Happy Data Privacy/Protection Day!

| January 28, 2013

Data Privacy Day and its European counterpart, Data Protection Day, commemorates the signing of the world's first international treaty on data protection -- the Council of Europe's Convention 108. Data protection is rapidly becoming an international norm, as recent developments have brought the number of countries with data protection legislation to 89, globally. Additionally, 2012 saw an unprecedented commitment by lawmakers in one of the largest data markets -- the United States, a long-time adherence of a sectoral approach to privacy protection -- committing to the enactment of data protection laws. Our courts have similarly advanced the cause of privacy with landmark decisions that recognized the right to anonymity in judicial proceedings, a constitutional right to individual notification when police intercept communications in an emergency, and the right to privacy in our work computers. In addition, our Federal Privacy Commissioner released a sweeping (but yet to be enforced) Finding on the privacy practices of a youth-based social networking site, Nexopia. Finally, advances in transparency have helped us better understand how our information is being accessed by the government, as more organizations began publishing statistics on government access, and Google, who pioneered the transparency reporting model, has increased the scope of their own reports so that the public can better assess the nature of government requests.

At the same time, Canadian privacy faces ever-greater pressures as the increasing value and availability of such data pushes a range of entities to harvest this data. In addition: Our government is seeking broad-ranging powers that will permit them to identify anonymous online expression without any due process and adopt a framework that will effectively turn Internet intermediaries into investigative tools. Additionally, the past year witnessed efforts to modernize foundational privacy instruments such as Convention 108 and the OECD Privacy Guidelines. Once viewed as an international leader in thoughtful and balanced data protection, our federal privacy statute, PIPEDA, is now rapidly falling out of date and the Government has chosen to ignore its mandatory 5 year statutory review (due 2011!). The Privacy Act -- which regulates the privacy practices of our federal government -- has faired even worse as the Government has ignored consistent calls to overhaul the ageing statute. Even a set of 'quick fixes' which our Federal Privacy Commissioner and the relevant House Standing Committee (ETHI) deemed a bare minimum necessity to bring the Act into the 21st century have been summarily rejected by the Government. Also on the horizon, legislation seeks to erode core privacy protections that protect Canadians from companies who seek to hand over their data to plaintiffs and copyright trolls alike, while enacting toothless breach notification obligations that will do little to ensure we are notified when our data has been lost.