Outgoing Privacy Commissioner Jennifer Stoddart voices support for inclusion of lawful access in latest proposed anti-online crime bill but said she has some questions around granting of new investigative powers to officers.
As Federal Privacy Commissioner Jennifer Stoddart prepares to leave her post on Monday, Prime Minister Stephen Harper has named Chantal Bernier, assistant privacy commissioner, to act as interim privacy chief.
Stoddart’s term ends December 3, but Ottawa posted the job opening only this week necessitating the appointment of an interim commissioner.
Bernier, who was assistant privacy commissioner since 2008, started her career in the federal government as a lawyer in the Department of Justice Canada. She went on to hold a directorship at the Privy Council Officer before being appointed Assistant Deputy Minister at Indian and Northern Affairs Canada, and later at Public Safety Canada.
Bernier holds a Bachelor of Civil Law from the University of Sherbrooke and a Masters in Public International Law from the London School of Economics and Political Science.
“I would like to thank Jennifer Stoddart for her years of service as the Privacy Commissioner of Canada,” said Harper in a statement yesterday. “Canadians have been well-served by her exemplary leadership in overseeing compliance with Canada’s privacy laws.”
Stoddart, however expressed disappointment that during her term, she was not able to get the government to modernize the Privacy Act.
The privacy commissioner oversees compliance with both the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act, Canada’s private sector privacy law.
Stoddart said she’s very proud that in the last 10 years the commission, which was created in 1977, has grown to include staff members that are experts in information technology and the law.
She said while people have become empowered to be “major actors” on the Internet, there are very few rules in terms of privacy protection.
Stoddart, who during her 10-year stint took on government agencies and prominent enterprise businesses such as social networking giant Facebook and search engine Google Inc., for their failure to protect individual privacy rights, its appears is not leaving without some surprises.
Despite being a vocal critic of the 2012 proposed Bill C-30 – the Protecting Children from Internet Predators Act which included lawful access powers for police authorities, Stoddart yesterday voiced support of the proposed Bill C-13 – the Protecting Canadians from Online Crime Act, which many privacy advocates have labeled as an updated incarnation Bill C-30.
Critics of C-13 which has been called the anti-cyberbullying bill, argue that it is using public furor over cyberbullying to open the door to lawful access.
Talking to reporters yesterday, Stoddart however said, she finds the new bill has addressed some of her office’s past concerns about oversight and she find no fault in the government connecting lawful access and cyberbullying.
“I think it stands to reason that in order to literally police the Internet, you need these powers,” a report on the daily the Globe and Mail quoted Stoddart as saying. “And if you want to be effective against cyberbullying, I understand you do need extraordinary powers, so it doesn’t seem to me inappropriate.”
“As for our preliminary observations on Bill C-13, we note that many troubling aspects of the former Bill C-30 have not been repeated, for example, warrantless access to personal information,” she said in a statement today.
She said the commission, however, has some questions about the following issues:
• The new investigative powers, (including preservation orders) proposed by the Bill and the thresholds for their use;
• The potentially large number of “public officers” who would be able to use these significant new powers; and
• A lack of accountability and reporting mechanisms to shed light on the use of new investigative powers.
Stoddart said her office was not consulted on the bill and “the first time we saw a copy was Wednesday, November 20th, when the legislation was tabled.”
She said the commission is currently reviewing the bill thoroughly and, in particular, is examining legal controls over any new investigative powers.
Stoddart was the first data protection authority in the world to conduct a comprehensive investigation of the privacy policies and practices of the popular social networking site, Facebook.
She also investigated with the Alberta Commissioner a massive data breach at U.S. retail giant TJX Co., which owns Winners and HomeSense stores in Canada. More recently, she found that Google Inc. contravened Canadian privacy law when it collected personal information from unsecured wireless networks for Google StreetView.
In 2011, an audit by the privacy commission also found that Staples Business Depot stores had failed to fully wipe customer data from returned devices such as laptops and USB hard drives destined for resale – even though the company had previously committed to addressing the long-standing problem.