[Recorded by Electronic Apparatus]
Monday, March 10, 1997
.1208 
[English]
The Chair: Order. Welcome to the second of six public consultation meetings of the Standing Committee on Human Rights and the Status of Persons with Disabilities of the House of Commons. We are holding a cross-Canada tour examining the state of our right to privacy in today's high-tech world.
Our committee has decided, given all the information we have received and heard and read about, both from our round tables and from monitoring the media in the last few months, that the whole issue of information technologies and practices has led us to ask ourselves, and the population in general, what do we know about these practices, and what are the implications for our personal lives, our privacy and human rights?
For your information, we've adopted a format somewhat different from the normal standing committees of the House of Commons. We will be having an open session. The traditional opening of the meeting will take place. We will then suspend while we move into our round table format, where you will be led in the consultation by our experts at the table. We will then reconvene at 11 a.m. The details will be given to you in a few moments for our town hall session as part of the proceedings with our experts.
.1210
When you look at the invasive, evolving forms of new technology today you can't help but ask these questions: What do we need to know? Who knows what about me? How much do they really need to know? Where is that balance between competing social and economic interests and those of crime prevention, fraud, health care, economic interests, business interests, and our right to protect our individual privacy? Is there a need for an ethical framework? Are there different needs for different issues? Is there an obligation to ensure informed consent in the use of all these new technologies?
I think this study is particularly timely given the recent newspaper articles and headlines over the last few weeks. I've been quite fascinated by these stories. All of us have been looking at them.
In Saturday's Gazette, there was a big story, ``Vision of the future?'', that said:
- Many people fear that, having cloned a sheep, we're about to gain the keys to immortality, but
the failures of science suggest otherwise.
- It's quite a story, about the whole question of cloning that has arisen as a result of the Dolly
story, the Scottish lamb.
Following that, in today's Globe and Mail we have a rebuttal of the human cloning story as complete fantasy.
Then, this past week in La Presse from Montreal, we had, ``Déclaration d'intention'' and then ``Marché noir'', a story about the fact that personal information on people who have files within the government are being sold on the black market by functionaries. It is something to worry about.
[Translation]
According to the Commission d'accès à l'information, public servants are selling medical or tax files under the table to Quebeckers and other people for anywhere from $25 to $120 a shot. Quebec's Auditor General had already raised rather relevant questions concerning the confidentiality of the Revenue department's files.
[English]
So the files that are supposedly protected and secret, accessed only by a few, are not.
I want to tell you, in your Vancouver paper this morning there is a most appropriate photo radar of what is happening now on your editorial page. I think it fits so well into the issues we're talking about - that is, videos: What do they follow? Who do they follow? Who has access, and how long should they be kept? There's as well the whole question of DNA biotechnology and the issue of biometrics.
The last story that struck me as quite fascinating tells us how important our DNA is. A history teacher can trace his family tree back 9,000 years. A Scottish man living in a particular part of England discovers he is part of what is known as the ``Cheddar Man'', a 9,000-year-old skeleton in the British Museum.
So we're talking here about stuff that's pretty interesting and is somewhat science fiction, I think, in other ways.
The background with respect to the right to privacy does not stem from any one source. It's drawn from international law, constitutional law, federal and provincial legislation, judge-made law, professional codes of ethics and guidelines. The result is often referred to in Canada as a patchwork of privacy protection in this country.
It's important to have some history. The background is found at the international level with several important human rights documents that contain guarantees to the rights of privacy. There is, for example, what I call the ``Magna Carta of humankind'', the Universal Declaration of Human Rights of 1948, co-written by John Humphrey, who lived in my riding of Mount Royal. He passed away last year. He and Eleanor Roosevelt are acknowledged to have written that charter. Then, of course, it was moved by the United Nations. As well, there is the International Covenant on Civil and Political Rights of 1966, to which Canada is a signatory.
.1215
There is no comprehensive privacy protection currently in Canada. Quebec is the only place in North America where there is comprehensive regulation of private sector personal data practices.
In Europe, for example, the fair information principle is found in the European Union and in the OECD countries. It applies to all personal information, whatever the nature of its medium, whatever the form by which it is accessible, or how it is collected, held, used, or distributed by other persons.
I think it's important to note at this particular point that the federal justice and industry departments are currently working on framework legislation with respect to the whole question of data protection. It's expected that this should be passed by the House of Commons in 2001, which is a little bit down the road, shall we say. It will include the Canadian Standards Association's code of ethical practices.
In Europe, everyone has the right to respect for his or her privacy in their family life, home, and correspondence. There is no such expressed right in Canada even though sections 7 and 8 of the Canadian charter have very specific rights to do with search and seizure, and the right to life, liberty and security of the person. These have been interpreted through the courts to apply to privacy. The exception, of course, is Quebec.
I think it's very important to know that with respect to Canadian law, there is a white consultation paper that will be coming out very shortly. As for those of you who have manifested their interest from the various sectors of society and would like to receive that paper, I'm going to use the negative option: if you don't want to receive it, let us know.
We know those of you who have been good enough to attend today. If you are looking forward to receiving it, we will make sure that you go on the mailing lists of both the Minister of Justice and the Ministry of Industry for this particular document.
The concept of privacy is the most comprehensive of all human rights. It's held around the world as a broad and ambitious right and a universal concept, but it is not considered an inalienable right. Should it be? Privacy is a core human value that goes to the very heart of preserving human dignity and autonomy. I think most of us would agree that the right to privacy is something that is of paramount importance to each and every one of us in our lives.
[Translation]
Some experts define it has the right of having one's own space, having private communications, not to be under surveillance and to have the integrity of one's body respected. For the ordinary citizen, it's the question of the power each and every individual has over the personal information concerning him or her. It's also the right to remain anonymous.
[English]
So the question then becomes, what is privacy worth in today's high-tech society? There is no doubt that emerging technologies offer valuable advantages, efficiencies and conveniences to all of us. They can save a lot of money for governments, whether provincial, municipal or federal.
But do the benefits offered by new technologies come with a privacy price tag? Is this price too high? Where are the constraints? Is the trade-off inevitable? Where and how do we draw the line? Privacy is a precious resource, because once it's lost, whether intentionally or inadvertently, it never can be recaptured.
[Translation]
As members of the Standing Committee on Human Rights and the Status of Persons with Disabilities, we have resolutely decided to take our approach to human rights from the angle of measuring the positive and negative effects of the new technologies on our right to privacy.
[English]
So human rights is our focus in this privacy discussion.
.1220
Canadians, as you and I know, have never approved of peeping Toms or unauthorized wire-tapping, and our criminal laws affect that sense of privacy. Does this same disapproval extend, for example, to hidden video cameras in the workplace or to DNA data banks or to citizen identity cards? That's what we want to know from you.
In order to exchange ideas with Canadians on these issues, the committee is holding this series of broad-based town hall meetings. This started in Ottawa the other day. It's continuing here in Vancouver. Then we'll go to Calgary tomorrow, Toronto on Wednesday, Fredericton on Thursday, and Montreal on Friday.
To focus discussions at these town hall meetings, we've decided to look at three basic types of privacy-intrusive activities using fictitious but reality-based case studies involving three specific technologies: video monitoring, genetic testing, and smart cards. You've all received background information in that regard.
We hope to use these case studies to raise public awareness about the issues, look at the risks and benefits of advancing technologies, and initiate an open and frank debate on the promise and perils of this to our privacy as a human right in this era of modern, evolving technologies.
So in conclusion, while we do not expect to definitely resolve any of the issues raised by these scenarios, we do hope that with the input of Canadians like yourself across this vast country to come away with some concrete recommendations for action in the years to come in these areas. To this end, we look forward to hearing your ideas, concerns, and proposals to help guide us. I want to thank you in advance for your participation.
Our proceedings today will be directed by Valerie Steeves, our hearings coordinator. She is also a professor of law at the University of Ottawa's centre for human rights, leading their technology project.
Before I pass the floor to Valerie, I would like to ask the members present to introduce themselves.
[Translation]
Mr. Bernier, you have the floor.
Mr. Bernier (Mégantic - Compton - Stanstead): I'm Maurice Bernier and I'm the member representing the riding of Mégantic-Compton-Stanstead in Quebec's Eastern Townships. I'm the vice-chairman of this committee.
[English]
Mrs. Hayes (Port Moody - Coquitlam): I'm Sharon Hayes. I'm the member of Parliament for Port Moody - Coquitlam, so I feel very much at home.
The Chair: We thank you for your hospitality, Sharon, and for sharing this beautiful place with all of us today.
Ms Augustine (Etobicoke - Lakeshore): I'm Jean Augustine, the member of Parliament for Etobicoke - Lakeshore.
The Chair: Jean is a very active member of this committee.
Mr. Assadourian (Don Valley North): I'm Sarkis Assadourian, the member of Parliament for Don Valley North in Toronto.
The Chair: I'm very pleased to introduce Wayne Cole to you. He's the clerk of the committee. Colin Bennett is here as our specialist. He will be introduced further in a moment. Lorrainne Dixon is here. Richard Rosenberg is with us as an expert. And this is Darrell Evans.
I want you to know that you're all on television. You will be on CPAC. I don't know exactly when that will be.
The Clerk of the Committee: Next weekend, I hope.
The Chair: Next weekend, we hope. Thank you very much.
Nancy Holmes is our researcher from the Library of Parliament, and an expert in this field.
[Translation]
Valerie, you have the floor.
[English]
Ms Valerie Steeves (Consultant to the Committee): Thank you very much, Mrs. Finestone.
As Mrs. Finestone indicated, in order to provide our discussions here today with some social and personal context, the committee is presenting you with three case studies that deal with video surveillance, genetic testing, and smart cards or biometric identification. As you know, these case studies or stories try to illustrate both the benefits and the detriments of these technologies.
We hope that through discussing the impact of these technologies on the lives of the individuals in the stories that we'll begin to understand two things: first, what privacy means to Canadians, and second, how we as a society can seek to balance the benefits of these new technologies with our underlying social values, including our commitment to privacy.
.1225
You, the participants here today, represent a broad cross-section of Canadian society. Among you there are representatives of advocacy groups, banks and insurance companies, general business associations, crown corporations, disability organizations, educators, genetic researchers, health workers, human rights groups, multicultural organizations, labour unions, police officers, lawyers, media, technology firms, telecommunications companies, cable companies, and youth.
But to best explore the diverse perspectives you're bringing to the table, as Mrs. Finestone indicated, we'll begin the consultation by dividing into small groups to discuss the case studies. Each of these small groups will be facilitated by an expert in the field of privacy rights. Each of these groups will also include at least one committee member who will participate in the discussions.
Once we've had the opportunity to explore the case studies in our small groups, we'll reconvene the general meeting and have a town hall discussion about the issues they raise.
To start the town hall we'll be asking the committee members to summarize the major concerns that were raised in their small groups. We'll then give the small group facilitators, who bring a lot of expertise to the table, an opportunity to add any comments or concerns of their own. Then we'll open the discussion to the floor.
We're looking forward to an open and free-flowing discussion between you, the participants, the committee members, and the experts about the meaning of privacy in a technological age.
I'm privileged to introduce the four people who will be facilitating the small group discussions today.
Lorrainne Dixon is the director of the Office of the Information and Privacy Commissioner of British Columbia. She's responsible for monitoring and overseeing the work of the professional staff of the commissioner's office.
Lorraine worked as a nurse for 10 years before returning to law school. She obtained her LL B from the University of Victoria and articled with the law firm of Owen Bird in Vancouver. Following her articles, Lorraine worked for the provincial ombudsman for eight years as an ombudsman officer. She joined the commissioner's office in November 1993 and was made director in April 1994. She has considerable experience in the area of administrative law and with fairness issues.
Colin Bennett teaches in the department of political science at the University of Victoria, where he's an associate professor. His research interests have focused on the comparative analysis of public policies to protect personal data at both the domestic and the international levels. His cross-national study of privacy protection policies provides insights into how different states with different cultures and institutions have responded to the threats posed by information technologies.
His recent research has focused on the regulation of new data processing and surveillance practices such as data matching, data profiling, and the development of personal identification numbers and identity cards.
Colin has written and spoken extensively on privacy issues. I'm sure most of you know him because of that. He's completed a report for the Canadian Standards Association also, which analyses the potential for the new CSA model code for the protection of personal information and recommends ways in which it can be implemented by the Canadian private sector.
Colin has also been a consultant to Industry Canada and is currently a member of the provincial Advisory Council on Information Technologies.
Richard Rosenberg is an associate professor in the department of computer science at the University of British Columbia. His research interests encompass the social impact of computers, particularly in regard to privacy, free speech, intellectual property rights, access, work, and education. He also does research in the field of artificial intelligence and natural language processing by computers.
Richard's book, The Social Impact of Computers, which was first published in 1992, provides an insightful analysis of the relationship between information technology and social values.
Lastly, Darrell Evans has been a great help in creating enthusiasm for this conference, and for that I thank him. I know he's contacted a number of you to encourage you to participate.
Darrell is also the founder of the British Columbia Freedom of Information and Privacy Association and was president of the organization for three years. Currently he is the executive director. Darrell is a frequent speaker on the issues of freedom of information and privacy.
Prior to founding FIPA in 1990, Darrell spent most of his professional life in the areas of marketing, communications, and public relations. He's also written many feature articles on health, environmental, and political issues and designed and edited a number of publications for various clients.
In 1986 Darrell turned his attention almost exclusively to public interest issues and advocacy work, mainly in the areas of health, the environment, and most recently information policy and law.
.1230
When we divided you into small groups, we endeavoured to create groups that would contain as much diversity as possible, although somewhat random a division as well.
You'll notice your name tags are coloured-coded, if you just want to take a minute and see what colour they are. If you're wearing a blue name tag, you'll be meeting with Colin Bennett. If you're wearing a yellow name tag, you'll be meeting with Lorraine Dixon. If you're wearing a green name tag, you'll be meeting with Richard Rosenberg. And if you're wearing a red name tag, you'll be meeting with Darrell Evans.
When you get into your small groups in a moment, your facilitator will start by asking you which of the three case studies you'd like to start with. Our time together is extremely short, so please remember the case studies are there really to provide you with a starting point for your discussions. Please feel free to spend as long or as short a time as you wish on each of the case studies, to draw linkages between the three, and to voice your concerns about how these new technologies impact on your sense of privacy.
Does anyone have any questions before we start?
We will have an official suspension of the meeting in a second. We will be reconvening for the town hall at 11 o'clock sharp.
For the benefit of the people who will be viewing this on television, the case studies are available on our World Wide Web site. The site should be shown at the bottom of your screen, if you'd like to check it out.
Mrs. Finestone.
The Chair: Thank you very much. Actually, you are very much a part of the communication to the population in general across Canada. Thank you very much for bringing that World Wide Web to our attention.
While we suspend the session for a few minutes while we each find our own table, I suggest the viewers check out the World Wide Web, if they have such a facility, and read the case studies. Then they'll have some idea of the discussions that will be taking place around the table.
Please have a good time and quickly find your place.
Welcome, Patricia. You are here as a specialist for us at our first series of round tables, so I'm very pleased to see you back here.
.1233
.1407
The Chair: We will now resume this sitting of the Standing Committee on Human Rights and the Status of Persons with Disabilities. We will start the town hall, which will include reports from the committee members who audited each of the round tables and then a point of view and expression of opinion from our experts who were good enough to animate those tables.
Valerie.
Ms Steeves: Mrs. Hayes, would you like to start.
The Chair: I think you should point out that we're in Mrs. Hayes's part of the world, and very pleased to be here.
Mrs. Hayes: Thank you.
I must say, we had a fascinating conversation in our group. I enjoyed it immensely. I hope the others did as well.
In terms of reflecting what the issues were, if there were two overriding ideas in our group I think they were, first, who has the information, and second, what will they do with it?
As we opened up it was actually quite interesting. It was brought to the attention of our small group that even in coming to this committee hearing there were examples of those two very issues. In terms of the negative option of sending out the package, there was some concern that this indeed was perhaps an overstepping of the fact that people were here. Having TV cameras in the room was also perhaps an infringement of the privacy of the people here.
I guess that's an example of how many different ways assumptions can be made that information is either wanted or accumulated. We even see it here.
Going on from that, we went to basically two areas of discussion. First we looked at the genetic testing area. We took a look at the case study there briefly and noted that perhaps it didn't quite reflect the actual circumstances.
There is case law that does protect what that case law seems to put forward - that was the committee information, anyway - but there is actually no legislation that protects that type of DNA collection. Right now informed consent is required, but I don't think that was pointed out in the case study. Basic questions on the case study went to the informed consent issue. We'll get to that in a minute.
.1410
An interesting piece of information from the committee is that the Vancouver General Hospital's records will be on-line July 15, stored outside the hospital. Again, there are the issues of whether we can trust what's happening and what will happen to that information. Specific to HIV information, but certainly generally speaking, the questions of ``Who knows?'' and ``How is it being used?'' came up again and again.
In terms of informed consent, if specifically the disabled community has specific concerns in that area - how information is obtained; how it's defined in the thing that will obtain that information; the necessity of plain language and accessible format; what the collection of that information means to the person who is asked to give it; when someone is injured and says, yes, you can have this information, there's an implied coercion there of some kind; who has access to that information; the limits of the retention and the scope of where the information goes - then those are issues that need to be looked at.
Then there are the newborn samples and the fact that there's potential use of DNA information for every person born - in B.C., anyway. Hospitals do collect that information for the long term. What happens to that?
We talked about the implications of discrimination on the basis of disability being part of any DNA testing and onward-going considerations. The insurance industry had an interesting conversation here, actually. If we can rate the potential of heart disability with DNA, where would the limit be in rating? Right now we allow some history to be used to project risk in the future. Where do we limit that as DNA stuff goes on? It's interesting.
In justice issues it was also interesting, the balance between the conflicting rights of the safety of society with the rights of those who might be suspect. There was great concern in our group about a police state mentality. There was a lot of rejection of that.
Again, there was an interesting example. Say there were five suspects in a crime, and that crime could be solved by testing those five suspects with a DNA sample. Right now, warrants can only be put if you have suspicion of actual guilt. These are just suspects. Could a warrant be given to all five? What would be the threshold of a warrant being applied as opposed to just one person?
As well, is it an oxymoron to have freedom of information in the same sentence as privacy, or having the same in the same department? This led to whether there is a balance between these two concepts or actually an inherent conflict between them. What do we do with that? Again, there's the need for more education on both of these concepts, and more public input.
In terms of having access to our own records, what the smart card does - or should do - is put control in your hands, but it shouldn't be putting control in other people's hands, of course. Then we get into where that information goes, or even the technology risks, shall we say, with hackers and so on.
There were a number of other issues but I won't spend a lot of time on them. I think a key concept is that just because we can do something, does that mean we should do something?
.1415
I don't want to spend too much time besides what I've just said, but towards the end, when we talked about the importance of privacy and the right to privacy, the decision was made in our group that privacy rights don't necessarily trump all other rights, but they are very important.
In the discussion itself we realized that privacy is more fragile than we thought and that action does need to be taken on privacy rights. The awareness was raised, and because of that I think there was general consensus that the public in general needs to know more so this can be addressed and limits can be set at the levels they should be.
The other thing that came up is if government doesn't do something about this, the question was asked, who will? It does need some action at the government level, because government is there to act in the public interest and that is government's responsibility. But in order for government to act in the public interest, the public has to be part of the conversation. If a simple question is put to the public right now, the response will not be appropriate, because they don't know what they should know about what is there or what the potentialities are.
That's my summary. Thanks.
Ms Steeves: Thank you very much, Mrs. Hayes.
Ms Augustine, would you like to give us a brief summary of your discussion as well?
Ms Augustine: Thank you.
Our group was ably led by Darrell Evans. Darrell took us through the paces. The members of the group were excellent individuals who have been working in the area and thinking about the whole topic, so our discussion was really an excellent one.
I tried to put on here some headings that will help us to focus on the thrust of the discussion. At times there will be some repetition here and there, but I'll quickly go through this.
We started with the case study on genetic testing. We looked at the summary of events that occurred as a result of someone saying, ``Yes, you can do this testing'' because the individual needed it at the time. We talked about the whole issue of sharing that information and who has the right to that information.
We talked about government and data banks. Again, there was an expression that maybe government has no right to accumulate all kinds of data banks with information on individuals.
We spent a good deal of time in the three case studies dealing with the issue of control and ownership. We went back and forth with the issue of control. Who controls? Who owns? Who gives consent? Then we spent some time on the question of consent. When you give consent in a trauma situation, in a medical situation where you want to be attended to, and you say, ``Yes, do this'', is this really informed consent? What is informed consent?
Testing should not be done automatically. We went on, as one does in a group discussion, to connect this with the issue of AIDS testing, etc. We went on to discuss the whole issue of compelling reason for the collection of material - whether it's hair, blood, fluid, etc. - from individuals. Who has access? What should be saved? What reason is there for saving the specific information? What use is made of it?
We spent some time on the issue of proprietary interest as related to ownership and illicit means to good ends. We were philosophical as well as looking at the judicial aspects of the collection, ownership, and retrieval of as well as the rights to the information. Can we retrieve that information once it's disseminated? Is it possible to do that?
.1420
Then we went back to the collection, the use, the disclosure, the specific right, and the prescription of all of this and what part of all of this is disclosable. We had a discussion around power and imbalance. Who is asked the question of consent and who is asking? We looked at the power imbalance in that arrangement.
We talked about invasion of privacy, and again we had individuals who felt that when we talk about an issue on a case-by-case basis, we can talk about the invasion of privacy in terms of the public interest aspect when you're looking at a technology that serves the entire public. We went on to discuss again the value of the person and the dignity of the person.
Technology, as one individual said, is the tail that wags the dog. We can create some artificial need. Technology can create the need, and we feel that with economic factors and others, we have to go ahead and do what needs to be done.
Then we went back to the safeguards, informed consent, codes of ethics, and breach of confidentiality. We have several rules already on the books in the provinces and in federal systems, and maybe what we need to do is educate the public as to their rights. Individuals should know their rights and know the law. People are more vulnerable simply because they're unaware of what their rights are. Their decision to say no, their decision to ask the right questions...
We went on to look at video monitoring, and again the discussion was a lively one in this regard, because we had a director from B.C. Transit, who spoke to us about the video monitoring that's done in that system. We spent some time discussing the issue of deterrence, the public will, and the reasons individuals feel safe in the system. It's not really officially identifying individuals, because the system is erased every half hour - it's one of those loop systems that changes as it goes around - but it could be a limited-purpose surveillance if there were an incident of some kind.
We heard about what could be done in terms of policing and other activities in the case of a riot or when all of the forces and all of the monitoring do come together to give a picture of who and what were present at a specific function. We talked about permanent record technology and its use in the workplace, etc., and had a lively discussion there.
Then we quickly went on to smart cards. Who owns it? Who can do what with the information? Who gives genuine consent? What is genuine consent? We talked about data matching - can you opt in; can you opt out? What are the fire walls that are built between the different pieces of information?
Darrell has an excellent schema or diagram that he's drawn, showing the different boxes where things are fed in and out. I said maybe if he copyrights that or patents it, he can share it with us. It does show in a very visual way how information is passed from one box to the next. Of course I'm sure he has a fire wall in between.
The Chair: He says we can have it.
Ms Augustine: Even without Bill C-32?
The Chair: Yes, the copyright bill.
Some hon. members: Oh, oh!
Ms Augustine: We talked about the concern around housing all that information in one place and the concept of one-stop shopping. One-stop shopping may be an excellent way to operate in several spheres, but we feel that when home ownership, driver's licence, and everything about an individual is placed in one spot, that could be problematic.
Then I was trying to probe the whole issue of what we need to do as legislators and what we need to walk away from here. What do we need to do in terms of regulations, legislation, amendments to codes, enforcement of codes, etc.? What we got was, ``Legislation and regulation if necessary, but not necessarily regulation and legislation''. We have several things on the books that we could enforce.
.1425
As well, this should be an ongoing process. There was a sense in the group that we should keep that discussion going among Canadians, among all of us, to ensure that as we get more and more into the technology we are preparing our public to respond to the technology. This is but the beginning of what the group sees as a process that maybe would keep Canadians informed, and we'd all be the better for it.
Thank you.
Ms Steeves: Thank you very much, Ms Augustine.
Mr. Bernier, would you like to give us your summary, please.
[Translation]
Mr. Bernier: I'll certainly repeat a few of the points already raised, but as I'm in charge of the French part of the presentation, you won't mind if I emphasize some of them. I jotted down some notes on this little notepad rather than on loose sheets. Our chair gave us an excellent summary and I'll explain the substance at the end.
In our workshop, with Mr. Bennett as our excellent facilitator, we did not wind up with diametrically opposed views. We discussed the three cases or examples that had been submitted to us. We raised a certain number of points that I'll be emphasizing. Our writer friend will also give you a summary which, I'm sure, will be very well written.
A bit like in the other workshops, we had questions on why video surveillance was used. Why is this technology being used? To what ends? What's done with the information? Who uses it? Just as the members of other workshops, our members pointed out we should try to strike a balance between the positive aspects of video surveillance, such as security, and the negative aspects having to do with intrusion into one's privacy.
Mention was made of the banking area where there's a code for self-regulating or regulations that also apply equally elsewhere in private life. In our workshop, an expert in genetic testing pointed out that the example given was more or less relevant because the problems raised weren't necessarily a reflection of reality especially in the medical area where there are very strict protocols followed to the letter by the medical practitioners. On the other hand, it is recognized that any new regulations stemming from legislation should examine the problems raised by genetic testing. When someone goes for genetic testing, that person is not the only one concerned by the results. In other words, not only do we gain information on that person but also on that person's total family. People who have never given any consent might be affected by decisions whose origins they don't even know. This is a serious problem that was emphasized and it should be taken into account.
It was also said that one can undergo genetic testing for a very specific purpose but that in this case also the results could be used to other ends. Lack of monitoring can lead to very serious problems.
.1430
Naturally, as in the case of video surveillance and smart cards, it's always the warehousing of information that concerns people. In other words, what is being done? How is this information being kept? What kind of control do we have over the information and, mainly, who can use it and how?
Mr. Bennett pointed out the need to have a consistent system in the area of smart cards. Instead of living with the sort of mess we have today, where you have a considerable number of possibilities and cards and where there's neither regulation or control, it might be preferable to have a more consistent system. Will the day ever come where we'll have only one card for all our needs? This might be a bit of an illusion, but one would hope for more consistency.
I think I've expressed the broad concerns of the people in our workshop. As I was saying, we also mentioned the lack of regulations in this area. Here again, there are still questions: what information is being kept, what is being done with it and who uses it?
In conclusion, our concerns are similar to those expressed by other workshops and you can see them on the loose sheets stacked behind me. We would like to have more regulations, more framework and we'd like to see the federal government doing something. We did not address the problems of jurisdiction, but we expect this could be done through cooperation at all levels of government.
Mr. Bennett pointed out that in 1998, the European Economic Community will be regulating this whole matter of privacy, which will have an impact on international trade because those countries that have no regulations in that area could be refused access to the European Economic Community market. As there's almost total absence of legislation, Canada must intervene as soon as possible. We know that here, in Canada, only Quebec has legislation and monitoring organizations. The members of our workshop summarized their concerns when they said they hoped they'd see something done as soon as possible.
That is all, Madam Chair.
The Chair: Thank you.
Ms Steeves: Thank you, Mr. Bernier.
[English]
Mr. Assadourian.
Mr. Assadourian: Thank you very much.
Our group was led by Mr. Richard Rosenberg. We had to change the reporting, which means the first part of the presentation will be by Sheila Finestone and the second by me.
I'll summarize what you have to say, if I can, and then you can summarize what I have to say.
The case was presented to us by our leading person, Richard. We agreed to discuss genetic testing first. So genetic testing will be discussed by none other than Sheila Finestone.
The Chair: Thank you very much, Sarkis. I didn't expect to have this wonderful pleasure.
What we looked at essentially was that with regard to DNA, that's a very personal piece of information. It differs significantly from video surveillance or smart cards, in many instances, because you have the potential for inadvertent disclosure and a question mark as to whether or not it is informed consent, which I think my other colleagues have already mentioned.
What are the controls? This is an extremely intimate matter. When your privacy is lost it's not recoverable. In terms of the question of HIV and AIDS and genetic deficiencies - single genes, etc. - just how far do we have to go?
The information with respect to health should be protected as a separate entity. There are too many ways to have access to this information. Whether or not the hospitals have protocols doesn't matter; it's on the nurses' charts, it's on the interns' charts, and it's on the doctors' charts.
.1435
Often the accuracy of the information in the whole field of DNA testing is under question. Access to that information for yourself was also questioned.
With respect to genetic testing, you can also take a look at blood testing. Within blood testing, which is different from genetic testing, you can also find out things that can have an impact on your insurance, on your employer and their relationship with you. The differentiation, whether it be genetic testing or blood testing, requires an informed form of consent: better awareness, better understanding, better education. That way you know what we're talking about.
A great discussion, Sarkis - and I know you had to leave the room on personal business - on the question of the...[Technical Difficulty - Editor]...the researcher and the role of the ethics commissioner. We had quite an exchange around this table. It was an extremely interesting discussion with respect to the need for a data pool versus anonymous approach to the need for data collection.
I think there was no question that we have to separate it out. It has to be anonymous. You need that fire wall. Disclosure should be at the request of an informed consent procedure. There should be very clear rules of conduct or protocol set out before the research even is embarked upon.
Remember - this was a warning from many - that eugenics, with the familial implications and the way it can affect the families, is very important. This brings to mind something I wanted to bring to your attention, the rights of the child.
You mentioned, Sharon, the question of DNA testing of newborns. Where is the right of the child protected in that piece of information if it's collected?
So I would say the general finding was that privacy has primacy. It is first and foremost the responsibility of the individual. The role of the ethics committee, as I said before, requires that research protocol. There should be no connection made to the person. It has to be anonymous information with no tags, no SIN numbers, no social insurance numbers - nothing attached. But if you need to go any further, then you need fully informed consent, which takes a good deal of time and discussion, not just a check on a piece of paper, not under duress of illness or accident. What information will be sought should be known, and the fact that you can withdraw from the undertaking.
I think Mary indicated that very often you're not quite sure what they're going to find out in the way of information. You really have to give an informed consent and make sure you can control the dissemination.
I might summarize it by saying there is a potential for finding out information about yourself that must be understood. You need to know that you have control management, because some of this information is explosive. You can open a Pandora's box both personally and collectively.
We need to protect ourselves. They use the Justice Krever piece of research to indicate the concerns around who has access and who has the right to the information so that we can protect ourselves and that professionals under codes of privacy remember they should be there.
Again, if we can do it, does it mean we should do it? Should we go ahead? It seemed to come out again that there doesn't seem to be enough in the way of checks and balances, and access rights to ownership and research. The charter should protect the right to privacy as a first factor.
I think you can go on from here, Sarkis. You came in on the issue of video.
I will say, again, the European issue was brought to the fore in terms of the question of consent and confidentiality of personal information. It should be protected, and we should look at that model.
There was also something about the Supreme Court, that we need to set moral grounds.
Sarkis, go ahead.
.1440
Mr. Assadourian: Thank you very much.
If I could summarize, I think videos, genetic testing and cards are necessary evils. The question is, who do you trust?
We have two actors - the government and private industry - and no matter which one you trust you have to have some controls so that you can both protect yourself and balance the need of society for security and safety, such as following up on crimes or whatever the case may be, or the abuse of trust. That's basically the most important point that has to be made.
In terms of video, the question was asked, ``What must we know?'' For example, one of the participants mentioned that she feels secure when she walks down the aisle or whatever the case may be, just knowing there's a video. In case something tasteless happens, she feels secure knowing there's a video there. If something happens to her, the police will go after that situation and correct it if possible. So there's a need for safety, and the feeling was that there is a safety valve in this whole system.
We also discussed the possibility of someone getting hold of this information to sell and make money on in terms of the information they have on you. In other words, they could blackmail you, extort money from you, or whatever the case may be. Again, it's a matter of trust.
It's very easy to get into the business of security surveillance. You don't have to go to school. You don't have to be a lawyer. Basically, you pay a $10 fee, register your organization and you get lots of information - this depends on what you can do, how much you spend - and then you can start your own business. The question is, once you start the business, who controls the information you have? There is no regulation that says who controls and how far you can go using that information.
Once we start putting regulations in force we have to consult the people to balance their needs with the needs of the law and order enforcement organizations.
Someone asked what a smart card was, and how many cards we carry. The idea came up for a ``super'' smart card. What kind of information should we have on that smart card to make sure it provides easy access to consumers and at the same time gives enough protection to society?
We went on to ask what we then should do. Do we need legislation? The answer was, yes, we need it. We need to get action. We can't wait too long. We have to catch up with technology and make sure we protect ourselves with the coming of new systems in place.
As well, the question was asked, ``What is personal information?'' We don't know how much of it we have to give away to the system. There was an expression of urgency. We have to act and we have to balance our rights with the state's right to protect society from general abuse of the information we provide to the system.
That's the summary. If I can put it in one phrase, there is a need to act, and as fast as we can. It would be better for everybody, I think.
Thank you.
Ms Steeves: Thank you, Mr. Assadourian.
Before we open the discussion to the floor, we're going to ask our four facilitators if they have any comments or concerns of their own they'd like to add.
Darrell, why don't we start with you.
Mr. Darrell Evans (Executive Director, British Columbia Freedom of Information and Privacy Association): I think the committee has done an excellent job of laying these issues out. I was very impressed by the package. The picture of the future it laid out I thought was very valid. I think that's where we're going unless we do something. So I really want to thank the committee for this.
The human rights approach is the right approach. I think part of the confusion over the privacy debate is that it hasn't been seen as a fundamental one. It's not rooted in a kind of a grassroots feeling. We also need a definition, or a firmer idea in the public mind, of what privacy really is, what we mean when we say privacy.
I would suggest that this process become an ongoing process. I've already suggested that to Valerie. Perhaps this group, or a version of it, might meet again in four months, or give ongoing feedback to the committee and also help facilitate broader discussions in our own area. I'd be very happy to help with that. I'm sure others would as well.
.1445
I think privacy has to be seen as a basic human right. To me, privacy is an essential part of human freedom. Reading through the case studies, which I thought were excellent, the picture I got was that what freedom is there in a society where those kinds of scenarios can play out? Indeed, I think we will have them unless we legislate or regulate. The real debate will be how we do that, and exactly how we approach that.
We face a future where we're going to be overwhelmed by technology. The old phrase ``technological determinism'' is the one that's used a lot. Do we want our destiny to be determined by the kinds of technologies we're capable of? In our discussion group several times the word ``dehumanized'' came up - that is, it's a dehumanized picture of a future society.
I think the vanishing of privacy would be a victory of materialism over the human spirit. I find it very hard to picture what kind of room there would be for creativity on the part of human beings in such a world. I feel the virtual bars closing in faster and faster in a world like that.
We are constantly told it is a more secure world, of course, a more efficient world, a world that catches fraud much better, but to me, that is the victory of bureaucracy over human creativity. An old phrase comes to mind here, that we know the price of everything and the value of nothing.
What is our goal in all this? What do we seek for individuals in this? We want to put individuals in a place of causation rather than being a complete effect of technologies and of a gradual erosion of our privacy. If we are to maintain human freedom, I think that's what we have to do.
Ms Steeves: Thank you very much. Richard.
Mr. Richard Rosenberg (Individual Presentation): Coincidental with this meeting today is that over the weekend The New York Times announced a new report from the National Research Council in the U.S. on the privacy of medical records - in fact, the privacy of medical records electronically - which I then went and downloaded and looked at. So the wonders of the information age are obvious. Privacy issues, however, are a price we have to pay.
I want to quote something from one of the people involved in this proposal, Dr. Clayton of the Medical Information Specialists at Columbia-Presbyterian Medical Center in New York. He said:
- Today there are no strong incentives to safeguard patient information...because patients,
industry groups and government regulators aren't demanding protection.
We know that the result of this report in the States will not be a congressional subcommittee investigating possible government legislation in the area. We have some hope in Canada that the government will act at some point - I would hope before 2001 - to implement a comprehensive system of legislation. This is one of the areas most people in the group I was with today supported, and I think that's the way to go.
I have one other remark to make about electronic aspects, which were not really the subject of today's meetings. I'd like to point out to many people who are on the web or who download information or go visit web sites that one rather insidious aspect of this whole process is the background gathering of information about anybody who does this. When you go to a web site, automatically information is gained about your computer ID, typically, what computer you're on, what country you're from, what your operating system is, and even more.
If you have implemented the part of your web browser that indicates whether a ``cookie'' is being demanded from you, you will also note that most sites will ask for a cookie - a typical euphemism for a much more complex issue of information that is gathered about you and stored in someone's system.
.1450
My final remark is about government web sites. One would think, or one would at least hope, a government that has some interest in privacy protection would make sure its own web sites aren't involved in gathering information about individuals who visit them for information that is being disseminated.
The Chair: I'm sorry. If I may intervene for one second... I shouldn't be doing this, but I can't help but do it, since people are watching. How many of us know about the broader data shadows - and perhaps that could be addressed - versus this ``cookie file'' you're talking about, which I never heard of before in my life? I wonder how many web site users know they can be followed, traced, listed, etc. - targeted.
Mr. Rosenberg: There is an option in the browser for indicating that every time a cookie is demanded, you're informed. You have to make an active step to institute that. Once you do it, you will find out all the places that either...
In the old days they not only wanted a cookie, they wanted to store it in your computer. So it's nice. It's another distributed database. Every time you go back to that site, they can visit your computer and see whether you've been there before and what you did. In principle, that's why they want to do it, in the reasonable attitude that they want to serve you better, which I think is the view for lots of loss of privacy: to serve you better.
Now what they do is they ask, may we take a cookie and download it on our computer, or on our system, and it will last until December 29, 1999? I have no idea where these numbers come from. Now they will store it, but you will have to give it to them. If you say no, they start downloading some other stuff. But some of the sites, every time you say no, would ask you again and again and again and again.
The Chair: Thank you.
Ms Steeves: Lorraine.
Ms Lorrainne Dixon (Director, Office of the Information and Privacy Commissioner for British Columbia): Thank you. I would like to take the opportunity to speak more from a provincial perspective here, with all due respect to the federal committee. We're the statutory watchdog for privacy concerns in the province and as such often are very much bucking the trend. Often the public are told all the good things about any of the new technologies: the video surveillance, the DNA testing, the smart cards, ID cards. The benefits are often more than generously placed before the public. Our role is often to point out the loss of privacy. The implications of how this technology will actually affect the individual don't always make us popular, but I think that's a very important part of our role. We see education of the public as something that's absolutely fundamental to understanding what your rights to privacy are.
Most people should be aware that you have very different rights to privacy. I am very much an advocate of the position of privacy being a basic human right. Under our legislation of course it's a statutory right, and only to certain types of information, stored in certain places. As citizens of this province you have different rights for your access or your privacy rights to police files if you happen to be in a jurisdiction that has a municipal police force versus a federal police force or the RCMP. If the information is held privately you have very different or very minimal rights, as opposed to if it is held in a public body. These are all things that should be of grave concern to us, having gone through the advances in technology, realizing most of them don't come from government initiatives, most of them are being driven by the private sector.
Something concrete everyone in this room can do is to participate in the four-year review coming up for the freedom of information and protection of privacy legislation. It's mandated to begin in October of 1997. I urge you all to be in touch with your MLA and to ask that this be a public process, so the privacy provisions can be strengthened, perhaps being extended to the provincially controlled private sector, such as credit reporting. It's certainly an area where everyone can have a voice on a number of these concerns.
The Chair: Lorraine, first of all, that was fascinating. Secondly, anything we would do would be in federal-provincial jurisdiction, so it would have to go to the federal-provincial-territorial, or FPT, committee.
I would like you to respond to something that was brought up in a group about once you have given your report. First of all, what's going to happen now with B.C. Tel and the Phamis, which are going to work together to install a clinical information system at a Vancouver hospital? We note that it's a foreign-owned undertaking and it will save - I think this is commendable - $15 million annually for the hospital. Where is the protocol to protect privacy? What are the rights of foreign ownership based on provincial law? As a matter of fact, the Phamis project is a $20 million implementation by ISM-BC.
.1455
This was brought to our attention and has been printed in the Canadian Healthcare Technology magazine of January 1997. Could you comment on that?
Ms Dixon: I can certainly comment on what our perspective would be. Our view is that public bodies, of which Vancouver General Hospital is one, under our provincial legislation, cannot contract out of their statutory obligation to protect personal information. Obviously the question then becomes what happens if the Phamis company discloses this information. Our legislation has some penalties for wilfully disclosing, but they are not particularly good. You have to work under the Offence Act, so they're not very good. Certainly our view is that you cannot contract out of your statutory obligations.
What we look for - it's happening; a number of computer companies are coming in - is audit trails. That's your threshold: who has actually had access to the information. We may look to make sure there are fire walls between the various sensitive databases. We certainly would support encryption of data before it flows.
One of the things we're actively working on right now is to try to get a privacy code in place for physicians in the province, so before they can go on-line from their doctor's office and access any of the computers in the hospitals, which are public bodies, they would have to be adhering to a privacy code. So the data would be protected regardless of whether it was in the public body or in the physician's office.
The Chair: And nurses' stations and interns.
Ms Dixon: The nurses' stations are part of the public body. They are employees of the public body, so the public body would be accountable for their behaviour.
The Chair: Thank you.
Ms Steeves: Colin.
Professor Colin Bennett (Political Science Department, University of Victoria): Thank you. I too would like to congratulate the committee on this initiative. Like Darrell, I hope it continues in some form.
Yes, privacy is a fundamental human right. I don't think anybody would disagree with that. It's not an absolute human right. It does have to be balanced against other responsibilities. But it's also a human right that needs to be translated into practical policy in complex private and public organizations, and the first brief point I would like to make is that we already have a set of privacy principles, in federal and provincial legislation, in the CSA standard that was referred to, in international agreements.
When we were talking about those three case studies in our group, I was struck by how often we reverted to some of those basic principles. Organizations should be open about their policies. They should be accountable about how they use personal information. They should collect only relevant information. They should tell individuals at the time of collection the purposes for which they are collecting that information. They should not use that information for other purposes. They should keep data accurate. They should keep it secure. They should allow individuals rights of access and correction. These are the principles institutions such as Lorraine's implement from day to day. We do not need to reinvent the wheel here. Although new technologies have distinctive qualities, in my view most of the problems associated with the introduction of new technologies, whether video surveillance, smart cards, or cookies on the Internet, can be dealt with by the application of those basic principles.
We also do not need to reinvent a policy here. But when we were talking about remedies and solutions in our group, we came down to four things: framework legislation; an overall set of principles that are put in federal and provincial law and that state the basic rules of the road; codes of practice that can be applied to specific sectors and specific technologies, such as video surveillance, genetics, the Canadian Bankers Association, the Canadian Direct Marketing Association, which can be allowed to be more specifically applied to individual sectors...
The Canadian Standards Association's model code for the protection of personal information is an extremely crucial instrument in this respect. It has been negotiated by the public and private sectors and consumer groups. Anybody who does not have a copy should have a copy. It's the national privacy standard of Canada. It's accessible on the World Wide Web at www.csa.ca.
So codes of practice, privacy-enhancing technologies, such as smart cards, encryption, digital signatures, etc., and consumer education...
Those four policy instruments have all been stated by the federal government as constituting the federal government's policy in this regard. All are necessary. None are sufficient.
.1500
So again, I don't see that we really need to reinvent policy tools here. What we really need to do is to make sure the federal government does what it says it's going to do, which is to introduce federal framework legislation by the year...I thought it was 2000 rather than 2001, but I don't know; maybe that's political.
So three messages, really. We don't need to reinvent the wheel. We do need to coordinate all these different processes: federal, provincial, private sector organizations, Department of Justice, Department of Industry, this committee, and probably many others. And we do need to put constant pressure on the federal government to do what they have already said they are going to do.
The Chair: I just heard what you had to say, and we've had the Minister of Justice and the Minister of Industry, whom we heard at an international conference. I got the sense that most of this was dollar, market, consumer focused. A marketplace ideology and perspective and perceptions and realities were being dealt with. I'm curious whether you think human rights and personal privacy were addressed at all, and if so, in what way.
Prof. Bennett: It's true the trade implications, particularly the pressure from the European Union, and particularly the market implications of the privacy patchwork in Canada, have brought this issue to the agenda. I wouldn't deny that. I think it's also true there's a danger of the human rights dimension of this being overlooked in thinking about the -
The Chair: But you didn't say that. You said we don't need to reinvent the wheel. It worried me, because I didn't hear the words ``human rights'' once from you in your report. Maybe I missed them.
Prof. Bennett: The point I would make is the privacy principles the private sector has agreed to in their codes and in the CSA standard I would see as completely consistent with a human rights perspective. They are often not emphasized, but I think they're completely consistent. The data protection principles and the fundamental privacy issues this committee is dealing with I see as completely compatible.
The Chair: The last thing. There was so much discussion, as my colleagues pointed out, on the issue of human rights with respect to physical monitoring, which is the cameras - and there are good and bad aspects, if I can put it that way...there is the public good, there is the private implication, and there is the whole question of genetic testing and biogenetics. How did you see that being covered in the protocol?
Prof. Bennett: In other countries, as I mentioned in the group, they are beginning to develop privacy codes for things such as genetic information, and they are specific to that type of information; and the same with video surveillance, but under the aegis of the framework legislation, which establishes the basic principles. What I would like to see if I could wave a magic wand is the principles placed in legislation but then power being given to the privacy commissioners to establish and to negotiate specific codes of practice that are directed at specific technologies in specific sectors, because it's those codes of practice that are perhaps more flexible about emerging technologies That's what happens in other countries.
Ms Steeves: Thank you, Colin. I have a feeling there are a number of people out there who would like to respond to that.
The Chair: We are in full public session.
Ms Kay Stockholder (President, British Columbia Civil Liberties Association): My name is Kay Stockholder. I'm president of the B.C. Civil Liberties Association. There are a few points I would like to make. One is about the definition of privacy. It came up several times. I would like to offer what is not a definition but the core of a definition. That is, our sense of privacy has to do with when what we know about another is equal to what they know about us, and that's the definition of an adult relationship with other human beings.
.1505
The exceptions to that of course are ones where we give our consent to an exception. I think it has been mentioned that there is a danger in all this where our definition of privacy gets eroded, but I think it should be clear it is not being changed neutrally. It is being eroded if we lose hold of that core. That is, our dignity depends on an equality of information about each other, and of course that would have to be refined for different contexts.
The second point I would like to make is that in the kind of policies Colin Bennett was talking about two important questions should be addressed before anything else is done. First of all, the context should constantly be kept in mind. That is, the dangers we're addressing do not arise - and this has been clear - from any single proposed or actual technology. They arise from their combination, as one adds to another to increase the sense that we occupy a surveillance society. So the question not only about the impact in the immediate situation but about the way in which these multiply should be kept in mind as part of the examination of whether the introduction of a practice is justified before it's instituted.
Furthermore, there's a wider context. I think it's quite visible in the last example in the information we were given. This young woman, it is quite clear, probably would never have been on UI had it not been for the introduction of such labour-saving practices as are represented in these technologies. With each advance in technology people will lose jobs, there will be more people on unemployment insurance, and therefore there will be more suspicion of them and their buying habits and so on. A whole set of social attitudes was implicit in some of those examples. Those should be kept in mind as part of the context in which this is taking place.
Finally, I want to emphasize that the burden of proof for the necessity of the technology or new use of it should be on its proposer and not on those who object. In some ways there's an analogy here between the imposition of a technology that violates our privacy and the kind of thinking that's involved in our criminal law. That is, from a civil libertarian perspective the Criminal Code should be used only to prevent a serious harm to others and when it is clear that the harm produced by the law itself is not greater than the harm it seeks to prevent. Those principles should be kept clearly in mind.
Mr. Stephen Ward (Individual Presentation): I'm Stephen Ward, with Canadian Press.
The discussion this morning is centred around new technologies: smart cards or whatever. However, there hasn't been a lot of discussion about privacy in the news media. I think the news media are often caught up with fighting their own battles about freedom of information and privacy is not stressed as much. In fact, we're trying to get information, as opposed to complaining about it being revealed. However, there's no doubt the media have a great duty here to try to support the sort of work you're doing, so I would think it might be useful to your committee if some senior editors of news organizations around the country had a discussion and worked up their own principles on privacy in the media and at some point made some contribution to this discussion. Perhaps that will happen, and I certainly would be willing to participate in that.
The other thing is the public education aspect. Most of the news coverage - and I think this was one of Lorraine's comments... We tend to do stories that, well, this is a great advantage, you're going to cut crime down, and all this. Then you come along and say hey, hang on, this poor individual in the Fraser Valley is going to be very negatively impacted by that. I would think we have a much greater public educational role in all this, and that is something you might want to engage the news media in again: writing more stories about the pluses and minuses of this whole area.
I mentioned to Mr. Bennett, and we agreed, that in fact there hasn't been a lot of in-depth publicity on this at all. In fact, most stories are scatter-brained...scattered across the land. Scatter-brained too. Especially if I write it, it's scatter-brained. So this person here is upset, that person in Ontario is upset, this group in B.C. is outraged. Perhaps what I'm suggesting is you give some thought to getting the news media, whoever out there is interested - and I'm not speaking for them all - working with you.
.1510
The Chair: I want to ask you a question, Mr. Ward. I really appreciate the observation you've put forward. The news media has been advised. We put a media alert out across the country. Both in Ottawa - and we had four really fascinating... Dr. Baird was at one of the tables. She can tell you we put people with conflicting interests around the table to offset...and take a look at to what extent the public good is served and where individual rights begin and end. I can tell you quite frankly it was a big disappointment to me personally and to the committee members to note the lack of interest in the media in something that is so personal in terms of the individual who lives in this country and feels we live in a land of freedom. Just how much freedom do we really have - that's the question, first - and where and how do one's rights get protected?
So your observation is a very welcome one. Perhaps afterwards we can find a way, privately, to look at a college for editors or headline writers about disinformation that gets out there. Just the question that those children had a headline to disavow that this was so...
The lack of real address is getting to be very disturbing. Bruce Phillips, the privacy commissioner, raised these issues. John Grace, the information commissioner, has raised the question. It is being raised. The provinces have a major role to play. I know they have raised the issues. Yet we can't seem to get the media to start to make people think about what to do before you fill in the warranty for the toaster oven you just bought.
Mr. Ward: All I can do is offer my assistance. I can't speak for the others.
The Chair: We will call upon you, sir. Thank you.
Mr. Ward: I certainly think there is lots of room for improved coverage of this issue, and I don't mean just in one particular favour, I mean balanced both ways. It's a very complex issue. I can't defend the media in general, except to say I'm interested.
The Chair: Thank you. Balance is a big problem here. That's exactly right.
Mr. Tom McAulay (Secretary British Columbia Coalition of People with Disabilities): Good morning. I'm Tom McAulay, and I'm here representing the British Columbia Coalition of People with Disabilities.
First I would like to commend the panel for bringing this discussion to the floor. What I'm taking out of this discussion is an impression that the entire issue of privacy and protection of our information and so on is a discussion that hasn't very often occurred amongst the public in Canada. I very much appreciate this going on.
That's my opinion as an individual private citizen. However, I'm also here representing a coalition of people with disabilities and came here with the understanding that we would be discussing these issues from the perspective of people living with disabilities.
When I brought this issue up in front of the round table it was pointed out that yes, but these issues are important to everybody across the board. I said yes, I agree with that, and we didn't go into a discussion. But I would like to point out that we need to deal with this in a couple of ways. This is coming to a standing committee dealing with human rights and the status of people with disabilities, yet there has been very little information or discussion on the particular and peculiar issues involved for people with disabilities.
I would point this out. Would a smart card system identify somebody with a visual disability, and is there therefore a loss of privacy in a very public way? The issue of privacy is much different for a person with a disability...perhaps a quadriplegic who requires ongoing assistance and has a relationship with other people... It's much different from the issue of privacy for me as a gay man with HIV disease. There are certain disclosures. Today it is my choice to stand here in front of you and tell you I am a gay man with HIV disease, but where is the protection that that very specific and crucial information won't get distributed and be widespread?
.1515
My point in coming up here is that we need this discussion. We need a much bigger and a much larger discussion on the general and global issues of privacy, but as well we need to hear in very particular ways how these issues affect people with disabilities, considering that it's been a struggle for 20 years or perhaps more to remove people with disabilities from the medical model, which has been very patronizing and hasn't consistently looked at individuals with disabilities as people.
When we are able to bring into the discussion the differences that people with different abilities are experiencing, then we may find some very concrete issues and ideas that could actually affect or address our community.
But thank you again for having this opportunity to speak and meet with us today.
Ms Steeves: Thank you, Mr. McAulay.
The Chair: Thank you very much.
People with disabilities are people, and as for the laws around privacy, privacy is for all people, irrespective of language, colour, race, creed, disability, or sexual orientation. This is the committee that dealt with the sexual orientation legislation; it rejected the first promises on disability management by the government and sent out a task force to reinstate access to disabled...
In order for a society to believe in equal treatment, you have to have differing inputs in order to get equal outcome, as you well know. That was our argument on equal outcome.
The same thing holds for the whole question of privacy - equal outcome. There are competing interests; there's no question about that, as was pointed out. But in competing interests, you have to decide where you want your focus to come down in the end.
I can see a civil libertarian back there not exactly agreeing with what I'm saying. Is that right?
Ms Mary Williams (President, British Columbia Coalition of People With Disabilities): No, I was just thinking that for people who have disabilities, their privacy is affected more than most.
The Chair: That's right, but if you want equal outcome, you have to put into place with greater vigilance the kinds of protections that are needed, right? Yes.
Oh, I'm sorry; I didn't see anybody left at the microphone.
Mr. John Westwood (Executive Director, British Columbia Civil Liberties Association): That's quite all right. I'm just another voice from the Civil Liberties Association, actually. If you invite two of us, you're going to get two comments.
My name is John Westwood. I'm executive director of the B.C. Civil Liberties Association. I want to make a couple of comments about the remedy side of things in terms of what we can do from here.
There are two sectors in our society - the private sector and the public sector - both of which have a very powerful impetus or motive to invade our privacy. It's very difficult to leave it up to the private sector to police itself or leave it up to the public sector to police itself and expect that we're not going to get a solution that's a bit like letting the fox look after the chickens.
So I have a couple of suggestions here. One is in terms of the private sector. I really want to reiterate the necessity for legislation in this area. It's extremely important. The profit motive is very strong. Companies in the private sector are not going to act to protect citizens' privacy unless they're absolutely forced to. That's really important.
In terms of the public sector, I have two suggestions. One is to amend the Privacy Act. The Privacy Act is long overdue for being amended. The privacy commissioner needs to be given order-making power in the area of privacy and the protections in the Privacy Act need to be strengthened.
Second, if we really do consider privacy a human right, then one of the ways we're going to be able to protect it is through charter litigation, and charter litigation is extremely expensive. The suggestion I have is that section 8 of the charter be included under the court challenges program.
Thank you.
.1520
The Chair: Thank you very much. It's the first time I've heard that, and having been one of the initiators of the court challenges program, and very angry when it was cut, I thank you. That's really great.
Mr. Rob Botterell (Individual Presentation): My name is Rob Botterell. I was the government official largely responsible for drafting the province's information and privacy legislation. This has been an area of great interest to me. I want to touch on a few things that came up in our group today and emphasize a couple of things that certainly I've experienced on the provincial scene. But first I want to thank you very much for the opportunity to be here today. I think privacy issues and human rights go hand in hand.
One thing we're attempting to achieve here is to give individuals much more control over how their personal information is collected, used, and disclosed. When we were drafting the provincial legislation, one of the objections routinely raised was that you couldn't have framework legislation covering such a broad range of sectors and organizations and have it succeed. I think you can, and I think in a number of jurisdictions it has been demonstrated that is possible by setting up legislation that has the principles statutorily embedded in it and then allowing for some flexibility in its application, as has been suggested and is being proposed, through codes.
The Chair: Excuse me for interrupting you. Do you mean a generic kind of...then with specifics under each of the sectors?
Mr. Botterell: You need to allow for that flexibility. As we've heard -
The Chair: Through regulation or through legislation?
Mr. Botterell: Through legislation. You have legislation that sets out the principles and then allows, as Colin Bennett has mentioned, for the negotiation or development of codes that would have the force of law under the legislation. That's a way of dealing with the fact that one size doesn't fit all and that in some sectors you do need some special types of consideration, whether it's because of the nature of the technology or it's because of the nature of the sector involved. In the course of your deliberations you will probably hear that isn't possible. I just wanted to say it is and it has been done.
The other issue that will come up is the enormous cost; that privacy legislation is enormously expensive and how can we possibly afford this. There are many principled arguments that no price is too great to protect a basic human right.
About the actual practical implications and implementation of the legislation, one of the things we discussed in our group was privacy impact assessments; before the technology is introduced, looking at how best to structure privacy safeguards. That's also one of the greatest cost-saving measures in implementation of the legislation in a particular sector. After you've built the systems, built the computer systems, started disseminating the personal information, retrofitting to protect privacy is an enormously expensive undertaking. In that vein, I would hope the legislation that is introduced would allow and require privacy impact assessments beforehand, so those types of balances we've discussed all morning can be struck beforehand rather than after the fact, at great expense.
Compliance we've discussed this morning. I think the point has been made a number of times. Suffice it to say there are going to be, and there already are, huge financial benefits to private sector organizations from the dissemination of personal information, whether for direct marketing or for other purposes. So the types of compliance mechanisms that might work in the public sector - I query whether they work, but I think in some cases they do - may not be nearly enough for private sector legislation.
.1525
Last but not least, as an unabashed publicist for the Canadian Standards Association privacy code, I would say we're already on the educational front. On April 19 at UBC we'll be having an all-day workshop on how any private or public sector organization can put the CSA code in place right now, even before the federal government brings in legislation.
[Translation]
Mr. Bernier: Since you were involved in the drafting of the provincial legislation, I would ask you and Ms Dixon what role you see for the federal government in this area. In other words, in what area should the federal government legislate? On what subject? Do you have any idea? Do you have any comments to make on that?
[English]
Mr. Botterell: Lorraine mentioned that one of the great frustrations we had when we were introducing the provincial legislation was that in the area of law enforcement we still have a patchwork quilt. That's because there wasn't any success in harmonizing the federal and provincial legislation as it deals with police forces.
The Chair: Is that not under the Criminal Code?
Mr. Botterell: In terms of information and privacy access, privacy and information access for municipal police forces, such as the Vancouver city police, has one set of rules, then the federal RCMP, in many cities and towns around the province, have a different set of rules. There are two different sets of rules.
To answer your question, I think it is possible, and I understand discussions are either planned or going on between the federal and provincial counterparts, to develop legislation where it's one set of rules across the private sector, whether you're incorporated federally or provincially. I don't think it's that difficult to accomplish, but it's very important to start those discussions soon, because as with everything else, it does take time to work out those arrangements. It's well worth putting the effort into it so you don't end up, as is at least a possibility, in the year 2001 with one set of privacy protections for companies that are incorporated in B.C. and another set for federally incorporated companies.
The Chair: I just want to point out about the Criminal Code and the police forces that the OECD guidelines are in place and they guide both the federal and the provincial police forces. I think we should know that. The RCMP and your provincial police all use OECD guidelines. Our coordinator tells me -
Ms Steeves: The privacy legislation, both provincially and federally, reflects a certain amount of commonality. Harmonization is always difficult, but we face that in human rights issues all the time. Look at the human rights codes across the country. That's a challenge, but in many ways we can build on that, because it allows us to draw from our diverse regional perspectives and build something stronger. Many of you have said the dialogue is what is important here. Perhaps these kinds of consultations and the necessity to harmonize the different jurisdictions will strengthen that dialogue.
Mr. Botterell: I didn't mean in any way to be critical. It's just a worthy area to put effort into. Certainly in the case of the provincial information and privacy legislation there is an information and privacy commissioner in place, David Flaherty, who has an order-making power on privacy matters that goes beyond what the OECD guidelines provide for.
Ms Steeves: Lorraine, would you like to respond to Mr. Bernier's comments?
Ms Dixon: If you take the concept of following the data...and maybe I will use the example of some of the health records protection legislation I think they're trying to introduce in Ontario, the concept being that regardless of where the data are, they are afforded the same protection.
.1530
I think you can take it out of the medical model and move it into most of your other models of personal data. It wouldn't matter if it were in a federal jurisdiction or a provincial one, the same rules should apply. As a citizen of Canada, and living in British Columbia, I should have the expectation and the right to the same protections. Models that work with that principle are being developed, the principle that you just follow the information.
Ms Joan Vanstone (National Director, Parent Finders): My name is Joan Vanstone. I'm the Canadian national director of Parent Finders, the adult adoption group, who have lobbied successfully in British Columbia for what we consider very important, a freedom right, the right of information about yourself in order to make a self-determination on an informational basis.
We are interested in the best interests of children from the time of their birth until the day they die, because of course it's a lifespan process. One of our major concerns is who owns DNA. There's the DNA of the mother, there's the DNA of the father, whether it's a natural birth process or artificial insemination or the new reproductive and genetic technologies. The United Nations Convention on the Rights of the Child clearly states that the paramount right is the right of the child to preserve his or her identity.
So we are very closely following these discussions today, and Bill C-47, because unfortunately we don't have legislation on the rights of the fetus today. We really need to get that cleaned up. Certainly once a child is born, the child must have the right to the DNA, they must have the right to it being properly recorded, and they must have the names of the donors, because the child has no choice. The donors will have a choice, if they do not wish their identity known, not to become part of the process. The child has no choice and we have to look out for the children, because in a sense they are disabled by age.
The Chair: Good. Have you presented this point of view to Bill C-47?
Ms Vanstone: Yes, we have.
The Chair: They are sitting right now on this piece of legislation.
Ms Vanstone: In fact, we're waiting for them to roll into Vancouver. We would like very much to meet with them.
The Chair: Did you put your request in with the clerk of the committee?
Ms Vanstone: Yes.
The Chair: Thank you very much.
Ms Steeves: Thank you for your comments. I think the last comment actually illustrates just how many areas are touched by this issue of privacy. As we confront all the new technologies, which seem to be proliferating at a great rate, this kind of dialogue is going to be essential to creating a proper balance.
On behalf of the committee, I would like to thank you for your participation. I think it's essential that Canadians talk about their underlying social values and their concerns when it comes to dealing with these kinds of issues. I do echo Darrell Evans's hope that this is the beginning of an ongoing dialogue where we can continue to effect a balance that is appropriate for our social values. Thank you very much for coming today.
The Chair: Thank you very much, Valerie, for the work you've done in putting this together. A very sincere word of thanks to our experts, who have enabled an even greater and enlightened discourse, and to all of you who have participated and who have helped move the discussion forward and just indicated how much broader the issues are and in how many fields.
I want to thank those of you who gave us the information on B.C. Tel and Phamis and the information on the rights of the child. It's very helpful.
We'll see you all on the web tomorrow from Calgary.
Thank you very much. The meeting is adjourned.