Canada and the U.S. have released the long-awaited privacy principles that will govern information sharing between the two countries, pursuant to the Canada-U.S. Security Perimeter agreement.
Entitled the “Statement of Privacy Principles by the United States and Canada” (“Canada-U.S. Statement”), the principles do incorporate some but not all of the safeguards CCLA has raised. We are pleased to see that the government did include principles outlined in CCLA’s submissions, but remain concerned about omissions in the statement.
Six months ago, CCLA released its own “12 Core Legal Principles” to apply to privacy, which we drafted with the ACLU and Privacy International (UK) – and we note that points CCLA recommended such as purpose specification, necessity, proportionality, redress, equality and non-discrimination, individual access and rectification, transparence and redress , and compliance with international legal standards, are included in the Statement.
However, CCLA had suggested that protection for Canadians required that Canadian law apply to the treatment of Canadians, and their personal information, and that the highest standard of privacy protection be afforded to both Canadians and Americans. This requirement has been omitted and the general reference to to compliance with “domestic laws” may permit the lowest standard between the two countries to prevail.
CCLA is also concerned about the treatment of Canadians under American law that does not always provide similar treatment for non-citizens. In addition, the Canada-U.S. statement also envisions information sharing with third countries. CCLA has long understood the need for North American and overseas information sharing, but we have argued it must be done in compliance with the safeguards contained in the Canadian Charter of Rights and Freedoms and the highest international legal standards. However, the Canada-U.S. Statement allows the U.S. to share information received from Canada, with foreign countries, according to U.S. domestic standards – CCLA remains concerned that these standards may fall short of the safeguards contained in our Charter, in particular that they may be shared with countries that practice torture.
The Statement also permits limited access to personal information in compliance with existing domestic law – CCLA has argued for due process protections that would allow an individual who is adversely affected to access and challenge the evidence against them. This is not included in the Statement.
CCLA has also argued that any surveillance must be lawful, must be individually targeted, based upon individualized suspicion of wrongdoing, and subject to judicial oversight; and any information ‘dossiers’ collected must not be based on an individual’s exercise of their rights to freedom of expression or religion. This point is not addressed in the Canada-U.S. Statement.
CCLA also argued that steps must be taken to ensure that domestic law enforcement can never use foreign law enforcement to circumvent legal safeguards that apply to the domestic agency. A law enforcement agency must not carry out surveillance on one country’s citizens on behalf of another country’s law enforcement agencies in circumstances where those agencies are prohibited from carrying out such surveillance on their own. This point is not addressed in the Canada-U.S.Statement, but will require clarification.
Finally, we note the Canada-U.S.Statement also specifies that it is not intended to create any new rights under domestic laws and is not a treaty – in other words, it does not create any legally enforceable rights. The implications are therefore unclear as to its impact, if the provisions of the Statement are not fully complied with.
For information on principles put forward by Canadian civil liberties groups, entitled “Statement of Principles on the Canada-US Perimeter Security and Economic Competitiveness Agreement” please click here http://ccla.org/canada-u-s-security-perimeter/.
CCLA will continue to analyze the Canada-U.S. Statement and we will keep you posted.