security and privacy experts. The amended Bill C-59 gives my Office the authority to share confidential information and coordinate our activities with those of the National Security and Intelligence Review Agency. This addresses a real need for collaboration between oversight bodies, but I note that my Office is still unable to share confidential information or otherwise collaborate meaningfully with another committee, the National Security and Intelligence Committee of Parliamentarians.  It remains a flaw that Bill C-59 does not address that problem.

In conclusion, in my view the amended Bill, while not perfect, is now fairly balanced and clearly an improvement over the current law. I therefore recommend that it should be adopted.

Again, I would be happy to answer any questions you may have.