Global Privacy Standards for a Global World

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Remarks at the Electronic Privacy Information Center

November 3, 2009
Madrid, Spain

Address by Jennifer Stoddart
Privacy Commissioner of Canada

(Check against delivery)


It is clear that privacy rights are under stress.

The rate of technological change seems to be in a constant state of acceleration. This can be exciting, as it means we are seeing new applications, new tools and new business models appear almost every day.

This technological change has also resulted in a dramatic shift in the way in which people communicate and collaborate – the presence of so many privacy advocates in this room is one dramatic example of how these tools can unite a community.

Unfortunately, it also means that we, as individuals, are under near constant attack.

Surveillance equipment, data mining algorithms and behavioural analysis techniques are being launched daily to solicit or scrape every possible piece of data about our preferences as a consumer, an elector or a citizen.

Privacy regulators are only just beginning to develop the appropriate rules of engagement in this new wired world.

The civil society resolution being discussed today accurately identifies a number of ground breaking instruments – the Council of Europe’s Convention 108, the OECD’s Privacy Guidelines, and the EU’s Data Protection Directive.

The Canadian approach to privacy protection has been described as the “middle ground” between the U.S.A and Europe. This only makes sense. Canada is a hybrid legal culture. We draw heavily upon British and French traditions in most legal areas.

We also owe a heavy debt to the influence of contemporary political developments in both the European Union and the United States.

As an Office, we focus a great deal of energy on how privacy issues can be addressed cooperatively and on a global basis.

I know that I have met many of the people in this room and at this conference while working with committees and volunteer groups organized by the OECD, APEC and other international organizations.

I have found our work is eased by the common fair information practices that underlie many of our privacy protection frameworks.

It is only appropriate that the declaration not only reminds countries of their obligations under existing frameworks, but encourages others to establish similar regimes at home.

In Canada, the architects of the Personal Information Protection and Electronic Documents Act had the foresight to create a law which is technology neutral. They couldn’t possibly have anticipated the rise of so many innovative technologies, or that they would be adopted so rapidly and so thoroughly across our society.

There are many new areas where we’re asking the question: How does society reconcile the technological benefits and the privacy impacts of new technology?

In the past year alone, we have investigated complaints that dealt with impersonation on a social network, the appropriate treatment of personal information shared on a social network, the possible collection of personal information through the use of deep packet inspection technology, and more mundane applications like biometric identification and driver’s license scanners.

We have spoken loudly, in partnership with our colleagues in provincial, territorial and international privacy commissioner’s offices, to slow the implementation of technologies like enhanced driver’s licences at borders, body wave scanners at airports, and generalized surveillance of society in general.

We have even risked public criticism for demanding that popular applications like Google Streetview and… god forbid .. Facebook make fundamental changes to their technology and their interface with the public.

All in the name of protecting privacy rights and ensuring that personal information is protected appropriately and securely.

Through all this work, we have found that a number of factors have contributed to our success:

  • Our independence from government. Once again, the resolution under discussion this afternoon highlights an important point.
  • Our ability to rely upon fair information practices common to several jurisdictions.
  • Thanks to the common history of the many data protection and privacy regulations, companies encounter a familiar language when they meet with any of the many data protection and privacy authorities found at this week’s meetings: consent, retention, destruction.
  • Our willingness to work with others to identify privacy concerns in new technologies. Advocates like EPIC, Canada’s own CIPPIC and many others are often the first to examine new technologies and draw our attention to weaknesses to policies, flaws in design or outright poor information handling practices.

Importantly, we work hard to ensure that we are providing  practical and reasonable guidance for companies and individuals.

After all, we do not want to stand in the way of innovation. And who wants to be seen as obstructing new technologies that are convenient, efficient and, significantly, fun.

But we do believe that there is a way – a reasonable way – to ensure that new technologies can ensure that the privacy rights of Canadians –and societies around the world are respected.

There are 10 steps identified in today’s resolution which, if followed, can help further the privacy protections afforded to citizens around the world.

I commend the Public Voice for their work on this resolution, and the many, many organizations and individuals who have leant their support to the resolution.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: