In the months since the Standing Committee on Access to Information, Privacy and Ethics undertook a study of “on-device investigative tools” used by the Royal Canadian Mounted Police, the use of spyware by police and governments has garnered significant interest internationally.
The report that details the Committee’s observations relating to the RCMP’s use of on‑device investigative tools (ODITs) in particular, and the use and implications of spyware and digital surveillance tools in general, reveals many important concerns related to privacy, transparency, and accountability.
The Committee’s conclusions reflect many of the issues raised in the testimony provided by Sharon Polsky MAPP, President of the Privacy & Access Council of Canada, and the accompanying written submission and recommendations, and are applicable to more than ODITs.
The Committee’s recommendations, if implemented, will provide much-needed protections for individuals’ privacy, and include:
- Amending the Privacy Act and the Personal Information Protection and Electronic Documents Act to indicate that privacy is a fundamental right.
- Amending the Privacy Act to require government institutions conduct Privacy Impact Assessments (PIAs) before using high-risk technological tools to collect personal information and to submit them to the Office of the Privacy Commissioner of Canada for assessment;
- Requiring that federal institutions incorporate Privacy by Design when developing and using new technologies;
- Modernizing the legislative framework, including the Criminal Code of Canada, to address the use ofsurveillance technologies in Canada.
- Granting the Privacy Commissioner of Canada the power to make recommendations and issue orders in both the public and private sectors when it finds violations of the laws for which it is responsible.
- Amending the Privacy Act to include the concept of privacy by design and an obligation for federal institutions subject to the Act to meet this standard when developing and using new technologies.
- Amending the Privacy Act to include explicit transparency requirements for government institutions, except where confidentiality is necessary to protect the methods used by law enforcement authorities and ensure the integrity of their investigations.
The Committee also recommended the creation of a list of banned spyware vendors and establishing clear rules on export controls over surveillance technologies, which is a valuable step toward making the creation, sale, distribution, and investment in spyware unlawful.
The Committee’s recommendations provide important guidance for amending and modernizing privacy legislation to better protect Canadians from the use and harmful impacts of spyware and other advanced technologies. The recommendations also support innovation and economic growth in a manner likely to engender the public’s trust in technology, federal institutions, and the public sector.
