StatCan didn't break the law by collecting banking data, privacy watchdog says
OTTAWA — Privacy Commissioner Daniel Therrien’s latest report found that Statistics Canada didn’t break the law when it requested the personal financial transaction information of 500,000 Canadians.
Therrien did, however, recommend the Statistics Canada programs that collected the data – the Credit Information Project and the Financial Transactions project – be redesigned.
“Canadians were deeply troubled by these initiatives,” Therrien said in his report.
“This concern was clearly justified given the scale of the proposed collection, the highly sensitive nature of the information and the fact that the information in question would paint an intrusively detailed portrait of a person’s lifestyle, consumer choices and private interests.”
His investigation came after receiving “more than a hundred complaints” relating to Statistics Canada’s collection of personal information from both financial institutions and a credit bureau.
The report lays out that, while Statistics Canada “had the legal authority” to collect this personal information, there were “significant privacy concerns” with the design of the project. Chief among those concerns was the fact that the information collected was not all demonstrated to be necessary for the project’s objectives. The report also found that Statistics Canada wasn’t transparent enough with respect to the collection of this information, and that it could have improved its security safeguards to limit the risks of internal threats.
Therrien’s report recommends the agency improve all of these areas in collaboration with the Office of Privacy Commissioner, and that it keep the programs on hold until these concerns have been addressed.
WATCHDOG CALLS FOR MODERNIZED PRIVACY LAWS
In his annual report, Therrien also urged the government to bring its privacy laws in line with the data-driven technologies that he says now threaten Canadians’ privacy.
In order to do so, the commissioner called for the adoption of rights-based privacy laws – laws that treat the privacy of Canadians as a human right, and therefore as essential to the “realization and protection of other human rights,” according to the report.
To that end, the commissioner pitched the establishment of enforcement mechanisms that can quickly remedy situations where people’s privacy rights have been violated, and to help push organizations to comply with privacy laws.
Therrien suggested these mechanisms include boosting his powers to allow him to make binding orders and impose penalties. He also recommended the undertaking of proactive – rather than reactive – inspections to ensure that organizations’ privacy protections are up to snuff.
He also said that the law should be tightened to only allow the government and its agencies to undertake activities that invade people’s privacy “where federal institutions can demonstrate they are necessary to achieve a pressing and substantial purpose and where the intrusion is proportional to the benefit to be gained.”
“Canadians want to enjoy the benefits of digital technologies, but they want to do it safely,” Therrien said in the report.
“Legislation should recognize and protect their freedom to live and develop independently as persons, away from the watchful eye and unconscious influence of a surveillance state or commercial enterprises, while still participating voluntarily and safely in the day-to-day activities of a modern society.”