Part I: Background (continued)
The possibility of merging the Information and Privacy Commissioners'
offices was in some sense contemplated from the time Parliament first
adopted the Access to Information Act and the Privacy
Act. Section 55 of the latter statute provides that the "[t]he
Governor in Council may appoint as Privacy Commissioner . . . the Information
Commissioner appointed under the Access to Information Act."
This
power, however, has never been invoked. There have always been two
separate commissioners, and the two offices have always operated independently
of one another, though for the period between 1983 and 2002, the two
officers shared corporate management personnel (i.e. finance,
human resources, information technology, and general administration).[48]
In 1985 and 1986, the idea of merging the two offices was considered
by the parliamentary committee responsible for the three year statutory
review of the two Acts.[49] The
committee recommended that the offices be kept separate in order to
avoid any real or perceived conflict of interest in the discharge of
the commissioners' mandates.[50] In
the 1992 budget, the Government announced an intention to merge the
two offices as part of an effort to streamline government and "encourage
a balancing of interests between the two objectives of privacy and
access to information."
[51] The
Government planned to use section 55 of the Privacy Act to
appoint the Information Commissioner as Privacy Commissioner. Information
Commissioner John Grace spoke in favour of the proposal. The proposal
was criticized, however, by a number of parties (including Privacy
Commissioner Bruce Phillips, privacy advocates, and the Canadian Bar
Association), and it was not implemented. In the mid-1990's, the Government
considered the idea of merging the Information and Privacy Commissioners'
offices with the Canadian Human Rights Commission. This proposal too
was ultimately rejected. The Government returned to the idea of merging
the Information and Privacy Commissioners' offices in 1998, but again
no action was taken. In 2001, an ad hoc parliamentary access to information
committee recommended the merger of the two offices,[52] but
the government did not respond publicly to the proposal. Lastly, in
October 2003, Information Commissioner John Reid authored a position
paper advocating the merger of the two offices.[53] The
Government, however, did not move forward on this proposal.
The various proposals to merge the offices of the Information and
Privacy Commissioners have undoubtedly been influenced by the adoption
in the provinces and territories of a model combining the functions
of an information and privacy commissioner in a single office. In every
province and territory, access and privacy issues are handled by one
office. There are important differences, however, in the ways these
offices function. There are three basic models. In the first, which
has been adopted by Quebec,[54] Ontario,
British Columbia, Alberta, and Prince Edward Island,[55] there
is a single commission[56] exclusively
dedicated to the oversight of the public sector access and privacy
regimes. In Quebec, British Columbia, and Alberta, the commission also
supervises the application of private sector privacy legislation.[57] In
all five provinces, the commission is empowered to make binding orders
mandating compliance with the legislation, subject only to limited
rights of judicial review. This power differs markedly from the federal
commissioners' recommendatory role.
Like the first, the second model includes an office exclusively devoted
to both privacy and access. Unlike the first model, however, commissioners[58] in
the second model have no order-making power and can only make recommendations
as to remedial measures.[59] This
model is used in Saskatchewan, Nova Scotia, Newfoundland and Labrador,
the Northwest Territories, and Nunavut. As in the federal scheme, appeals
of governmental decisions can be made to the courts.
In the third model, adopted by Manitoba, New Brunswick, and the Yukon
Territory, the ombudsman is charged with overseeing access and privacy
legislation.[60] Consistent
with the conventional ombudsman role, in these jurisdictions the ombudsman
is limited to making recommendations; the power to issue binding orders
is reserved for the courts.
Internationally, the picture is somewhat different. In most nations
with analogous[61] privacy
and access legislation, oversight responsibility is assigned to separate
agencies. This is the case, for example, in Australia,[62] New
Zealand,[63] France,[64] Ireland,[65] and
Sweden.[66] The
United Kingdom[67] and
Germany,[68] however,
have recently established unified offices responsible for supervising
both privacy and access legislation.
- [48] The
two offices continue to share mail-sorting and library facilities
and, occasionally, conference rooms.
- [49] See Access
to Information Act, s. 75(2); Privacy Act, s. 75(2).
- [50] See
House of Commons, Standing Committee on Justice and Solicitor General, Open
and Shut: Enhancing the Right to Know and the Right to Privacy: Report
of the Standing Committee on Justice and Solicitor General on the
Review of the Access to Information Act and the Privacy Act (Ottawa:
Queen's Printer for Canada, 1987) at 37-38 (
"Standing Committee Report"
).
- [51] See
Information Commissioner of Canada,
"Position Paper: Oversight Models
under the Federal Access and Privacy Acts: Single Commissioner vs.
Dual-Commissioners"
(24 October 2003) (quoting the 1992 budget announcement),
available at http://www.infocom.gc.ca/speeches/speechview-e.asp?intspeechId=90.
- [52] See
MP's Committee on Access to Information,
"Final Report".
- [53] See
Information Commissioner of Canada, supra note 51. As discussed
below, Commissioner Reid has since repudiated this position.
- [54] Quebec
was the first province to adopt this model, in 1982. See generally
Paul-André Comeau and Maurice Couture,
"Accèss à l'information
et renseignements personnels: le précédent québécois"
(2003),
46 Canadian Public Administration 364 at 365.
- [55] See Act
respecting Access to documents held by public bodies and the protection
of personal information, R.S.Q., c. A-2.1; Freedom of
Information and Protection of Privacy Act, R.S.O. 1990, c.
F.31; Municipal Freedom of Information and Protection of Privacy
Act, R.S.O. 1990, c. M.56; Personal Health Information
Protection Act, 2004, S.O. 2004, c. 3, Schedule A; Freedom
of Information and Protection of Privacy Act, R.S.B.C. 1996,
c. 165; Freedom of Information and Protection of Privacy Act,
S.A. 1994, c. F-18.5; Freedom of Information and Protection
of Privacy Act (No. 2), R.S.P.E.I. 1988, c. F-15.01.
- [56] Note,
however, that in Quebec there is not a single commissioner, but rather
a five person tribunal (the Commission
d'accès à l'information du Québec). As
a consequence of this as well as other features of its legislation,
the complaints resolution process in Quebec is more formalized and
legalistic than in Ontario, British Columbia, Alberta, and Prince
Edward Island. Note also that in Ontario there is a statutory requirement
to appoint at least one Assistant Commissioner (s. 4(4)). There are
currently two Assistant Commissioners in Ontario: one responsible
for access to information and one for privacy.
- [57] See Act
respecting the protection of personal information in the private
sector, R.S.Q., c. P-39.1; Personal Information Protection
Act, S.B.C. 2003, c. 63; Personal Information Protection
Act, S.A. 2003, c. P-6.5.
- [58] In
Nova Scotia the term
"Review Officer"
is used instead of "Commissioner."
- [59] See Freedom
of Information and Protection of Privacy Act, S.S. 1990-91,
c. F-22.01; The Local Authority Freedom of Information and
Protection of Privacy Act, S.S. 1990-91, c. L-27.1; Freedom
of Information and Protection of Privacy Act, S.N.S. 1993,
c. 5; Access to Information and Protection of Privacy Act,
S.N.L. 2002, c. A-1.1; Access to Information and Protection
of Privacy Act, S.N.W.T. 1994, c. 20; Access to Information
and Protection of Privacy Act (Nunavut), S.N.W.T. 1994, c.
20. Note that the privacy provisions of the Newfoundland and Labrador
statute have yet to be proclaimed in force. Note also that Nunavut
inherited the Northwest Territories statute, which continues in
force in Nunavut as amended by s. 76.05 of the Nunavut Act,
S.N.W.T. 1998, c. 34.
- [60] See The
Freedom of Information and Protection of Privacy Act, C.C.S.M.,
c. F175; Protection of Personal Information Act, S.N.B.
1998, c. P-19.1; Right to Information Act, S.N.B. 1998,
c. R-10.3; Access to Information and Protection of Privacy
Act, S.Y.T. 1995, c. 1.
- [61] The legislative
scheme in the United States is not analogous to Canada's. The United
States has no equivalent federal privacy legislation, and the Freedom
of Information Act, 5 U.S.C. § 552, as am. Public Law No.
104-231, 110 Stat. 3048 (1996), does not provide for any kind of
independent agency oversight. Remedies for violations of the statute,
however, may be pursued in the federal courts.
- [62] The Freedom
of Information Act 1982, no. 3 (1982), is overseen by the
Attorney-General's Department, and the Privacy Act 1988,
no. 119 (1988), is overseen by the Office of the Privacy Commissioner.
- [63] The Official
Information Act 1982 (N.Z.), 1982/156, is overseen by the
Office of the Ombudsmen, and the Privacy Act 1993 (N.Z.),
1993/28, is overseen by the Office of the Privacy Commissioner.
- [64] Loi
n ° 2000-321
du 12 avril 2000 , amending Loi
n ° 78-753
du 17 juillet 1978 portant diverses mesures d'amélioration
des relations entre l'administration et le public et diverses
dispositions d'ordre administratif, social et fiscal , J.O.,
18 July 1978, 2851, which addresses access to information, is
overseen by the Commission d'Accès aux Documents Administratifs. Loi
n ° 2004-801 du 6 août 2004 ,
amending Loi n° 78-17 du 6 janvier
1978 relative à l'informatique, aux fichiers et aux libertés,
J.O., 7 January 1978, 227, which deals with data protection,
is overseen by the Commission Nationale de l'Informatique et
des Libertés.
- [65] The Freedom
of Information Act 1997, no. 13 (1997) (am. by Freedom
of Information (Amendment) Act 2003, no. 9 (2003)), addresses
access issues, and is overseen by the Information Commissioner,
while the Data Protection Act 1988, no. 25 (1988) (am.
by Data Protection (Amendment) Act 2003, no. 6 (2003)),
deals with privacy and is overseen by the Data Protection Commissioner.
- [66] Sweden
has had a freedom of information Act since 1766 (it is one of the
four
"fundamental laws"
that form its constitution), and the principle
of public access is the general responsibility of the Ministry of
Justice, although the Ombudsman also plays a role in procedural matters.
Sweden's Personal Data Protection Act (Personuppgiftslagen
(PUL)), SFS 1998:204, is overseen by a special body, the Swedish
Data Inspection Board.
- [67] The
Information Commissioner is responsible for administering both the Freedom
of Information Act 2000 ( U.K.), 2000, c. 36, and the Data
Protection Act 1998 ( U.K.), 1998, c. 29.
- [68] In
Germany, the Federal Data Protection Act (Bundesdatenschutzgesetz
(BDSG)), BGB1. I 2003, p. 66, deals with privacy issues, while
the Federal Freedom of Information Act (Informationsfreiheitsgesetz (IFG))
addresses access to information. The latter was passed only in the
summer of 2005, and will come into effect on January 1, 2006. The
BDSG is overseen by the Federal Data Protection Commissioner. Although
the IFG makes reference to the Federal Commissioner for Freedom of
Information, s. 12(2) specifies that the Commissioner's duties to
be performed by the Federal Commissioner for Data Protection. In
other words, the offices are unified. See Federal Data Protection
Commissioner,
"Press Release: The Freedom of Information Act was
passed, the Federal Data Protection Commissioner becomes Commissioner
for the Freedom of Information"
(3 June, 2005).
