Media Centre

The Charter and Security

The Charter @ 25

February 16, 2007
Montreal, Quebec

Address by Jennifer Stoddart
Privacy Commissioner of Canada

(CHECK AGAINST DELIVERY)

From a Privacy Commissioner’s perspective, it is remarkable that we have two Charters in Canada,¹ only one of which expressly provides for the protection of privacy. Nonetheless, both are born of the same intellectual origin, namely, Frank Scott, a McGill constitutionalist in the 1950s and 60s. The battle came to a head in Roncarelli v. Duplessis² in 1959; it was a historic moment for this generation whose main priority was to define the State’s power and prevent a shift toward totalitarianism.

It is also remarkable that the protection of privacy—along with the protection of personal information—is one of the most frequently neglected rights at the federal level. Although it was omitted from the Charter of Rights and Freedoms, it was put in place through a piece of legislation adapted to the particular needs of the federal bureaucracy. It should also be noted that what was contained at the outset in the Canadian Human Rights Act³ in 1977 has become a standard that is distinguished by its flexibility and its opacity.

Since September 11, 2001, experts have been telling us that people’s safety is increasingly reliant on the close monitoring of individuals and the enlightened juxtaposition of information, specifically, personal information. And Canada is following suit. However, it has not implemented any counter-measures to reinforce rights that prevent government intrusion in private life. There is no public accountability for the influx of information and the way it is used. For an example of this trend toward customary secrecy, consider this: at the time of the 2005 creation of the new super-department, PSEPC (Public Safety and Emergency Preparedness Canada)—which is the portfolio department responsible for some 10 agencies, including the RCMP, Correctional Service and CSIS—this department refused to accept the obligation to report annually to Parliament on how personal information is handled.

In this new surveillance society, it is not surprising to learn that a recent Queen’s University study⁴ found that 48% of Canadians do not trust the government with their personal information. It is interesting to note that in Quebec, where the Charter recognizes privacy and provides a direct right of action (as evidenced in the Vice-Versa⁵ and City of Longueuil⁶ cases), people are more confident about the control they have over their information.

At the same time it adopted the Charter, the federal government, like Quebec, passed privacy and access to information legislation. In the federal Privacy Act,⁷ personal information collected by one agency can be used, without consent, for any use or purpose consistent with the purpose of the collection. A broad and very adaptable criteria. As approved in the Smith case (snowbirds)⁸, personal information circulation for consistent use is now so extensive as to defy any schematic tracing of its flow.

That the Privacy Act no longer really protects citizens’ privacy very well is generally acknowledged but no government has yet put it on its legislative renewal agenda. Private sector legislation is a generation or two more recent in its approach, yet it underestimated the fluid and even changing patterns that follow trans-border data flows.

But back to the 25 years of Charter struggles with this unnamed right.

Constitutional standards and the networked environment

The expectation of privacy has been a relative norm which could accommodate the many colours and shapes of the changing cultural and institutional practices found under the aegis of privacy. However, the subjective view of the privacy an average citizen could expect in a variety of situations has been challenged by the proliferation of surveillance technology available and used, more or less surreptitiously, ranging from digital face recognition cameras in airports to GPS (global positioning systems) in fleet vehicles to RFIDS (radio frequency identification devices) in our access cards. Soon, nanotechnology will scan our bodies allowing for all types of biometric monitoring, including DNA analysis.

In trying to categorize this expectation and thus the possible constitutional infringement of it, our courts are labouring over ways to appropriately define the categories of information our lives secrete, such as the heat patterns emanating from our dwellings. This was most recently debated in the Tessling⁹ case, where advanced thermo analysis to gather evidence for an investigation of a marijuana front operation technology was used to detect temperature differences outside a house. The evidence led to the conclusion that a person should not have a reasonable expectation that external indicators of energy consumption on the outside of this house should remain private and thus had no reasonable expectation of privacy.

As several commentators have noted, nothing should be changing faster than my expectation of privacy, whittled down almost daily by computer programs that track what I download from the Internet, cameras that capture my image as I walk to my office, vast data banks that store the details of my consumer habits, without mentioning my phone records obtained by extra-territorial entrepreneurs. My expectations are rapidly diminishing with the knowledge that I cannot exist without leaving an informational trail. And hot on this trail are not just governments and marketers but identity thieves and fraudsters that are using the spam received hourly as a vehicle to plant malicious ware to access personal information.

Expectations of privacy will have to be refined to embrace core Charter values of proportionality, autonomy, dignity, personal integrity, and control of information about oneself in a constantly moving digital environment.

How much is privacy worth?

One of the challenges the constitutional Charter is ill equipped to address is the dilemma posed by privacy as a right which is very difficult to quantify and whose loss can almost never be remedied. Yet many of the current threats to personal information protection come from the commercial and civilian world where templates for damage assessment are familiar. Only four Canadian provinces have statutory privacy torts and regrettably, very little use has been made of them. Only Quebec of all the provinces has recognized privacy as a fundamental right applying to government and private action, to civil and penal law. That citizens need some direct remedy for privacy breaches is shown by the recent case in Quebec where damages were awarded to a woman whose pictures were posted, without her consent on the Internet, by her ex-boyfriend.¹⁰ It is shown as well by the efforts of some applicants to find a common-law tort of privacy, as recent cases in Ontario illustrate¹¹.

Privacy protection in a networked environment

The world is rapidly changing in a way which makes the ways we define and use law more and more open to debate. Definitional silos of public and private action become hollow when information about us moves instantly from one to another without our knowledge or consent.

Charter does not apply to corporate action except in the defined circumstances that we know. Yet global corporations are increasingly influencing governments and populations by the array of consumer goods, the new services and the increased knowledge that they can provide. Governments use private sector data bases known as data miners, data aggregators and data brokers to gain information on their citizens indirectly. And data miners purchase Statistics Canada surveys to refine their knowledge of the population.

Individuals who wish to snoop on neighbors and acquaintances can readily purchase the means to do so, confident that the legal apparatus will only catch up with them in the most extreme scenarios.

Canadian Charter values are subject to the pressures of the global market for labor and consumption. The extent to which even government-regulated information can escape the new information order with its emphasis on global exchange and knowledge is debatable. The open court principle, one of the foundations of our legal system, has been turned on its head by Internet, despite attempts to set principles and rules to protect individual’s personal information in on-line court decisions and rulings. (Canadian Judicial Council’s recommended protocol on Internet access to court decisions¹².)

Conclusion

After 25 years, the constitutional Charter is not the first place to look for the kind of privacy protection that most of us need. Some of its compelling definitions by the courts over the past few years still inspire us to remember how important this increasingly “fragile freedom” is. Those of us who are not likely to be accused of various criminal activities or come under particular national security surveillance had better look elsewhere than the Charter for help with our concerns. Even the most creative and informed member of the judiciary cannot, institutionally speaking, address the erosion of privacy alone. We readily give up our privacy for the illusion and sometimes the reality of physical security. We give it up for a few cents on the dollar and the perfect product. We give it up for the satisfaction of seeing the transgressors punished, smug in our belief that it will never be us.