Statement from the Interim Privacy Commissioner of Canada regarding telecommunications companies’ responses to information requests from government authorities
OTTAWA, April 30, 2014 – Interim Privacy Commissioner of Canada Chantal Bernier today issued the following statement regarding her Office’s requests to telecommunications companies and other online businesses about information requests from government authorities:
In 2011, our Office was examining issues related to online tracking and cloud computing in preparations for a legislative review of the Personal Information Protection and Electronic Documents Act (PIPEDA). We were also preparing to appear before Parliament on a series of legislative initiatives related to lawful access provisions. As part of our research, we sent letters to 14* telecommunications companies and other online businesses, asking them to consider providing our Office with some general information related to requests for information from government authorities.
In December of that year, we received a response from the independent counsel for the Canadian Wireless Telecommunications Association (CWTA) with the aggregated data from nine companies. The report did not attribute responses to any one provider but reflected practices representative of the industry in Canada. We have since used this information to inform our thinking and recommendations, both to Parliament and government. We also received a response from Apple Canada Inc.**
PIPEDA does not require organizations to report publicly on the type of information they disclose in response to the requests from government authorities. However, our Office has asked for more transparency in this area.
In our recent Special Report to Parliament: Checks and Controls, we made a number of recommendations to increase transparency for national security agencies without compromising their public safety objectives. In particular, Recommendation 6 calls for legislative amendments to require public reporting of statistics on the use of various disclosure provisions under PIPEDA where private-sector entities such as telecommunications companies release personal information to national security entities without court oversight.
As well, last year, our PIPEDA reform policy position paper also called for more transparency. Of particular relevance to this issue is Recommendation 3: Lift the veil on authorized disclosures, which recommends that organizations be required to publicly report on the number of disclosures they make to law enforcement under paragraph 7(3)(c.1), without knowledge or consent, and without judicial warrant, in order to shed light on the frequency and use of this extraordinary exception.
We remain hopeful that our recommendations will be implemented.
Interim Privacy Commissioner of Canada
* Figure corrected May 1, 2014.
** Updated May 5, 2014.