Study of Motion 428 - Electronic Petitions

Submission to the House of Commons Standing Committee on Procedure and House Affairs (PROC)

November 26, 2014

Joe Preston, MP
Chair, House of Commons Standing Committee on Procedure and House Affairs
Sixth Floor, 131 Queen Street
House of Commons
Ottawa, Ontario  K1A 0A6

Dear Mr. Preston:

I would like to thank you for seeking the views of the Office of the Privacy Commissioner of Canada regarding Motion 428, which concerns the establishment of an “electronic petitioning system that would enhance the current paper-based system”.

As you are undoubtedly aware, the Privacy Commissioner’s mandate is to protect and promote the privacy rights of Canadians. The Office of the Privacy Commissioner is therefore responsible for ensuring compliance with two Acts: the Privacy Act, which applies to the federal public sector, and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to the private sector. 

However, the Privacy Act and PIPEDA do not apply to Parliament, the members of Parliament or political parties. Nevertheless, beyond the strict applicability of the Privacy Act and PIPEDA, privacy remains a core value of our society and reflects both the way citizens want to interact with each other and the way they want their elected officials and Parliament to handle their personal information—with care and respect.

Therefore, it is in relation to the privacy principles that we submit the following points for your consideration:

The application of PIPEDA is based on ten principles: (1) Accountability, (2) Identifying Purposes, (3) Consent, (4) Limiting Collection, (5) Limiting Use, Disclosure and Retention, (6) Accuracy, (7) Safeguards, (8) Openness, (9) Individual Access, and (10) Challenging Compliance. These principles stem from the fair information principles adopted internationally and included in many national personal data protection laws.

The issues and causes with which a citizen is associated are very indicative of his or her political leanings and thereby represent personal information that is both sensitive and attractive. In addition, the number of individuals associated with a particular electronic petition would be exponentially greater than the number signing a paper petition, and with the electronic format, it would be possible to extract and transfer this information much more quickly and more easily.

In the event that the House of Commons decides to recommend changes to the Standing Orders and other conventions so as to establish an electronic petitioning system—and in view of the fact that the personal information collected in that manner would not be protected under the Privacy Act or PIPEDA—we are of the view that it would be important to also establish an internal code of practice based on the ten principles in order to protect the privacy of the citizens who choose to take part in the democratic process by expressing their concerns through such petitions.

More specifically, we would like to draw your attention to the principle of accountability that would apply to the House of Commons with respect to personal information in its possession or custody.

In order to more easily manage such personal information, we suggest keeping to an absolute minimum the type of personal information that would need to be provided for a signature on an electronic petition to be considered valid. We also suggest limiting how long the personal information obtained would be kept. Lastly, we propose that the server and website used be protected with solid security measures, such as systematic encryption of information.

Another concern we have, and which has already been mentioned by a Committee member at the session on November 6, is that the personal information provided by citizens when taking part in an electronic petition might subsequently be used for data mining by the various political parties.

Using personal information for political targeting constitutes a new use for which the citizens did not give their consent when they decided to sign a petition. For that reason, we believe that the internal code of practice should also strictly limit the use and disclosure of such information to the purposes of the petition process. These limits could be both clearly set out in the code of practice and implemented technologically by limiting access to and reproduction of the data contained in the electronic petition to a small number of authorized individuals.

Furthermore, we are not convinced that it is necessary to publicly post the names and addresses of petitioners—as is being considered in the study—to meet the requirements of democratic openness. In our opinion, there are a number of alternatives that would make it possible to fulfill the duty of openness, ranging from posting just the number of signatories, to posting the number and distribution of petitioners by province, to the disclosure of a given name associated with a province or city. A limitation on the public disclosure of petitioners’ personal information would restrict the likely use of such information by third parties interested in furthering particular interests.

In conclusion, we feel that establishing an electronic petitioning system would reflect the means of communication adopted by society and would make use of technology for democratic purposes. However, as in other areas of activity, new means of communication and new technologies also create new challenges as far as the protection of personal information is concerned. We are of the view that the points set out above would minimize the risks to privacy that an electronic petitioning system might present.

I thank you once again for offering us the opportunity to present our point of view on Motion 428 — Electronic petitions. Feel free to contact us should you have any additional questions.

Sincerely,

(Original signed by)

Daniel Therrien
Privacy Commissioner of Canada

Date modified: