Privacy in a New Era: Challenges, Opportunities and Partnerships
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Public Voice Symposium
September 13, 2004
Address by Jennifer Stoddart
Privacy Commissioner of Canada
(Check against delivery)
I would first like to thank EPIC, Privacy International and European Digital Rights for organizing this symposium. Yours are among the strongest voices in the chorus of privacy advocates. You have been fearless in your challenges to privacy abuses by governments, their agencies and by corporations. And your voices have not only been critical, but also constructive, as you regularly propose sensible measures to redress the imbalances you find.
I would like to quote Lloyd Axworthy, Canada's former Minister of Foreign Affairs, in his recent book entitled "Navigating a New World." This book examines Canada's role in that new world, but at least one comment in it struck a more global chord. "Each and every one of us," he said, "can make a difference to the building of a humane global community relevant to our times."
I would like to apply that observation to the global situation that we face as data protection commissioners and as privacy advocates. If we work together, we can foster a consistently strong set of privacy standards internationally. That is the challenge we must collectively assume. If, however, we work apart, or fail to work at all, if we shy away from difficult issues such as setting limits on the privacy intrusions to deal with fears of terrorism, we risk being left on the sidelines to observe a race to the bottom in terms of privacy standards.
Protecting privacy is no longer — if it ever was — merely a domestic issue contained within our respective borders. The very fact of holding this symposium attests to the international character of privacy issues. Calls for the transborder sharing of personal information for "national security" purposes increasingly echo through the halls of many governments. Exchanges of personal information between governments and between governments and corporations are at the fore of many discussions about privacy today.
We are all familiar with the tug-of-war between the EU and the United States over the release of airline passenger name records to the US government, and the increasing "deputization" of corporations as de facto agents of government in collecting and passing on personal information to government. The US Transportation Security Administration's traveller profiling system known as CAPPS II, for example, would involve private sector firms collecting and sharing personal information with government.
Under the new program designed to replace it, called Secure Flight, the sharing of information will continue. We are seeing some of the same relationships between corporations and government in Canada, again in response to concerns about terrorism. Recent amendments to our federal Aeronautics Act permit our Minister of Transport to require any of 34 categories of passenger information from air carriers and operators of aviation reservation systems.
Privacy advocates, scholars and observers recognize that countering terrorism requires the state to collect and analyse significant amounts of personal information. As we are increasingly aware, the danger lies in reacting by destroying the very foundations of democracy — including privacy in its components of dignity and liberty — in the course of trying to forestall further terrorist acts. We must also not forget the troubling history of social control — that despotic and totalitarian regimes are greatly strengthened by the systematic destruction of privacy.
We cannot defeat terrorism by destroying privacy, however easy a target, and villain, privacy may appear to be. But if we examine our national data protection and security laws, we will often see that we are doing just that. Gaping holes in our privacy laws permit personal information to be shared across borders with governments and international organizations with far too little accountability by either the recipient or the sender. We have made corporations the agents of government, compelling or encouraging them to collect personal information and share it with government. The actions of governments in many countries now threaten one of the most important of those rights that they profess to want to protect — the right to protection from arbitrary interference with one's privacy.
And outsourcing is receiving greater attention as we contemplate the privacy implications of allowing personal information to be processed in jurisdictions that have no or few effective privacy standards.
Canada has very recently confronted the outsourcing issue in a review by British Columbia's Information and Privacy Commissioner, David Loukidelis, of the impact of the USA Patriot Act on the personal information of Canadians held in the United States. The USA Patriot Act, as many of you will know, significantly lowers the standard of proof required for the FBI to obtain a judicial order allowing it access to records held in the United States. But we quickly realized that the USA Patriot Act, while the catalyst for the discussion in Canada about outsourcing, was merely symptomatic of the larger issue — how to protect personal information which flows freely across borders and around the globe.
This issue has resonated with Canadians. They do not want the privacy standards that protect their personal information within Canada to simply evaporate with outsourcing.
And how do we protect personal information from misuse by corporations which are not subject to an effective privacy regime? Although our focus is often on government, we must also be wary about the power of the private sector to intrude, especially in developing societies that are most vulnerable to the flexing of corporate muscles. Corporations face a number of competitive pressures and must compete ever more intensely for markets and lower production costs. Privacy can easily become a casualty in this environment.
We all know the importance of promoting respect around the globe for privacy. We don't want data havens to be used to rob citizens of this planet of their privacy rights. But we face major impediments to fostering respect for privacy globally. Privacy still does not have a central place on the agendas of many international organizations, even if their work can have a profound impact on privacy. Take the example of the World Summit on the Information Society, held in Geneva in December 2003 to discuss the global implications of the digital revolution. Thousands of delegates, including heads of state or government from 60 countries, attended the summit.
Delegates at the summit adopted a declaration of principles which spoke of a commitment to build a development-oriented information society "where everyone can create, access, utilize and share information and knowledge, enabling individuals, communities and peoples to achieve their full potential in promoting their sustainable development and improving the quality of life trade." This declaration was premised on the principles and purposes of the Charter of the United Nations. It spoke of respecting the Universal Declaration of Human Rights.
However, an observer notes in an analysis of the summit, privacy was mentioned only in the context of cyber security. Nothing was said about how modern technology provides unprecedented possibilities for violations of privacy. Not surprisingly, the plan of action that emerged from the summit made no reference to threats to privacy flowing from the digital revolution.
This summit, while no doubt successful on other fronts, typifies the problem. Privacy or informational self-determination is too often neglected as we seek to achieve other societal goals -- economic development, efficient government and national security among them -- rather than being made an integral part of the process.
The international community, through the UN, the OECD and other multilateral organizations, needs to take a more forceful stand against the numerous erosions of privacy we are witnessing. The international community must seriously consider the impact of this loss of privacy on human development. The "Privacy Protection Index" should be an integral part of the Human Development Index. Ultimately, individuals should be confident that their personal information receives the same level of protection wherever it may reside.
We need to make privacy a more highly visible element in international relations, whether they deal with advances in technology or securing agreements on trade. Commercial interests alone must not be allowed to dictate the course of action in trade matters. Trade is crucial for economic development, but privacy, dignity and liberty are essential for human development — and let us not forget that our overall goal is human development alongside economic development.
We also have an obligation to help countries in the developing world which, we must remember, hold the bulk of the world's population. Several of these countries are on the cusp of developing data protection standards, yet they face enormous pressures to limit the protection of privacy.
Corporations exert enormous influence even in the developed world. Corporate influence in the less developed world is even more profound. Many countries in the developing world have little means to meet that influence. They do not have a privacy infrastructure like that of developed countries. They do not have data protection commissioners. They do not have a framework of privacy laws, business codes of ethics, regulatory bodies etc. They also lack the tools and mechanisms for government self-regulation. As well, they often face more immediate economic and social demands for survival that can push concern for issues such as privacy to the back burner.
Developed countries that do have a sound privacy infrastructure are in a strong position to assist those countries that do not. It is both our civic obligation and a practical necessity to be ready to help. It is also a leadership imperative.
One way we can help is through forums such as the APEC privacy initiative undertaken by the Australian government. This initiative has established a regional expert group to develop independent standards for privacy protection in the region. The APEC Privacy Principles that have emerged are still undergoing review, but will undoubtedly exert an important influence on privacy standards in the region. As Professor Graham Greenleaf argues, this initiative may be the most significant international development relating to privacy laws since the European Union's Data Protection Directive.
We need to support such initiatives. We need to bring to the table, not only our financial support, but also our intellectual capital and national experience. We also need to work towards more effective mechanisms for monitoring compliance with the international standards that have emerged to date. Standards are of little value if they can simply be ignored at no cost.
Supporting strong privacy protections around the world is not merely an altruistic endeavour. Ensuring comparable standards for the protection of privacy globally benefits everyone. Leaving gaps in that protection harms us all. As Professors Colin Bennett and Charles Raab point out in their thoughtful book, "The Governance of Privacy," the enforceability of information privacy laws is obviously undermined if organizations can escape strict regulatory responsibilities by instantaneously transmitting those data to other jurisdictions for processing.
The danger, as I said before, is that a failure on the part of the international privacy community to act may leave us watching a race to the bottom in terms of privacy standards. With privacy at the very core of our concept of rights in a democracy, and under threat from so many quarters, none among us wants, or can afford to be, a spectator at that race.
Report a problem or mistake on this page
- Date modified: