H.J. Heinz Co. of Canada Ltd. v. Canada (Attorney General), 2006 SCC 13

June 2014

Summary: This case is about a procedural question: can a third party object to the disclosure of information under the Access to Information Act on the basis that it would disclose personal information about another individual? The majority of the Supreme Court of Canada answer the question in the affirmative. However, in the course of its reasons, the Supreme Court of Canada articulated several principles about the interpretation of the Privacy Act.

Facts: In June 2000, the Canadian Food Inspection Agency (“CFIA”) received a request under the Access to Information Act for records pertaining to H.J. Heinz Co. of Canada Ltd. (“Heinz”). The CFIA determined that some of those records may contain confidential business or scientific information and, as required by the Access to Information Act, gave notice to Heinz of the request. Heinz made submissions about why the records should not be disclosed, but the CFIA eventually decided that redacted versions of the documents should be disclosed. Heinz then applied to the Federal Court under s. 44 of the Access to Information Act. In its application, Heinz made new arguments that the records contained personal information and therefore should not be disclosed. The Attorney General of Canada objected to those arguments, alleging that Heinz could not raise privacy-related issues in this way. The Attorney General argued that the individuals whose personal information would be disclosed could file complaints under the Privacy Act (after-the-fact) and challenge the disclosure in that fashion. Both the Federal Court and Federal Court of Appeal concluded that Heinz could raise privacy-related issues in this way.

Result: The majority of the Supreme Court of Canada concluded that Heinz could make arguments about other individuals’ personal information.

Decision: The majority of the Supreme Court of Canada decided that Heinz had the right to object to the disclosure of records on the basis of other individuals’ personal information. The majority also pointed out that it was much more convenient and expeditious for Heinz to be permitted to make those arguments as opposed to making each affected individual file a separate complaint with the Privacy Commissioner after-the-fact or file their own separate application for judicial review, again after-the-fact.

The majority of the Supreme Court also discussed the architecture of the Privacy Act and Access to Information Act more generally. Three important aspects of this discussion were:

  1. The Court confirmed that “the right to privacy is paramount over the right of access to information, except as prescribed in the legislation.”
  2. The Privacy Act establishes a central role for the Privacy Commissioner in the protection of privacy rights to investigate complaints both by individuals about their personal information and, under s. 29(1)(h) of the Privacy Act, to investigate complaints by third parties about the misuse of other people’s personal information.
  3. Despite this central role, the Privacy Commissioner has limited powers under the Privacy Act. The Privacy Commissioner in most cases investigates complaints after the breach of the Act has already happened; the Privacy Commissioner may not act to prevent the disclosure of personal information. Further, the Privacy Commissioner has no authority to make binding decisions or injunctive power to prevent the disclosure of personal information.

On the actual merits of the case, the Federal Court judge who first heard the case decided that several records did contain personal information and ordered that they be redacted accordingly (H.J. Heinz Co. of Canada Ltd. v. Canada (Attorney General) 2003 FCT 250). The Attorney General did not challenge that finding on appeal, so the records were redacted to remove personal information.

Principles:

  1. The right to privacy trumps the right to access government information, subject to certain limited and specific circumstances spelled out in the Privacy Act.
  2. The Privacy Commissioner plays a central role in the administration of the Privacy Act, but cannot make binding orders about compliance with the Act.
Date modified: