Privacy law expert David Fraser explains how Canadian laws allow U.S. boarder inspectors access to your sensitive health information.
Amanda Box and her boyfriend were looking forward to a relaxing weekend in his home in Colorado, instead they ended up shocked and humiliated at the U.S. Customs counter in Toronto’ Pearson International Airport.
The U.S. Customs agent at the counter denied Box entry to the states on the grounds that she was a “flight risks” because her computer records showed an entry for “mental health issues.”
Canadian privacy regulators are looking into the incident as well as the case of another Canadian woman denied entry into the U.S. also because of mental illness,, However, David Fraser, a privacy law expert and partner at the McInnes Cooper law firm in Atlantic Canada, said part of the problem may lie in the “incredibly wide latitude” that Canadian law enforcement agencies have in sharing sensitive personal information of Canadians with foreign authorities.
“The Privacy Commissioner of Canada pointed out this problem a decade ago, but it fell on deaf ears,” he wrote in his recent blog.
Canada’s privacy law is “essentially a carte blanche for government institutions to disclose your information without a warrant,” Fraser said.
He noted that Canada’s Privacy Act “explicitly authorizes police to hand over your information over to foreign cops in a range of circumstances.”
The Act states:
8. (1) Personal information under the control of a government institution shall not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with this section.
personal information may be disclosed
(2) Subject to any other Act of Parliament, personal information under the control of a government institution may be disclosed …
(f) under an agreement or arrangement between the Government of Canada or an institution thereof and … the government of a foreign state, an international organization of states or an international organization established by the governments of states, or any institution of any such government or organization, for the purpose of administering or enforcing any law or carrying out a lawful investigation;
He said this “could include administering a foreign law, which does not have to be consistent with the Canadian Charter of Rights and Freedoms.”
Ontario’s Freedom of Information and Protection of Privacy Act states that institutions shall not disclose information in its custody or under its control unless:
- Disclosure is made to a law enforcement agency in a foreign country under an agreement, a written agreement of treaty or legislative authority; or
- To another law enforcement agency in Canada; or
- Disclosure is to an institution or a law enforcement agency in Canada to aid an investigation undertaken in view to a law enforcement proceeding or from which a law enforcement proceeding is likely to result;
In 2008, then Privacy Commissioner of Canada Jennifer Stoddart, wrote in a report that for the Privacy Act does not reflect growing international information sharing among the Canadian government and other jurisdictions.
“The Privacy Act does not impose any duty on the disclosing institution to identify the precise purpose for which the data will be disclosed and limit its subsequent use by the foreign government to that purpose, limit the amount of personal information disclosed and restrict further disclosure to third parties,” Stoddart wrote. “Moreover, the Privacy Act even fails to impose any basic obligations on the Canadian government institution itself to adequately safeguard personal information.”