Statement: Remarks by Privacy Commissioner of Canada regarding his 2019-2020 Annual Report to Parliament
October 8, 2020
Privacy Commissioner of Canada Daniel Therrien made the following statement during a press telephone conference.
(Check against delivery)
Good morning and thank you for joining me to discuss my office’s latest annual report.
I will focus my remarks on what we have learned so far about privacy in a pandemic.
When faced with a crisis, decision-makers tend to take strong actions without giving rights due consideration. We have seen this in the past – most notably after 9-11. So far, things have been better during the COVID crisis.
To be sure, laws that protect rights such as privacy must be applied in a flexible and contextual way during a crisis. This is the approach my office has taken throughout the pandemic. We have made it clear that privacy is not an impediment to public health.
Even during a time of great challenges, rights cannot be just set aside. Privacy laws can apply flexibly and contextually, but they must apply.
This is why we developed a framework to help federal government institutions assess pandemic-related initiatives to ensure respect for privacy as a fundamental right.
We also worked with our provincial and territorial counterparts and issued a joint statement calling on governments to ensure contact tracing applications respect key privacy principles.
These two documents guided us as we have offered our assistance to public and private sector organizations.
Over the last several months, we have seen that technologies are very helpful in ensuring we can continue essential activities remotely and safely.
The net result is a significant acceleration of the digital revolution.
While technologies offer great benefits, they also pose important risks.
For example, telemedicine creates risks to doctor-patient confidentiality when virtual platforms involve commercial enterprises. Remote learning presents similar risks.
Two main lessons have emerged from our work of the past several months.
The first is that privacy and the pursuit of public policy objectives such as public health and economic recovery are not contradictory. They can, and must be, achieved concurrently.
The second lesson is that the acceleration of digitization caused by the pandemic makes even more pressing the need to reform our privacy laws.
Current federal laws are simply not up to protecting our rights in a digital environment.
It is more than time for Canada to catch up to other countries and follow the lead of provincial governments that have recently launched promising new initiatives. All Canadians deserve strong privacy protections.
I would draw to your attention our work on the federal government’s COVID Alert exposure notification application.
We concluded that the app’s design respected all key privacy principles in the framework so Canadians could opt to use it knowing there were very significant privacy protections.
This showed that, when it wants to, the government can implement privacy respectful practices.
Unfortunately, things don’t always go this way.
During our discussions about COVID Alert, government officials made the remarkable statement that current federal privacy laws do not apply to this app.
This assertion certainly gives one pause. An extremely privacy sensitive initiative is defended by the Government of Canada as not subject to its privacy laws. Privacy is considered a good practice, but not a legal requirement. How long can this go on?
Another case in point relates to the voluntary nature of the COVID Alert app and the need to mitigate the risk that businesses and employers may wish to force consumers and employees to use the app and disclose information on the app as a screening measure.
In Canada, it is unclear whether the law would prohibit organizations from compelling the disclosure of information residing in the app, and thus circumventing its voluntary nature. To address this, the government said it would strongly discourage such actions, but it would not go further.
Other countries have legislated to ensure similar apps are completely voluntary. This is a hole in our laws.
Another example came early in the pandemic. The Treasury Board Secretariat introduced interim policy measures that relaxed existing requirements to assess the privacy impacts of new initiatives – but failed to offer adequate replacements.
We asked Treasury Board to remind institutions that even though the usual rules had been suspended, they should apply the relaxed rules having regard to the often-stated government commitment to privacy as a human right, a quasi-constitutional right.
This recommendation was aligned with our view that, during a crisis, laws can be applied flexibly and contextually, but they must still apply.
Treasury Board refused, taking the position that this commitment to privacy as a human right would be inconsistent with the current legislative and policy framework. Again, a remarkable and disappointing statement from the government.
These examples underscore the importance of the second lesson I mentioned a few moments ago – that issues arising during the pandemic highlight the urgency of law reform.
Canada was once a world leader but has fallen behind the rest of the world in the protection of the privacy of its citizens.
Our news release this morning includes a chart that starkly illustrates this point. Many of our trading partners, including innovation hubs like Singapore, South Korea and California, have spent the last decade building up robust protections for privacy.
These jurisdictions have understood that strong privacy laws promote trust in data driven technologies, an essential condition for growth. It is time for Canada to do the same.
I would be happy to answer any questions.
- Date modified: