International integrated public safety systems: a look at the impact on sovereignty over privacy from the Canadian experience
Remarks at the 5th Annual International Conference on Computers, Privacy and Data Protection
January 26, 2012
Address by Chantal Bernier
Assistant Privacy Commissioner of Canada
(Check against delivery)
I wish to thank the organisers for giving the OPC the opportunity to expand upon an increasing concern: the impact of globally integrated public safety systems on the exercise of national sovereignty to protect privacy.
What I am referring to, and my fellow panel colleagues will offer ample description, are the increasingly globally-integrated public safety systems—integrated aviation security, intelligence and information sharing, for example—that drive national public-safety measures but circumvent national privacy protection regimes.
This issue of preserving state sovereignty in the context of globally integrated public safety systems truly caught Canadians’ attention in April 2010 when Canada had to amend its Aeronautics Act to comply with the US Secure Flight Program.
The Program requires airlines flying over the US, not merely those landing there, to provide US authorities with extensive personal information about passengers. Debate was fierce in the House of Commons, which was nonetheless ultimately resigned to this external imperative: the US required it. Canadian airlines couldn’t, in practical terms, fly around the US to reach Latin America and other destinations, so Canada had to comply.
Because the impetus for the measure came from another state, was based on the policies of another state and called for the transfer of significant amounts of information into the hands of another state, there was a clear sense of loss of sovereignty over the protection of Canadians’ privacy.
Now, with the announcement of an Action Plan to establish a Canada–US Security Perimeter, the issue truly comes to a head.
Through these and other examples, I would like to make the case today for greater international cooperation on privacy protection, to mirror, so to speak, the international integration of public safety measures, as the only way to preserve privacy standards.
I will briefly describe:
- The phenomenon of global security integration we are observing;
- The privacy risks we identify;
- Strategies for international cooperation on privacy protection; and
- The specific case of the Canada–US Beyond the Border Action Plan.
The Office of the Privacy Commissioner of Canada
But as a preface, a quick word on the Office of the Privacy Commissioner of Canada to set the stage.
We are an Agent of Parliament, which means we are independent, reporting directly to the whole of Parliament and therefore above political direction.
Our functions include:
- Answering inquiries from Canadians;
- Investigating complaints, which can come from individuals or be initiated by our own office;
- Reviewing Privacy Impact Assessments;
- Public education; and
- Supporting Parliament in its consideration of relevant legislation.
So that is the institutional context.
Let me move to a brief description of the broader context in relation to integrated public safety systems.
Part one — The integration of public safety
In the past two decades, governments around the world have reacted to increased population migration, political instability and unfamiliar global threats in myriad ways.
For the purpose of discussion, they may be divided into three forms:
- National consolidation, namely the closer integration of similar agencies within one state;
- Increased capacity, namely the increase in supervision and information gathering, whether through CCTVs, online surveillance, or airport security; and
- Increased international collaboration, namely information-sharing among states.
This particular trio of counter-measures forms the new context for protection of privacy—and represents new risks.
Part two — Up close and personal: Risks of global information-sharing to privacy
The overarching risk is to sovereignty over protection of privacy.
It is particularly obvious to Canada, being next-door neighbours with the country who feels most targeted by public safety threats:
- We share a border of almost 9,000 km with the US;
- We are major trading partners, so mobility across the border is both extensive and essential;
- Public safety policies are a focal point of US policy;
- And, if you will allow me some excessive language for the purposes of emphasis, we are traumatized. Traumatized by several border incidents of varying degrees of severity, and most of all, by the case of Maher Arar.
Maher Arar, a Canadian of Syrian origin, travelled back to Canada through the US after a family holiday. There, he was detained and then deported to Syria to be tortured for over a year on the basis of flimsy intelligence shared by the Canadian law enforcement authorities with the US authorities.
A public inquiry in Canada showed that he was no more than a person of peripheral interest in the gathering of intelligence on another individual.
Canada spent months trying to bring Maher Arar back from Syria—but through the international sharing of information, we had lost control over both the protection of his personal information and over his fate.
Again, we were faced with the impact of internationally integrated public-safety measures on our sovereign right to protect personal information and therefore privacy.
Admittedly—and as an international lawyer, I should know this—every instrument of international cooperation entails a certain curtailment of sovereign rights through the commitments it contains. But this curtailment is deliberate. My point is that the curtailment of sovereignty as a result of internationally integrated public-safety systems is not deliberate. It is incidental and circumvents privacy protection laws.
So we need to turn our minds to protecting privacy in a globalized world of public safety.
It is not without challenges. So let me then turn to that.
Part three — The challenge of international cooperation on privacy protection
The first challenge I will mention is the lack of a connection among Data Protection Authorities equivalent to the international connection among public safety authorities.
Public safety authorities truly work together—Data Protection Authorities do not.
For example, while I observe greater and greater awareness among Data Protection Authorities of the need to cooperate in relation to private sector privacy issues—Google, Facebook, or various applications—, I do not see the same élan in relation to public sector issues.
The International Conference of Data Protection and Privacy Commissioners rarely leaves much room for public sector issues.
We do not have mechanisms to actually exercise our functions jointly.
We are only starting to consider undertaking joint work.
So, while public safety authorities are intensifying their cooperation to the point of integrating their work, we, Data Protection Authorities, continue to address the issue of protecting privacy in the context of public safety as a domestic one.
The second challenge I will mention is structural: particularly for Canada, we have no counterpart within our main partner, the US.
While the White House has recently announced it will finally staff the Privacy and Civil Liberties Oversight Board, providing advice to the President and Department heads, it is not yet functional and will not mirror our powers and mandate as a DPA.
And while the Department of Homeland Security has a Chief Privacy Officer, the position is internal to DHS, and not an independent watchdog. Our public safety authorities, on the other hand, do have direct counterparts in the US.
A third challenge for cooperation among DPAs in general is that our legal regimes differ in relation to the scope of their application to public safety measures. Some national data protection regimes specifically exclude from their scope issues of public safety and national security, creating differing mandates that cannot be easily aligned even among independent DPAs.
Yet another challenge is the political nature of the rapport between privacy and public safety. International cooperation between DPAs in this area is marred with sensitivities that cooperation in relation to the private sector does not necessarily raise.
All these points are understandable, but the fact is that an approach to privacy protection that is grounded in domestic laws and national governance structures no longer provides us with a solid footing in the face of the global integration of public safety systems that have privacy implications.
We are making progress, however.
The last International Conference of Data Protection and Privacy Commissioners was marked by a strong call to concrete cooperation between DPAs and concrete steps were taken to create a process to that end.
The 2011 Resolution on Privacy Enforcement Co-ordination at the International Level adopted in Mexico at the last International Conference may provide a forum to make progress, if it eventually directs its work to public-safety issues, not just private-sector technological issues.
A group of DPAs will be meeting in Montréal in May to start building the parameters of international cooperation between DPAs. It may be a prelude to greater cooperation on public safety issues.
In Canada, our Office now has the power, under legislation adopted last spring, to contract Memorandums of Understanding with other DPAs to exchange information that would allow joint work. This may allow us to respond to this new awareness of the need for international cooperation in privacy protection.
But we have a long way to go. So let me move on to strategies for progress.
Part four – Strategies
One good strategy is a panel like this one where privacy professionals come together to discuss the issue and to learn from each other.
At the very least, it allows us to build a joint conceptual framework to develop a common front. But obviously, we have to do more.
To me, a concrete example of what more we have to do is the missed opportunity around the body scanners. So many Data Protection Authorities were confronted with that measure. Even those that do have similar status, meaning independent watchdogs, shared very little information and advice.
And yet, we could have learned from each other that there are ways to effectively address the privacy implications of body scanners. Had we worked together, we all would have known that all body scanners are not equally invasive. Not all of them produce images with the same degree of detail, and not all of them have the capacity to retain images.
A DPA could have put pressure on its government to opt for the less invasive kind of scanner, giving examples of states that have done so, if there had been a joint analysis of the issue. But there was no joint analysis, even though we were all faced with the same ethical dilemmas surrounding privacy and safety, and even though we could have benefitted from sharing analytical frameworks.
Our Office has produced an analytical framework specifically to address the challenge of integrating public safety and privacy measures. In fact, Karim Benyekhlef assisted us in that initiative.
That analytical framework is of universal application. We have issued it in three languages, it is available on our website, and if DPAs came around it, we would have a common approach to address common issues that are looming for all of us.
For example, couldn’t we get together, at least conceptually if not functionally, to work on border surveillance by drones? Or on the use of biometrics by the state? Couldn’t we pool our knowledge of strategies for best oversight mechanisms?
This new global security regime forces us—DPAs and global privacy advocates—to revisit how we assert privacy rights in face of it, and in face of international integration of public-safety measures, we have to increase our joint work in that regard.
Specifically, I believe we need:
- More technical cooperation;
- Greater harmonization of privacy standards;
- Sharing of privacy protection measures that specifically address the issue of internationally integrated public-safety measures;
- Exchanging public education strategies that may be adapted from one jurisdiction to the other;
- Sharing effective methods to hold public-safety authorities accountable, whether through Privacy Impact Assessments reviews, audits or analytical frameworks; and, in the longer term;
- Exercising our functions jointly—for example, jointly auditing an integrated public safety system.
But we are a long way from that. Starting a dialogue between DPAs on cooperation around public-safety issues, or making it a prominent feature of the International Conference of Data Protection and Privacy Commissioners would already be a great step forward.
For Canada, the urgency of such a stance is brought to bear with this new reality check: the recently announced Action Plan between Canada and the US on a border security perimeter.
Part five — Reality check: The Canada–US Declaration and Action Plan
The Action Plan pursues the creation of a common Canada–US security perimeter upon four main pillars:
- Cooperative risk assessment;
- Facilitated trade;
- Integrated cross-border law enforcement; and
- Integrated protection of critical infrastructure.
In general, measures include:
- A common approach to traveller screening;
- Cooperation on both security and criminal investigations; and
- Broadening global cybersecurity efforts.
In an effort to address Canadians’ expectations with regard to their privacy protections:
- The Action Plan commits to the development of Joint Privacy Principles by the end of May; and
- The Canadian Government has committed to submitting PIAs to our review for all measures having repercussions on privacy.
Our concern is twofold:
- We want to see the upholding of Canada’s sovereignty over privacy protection both as a right of its citizens and as an obligation of its institutions; and
- We want to see Canadian standards preserved with regard to protection and remedy.
In relation to PIA reviews, our Office will face particular challenges, specifically relevant to our topic today — for example:
- Our Privacy Impact Assessment reviews include, as a start, the legitimacy test of necessity, proportionality and effectiveness. On the strength of the experience with the US Secure Flight Program, how will we apply legitimacy when it stems from US policies over which we have no jurisdiction?
- In relation to remedies, how will we ensure Canadians’ rights before US institutions?
- In relation to safeguards and internal implementation, I am fairly optimistic that the two states are similar enough to develop compatible systems, but in relation to oversight, how do we align our framework, which includes, crucially, an independent watchdog, with a state that does not have one?
At the very least, we will exercise our own powers to monitor respect for privacy within the agreement through audits or Annual Reports to Parliament and we will keep citizens updated. But the international dimension of the initiative poses new challenges.
This brings me right back to the main obstacle of ensuring privacy protection in face of globally integrated public-safety systems: privacy protection is still caught in national norms and oversight structures that do not meet the reach of public-safety measures of international scope.
Part five — Conclusion: The need for international cooperation on privacy
In conclusion, I hope to have demonstrated through the example of Canada that in light of the expansion of international public-safety measures, no less than state sovereignty over privacy protection is at issue.
Whichever way we choose to address this issue, we must address it internationally in a concrete, effective manner, where Data Protection Authorities increase their international cooperation efforts in protecting privacy to mirror international cooperation in public safety.
This panel creates a great opportunity to nurture a dialogue around this challenge and I look forward to our discussion.
- Date modified: