Protecting Personal Information in a Globalized Environment

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Remarks at the 2009 Access and Privacy Conference

June 12, 2009
Edmonton, Alberta

Address by Chantal Bernier
Assistant Privacy Commissioner of Canada

(Check against delivery)


The starting point of my presentation is this: globalisation has so fundamentally changed the context for access and privacy, that we must revisit the very principles at play and adjust our role in protecting them.

What I would like to do today is, first, set the stage as to what it means to be in a globalised environment – what is old, and therefore hasn’t changed. What is new, and therefore forces, in my view, a re-thinking of approaches, concepts and rules.

Second, I will try to identify how these changes challenge our roles and ways of balancing access and privacy,

And finally, I would like to put to you some thoughts for relevant strategies in light of these new challenges.

So let‘s first take stock of what‘s old - What have we always had to contend with in the balance between access and privacy that is still with us? Quite simply: human nature.

The tension between access and privacy is as old as humanity. Anthropologists, psychologists or sociologists – think of Robin Dunbar in Grooming, Gossip and the Evolution of Language, covered in a very interesting article in the October issue of American Scientific Mind, – or lawyers - think of Daniel Solove in the Future of Reputation – remind us that we have always sought information about others and been protective about our own information as a way to control our social environment.

Robin Dunbar in fact puts forward a sort of Darwinian theory of human evolution where she says that the most successful at accessing information about others were the more socially successful, thus breeding more “information seekers”. Information about others gives us control over them, and over our place among them.

It is a factor of social success. It is a factor of personal protection.

Conversely, of course, information about us gives others – the state, other individuals – control over us. Hence the precious nature of privacy, that protects personal information.

So that is what is old: our irresistible desire to know about others. What is new it that it is now facilitated by seemingly limitless opportunities with also seemingly limitless impact. So let’s look at what’s new.

There are many definitions of globalisation but I chose this one - “A world without walls” -, first because I thought it illustrates, almost through an image, the idea of access and privacy. Secondly, because it comes from Bill Clinton. Considering what he’s been through, I thought he would know what it means to experience access and privacy – or lack thereof - in a globalised world.

Three main thrusts of globalisation are challenging the realm of what is private and what is accessible:

  • Information technology – which allows unprecedented diffusion and therefore unprecedented access;
  • Empowered citizenry which means much higher demands for accountability and therefore for information, including personal information; and
  • Interdependency which fragments decision-making power and jurisdictional regimes, including over the protection of information.

Let me briefly explore each.

1. Information technology

We all know, and it has been repeated so many times, that the Internet has completely changed the territory of information and therefore the territory of privacy. Availability of information is now instantaneous and wide open.

What has also changed is our hunger for information. For example, why did over 50% of Americans want to know about Bill Clinton’s sexual dalliances? Because they could. Because the information was widely available.

And yet, how was it a matter of public interest? John Kennedy was never subjected to such indiscretions… Is it of any public relevance? Again, Robin Dunbar puts forward an explanation for that in her book that relates directly to information technology.

She suggests that, because our brains are hard wired to want to know information about those in our social environment, and because information technology brings in our social environment information even about far away public figures, our brains are tricked into believing that information about them is necessary to control our environment.

So we are hungry for personal information because we can get it. And we fail to take the proper distance between what we should know about another person’s personal information and what we should not know. Hence the vast array of indiscretions on Facebook and the Internet. Hence the public demand for even personal information about public officials under the pretext of verifying character, even removed from the exercise of duties.

Governments are just as hungry. Arguing public policy imperatives to gather statistics or the need to increase surveillance to ensure public safety and national security, governments collect and share significantly more personal information than even 10 years ago.

Moreover, sources of information are multiple, escaping physical control – what David Loukidelis refers to as “the decline of practical obscurity” which came with paper records.

Not to mention how flippant we are in creating written documents on the Internet, on email, on Twitter, Facebook, blogs. OOPS – it is so easy to press send too quickly. In a globalised world, there is very little room to hide once it is gone.

The challenges of protecting personal information in a globalised world are completely new.

These developments of information technology actually feed the second main thrust of globalisation I want to address, one that really impacts governments, public institutions and public officials. And that is empowered citizenry.

2. Empowered citizenry

A relatively few years ago, power was held by a few over many, illiterate, uninformed and disengaged.

Now, citizens are informed, and if there’s one thing they know, it is that they want to know more.

Through globalisation, and therefore massive mobilisation, solidarity movements, internationalisation of social movements, grass root activism grows in breadth and in strength. Thomas Friedman explains it so clearly in The World is Flat: it isthe consequence of “uploading” local data to the international level, as well as downloading international data to the local level.

This unprecedented level of citizen engagement puts such a pressure on the concepts of accountability that they challenge the limits between public and personal information.

So to respond to this new level of hunger for information, new mechanisms of accountability are created: The Integrity Commissioner, the Lobbying Commissioner, Proactive Disclosure, and the rules they impose tread on territory traditionally considered personal: what hotel do I stay at on a trip? Where did I go for a business lunch? Who did I call on such a day?

Empowered citizenry forces a new approach, in the realm of public governance, between access and privacy.

3. Interdependency

Finally, the third main thrust of globalisation is interdependency.

Issues are no longer approached unilaterally because they can no longer be contained within the jurisdiction of one decision-making body. Look at the pressures of the Western Hemisphere Travel Initiative. We have the Enhanced Drivers License to respond to a foreign state’s request for a new level of personal information. It is external pressure on domestic policy.

Through multilateral processes States relinquish some of their sovereignty. International lawyers, such as Karim Benyekhlef from the University of Montreal, in his latest book on the impact of globalisation on the international legal norm, speak of the “mutation of sovereignty” and the emergence of global governance.

In relation to privacy and access, this phenomenon challenges our power to protect both. Look at what happened to Maher Arar.

Information about a Canadian citizen was used by a foreign State to send him to torture to yet a third foreign state.

On a more positive note for privacy, look at what happened to the U.K. DNA Databank; a multinational court, the European Court, declared some aspects of the U.K. DNA Databank to be contrary to fundamental rights of privacy.

4. Impact on Protection of Personal Information

So if that is what’s new through globalisation – how does it impact our work on access and privacy?

In a nut shell: we have to be more vigilant than ever before and have to adapt to a changing balance in the protection of personal information. How:

  1. I started by saying that the “delicate balance” between access and privacy was rooted in human nature. So first, we, guardians of that balance, must keep abreast of how people, our society, are evolving in relation to that balance. For example, as we are preparing to examine CATSA’s Integrated Check Point which would send an image of a passenger undressed to a CATSA officer, we discover that the sense of privacy varies among persons, age groups, women, men, different cultures…

So the strategy to apply is to conduct surveys and focus groups to ensure we are responsive to Canadians’ expectations in relation to privacy, as well as feed a healthy public debate on these issues. It also means that, as much as possible, we must bring institutions to pursue their legitimate collection of information through a few options, to adapt to an individual sense of privacy.

  1. Second, to address the new technological developments, we have to push for information management regimes that are adapted to the volume, sensitivity, and control challenges that come with the new nature and methods of information collection and sharing. Specifically, this means helping organisations set up structures and policies for electronic exchanges such as assign Chief Privacy Officers, develop protocols around electronic exchanges, increase privacy training for all staff and reinforce electronic security systems.
  1. Third, we have to become technological wizards to respond to the challenges of moving from paper information to electronic information. At the OPC we are concluding an Audit on wireless communications in six federal departments. We worked on the recently tabled Anti-Spam legislation – the Electronic Commerce Protection Act – as a step in the safeguarding of our electronic infrastructure by curbing malware.
  1. We also have to cooperate with cybersecurity experts and initiatives as they protect the infrastructure, while we protect the content. I am referring to cybersecurity initiatives as announced by Public Safety Minister Peter Van Loan in April or the appointment of a Cybersecurity Czar in the White House announced by President Obama. These are natural allies.
  1. Fourthly, we have to support government institutions in the redefinition of the proper balance between information sharing and privacy – take the example of the 2009 report of the Auditor General of Canada where she, once again, laments the fact that the national security agencies, in her view, have not yet found the proper balance between sharing information that is crucial to keep the country safe – such as the criminal ties of persons working in airports – and the right to privacy.
  1. We must also be ahead of all emerging trends and technologies that increase the risk to privacy – The OPC has identified four priorities precisely to ensure responsiveness to emerging trends:
    • developments in genetics;
    • national security measures;
    • information technology and
    • identity management

What it means is that our research activities in particular, focus on these four areas.

  1. Finally, we need to continue to push for legislative reform to respond to the reality of globalisation: the Privacy Act must be modernized in particular to cover monitoring activities, not just recording, and to increase the OPC’s oversight of information sharing with foreign institutions.

So, where are Canadians on all this?

  • Our last EKOS poll surveyed over 2000 Canadians this year and found that:
    • 9 out of 10 were concerned about the impact of new technology on their privacy and that
    • Almost 50% worry that public safety measures will needlessly infringe upon their privacy.
    • Only 1/3 were confident that organisations handling their personal information had adequate safeguards to protect it.
    • Over 60% of them said privacy was one of the most important issues facing the country in the next 10 years.

On that, we have our work cut out for us. I suggest that we go about it with new approaches that position privacy not as an antagonism to the new challenges of a globalized world but rather as an integral part of it to preserve our age old, human rights. I look forward to hearing your views on that.

Thank you.

Date modified: