Appearance before the Standing Senate Committee on Transport and Communications (TRCM) on the Study on Modernizing Canada's Communications Legislation
October 16, 2018
Ottawa, Ontario
Opening Statement by Daniel Therrien
Privacy Commissioner of Canada
(Check against delivery)
Introduction
Mr. Chair and Honourable Senators,
Thank you for inviting me to participate in your study on the modernization of Canadian communications legislation.
With me today are Brent Homan, Deputy Commissioner of Compliance, and Gregory Smolynec, Deputy Commissioner of Policy and Promotion.
My office oversees compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to the collection, use and disclosure of personal information in the course of commercial activity, including telecommunication companies.
The OPC also shares responsibilities for enforcing Canada’s Anti-spam Law (CASL) with the CRTC and the federal Competition Bureau.
Privacy considerations
Canadians entrust vast amounts of their sensitive personal information to telecommunications service providers in order to gain access to mobile, internet, telephone and television communications in Canada.
Not only does personal information hold vast commercial value, but it is also of considerable interest to law enforcement, intelligence and security agencies. Canadians’ right to privacy must remain top of mind in this context.
The Supreme Court of Canada’s decision in R. v. Spencer was an important step forward in privacy protection.
In its unanimous decision, the Supreme Court held that there is a reasonable expectation of privacy in basic telecom subscriber information.
The Supreme Court agreed that this information could reveal Internet usage and that, absent exigent circumstances (emergency) or a reasonable law, law enforcement officials need prior judicial authorization to obtain such data.
The Supreme Court confirmed that the right to informational privacy includes anonymity which “permits individuals to act in public places but to preserve freedom from identification and surveillance.”Footnote 1
New technologies
The evolution of telecommunication technologies holds serious implications for privacy protection.
Take the example of the set-top box, the device that turns a standard television into a “smart TV,” enabling users to access a wide range of video content found online.Footnote 2
The information from set-top boxes can contain very granular information about individual viewing habits.
Depending on the scale and scope of the information collected, this can reveal very detailed portraits of individuals and can include sensitive information.
My office has provided advice to the CRTC on a program to measure audience viewing habits to ensure that set-top box data is sufficiently anonymized.
Global developments
Other jurisdictions have also been grappling with the regulatory and legal complexities of telco technologies.
The EU is currently in the process of finalizing the text of the new ePrivacy Regulation, which will supplement the GDPR by addressing in detail the confidentiality of electronic communication and the tracking and profiling of Internet users.
South of the border, a recent decision by the U.S. Supreme Court emphasized the importance of protecting privacy as technology advances.
In Carpenter v. United States the Supreme Court held that the Fourth Amendment, which affirms the right to be secure from unreasonable search and seizure, protects location records generated by mobile phones.
The Supreme Court found that individuals have a legitimate privacy interest in their physical location/movements, even if the records were generated for commercial purposes and held by a third party, as “a person does not surrender all Fourth Amendment protection by venturing into the public sphere.”Footnote 3
And the regulatory role of the U.S. Federal Communications Commission in protecting consumer privacy on communications networks is continuing to evolve.
Enforcement
Under Canada’s Anti-Spam Law (CASL), the OPC was given a new role in helping to fight spam and address certain online threats, such as spyware, propagated through our domestic telecommunications carriers.
We have made progress on this front, and we collaborate actively with the CRTC and the Competition Bureau on public education and investigations.
However, I would point out that inter-agency information sharing is limited to very specific circumstances.
If Parliament is looking at modernizing enforcement in this domain, and if I could suggest one change for your consideration to improve how that works, I would ask for more flexibility to share information with the CRTC and the Competition Bureau.Footnote 4
Thank you again for the invitation today and I welcome your questions.
- Date modified: