News Release

International privacy guardians call for greater transparency reporting

Data protection authorities endorse resolution proposed by Office of the Privacy Commissioner of Canada during major international conference in Amsterdam

AMSTERDAM, October 28, 2015 International data protection authorities are calling on governments around the world to boost transparency with respect to lawful access requests for personal information held by companies.

The resolution calls on governments to maintain accurate records and to report publicly on the nature, purpose and particularly the number of lawful access requests they make for personal information and to remove legal or administrative hurdles to transparency reporting.

Meanwhile, commercial organizations are being asked to do their due diligence prior to responding to government requests for personal information. They are being asked to maintain consistent records for reporting purposes and ultimately to produce their own transparency reports outlining the number, nature and legal basis for government requests for access to customer and employee information.

The resolution was proposed by the Office of the Privacy Commissioner of Canada (OPC) and endorsed by data protection authorities attending the 37th International Conference of Data Protection and Privacy Commissioners in Amsterdam.

“Privacy protection authorities around the world are demanding an appropriate balance between security and the protection of people’s privacy. Government departments and law enforcement agencies must be able to account for their information collection and sharing practices. Greater transparency is crucial,” Privacy Commissioner Daniel Therrien says.

“At the end of the day, timely, accurate statistical information will help individuals better understand how and under what circumstances their governments are accessing the personal information they have entrusted to private sector organizations.”

The OPC has been calling for greater transparency for many years and in June published a comparative analysis of transparency reports that have been voluntarily published by some telecommunications and other service providers. The OPC also worked with Industry Canada and provided input into its transparency reporting guidelines for the private sector. The OPC continues to urge all private sector organizations, as well as federal government departments, to issue transparency reports on lawful access requests.

During this week’s meeting in Amsterdam, the Office of the Privacy Commissioner of Canada has also joined international partners in further enhancing agreements and tools to support international cooperation on privacy enforcement issues.

The Office has signed a notice of intent to participate in the Global Cross Border Enforcement Cooperation Arrangement that was endorsed during last year’s conference.

The Arrangement facilitates cooperation between authorities and the sharing of confidential information related to enforcement actions. For example, it could enable several data protection authorities to work together to respond to a major data breach.

“In today’s global marketplace, privacy violations can impact many people in many jurisdictions simultaneously. This agreement will greatly improve our ability to work side by side with international privacy authorities in addressing privacy risks that transcend domestic borders" Commissioner Therrien says.

“It is a critical next step in terms of our efforts to work together in a timely and effective way to improve privacy protections, not just for Canadians, but for people around the world.”

This builds on another recent initiative by the Global Privacy Enforcement Network (GPEN), a consortium of international privacy regulators, which this week launched the GPEN Alert tool. The new secure web portal will allow participating authorities to confidentially share information about investigations. So far, eight data protection authorities, including Canada, have signed on to the initiative.

About the Office of the Privacy Commissioner of Canada

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada. The Commissioner enforces two laws for the protection of personal information: the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private sector privacy law.

- 30 -

For more information, please contact:

Tobi Cohen, Office of the Privacy Commissioner of Canada
E-mail: Tobi.Cohen@priv.gc.ca

NOTE: To help us to respond more quickly, journalists are asked to please send requests via e-mail.

Date modified: