Skip to main content
Start of content;

CHAPTER 3: THE HEART OF THE MATTER:
CORE PRIVACY PRINCIPLES

As we outlined in the first chapter, the consistency of viewpoints and degree of consensus among the townhall participants, who represented diverse interests, was quite remarkable. Indeed throughout the entire study process, as the Committee polled the public and canvassed expert witnesses on their views, we found many of the same values and principles were expressed time and time again. The repetition in the dialogue, however, was reassuring rather than tedious. It signalled to us that at the heart of privacy matters, certain principles, which are truly fundamental, are clustered. These principles constitute the core or the ethical foundation upon which we, as a society, must build the systems required to protect privacy.

This chapter presents the Committee's blueprint for this ethical foundation. We are not architects or expert draftspersons; we leave the job of finalizing the blueprint to those who are. But, based on the insightful and impassioned interventions of the witnesses, mindful of the literature we have reviewed and the theories we have tested along the way, we wanted at least to attempt to sketch the foundation - the principles upon which everything else will be built. Before we do so, however, we wish to say a few words about the context or the environment in which this design was shaped.

ADOPTING THE LANGUAGE OF HUMAN RIGHTS

From the outset of this Committee's study, as the introductory passages of this report attest, one of our main objectives has been to consider privacy issues from a human rights perspective. Why was it critical to approach this study from that perspective? Because experience has shown us that the way you ask the question will often determine the type of response you get. Thus, if we approach privacy issues from a human rights perspective, the principles and solutions we arrive at will be rights-affirming, people-based, humanitarian ones. On the other hand, if we adopt a market-based or economic approach, the solutions will reflect a different philosophy, one that puts profit margins and efficiency before people, and may not first and foremost serve the common good.

Ursula Franklin, Professor Emeritus, University of Toronto, addressed this dichotomy in September 1996, speaking at a conference of privacy commissioners from around the world:

When human rights informs the language in which the discussion among you and the general public and Parliament takes place, you speak then, rightfully about citizens and all that comes with that. On the other hand, if the emphasis is primarily on the protection of data, one does look at a market model, one does look at an economic model, and all the things you've heard about the new economy. Then it is the language of the market that informs your discourse. ( . . . ) When those who primarily locate themselves in the human rights climate speak about citizens, about the relationship between groups and power, those who are in the market language speak primarily about stakeholders. And when one speaks about rights and obligations, others speak about binding contracts.1

The Heart of Privacy Protection

Having deliberately taken a human rights approach to its study, the Committee naturally chose also to describe the core principles it identified along the way by adopting the language of human rights, that is, by using a vocabulary that speaks in terms of rights and obligations. These core principles cover the full spectrum of privacy, not simply the field of data protection. They are not solitary, free-standing principles, but are interdependent - overlapping and intertwining, like threads in a tapestry. Furthermore, they do not comprise a closed or finite list. We hope and expect that the list will evolve with time, experience and further public input.

We have tried to limit the core principles to those we found, throughout the study process, to be so fundamental, so basic that they had to be part of the ethical foundation being designed. From this base, additional or second-generation principles can be developed. The core principles are first-generation principles, intended to be a benchmark against which to assess the fairness of governments' and businesses' practices and the adequacy of legislation or other protective measures. They are very general statements of everyone's fundamental privacy rights and obligations and, as such, are designed only to serve as a foundation, nothing more. They form the heart of what we propose in the next chapter should be overarching legislation for protecting privacy rights in Canada - a sort of bill of rights for privacy or a Canadian Charter of Privacy Rights.

Our Blueprint for the Core Principles

In the remainder of this chapter, we describe the core principles in a series of statements about rights and obligations. The inspiration for these principles comes from a variety of valuable sources, but mainly the following three: the people who participated in our hearings and townhall discussions; the Australian Privacy Charter,2 which is the first statement we have seen of broad privacy principles as opposed to only data protection principles; and, last but not least, Canada's own CSA Model Code for the Protection of Personal Information, which though it only provides data protection principles is a good prototype as far as it goes. The core principles begin with (1) a list of fundamental privacy rights and guarantees, followed by (2) the justification for exceptions, (3) a list of general obligations attaching to the fundamental rights and, finally, they are rounded out with(4) specific rights associated with informational privacy and (5) obligations attaching to these specific rights. In other words, our proposed ethical framework is made up of five parts. Each part, set out below, is followed by comments and observations of the Committee.

1. Fundamental Privacy Rights and Guarantees

We listed the bundle of rights comprising privacy rights first, since everything else in this ethical foundation will build upon these basic rights. The fundamental privacy rights are intended to cover the full range of privacy expectations. In other words, they contemplate all the types of intrusive activities that people object to - from invasions of their bodies to unauthorized uses of their personal information, from secret surveillance of their conduct or performance to eavesdropping on their private telecommunications and encroachments upon their personal spaces.

Accompanying these fundamental rights are guarantees that appropriate steps will be taken to ensure these rights are respected and, if they are violated, that suitable redress will be available. However, since they are simply broad statements of principle or declarations of entitlements, they do not attempt to prescribe specific protective measures or redress mechanisms.

The next principle establishes the threshold that must be crossed to justify infringing on the fundamental privacy rights and guarantees preceding it. The standard that must be met here is similar to section 1 of the Canadian Charter of Rights and Freedoms, the ``saving provision.''

2. Justification for Exceptions

Exceptions, allowing the rights and guarantees set out above to be infringed, will only be allowed if the interference with these rights and guarantees are reasonable and can be demonstrably justified in a free and democratic society.

This exceptions principle recognises that privacy rights, like other fundamental human rights, are not absolute and sometimes they may have to be infringed in the name of some other collective benefit. At the same time, it reflects the Committee's opinion that the onus should not be placed on individuals whose rights are infringed to defend them, it should be placed on those who violate these rights to defend their actions. The only acceptable justification for infringing such a right would be concrete proof that the invasion is in the public interest or serves a greater common good; and for it to be reasonable, the benefits achieved would have to outweigh the harm created.

The outcome of implementing this principle would be, for example, to allow those who wish to install surveillance cameras on every street corner to do so only if they can demonstrate that the threats posed to private property and personal safety are so serious that installing cameras would justify monitoring people's activities there. By putting the onus on the invaders, this principle would address the power imbalance which concerned so many townhall participants who felt helpless to challenge the actions of governments or large corporations.

The Committee finds that rights do not exist in isolation, they bring with them corresponding responsibilities. Therefore, accompanying these fundamental privacy rights and guarantees is a series of general obligations or responsibilities.

3. General Obligations

As we mentioned in Chapter One, ``meaningful'' consent was consistently raised as a key issue in the townhall meetings. Many people told the Committee they were not given either an opportunity to consent to invasions of their privacy or enough information to make a well-informed decision. In light of this, the Committee believes that those who wish to infringe upon others' privacy must secure meaningful consent, a requirement which puts the onus on them to provide enough information to others to permit a choice to be made that is informed by knowledge of the consequences. We realize that it may not always be possible to secure the consent of every individual affected. In such cases, meaningful consent would have to be obtained in another appropriate way, for example by conducting some type of public consultation, hearing or poll and acting upon the wishes of the majority. We do not believe consent to privacy invasions should ever be implied - there must be a positive obligation on the infringer to seek consent in an appropriate fashion.

The duty to take all steps necessary to adequately respect others' privacy rights is the flip side of the coin guaranteeing that privacy rights will be respected. What would be considered necessary and sufficient measures would be prescribed through secondary principles, whether legislation, regulations, policies or codes of practice.

The duties to be accountable and transparent are intended to answer the public's expectation that an identifiable and independent person be made responsible for monitoring compliance with existing privacy rules. One of the most common complaints was that people did not even know when and how their privacy was being violated. Thus, many of the townhall participants wanted organizations' technologies, systems, services or activities affecting privacy to be revealed to those who are affected, not kept invisible. Implementation of the transparency principle could be as simple as posting signs in a shopping mall that tell people where in the mall they are being monitored by video cameras or providing taxpayers with a list of all government departments with whom Revenue Canada shares or cross-matches the personal information filed with their income tax forms.

The last two obligations set out above recognise that technology can have a marked impact on people's privacy, and given this reality the Committee feels it is important to require, as a matter of principle, that technology be used and designed in ways that serve rather than defeat privacy rights.

In addition to the fundamental privacy rights, set out above, our core principles would include particular rights that flow from the right to privacy of personal information.

4. Specific Rights Related to Personal Information

As we mentioned in Chapter One, a very thorny issue raised by individuals at our townhall meetings was: who owns my personal information? People did not want to feel that by giving their personal information to someone for one purpose, they forfeited control over its use for other purposes. In other words, they wanted to retain control over it at all times; therefore, they wanted to be declared to be the "owners" of their personal information. In order to make such a right enforceable, it may require special legislation - an analogy, in law, could be made to copyright, whereby the creator of an artistic work owns the right to reproduce it and others must get permission to use it or be subject to penalties under the Copyright Act. The Committee believes that the right of ownership over one's personal information must be recognised as a core privacy principle.

The right to enjoy anonymity in relation to one's personal information is an attempt to undo the considerable damage caused to privacy by the fact that personal information linked to an identifiable person has commercial value. The commercial imperative operates against anonymity, thus a rights-based approach to privacy requires that people be entitled to be treated anonymously. The anonymity principle would also ensure that identifying information would be de-identified if it were used for another purpose that did not require the information to be linked to a specific person. For example, a recent issue of Canadian Forum reported that Human Resources Development Canada (HRDC) cross-matches its records with those of Revenue Canada to track how many Canadians who return to the workforce after receiving federal assistance continue to support themselves over the long-term.3 This data matching is done to reveal whether HRDC's assistance programs are saving the government money in the long run. The author does not indicate whether personal information is de-identified in the data matching process. It is our view that if the true purpose of this type of data matching exercise were to gauge the success of programs, rather than draw up profiles of suspected "chronic abusers" of the system, then it should not be necessary to identify, by name, that "John Smith" stayed off pogey for only one year.

Last but not least, the core principles set out the obligations specifically associated with informational privacy. These are the responsibilities that go hand in hand with this particular privacy right.

5. Specific Obligations Related to Informational Privacy

With the exception of the first and last duties in this list, all the duties we have stated here are principles now recognised in modern data protection codes like Canada's own CSA Model Code. The first duty in this list recognises that sensitive, personal information, such as medical, genetic or financial records, requires the greatest care when it is handled by others. This principle would require those who collect and handle such information - such as hospitals, doctors, insurance companies, and banks - to be held to a higher standard of care than those who are custodians of personal information that is not considered sensitive. As so many people reminded us, once sensitive personal information falls into the wrong hands - whether by accident or design - it cannot be recovered. Thus, it is imperative to ensure it is not mishandled in the first place. We feel sensitive information would be better protected if it were held in trust, with all the corresponding duties of ``trusteeship'' applying.

The last duty listed here would require companies, governments or others to not punish people for choosing to exercise their privacy rights. We learned over the course of our hearings that some companies and agencies have threatened to provide an inferior service, cut off a service or charged more for a service when a client has tried to assert his or her privacy rights. The Committee and Canadians find this type of pressure or blackmail to be offensive. We believe this principle would have precluded telephone companies from ever charging customers for blocking their caller-ID - a reprieve they finally earned only after launching consumer protests and appeals to the Canadian Radio-Television and Telecommunications Commission.4 Perhaps, also, it would discourage utilities, if they fell under federal jurisdiction, from demanding that customers hand over their social insurance numbers or risk having their services cut off.5

Beyond the Blueprint

Bruce Phillips, the Privacy Commissioner of Canada, has repeatedly called for an ethical framework to be charted, setting out the principles that are essential to ensuring privacy is fostered and respected as a human right in our society.6 We agree that such an ethical base is needed and have responded, as a Committee, with our blueprint of the core principles. We believe these core pinciples reflect the heart or crux of the values system that shapes Canadians' expectations of privacy.

We note, however, that the Privacy Commissioner's protection wish-list includes more than simply defining core values. He has also called for framework legislation, privacy impact analyses of existing legislation, a system for assessing the impact of technologies on society, more public education, access to and use of privacy enhancing technologies, and so on.7 We agree with him that a set of core privacy principles or an ethical framework is only one piece of the comprehensive strategy that is needed to properly safeguard privacy rights. Thus, even though it is our view that these core principles are the linchpin of such a strategy, we also know that the job of properly safegarding people's privacy only begins here.

The Committee's motivation in compiling such a comprehensive statement of core privacy principles was to get the ball rolling as quickly as possible, in the right direction - the human rights direction. One of the most common refrains we heard across the country was, "We need a strong legislative framework - basic rules of the road and effective compliance measures - and we need it now." Next, we will map out our vision for a comprehensive privacy protection strategy that starts with an overarching privacy rights framework - a Canadian Charter of Privacy Rights - entrenching the core principes identified here. It then builds from there by devising a number of associated privacy protection measures that accord with the Privacy Charter.

1
Ursula Franklin, Stormy Weather: Conflicting Forces in the Information Society, Closing Address at the 18th International Privacy and Data Protection Conference, Ottawa, 19 September 1996 (emphasis added).

2
The Australian Privacy Charter was developed with the encouragement of Justice Michael Kirby, President of the New South Wales Court of Appeal. It contains many elements common to data protection codes, but has greater breadth and puts more emphasis on rights and freedoms. For further information, see Chris Connolly, Smart Cards: Big Brother's Little Helpers, No. 66, The Privacy Committee of New South Wales, Sydney, August 1995.

3
Paul Weinberg, "Terminal Case", The Canadian Forum, April 1997, p. 17.

4
Evidence, 30:14-15.

5
30:17-18.

6
24:25.

7
"Notes for an Address by Bruce Phillips, Privacy Commissioner of Canada, to the Standing Committee on Human Rights and the Status of Persons with Disabilities," 21 November 1996, p. 10-11.

;