Watchdog: Feds failed to assess Bill C-51’s privacy implications

The Liberal government recently issued a discussion paper to kick off a public review of national security policy

Protesters outside the Vancouver Art Gallery. (Jonathan Hayward, CP)

Protesters outside the Vancouver Art Gallery. (Jonathan Hayward, CP)

OTTAWA – The government hasn’t done enough to protect the privacy of “law-abiding Canadians” from new information-sharing powers in the omnibus security legislation known as C-51, says a federal watchdog.

Privacy commissioner Daniel Therrien says he was surprised that many federal agencies did not examine the effect the powers in the controversial Conservative bill would have on people’s personal information.

In his annual report Tuesday, Therrien recommends agencies carry out formal privacy impact assessments — a key tool required under government policy when departments set up any new program or activity involving personal information.

The Security of Canada Sharing Information Act, part of C-51, expanded the exchange of federally held information about activity that “undermines the security of Canada.”

The former Conservative government, which brought in the legislation, argued the measures were needed because some federal agencies lacked or had unclear legal authority to share information related to national security.

In his report, Therrien says the law is broadly worded and leaves much discretion to agencies to define what sort of activities fall undermine security. The scale of information-sharing that could occur “is unprecedented,” he adds.

Legal standards for information sharing should ensure that “law-abiding Canadians, ordinary Canadians who should have nothing to fear from surveillance activities of the state, are not caught by the information-sharing regime,” Therrien told a news conference.

In the first six months the law was in force — August 1, 2015, to Jan. 31 of this year — five agencies reported to Therrien’s office that collectively they received information through the law on 52 occasions.

Of the five agencies, three had developed policy and guidance documents, but these “lacked specificity and detail to provide meaningful assistance to employees” to help them determine whether thresholds for sharing had been met.

In addition to formal privacy assessments, Therrien says there should be information-sharing agreements that contain core privacy protections and safeguards against accidental disclosure of personal data.

Public Safety Canada has agreed with the recommendations.

The Liberal government recently issued a discussion paper to kick off a public review of national security policy.

The paper seems more concerned with the dilemmas of police and security officials than issues of personal privacy, Therrien said: “I’m concerned with the tone of the document.”

Looking for more?

Get the Best of Maclean's sent straight to your inbox. Sign up for news, commentary and analysis.