Privacy Commissioner’s Annual Report confirms that the system is broken

Privacy Commissioner’s findings underscore the need for a complete repeal of Bill C-51 and an end to the bulk collection of Canadians’ metadata

The federal Privacy Commissioner’s annual report has raised serious concerns about how the controversial information disclosure provisions in Bill C-51 have been implemented. The report also found that the Communications Security Establishment’s (CSE) practice of sharing metadata with its Five Eyes partners undermines the privacy of Canadians, and proposed legislative changes to address the problem.

The publication of the report comes just weeks after the government announced a nationwide consultation on a broad range of privacy and security issues. In his report, Commissioner Therrien criticized the government’s framing of these issues, stating that the tone “focuses heavily on challenges to law enforcement” and that Canadians need to hear about the implications “for democratic rights and privacy.” Civic society groups, including us, have levelled similar criticisms.

When it comes to both Bill C-51 and CSE spying, it’s clear the system is broken. Since Bill C-51 was first announced, experts have warned about the damage these information sharing provisions would cause to the privacy and security of Canadians. And we’ve known for years that metadata sharing risks exposing the most intimate details of our private lives. It’s commendable to see the Privacy Commissioner sound the alarm about these issues.

The previous government took an ‘act now, think later’ approach to Bill C-51 and CSE mass surveillance, and nearly a year into the new government’s term we’re still waiting for the fix. It’s also clear the government stumbled badly in designing a national security consultation that even its own Privacy Commissioner says is skewed. All in all, this report reinforces the need for a complete overhaul of our privacy rules if we’re to keep Canadians safe from invasive surveillance.

Experts have long warned about the dangerous privacy implications of Bill C-51’s information sharing provisions, and about how metadata can expose highly sensitive details of someone’s private life, including their financial status, medical conditions, sexual orientation, and religious and political beliefs.

Key findings from the Privacy Commissioner’s annual report include:

• Most government departments did not conduct Privacy Impact Assessments to evaluate the privacy implications of Bill C-51’s new information sharing powers.

• Public Safety Canada failed to implement recommendations from the Privacy Commissioner about how to mitigate the privacy risks of information sharing, despite having a year to do so.

• The scope of recently-announced national security consultations is too narrow and doesn’t look at key privacy concerns when it comes to Bill C-51. Commissioner Therrien also flagged concerns about the tone of the accompanying discussion paper.

• A review of CSE’s metadata sharing concluded that CSE was incorrect to claim the risk to privacy was minimal, because metadata can “reveal very sensitive information about individuals’ activities, associates, interests and lives.”

• Judicial authorization should be continue to be required before telecom companies disclose basic subscriber information to the government, because “an IP address can reveal a great deal about an individual” including “details of a person’s interests based on websites visited, their organizational affiliations, where they have been and the online services for which they have registered.”

Canadians can send Public Safety Minister Goodale a message that it’s time to fully repeal Bill C-51 and restore our privacy rights at https://act.openmedia.org/security.