Canadians who are interested in the conditions under which it’s legal for private information and documents to be shared might want to take a good long look at Bill C-29.
I’ll quote a bit from the legislative summary below, but in essence one of the things this bill says is that any documents/information the police (or anything that meets the vague “policing service” definition) ask for are to be given up, without the consent of the person they are about, and without the need for a warrant.
As if I didn’t have enough of a hate on for the Harper administration already.
Here’s some of that legislative summary (anything bold is my emphasis):
2.3 Exceptions to Consent Requirements ( Clauses 6 to 8 )
[…]
Another new exception is disclosure without consent when the personal information is requested to perform policing services. It should be noted that the existing exceptional circumstances in which information can be disclosed without consent under PIPEDA upon request (and under lawful authority) already include national security, defence and international affairs; enforcement of any laws of Canada, a province or a foreign country; intelligence-gathering related to enforcement of any laws of Canada, a province or a foreign country; and administration of any laws of Canada or a province. This new exception for policing services appears to add an open-ended and undefined circumstance related to law enforcement to this list. The term policing services is not defined in either the Act or the bill (clause 6(6)).
The bill also re-defines the concept of lawful authority, which currently limits the collection, use and disclosure of personal information without consent by law enforcement authorities. The bill specifies that lawful authority is not limited to a subpoena or warrant from a court or to rules of court related to the production of records; this authority appears to be a more general authority that is left undefined. Bill C-29 also specifies that the organization disclosing the information to authorities without consent is under no legal obligation to verify that it possesses the necessary lawful authority before disclosing the information requested (clause 6(12)).
So yeah, to any (undefined) policing service, under any kind of (undefined) lawful authority, and subject to no verification of that authority. Nice.
I’ll skip some of the “corporate rights trump privacy rights” bits and move down to the scary PATRIOT bit:
In addition, organizations may be restricted from informing individuals that their personal information has been shared if cases involve subpoenas, warrants or court-ordered production of the information; if a government institution requests the information under the national security, law enforcement or policing services exemptions; if a disclosure is made under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act; or if a disclosure is made to prevent a breach of the law. If an organization wants to notify the individual that his or her personal information has been shared under these circumstances, it must first notify the relevant authority (or other organization) that sought the personal information, which is entitled to respond within 30 days with any objections. If the authority objects, the organization cannot notify the individual or disclose that the notice and objection process with the relevant authority even took place. However, the organization that shared the personal information does have to notify the Commissioner of what has occurred (clause 8).
In these cases, an organization is also prohibited from disclosing any information about what was in the subpoena, warrant or government request, and from giving the individual whose personal information is concerned access to such details (clause 8).
This particular amendment appears to create a provision similar to those in the USA PATRIOT Act that restrict the circumstances in which individuals may be informed that the government has requested or disclosed their personal information.
So, if an organization has had a government request for private info, it has to ask permission before telling the person affected, and it might not get permission, in which case it can’t even say that there’s something it can’t say. I thought this was bullshit when the Yanks did it, but Harper and his ilk seem keen on remaking every American authoritarian mistake–and they don’t even have the excuse of post-9/11 madness. I’m embarrassed and galled that organizations that support notions of privacy will have to resort to the “watch closely for removal sign” strategies.
Can’t we boot these bums out?
1 comment for “What, You Don’t Trust “Policing Services” Implicitly?”