Privacy and Security at the Vancouver 2010 Winter Games

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

August 2009

Versión en español

Signage

Introduction

Next February and March, Canada will host the world at the Winter Olympic and Paralympic Games. As the first international “mega-event” to take place in Canada in the post-9/11 era, the Vancouver 2010 Games pose security and privacy challenges unprecedented in Canada.

A sophisticated security and surveillance cordon will aim to protect athletes and their support personnel, employees, volunteers, media, and visitors to venues around Vancouver, Whistler and the Lower B.C. Mainland. At the same time, it will be essential to safeguard the democratic values that Canadians hold dear and, in particular, the right to privacy.

The term “mega-event” is used to describe events that attract large numbers of visitors from outside the host country, generate extensive international public and media attention, and pose extraordinary security challenges. In addition to the Olympics, other examples include international expositions and world fairs, and the World Cup of Soccer.

This document outlines the privacy challenges associated with the 2010 Games. It also sets out a framework of guiding principles and concrete recommendations intended to help security officials carry out their duties in a way that does not unduly infringe on the privacy rights of individuals — before, during and after the Games.

Our Goals

The goals of the Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner of British Columbia with respect to the 2010 Vancouver Olympic and Paralympic Games are to:

  • Promote privacy rights before, during and after the Games;
  • Ensure that security measures that may infringe on privacy are reasonable and proportionate to the risk, and;
  • Hold authorities accountable for putting in place measures that will protect our security while at the same time safeguarding privacy rights.

Working with Law Enforcement

In 2003, the RCMP formed the Vancouver 2010 Integrated Security Unit (ISU) as a way to use the combined powers of the police, military and security forces to secure the Vancouver Games. The ISU has since grown to include other law enforcement agencies, including police from Vancouver and West Vancouver.

British Columbia's Freedom of Information and Protection of Privacy Act (FIPPA) applies to the local police forces and the federal Privacy Act applies to the RCMP.

The Vancouver Organizing Committee for the 2010 Olympic and Paralympic Winter Games (VANOC) is subject to B.C.'s Personal Information Protection Act (PIPA).

Our Offices have been in discussions with the government agencies involved in security planning for the Games, including the Vancouver 2010 Integrated Security Unit (ISU), which is led by the RCMP and is responsible for overall security at the Games. In our discussions with ISU officials, they have shown themselves to be sensitive to their responsibilities to uphold the privacy rights of individuals.

Even so, we know from experience that privacy rights can be fragile. Our Privacy Act annual report for 2007-2008 noted that “in our democracy, benevolent intentions appear to be pushing us towards a surveillance society.” For this reason, it will be vitally important to ensure that the security arrangements planned for the 2010 Games do not unduly intrude on the civil liberties so deeply valued by Canadians.

Surveillance Measures

Officials involved in security planning for the Vancouver Games have been understandably discrete about the details of the security and surveillance measures they intend to deploy. Even so, the ISU has provided some outlines of its plan on its website. Proposed surveillance measures include:

According to research by the University of Alberta and funded by our Office, previous Olympiads have employed such security measures as closed-circuit television cameras, biometric identification cards, computerized background checks, satellite monitoring, cellular telephone monitoring, overhead monitoring blimps, and traveller profiling. The researchers note that “the integration of various surveillance technologies is perhaps one of the most remarkable and, from a privacy perspective, disconcerting facets of Olympic security efforts.” Integration of technologies means combining disparate bits of personal information in order to develop a precise picture about individuals and their activities.

— Boyle and Haggerty, Privacy Games: The Vancouver Olympics, Privacy and Surveillance, University of Alberta, 2009.

  • Background checks: The RCMP will conduct security background checks on an estimated 100,000 people who are expected to need accredited access to secure zones within sporting venues or other Olympic facilities. Accreditation will be required by athletes, coaches, media, volunteers and staff. Police will have access to a variety of security databases and will be able to automatically recheck the security status of people right up to the end of the Games. The ISU will use the information to assess whether individuals could pose security risks. Based on the unit’s assessment, Olympic organizers decide whether or not to issue accreditation.
  • Electronic perimeter security: Games venues will be protected by electronic perimeter security systems. The intrusion-detection equipment, to be monitored by the ISU, will be supplied and maintained under a $30.5-million contract with Honeywell Canada.
  • Pedestrian and vehicle checks: Checkpoints will be set up to screen visitors to the Olympic venues and authorized vehicles. The RCMP has hired Contemporary Security Canada Inc., of Vancouver, B.C., to provide private security screening services at the Games, and the company is looking to hire an estimated 5,000 security screening staff.
  • Closed Circuit Television Cameras (CCTV): Approximately 900 CCTV cameras will be deployed at Olympic venues. An additional 50 to 70 cameras will be deployed in urban areas outside venues. The ISU will operate the CCTV system and monitor venue perimeters, while a private contractor who is leasing the equipment will provide system support. The ISU plans to have guidelines in place for the collection, use, disclosure, retention and disposal of video images, in compliance with the Privacy Act.

Chief Privacy Officer

In response to a recommendation from our Office, the ISU recently appointed a Chief Privacy Officer (CPO) and published on its website his responsibilities and contact information for people who wish to raise privacy concerns. A CPO oversees an organization’s privacy framework and policies and responds to public enquiries and complaints on privacy matters.

Proposed Privacy Framework

Inukshuk 2010 Olympics symbolIn light of the many surveillance methods and the personal information that will be collected, processed, stored and analysed by security officials, our Office will continue to push for more information on the proposed security measures and their impact on the privacy of individuals.

In the meantime, we have developed a framework to help security officials strike the appropriate balance between privacy and security at the Winter Games. The framework, grounded in the Privacy Act, B.C. FIPPA and PIPA, and a series of decisions handed down in recent years by the Supreme Court of Canada, establishes the following principles:

  • The inherent right to privacy can only give way to another equally compelling public good, such as public safety, and only under strict conditions.
  • If there is an invasion of privacy, it must be reasonable and proportionate. In particular, security officials must be able to demonstrate that the proposed measure: 
    • is necessary to address the specific danger identified;
    • is likely to be effective in making people be safer, not merely feel safer;
    • is proportionate to the security benefit to be derived, and
    • is the least privacy-invasive measure available to achieve the purpose.

Recommendations

Within this general framework, the ISU should take a number of steps to safeguard the privacy of individuals before, during and after the Games.

Before the Games

  • The ISU should develop and post on its website a comprehensive privacy policy that describes how it intends to collect, use, disclose and dispose of personal information.

The ISU has issued a “privacy statement,” under which it pledges to adhere to widely recognized fair information practices in its treatment of personal information. While a step in the right direction, the statement falls short of being a full-fledged privacy policy, which normally sets out in greater detail how an organization will collect, use, disclose and dispose of personal information. A policy also explains how individuals may request access to their personal information or file a complaint.

  • The ISU should launch a wide-ranging public awareness campaign to inform citizens on how privacy rights will be integrated in security measures at the Games, and how personal information will be treated by security and law enforcement authorities.

The ISU is to be commended for some of the initiatives it has already taken in this regard. In particular, it is using its website for key operational announcements, and senior officials regularly discuss their plans at public engagements. Nevertheless, we feel the ISU could do more to inform the public through the media, advertising or other strategies on how it intends to uphold privacy rights before, during and after the Games.

During the Games

Within the scope of national security and law enforcement requirements, all police and other security agencies should ensure respect for privacy by adhering to the following principles during the Games:

  • Surveillance should only be deployed to address real, pressing and substantial security threats.
  • Surveillance that intrudes on the privacy of individuals should be viewed as exceptional measures, only to be taken in the absence of less privacy-invasive alternatives.
  • Surveillance must be consistent with the Canadian Charter of Rights and Freedoms, the Privacy Act and other relevant laws, such as the B.C. FIPPA and the B.C. PIPA, as they will govern surveillance conducted by the Vancouver-area police forces and VANOC respectively.
  • Surveillance systems should be designed and operated to minimize the impact on privacy. Any privacy intrusions should be no greater than absolutely necessary to achieve their stated goals.
  • Clear signage at the perimeter of secured areas should advise people that they may be under surveillance. Advance notice such as text printed on tickets or in sporting event programs should also be considered. The notices should provide contact information for public questions or complaints.
  • Generally recognized fair information practices should be respected in the collection, use, disclosure, retention and destruction of personal information. In particular, the information collected through surveillance should be minimal, its use restricted, its disclosure controlled, its retention limited, and its destruction assured. Any release or disclosure of information collected through surveillance should be documented.
  • Surveillance systems operators, whether in law enforcement or private security firms, should receive training to ensure they understand and adhere to the privacy legislation.
  • The security of the equipment containing personal data should be assured. Only authorised and security-cleared personnel should have access to databases containing personal information.
  • The right of individuals to gain access to their recorded personal information should be respected.

After the Games

In Athens, which hosted the first post-9/11 Summer Games in 2004, police wanted to continue to use nearly 350 closed-circuit television cameras to monitor crowds during demonstrations after the Games ended. However, this sparked a public outcry and the protest resignations of top officials of the Greek Data Protection Authority.

Many people are concerned that security systems installed for the Games will remain operational once the events are over, prompting fears that B.C. residents will find themselves forever watched by a sophisticated surveillance apparatus.

To ensure that the Vancouver Winter Games do not leave a privacy-intrusive legacy, our Office recommends that, at the conclusion of the events,   

  • surveillance systems installed in public areas of Vancouver, Whistler and B.C.’s Lower Mainland  be completely removed and
  • surveillance data be erased, destroyed and/or made anonymous, in conformity with federal and provincial laws.

Conclusion

Without question, the Vancouver Winter Games will pose significant challenges for law enforcement and security agencies. And yet, as the Privacy Commissioner of Canada has stated, “the duty of governments to provide for the security of citizens must, in democratic societies, be tempered by the values that underpin our way of life. That is why the right to privacy must be upheld, even during mega-events like the Olympic Games, where the threat to security is higher than usual.”

By applying the framework and recommendations set forth above, the Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner of British Columbia believe that the Vancouver Games can be both safe and sensitive to the privacy rights of everyone involved.

Vancouver

Date modified: