Canada's Digital Charter: How to give it teeth
The Canadian government has unveiled a Digital Charter, which aims to help protect Canadians and their personal data. But why isn't there anything in there about holding political parties accountable?
Innovation Minister Navdeep Bains pledged this week to rebuild "a foundation of trust" between Canadians and the digital world, as his government announced the launch of a new Digital Charter, composed of 10 principles, to give Canadians more control over their personal data. CBA National asked privacy lawyer David T Fraser of McInnes Cooper for his reactions.
CBA National: How do you react to the way the government has rolled out it Digital Charter?
David T. Fraser: As a statement of principles goes, it all makes sense. But with only a couple months left until an election, it seems unlikely they can actually implement so much of this. Certainly, on the privacy side, we don't anticipate that they will be able to do anything before the election. So I see it as a kind of digital platform for the liberal party heading into the next election. They also could have introduced legislation, even to have it fall off the order paper when Parliament rises, and then campaign on that. But there are too many open questions that need discussion and consultation. It actually makes a lot of sense for them to do it like this.
N: Until we do see new legislation introduced, what persuasive force do the principles have on the Privacy Commissioner or the Competition Bureau in interpreting their roles and responsibilities?
DF: Not much. But it is signalling government policy and government direction. Another interesting signal is that the Privacy Commissioner a couple of weeks ago decided to completely rewrite our privacy law, without amending it, with respect to cross-border data transfers, in a way that most privacy practitioners say has no foundation in the statute. But there's nothing in there in Minister Bains' digital charter related to cross-border data transfers. And so, it's an interesting signal that what the Privacy Commissioner has identified as a real priority is nowhere to be found in the government's priorities.
N: What are some of the open questions they have to think about?
DF: They've introduced is a discussion paper to deal with things like the right to be forgotten, algorithmic transparency, data trust, and managing anonymized information that can be used for publicly beneficial purposes. Some of these are relatively new concepts. Some of them are European concepts that if ever adopted in Canada, have to be significantly tweaked to get implemented in the Canadian legal environment.
N: What are the challenges in implementation?
DF: We need to look at whether or not these measures are prudent in the first place. For example, while there has been an increasing chorus calling for giving the Privacy Commissioner more powers, I'm not sure there's unanimity on that. And there certainly isn't unanimity on what that would look like. You can't just give the Privacy Commissioner the ability to levy fines because you can't have a legal system where the educator, advocate, prosecutor, investigator, judge, jury, and executioner are all the same person. So, you have to find a way to build in due process and procedural fairness into a structure like that.
N: How could that be done?
DF: One of the things they talk about in the discussion paper is [setting up] a Privacy Tribunal similar to the Canada Human Rights Tribunal or the Competition Tribunal. I'm not sure it's the best idea, but which would be that you have to have, essentially, a Privacy Tribunal similar to the Canada Human Rights Tribunal or the Competition Tribunal, where you have an advocate and an investigator and a prosecutor, but where ultimate decisions are made by an independent tribunal. Currently, the Federal Court plays that role, but there's an unusual pathway to get there. What I'm seeing is envy on the part of the Privacy Commissioner who looks to his European colleagues who can levy fines and penalties and issue orders. To make that happen in a Charter compliant manner in Canada, you'd have to make those necessary modifications.
N: The 10 principles cover a lot of ground. Is there anything missing?
DF: There's the whole issue of protecting democracy from foreign and domestic manipulation. One thing that's been really disappointing to me on this is there's nothing in here about bringing Canadian political parties under the umbrella of any privacy law, or any privacy regulation. They've refused to do that, and so there's virtually no check or balance, and no transparency, for political parties other than they have to have a privacy policy. But there's nothing in the law says what their privacy practices actually have to look like. There's nothing to prevent political parties from micro-targeting, which we saw in the U.S. election and the Brexit vote. Political parties should not be able to exempt themselves from oversight, as they effectively have. When it comes to privacy, the more you know about somebody, the greater the likelihood you can influence their vote. And the technology and the means exist out there to do that on an unprecedented scale. And there's nothing that regulates non-political party actors either. So, we saw Ontario Proud, and other groups that are quite influential through social media in the Ontario election, for example. They're not subject to any privacy laws. I think that presents a meaningful threat to our elections.
N: So you would set that as a legislative priority in terms of the principles that are outlined here?
DF: I don't like making laws in haste, particularly where they are constitutional freedoms involved. But I would prioritize thinking about issues that have the greatest urgency. And those that affect our democracy and the integrity of our elections have the greatest urgency because we're looking down the barrel of a federal election in the fall. Dealing with issues related to misinformation would go near the top of my list.