Bill C-36, the Anti-Terrorism Act
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Testimony to the House of Commons Standing Committee on Justice and Human Rights
October 23, 2001
Privacy Commissioner of Canada
(Check Against Delivery)
Following is the testimony given by the Privacy Commissioner of Canada, George Radwanski, concerning Bill C-36, the Anti-Terrorism Act, to the House of Commons Standing Committee on Justice and Human Rights, on October 23, 2001:
I have said since I took on this position just over a year ago, that I believed that privacy would be the defining issue of this decade for a whole variety of reasons. It may well be that in the light of the developments since September 11, that will be even more the case, because privacy is a fundamental human right, recognized as such by the United Nations, and of course in our own laws. It is a core value of Canadian society.
How we respond with regard to fighting terrorism while at the same time safeguarding our core values will be really a key determinant of whether terrorism succeeds in the goals it has, which is undermining the very nature of our society.
Let me be very clear from the outset. As Privacy Commissioner, and as an Officer of Parliament, I have absolutely no intention of opposing or even trying to stand in the way of measures that are appropriate and necessary to enhance the security of Canadians in our current circumstance.
At the same time, however, it is equally my duty as an Officer of Parliament and as the Privacy Commissioner to speak out loud and clear against any unnecessary violations of the privacy rights of Canadians in the name of combating terrorism.
I would suggest to you that any specific measure that is introduced in the circumstance that would restrict or limit privacy needs to be tested carefully, calmly, on a case-by-case basis against several criteria.
First, it has to be demonstrably necessary to address a specific problem. Second, it must be demonstrable that it is likely to be effective in addressing that problem. In other words, if we're not doing things simply to make ourselves feel safer rather than be safer. Third, the degree of intrusion or limitation of a fundamental right like privacy, has to be proportional to the security benefit being pursued or to be derived. Finally, it should be demonstrable that no less privacy intrusive measure would suffice to achieve the same result.
That being said, I find overall this legislation to be a well-balanced, well thought-out effort to enhance security to give law enforcement authorities the measures they need to be able to effectively seek to combat terrorism, while at the same time respecting privacy rights that are maximum possible.
I say "on the whole" because there is one provision that gives me enormously grave concern, or one set of provisions. I requested from the Minister of Justice and received a briefing in advance last week, in advance of the release of the bill, telling me the general directions that would effect privacy. Because my suggestion was that if there were areas of concern, it would be better to try to see if there were privacy friendly ways of addressing it before the fact.
In the course of that briefing, I was told that there would be a provision enabling the Minister of Justice as Attorney General, to issue a certificate that would prohibit the release of information, personal information under the Privacy Act, for reasons of security, international relations, or defence considerations.
This was explained to me as being necessary for reasons of security, international relations or defence considerations. This was explained to me as being necessary in order to ensure that other countries would not hesitate to provide Canada with very sensitive anti-terrorist information.
I pointed out at that time that as an ombudsman, I don't have the power to order release of information, and in fact there are absolute exemptions for things like national security under the Privacy Act, and in fact in the private sector legislation as well. The most I can do in any event is advise, and where that exemption is claimed, there's an injury test that's outside even discussion, but in any event I can't release.
The information I was given was that yes, that's true, but because my findings can then be taken to the Federal Court of Canada for review, there was a possibility, however remote, that some Federal Court judge might decide to release highly sensitive information, and for this reason there had to be such a provision, because otherwise other countries might be spooked even by the hypothetical possibility.
I could live with that, if that's as far as it goes, because, as I say, I don't have the power to release anyway. The difficulty is that the way sections 103 and 104, dealing respectively with the private sector act and the Privacy Act are drafted, it goes far, far beyond that. I am most concerned with section 104, the Privacy Act that governs the federal government.
The first part, section 104, the amendment which would be 70.(1), says:
The Attorney General of Canada may at any time personally issue a certificate that prohibits the disclosure of information for the purpose of protecting international relations or national defence or security.
It then goes on to say: "This act does not apply to information, the disclosure of which is prohibited by a certificate under subsection 1".
It is the second provision that gives me the greatest concern. What this means in effect is that if the minister issues a certificate, first of all, and the act does not apply, not only can the information not be released, which it wouldn't anyway, but there is no longer oversight.
The Privacy Commissioner can no longer review the information in question, as I can now and of course I'm security cleared to the highest level, I can see Canadian Security Intelligence Service (CSIS) files. The Privacy Commissioner would not even be able to recommend to the minister on a case-by-case basis that maybe the certificate is too broadly drawn, or that maybe some information could be released to the individual. Bear in mind, we're only talking about releasing to individuals information about themselves under the Privacy Act. There would be no such oversight.
Of even greater concern is the fact that the way these two provisions are drawn, there is nothing in the law to prevent a minister from issuing a certificate pertaining not to an individual, but to an entire agency or department, or for that matter to the government as a whole.
The way the law is written, the minister could issue a certificate that says, disclosure of information by CSIS, the Canadian Security Establishment or a department of government, or indeed all departments of government, could be taken off the table. At that point, not only would there be no possible disclosure and no oversight of that, but according to this, all the other provisions of the Privacy Act would not apply. So there would be no limitations on how the information could be used, combined, shared or disclosed.
In effect, these provisions could be used to nullify the Privacy Act by ministerial fiat. Without getting into the question of whether there would be any intent to do so, there should not be in the act a back-door mechanism to gut or take out of commission all or part of the application of the Privacy Act.
The one final thing that I do want to emphasize briefly is that these amendments have been treated in effect in tandem with amendments to the Access to Information Act. I think, without commenting on the merit of those, they need to be regarded separately for three reasons.
First of all, privacy is a fundamental human right. Access to information, while important, is an administrative right. Secondly, there is a distinction between access to information about government and the activities of government pertinent to a security situation. In a time of war, it's not abnormal to have restrictions on the information disclosed by government. Disclosure to individuals about information about themselves and the application of a fundamental right to privacy is a different matter from a point of view of permitting individuals to ensure that information is accurate.
Finally, if there are provisions that say in effect that the Access to Information Act does not apply if a certificate is issued, that means only that no information can be issued. If that applies to the Privacy Act, it means that other aspects of a fundamental right are also abrogated. Aspects around the collection, use, sharing, combining, etc. of information and privacy protections are removed outright.
- Date modified: