New Technologies and the Protection of Privacy
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Remarks at the Association of Labour Relations Agencies Annual Conference
July 26, 2010
Address by Jennifer Stoddart
Privacy Commissioner of Canada
(Check against delivery)
It is a pleasure to be here today in the company of such distinguished fellow panellists.
Before I begin, I would like to pay tribute to the Association of Labour Relations Agencies for selecting a topic – “new technologies and the protection of privacy” – that is of grave importance to so many Canadians.
I’d like to look at the issue in a couple of different contexts.
The first relates to administrative tribunal proceedings – which often involve labour-relations issues – and the challenge of balancing openness and privacy in the Internet age.
Then I’d like to touch briefly on some of the other work my Office has done in the area of workplace privacy.
Privacy and Administrative Tribunals
A central tenet of our legal system is that justice be administered fairly. Ensuring fairness demands transparency. Justice Morris Fish of the Supreme Court of Canada observed that “[t]he administration of justice thrives on exposure to light and withers under a cloud of secrecy.”
But I would put to you that the principal tension lies between transparency and secrecy, not between transparency and privacy.
Indeed, privacy can and ought to be preserved, even in the pursuit of other imperatives, such as bolstering public confidence in the legitimacy and accountability of the adjudicative process.
My Office has considered this issue in the context of federal administrative tribunals and quasi-judicial bodies. Indeed, we could hardly ignore it, in light of the many complaints we have received after such bodies posted decisions –often containing highly sensitive personal information – to the Internet.
In sharing with you our perspective, let me go back just a bit in time.
Until relatively recently, openness in the justice system was constrained by what is sometimes referred to as the “practical obscurity of paper.”
Typewriters, carbon paper, filing cabinets and rotary-dial telephones served as a natural filter to stem the flow of information.
But, now that anything and everything can find its way online, the consequences for privacy are colossal, and not always positive.
Among other things, unfettered and unfiltered online access rewards prurient interest.
And the exposure is not merely fleeting: Wherever information flows these days, it creates a record that is, for all intents and purposes, permanent – and beyond the control of the original author.
Ultimately, we have to ask ourselves whether it is fair to turn the microscope on individuals when the principal objective of openness is to hold the state accountable.
Openness in administrative tribunals
In considering openness in the context of administrative tribunals and other quasi-judicial bodies, an important point to bear in mind is that these bodies differ from courts in significant ways.
The issues these bodies consider are administrative in nature, not criminal. They may relate to matters without broader societal significance, such as a workplace quarrel or an individual’s claim to government benefits.
Consequently, much of the information that comes up before these bodies is of a personal and sensitive nature, such as salaries, physical and mental health problems, detailed descriptions of disputes with bosses, or allegations of wrongdoing in the workplace.
Other information of questionable relevance may also arise, such as the names of participants’ children, home addresses and places and dates of birth.
In recent years, our Office has investigated several dozen complaints about the online posting of personal information by tribunals.
One Toronto woman, for example, was deeply distressed to find her name, address and the specifics of her disability posted online as part of an appeal relating to her disability pension.
Absent any transgression of broader significance, publication of such private information can be embarrassing. It can also be excessively punitive.
For example, one woman told us that several years after a tribunal decision on her case was posted, she continues to have trouble landing a job.
This even though the institution in question actually applied a technology under which a Google search turns up a largely depersonalized summary of its posted decision. The trouble there was that, with just one further click of the mouse, the full decision popped up, complete with all the names and personal details that the summary sought to downplay. What’s more, a cached version of the full decision continues to float around cyberspace.
Here’s one final concern I have: The risk of having personal details made public could make people reluctant to assert their rights through administrative proceedings. That’s a significant – if passive – barrier to justice.
Privacy Act considerations
Unlike courts, tribunals fall under the jurisdiction of the Privacy Act.
This is not to suggest that the Act be used to conceal wrongdoing. The Act gives tribunals discretion to publish personal information where there is a compelling public interest in disclosure.
I want to underline that that provision has a high threshold. It is not properly invoked where there are less impairing options, such as the use of random initials instead of actual names.
When decisions are anonymized in this way, anybody can read the online decisions and draw lessons from them – even if identifying personal information is withheld.
The Privacy Act also authorizes the disclosure of personal information in accordance with any other law or regulation – such as the tribunal’s own enabling legislation. My Office, however, takes the view that disclosure must be explicitly authorized – it is not enough if the disclosure is merely not prohibited, or if the statute or regulation is silent on the matter.
We certainly want to see an accountable quasi- judicial system. But if this is achieved by publishing decisions on the Internet, then surely the integrity of the decision stands – even without the names and personal details of the parties.
The absence of extraneous personal information should not impede informed public debate about the integrity of administrative proceedings.
Following our investigations, some tribunals agreed to depersonalize their published decisions, leaving in only the information germane to their decisions. Others, however, continue to post whole decisions, including extensive amounts of personal information.
We are not empowered under the Privacy Act to bring this matter before the courts for further guidance.
We are, however, endeavouring to build stronger and more consistent safeguards for Canadians’ personal information.
And so we worked with federal and provincial partners to develop guidelines on what administrative tribunals ought to consider when contemplating the online posting of decisions.
Those guidelines, made public earlier this year, encourage tribunals to be transparent about the specific statutes and other rules governing the handling of personal information – before and during the proceedings, and with respect to the decisions they eventually issue.
Tribunals should advise parties of steps they can take to identify and protect personal information in advance of a public hearing. For example, there’s usually no reason to include personal identifiers such as social security numbers in submissions.
As a best practice, the guidelines urge tribunals to consider whether de-identified or anonymized versions of the decision could be viable alternatives to full disclosure.
And, where names do have to appear online, we recommend that tribunals use web robot exclusion protocols, so that a routine Google-style search by name won’t return the decision.
Privacy and The Workplace
Let’s shift our focus from administrative tribunals to another area of interest to this audience: workplace privacy. I propose in that context to touch on a few issues my Office has explored in recent years:
- social networking in the workplace
- the growing use of GPS devices to monitor the whereabouts of workers and
- voiceprint technologies to authenticate the identity of employees logging in to company computers from remote locations.
Social networking is, without question, a powerful and ubiquitous tool for sharing ideas and information.
Its reception across the private sector may vary but, in government, it is embraced even by the Clerk of the Privy Council, who sees technology as a way for public servants to relate to one another and to the public.
Like any game-changing technology, this one creates challenges as well as opportunities.
In the workplace, for instance, there are productivity issues as workers use social networks to interact with their buddies during work hours. There’s also the heightened risk of malware and viruses infiltrating the workplace network.
And there are privacy issues: Is such activity monitored? If so, is it being done overtly or covertly, and what are the consequences?
Numerous issues have also arisen when workers use social networks outside the workplace: Bosses, for instance, keeping tabs on what employees are saying about them, or doing in their spare time.
Some interesting research, funded through our Office’s contributions program, has come out of Ryerson University’s Privacy and Cyber Crime Unit. It has confirmed a substantial “digital divide” whose fault line lies between the generations:
Workers, who are often younger, believe in something the research dubbed “network privacy” – that personal information is considered private as long as it is limited to their social network.
Meanwhile, bosses, who tend to be older, figure that information posted online is in the public domain and deserves no protection.
OPC fact sheet
In an electronic environment that fosters disclosure because it feels intimate – even when it manifestly is not – misunderstandings can and do arise.
That’s why my Office has developed a fact sheet on privacy and social networking in the workplace.
The fact sheet, which is posted on our website, reminds workers that some organizations may monitor social networking sites to see what their employees are saying about them. In the workplace context, employees should also know that their personal information may be collected, used and disclosed.
Employers, for their part, should understand that tracking employees through personal or work-based social networking sites constitutes a collection of personal information that may be subject to the privacy law applying in their jurisdiction.
My Office maintains that when we choose to share portions of our lives with others online, we do not extinguish our rights to control our personal information.
Workers are entitled to a private life. For the most part, what they do on their own time is none of the boss’s business.
But it’s also fair to remind employees that there will be consequences for “private-time” activities that have a negative impact on an organization. We encourage management to discuss these issues candidly with their employees and, where appropriate, to set the rules down in writing so that everyone is clear.
Voiceprints are another technology that has raised workplace privacy issues. Used by some employers to authenticate the identities of workers, voiceprints are a form of biometric information that is considered to be personal information under the Personal Information Protection and Electronic Documents Act.
Some years ago, several workers complained to my Office that their employer had forced them to consent to the collection of their voiceprints. The prints would serve as a template so that people providing a voice password could access certain business applications.
The employer in this case was Telus, which is in the public record because this case went to court. Telus argued that such a system was more efficient and cost-effective than paper processes and password management. They also argued that the technology helped protect against unauthorized access to the company’s large holdings of customer data.
In the particular circumstances of that complaint, we found that a voiceprint was fairly benign and that there was an appropriate balance between the employees' right to privacy and the employer's need to safeguard customer data. Our position was later tested and upheld in court.
C-29 and consent
Consent was a pivotal issue in the Telus case, and some observers have suggested that amendments to PIPEDA that are currently before Parliament might water down the consent provisions for workplaces.
In fact, under Bill C-29, employers would no longer need to obtain consent for activities needed to establish, manage or terminate the employee relationship.
In practice, however, this proposed change is less radical than it first appears.
Bear in mind that consent is always a blurry concept in the workplace, simply because the power balance between bosses and staff is fundamentally unequal.
The proposed amendment would require organizations regulated under PIPEDA to inform employees in advance that their personal information may be collected, used or disclosed for the purpose of managing the employee relationship.
After that, of course, the existing law still applies. And it says that an organization can only collect, use or disclose information for a purpose that a reasonable person would consider appropriate in the circumstances.
And so we are confident that we will continue to deal with complaints about workplace matters, even after the new provisions come into force.
Global Positioning Systems
The final technology I want to discuss is GPS.
In 2006, my Office investigated a case in which several workers complained that their employer, a telecommunications company, was using GPS to improperly collect information about their movements while on the job.
In our findings, we noted that using GPS to track the location of a vehicle may not be overly privacy invasive. Routinely evaluating worker performance based on assumptions drawn from GPS data, however, can be.
We felt that employers should not use GPS to constantly monitor their workers. If it is used as a surveillance tool, employers need to be clear on when, why and how, and communicate this to staff beforehand.
We recommended that the company draw up a detailed policy on its use of GPS in managing employees. The company also committed to training its managers on the appropriate use of GPS data.
To wrap up, I want to underline that much of what we’re discussing today comes down to a reasonable balance.
In the case of administrative tribunals, the public does have a compelling interest in knowing that such quasi-judicial bodies are functioning in a fair, accountable and just manner.
This principle is valid and compelling, but in this era of rapidly evolving information technologies, institutions must also weigh a competing interest in privacy.
Fortunately, we know there are ways to respect the open courts principle, while also avoiding or minimizing unwarranted harms to individuals.
Managing workplace privacy is also a balancing act.
On the one hand, employers have a right to know what their staff is doing on company time. On the other, workers should not have to check their privacy rights at the factory or office door.
Workplace privacy speaks to the dignity and autonomy of individuals. Employers ought to be able to cope with any troublemakers, without trampling on the rights of the vast majority of honest and committed workers.
Finding a reasonable level of accommodation is not only possible or desirable; it is imperative.
- Date modified: