This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Ottawa, November 8, 2001 - The Privacy Commissioner of Canada, George Radwanski, today sent the following letter to the Hon. Anne McLellan, Minister of Justice:
Dear Minister McLellan:
Three weeks have now passed since I brought to light an extremely serious deficiency in your Anti-Terrorism Act that would have the effect of needlessly and unjustifiably stripping all Canadians of assured legal protection for their fundamental privacy rights.
I want to emphasize from the outset that I have not been challenging the stated intent or policy thrust of the provisions in question. On the contrary, my concern is that - presumably because of drafting imperfections caused by the great time pressures under which the Bill was written-the provisions go intolerably far beyond their stated intent. Unless the government is deliberately seeking to rob Canadians of their privacy rights, this is purely a technical problem, and I have been recommending simple technical fixes.
Yet over the past three weeks I have been unsuccessful in my efforts to obtain a meeting with you, despite the importance of this matter. I have had a number of meetings and conversations with top Justice Department officials. But it is deeply disturbing that I have to date received no clear assurances or undertakings that the deficiencies I have identified-and which no one has disputed-will in fact be remedied through appropriate amendments.
Therefore, I am sure you can appreciate that I would not be fulfilling my responsibilities to Canadians if I waited passively in the hope that the right steps will be taken.
In this matter, the buck stops with you. The ultimate responsibility for determining whether the crucial rights of Canadians are to be respected or brushed aside rests not with officials, but with our elected representatives-in this instance, specifically with you as the Minister of Justice who has introduced this legislation.
Accordingly, I am writing today to appeal to you personally-with all the vigor at my disposal-to ensure that the Bill is amended to prevent the privacy rights of Canadians from being needlessly and unjustifiably stripped away through provisions which vastly exceed their intended purpose.
In the alternative, which I very much hope does not arise, I would respectfully request that you publicly and forthrightly explain why my analysis of the potential impact of these provisions as currently written is wrong, or specifically why the government needs the mammoth powers to negate all privacy rights that the current provisions would confer. And I would further request that you then defer a final decision on amendments until there has been sufficient time for reasoned public debate of any such explanations.
It is simply not acceptable, in my view, for provisions that would strip Canadians of all legally assured privacy rights to be rushed through Parliament under a cone of silence, without very specific justification and debate of their merits. Nor does it suffice to provide vague assurances that the enormous discretionary powers in question would never actually be used. We live in a country governed by the rule of law, not in a place where the authorities are endowed with unfettered power that the people must hope will only be used kindly and well.
Let me briefly summarize the concerns that I have raised:
In a briefing by Justice Department officials before the Bill was introduced, I was told that there would be amendments to ensure that the right of individuals to access personal information about themselves under the Privacy Act and the Personal Information Protection and Electronic Documents (PIPED) Act could under no circumstances lead to the disclosure of information detrimental to Canada's security.
Sections 21 through 25 of the Privacy Act already provide comprehensive exemptions from the requirement to provide individuals with access to their personal information if it could be detrimental to security, defence, international relations, lawful investigations, and a number of other considerations. There are similar exemptions in the PIPED Act.
In any event, the Privacy Commissioner does not have the authority to disclose, or to order the disclosure of, any information whatsoever. He is an ombudsman who can only investigate complaints and make recommendations. However, both the Privacy Act and the PIPED Act do provide for subsequent review by the Federal Court which could order disclosure, though it has done so only four times since the Privacy Act has been in existence.
It is this loophole that the provisions in question were intended to close. But as drafted, they take a quantum leap beyond their intended purpose.
Section 104 of the Anti-Terrorism Act would, first, insert in the Privacy Act a provision which states:
"The Attorney General of Canada may at any time personally issue a certificate that prohibits the disclosure of information for the purpose of protecting international relations or national defence or security."
The difficulty is that because the scope is not limited to information about a given individual, there is nothing to prevent the Attorney General from issuing blanket certificates. There could be certificates prohibiting all disclosure under the Privacy Act by a whole agency or department-for instance, the Communications Security Establishment, the RCMP or Citizenship and Immigration. There could, indeed, be a certificate or certificates covering every agency and department of the federal government.
This is made even more ominous by the next proposed provision, which would amend the Privacy Act by stating:
"This Act does not apply to information the disclosure of which is prohibited by a certificate under subsection (1)."
Again, there is no limitation of scope. If a certificate is issued, the Privacy Act in its entirety - not just the parts dealing with the right of individuals to access their personal information-does not apply. That means the issuance of a certificate nullifies the application of all the Privacy Act's protections and safeguards regarding the federal government's collection, use, matching and disclosure to third parties of personal information about Canadians. And if blanket certificates were issued, the whole Privacy Act itself would effectively be nullified.
The effects of this would not be merely abstract or theoretical. The withdrawal of existing privacy protections could have devastating practical impacts on the lives of ordinary Canadians. Let me cite just one example:
Applicants under the Firearms Program are required to provide highly sensitive personal information about past suicide attempts, emotional problems, treatment for alcohol or drug abuse, relationship breakdowns or job loss. The protection provided by the Privacy Act prevents this information from being used or disclosed for any purpose outside the Firearms Program. If the Privacy Act were nullified by ministerial certificate, there would be nothing to prevent information about someone's past emotional problems or alcoholism, for instance, from being provided to that person's employer or a relative, with incalculable and irreparable consequences.
Government holds vast amounts of information about every individual. The Privacy Act sets out clear rules to keep this information from being misused or abused, and provides recourse for Canadians if these rules are violated. Withdrawing this protection by ministerial decree-or even transforming it, as these provisions currently propose, from a legally certain right to a privilege that can be withdrawn by the government at any time through a flurry of certificates-would be a matter of the greatest gravity.
I have accordingly recommended two alternative approaches to narrowing the scope of these provisions to what had been intended in the first place.
The first approach, which I made public three weeks ago, would have ministerial certificates apply only to review by the Federal Court of requests for access to personal information.
A second approach, which I have subsequently communicated to top Justice Department officials, is an even more technical fix, which would retain the structure of the current proposed provisions and add only a few clarifying words to each. Though the exact drafting may vary, the provisions-with the clarifying additions underlined below-would read approximately as follows:
"The Attorney General of Canada may at any time personally issue a certificate that prohibits the disclosure of information about an individual for the purpose of protecting international relations or national defence or security."
This would prevent the issuance of blanket certificates. The second provision would likewise be amended, to ensure that a certificate nullifies only the access provisions-and not all the other protections-of the Privacy Act:
"The provisions of this Act regarding access by individuals to their personal information do not apply to information the disclosure of which is prohibited by a certificate under subsection (1)."
Corresponding technical fixes should be applied to Section 103 of the Anti-Terrorism Act, which deals with the issuance of certificates under the PIPED Act.
I am at a loss to understand why it has not been possible to obtain any confirmation from you or your officials that reasonable and necessary changes along these lines will be made. The only possible explanations that come to mind are ones that I - and, I am sure, all Canadians-very much want to believe could not enter into the thinking of this government.
It would be deeply wrong for you and the government to inflict a crippling blow on the privacy rights of all Canadians, simply out of a reluctance to admit that there are imperfections in the original drafting of the Bill or out of a wish to limit the number of amendments.
It would likewise, in my view, be totally inappropriate to yield to a temptation to keep these excessive and unnecessary powers intact on the reasoning that, although they were introduced in error, they might turn out to be handy some day. And, of course, there could be no possible excuse for using the cover of anti-terrorism legislation to wipe out privacy protections that have nothing to do with the terrorism issue, merely because respecting privacy can sometimes be inconvenient.
Finally, if the real target of these provisions is concern about possible security issues arising out of the application of the Access to Information Act, there could be no justification for insisting on applying identical measures to the privacy laws out of some misplaced desire for symmetry. It would be wrong to do so for at least three reasons:
First, while access to information is an important administrative right that may lead to better government, privacy is a fundamental human right that is essential to the freedom and dignity of the individual. Any parallelism between the two is more apparent than real, because they rank very differently in the hierarchy of rights.
Second, there is a vast practical difference between being able to access general information about the activities of government, and being able to exercise rights of consent and control over personal information about oneself. It is not unusual, in times of war or grave crisis, for governments to impose various kinds of censorship on sensitive information about their activities. It is an altogether different matter to tell Canadians that all their privacy rights, most of which have absolutely nothing to do with the current crisis, will no longer necessarily be respected.
And, third, blanket certificates under the Access to Information Act that made the whole Act inoperative would still only have the effect of preventing the disclosure of information. Such certificates under the Privacy Act would have vastly wider consequences, because they would remove all restrictions on the collection, use and sharing of personal information.
It is up to my colleague, the Information Commissioner, to address in his own way the implications of this legislation for the Access to Information Act, as he has been ably doing. I want only to emphasize here that provisions affecting our respective acts need to be treated independently on the basis of their respective objectives, merits, and consequences. A one-size-fits-all approach cannot do justice to the rights of Canadians.
In closing, I wish to draw to your attention that the deficiencies that I have identified can only be remedied by amendments that specifically address them.
I agree with the Prime Minister's stated view that sunset provisions are not the best way to protect important rights. If new anti-terrorism provisions are demonstrably necessary, carefully considered and strike the right balance between protecting rights and enhancing security, they can remain in place for an indefinite period. If they are unnecessary, ill-considered or unjustifiably invasive of our fundamental rights, they should not be the law of the land for five years, five months or five days. We should do it right, or not at all.
This is particularly true in the case of privacy rights. If someone's privacy is shattered, it can never be restored or repaired, because information that is wrongly shared or misused can never retroactively be made unknown. If the life of a Canadian is ruined by an inappropriate use of his most sensitive personal information, or by an information error that he is unable to access and correct, he will have small consolation in knowing that privacy rights may be restored years later by sunset provisions.
I am sure you can also appreciate that the appointment of a new commissioner to oversee the Anti-Terrorism Act, as recommended by the Senate committee, would only make matters worse, not better. There are already Officers of Parliament, myself included, fully mandated to exercise oversight over the various rights that are affected by this new legislation. Creating a superfluous new position - occupied by a newcomer with a steep learning curve and lack of the experienced, expert staff resources to whom I and my fellow Officers already have access-would create jurisdictional overlaps and weaken, not strengthen, oversight. That would be totally unacceptable.
It may be that you are already taking all the appropriate steps to ensure that the C-36 will in fact be amended to ensure that the provisions in question are restricted to their intended purpose. If so, then I hope that this letter will serve only to reaffirm that such amendments are crucial and in the best interests of Canadians.
But since I have not been able, to date, to obtain any clear assurances that these grave deficiencies will indeed be effectively remedied, it is my duty as Privacy Commissioner to appeal to you today to ensure that your important legislation to better protect Canadians does not have the unintended, unnecessary and unjustifiable effect of stripping them of the assured privacy rights to which they are fundamentally entitled.
Privacy Commissioner of Canada
- 30 -
For more information, contact:
Office of the Privacy Commissioner of Canada
Tel.: (613) 995-0103
- Date modified: