THE OFFICES OF THE INFORMATION AND PRIVACY COMMISSIONERS: THE MERGER AND RELATED ISSUES
- The History and Purposes of Federal Access to Information and Privacy Legislation
- The Functions of the Federal Information and Privacy Commissioners
Part I: Background
In this Part of the Report, I set out the background information necessary for an analysis of the questions raised in the Terms of Reference. I review the history and purposes of the relevant legislation, detail the functions of the federal Information and Privacy Commissioners, relate the history of previous merger proposals, and describe the access to information and privacy regimes in the provinces, territories, and selected international jurisdictions.
From their beginnings to the post-World War II period, governments at both the federal and provincial levels functioned without any general law permitting access to information in their possession or restricting the collection, use, and disclosure of matters contained in such information that could affect the privacy of individuals. With the vast expansion in government and the consequent growth of the amount of information it collected, it came to be perceived both that access to such information was required to ensure democratic and accountable government, and that information collected by government about individuals should be treated as confidential. By the late 1960's, some of the provinces had already taken steps in that direction. The federal government began to engage in studies on both fronts in the early 1970's, but it was not until the early 1980's that comprehensive legislation addressing both issues was introduced. The Bill, which contained both the present Access to Information Act and the Privacy Act, came into force on July 1, 1983. The Access to Information Act gives individuals a right of access to government information. The Privacy Act permits them to gain access to information about themselves held in government data banks, and limits government's ability to collect, use, and disclose such information.
The rights protected by both Acts are of the highest importance in the functioning of a modern democratic state. The right of access promotes accountability by government to the public and enables the latter to participate more meaningfully in the political process. It also serves the function of providing access to the extensive storehouse of information about our society in the possession of government. The recent Report of the Access to Information Review Task Force says it well:
The rationale for access to information legislation was recognized in the Government's 1977 Green Paper on public access to government documents which concluded that:
- effective accountability - the public's judgment of choices taken by government - depends on knowing the information and options available to the decision-makers;
- government documents often contain information vital to the effective participation of citizens and organizations in government decision-making; and
- government has become the single most important storehouse of information about our society, information that is developed at public expense so should be publicly available wherever possible.
So important is the right to government information that some have
come to refer to it as
"quasi-constitutional" in nature. This
properly underlines the importance of the right. However, Parliament
has made it clear that the right of access must cede to other interests
in certain circumstances. As discussed in more detail below, the protection
of the privacy of personal information constitutes one of the most
important exceptions to the right of access.
The courts have also described the Privacy Act as carrying
"quasi-constitutional mission." In
a number of respects, however, privacy has also been recognized internationally
as a human right and in Canada as a constitutional right. The Universal
Declaration of Human Rights refers to privacy in the following
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
In Canada, privacy is a constitutional right both by virtue of the
interest" in section 7 and the prohibition against unreasonable search
and seizure set forth in section 8 of the Canadian Charter of Rights
and Freedoms. As
early as 1984, the Supreme Court of Canada in Hunter v. Southam declared
that the individual under section 8 has a constitutional right to a
reasonable expectation of privacy.
A few years later, in R. v. Dyment, the Court described privacy as an essential component of individual freedom. It thus put the matter:
Grounded in man's physical and moral autonomy, privacy is essential for the well-being of the individual. For this reason alone, it is worthy of constitutional protection, but it also has profound significance for the public order. The restraints imposed on government to pry into the lives of the citizen go to the essence of a democratic state.
The Court in the latter case went on to explain that there are several aspects or zones of privacy, notably those relating to one's person, those having a spatial aspect (e.g. security of the home), and those relating to information, the aspect with which we are concerned here. No one, of course, denies that modern governments have valid reasons to collect information about individuals for a wide variety of matters in the public interest. The Supreme Court has made it clear, however, that such information is in a fundamental way that of the individual and must remain confidential and restricted to the purposes for which it was divulged. It thus put the matter in Dyment:
Finally, there is privacy in relation to information. This too is based on the notion of the dignity and integrity of the individual. As the Task Force put it (p. 13): "This notion of privacy derives from the assumption that all information about a person is in a fundamental way his own, for him to communicate or retain for himself as he sees fit." In modern society, especially, retention of information about oneself is extremely important. We may, for one reason or another, wish or be compelled to reveal such information, but situations abound where the reasonable expectations of the individual that the information shall remain confidential to the persons to whom, and restricted to the purposes for which it is divulged, must be protected. Governments at all levels have in recent years recognized this and have devised rules and regulations to restrict the uses of information collected by them to those for which it was obtained; see, for example, the Privacy Act, S.C. 1980-81-82-83, c. 111.
With this broad context in mind, we can turn to the question of how the rights set out in the Access to Information Act and the Privacy Act interact with one another. As stated, privacy is an exception to the right of access under the Access to Information Act. As the Supreme Court concluded in Dagg v. Canada (Minister of Finance):
Both statutes regulate the disclosure of personal information to third parties. Section 4(1) of the Access to Information Act states that the right to government information is"[s]ubject to this Act". Section 19(1) of the Act prohibits the disclosure of a record that contains personal information"as defined in section 3 of the Privacy Act".Section 8 of the Privacy Act contains a parallel prohibition, forbidding the non-consensual release of personal information except in certain specified circumstances. Personal information is thus specifically exempted from the general rule of disclosure. Both statutes recognize that, in so far as it is encompassed by the definition of"personal information"in s. 3 of the Privacy Act, privacy is paramount over access.
This interpretive framework was reiterated by the Court in Canada (Information Commissioner) v. Canada (Commissioner of the Royal Canadian Mounted Police) as follows:
Further, I note that s. 4(1) of the Access Act states that the right to government information is"[s]ubject to this Act". Section 19(1) of the Access Act expressly prohibits the disclosure of a record that contains personal information"as defined in section 3 of the Privacy Act". Thus, s. 19(1) excludes"personal information", as defined in the Privacy Act, from the general access rule. The Access Act and the Privacy Act are a seamless code with complementary provisions that can and should be interpreted harmoniously.
Most recently, the scope of privacy protection in Canada has been
substantially enlarged by the passage of the Personal Information
Protection and Electronic Documents Act (
on by legislative developments in the European Union and
the province of Quebec, as
well as the work of the Canadian Standards Association, Parliament
enacted PIPEDA in 2000 to protect personal information collected, used
or disclosed by private sector entities. PIPEDA
sets out a list of principles, sometimes referred to as
practices," that organizations subject to the Act must adhere to, subject
to certain exceptions. Generally
speaking, those organizations must obtain the consent of individuals
from whom they have collected personal information, and must limit
their use of that information to the purposes for which consent was
given. As advances in information technology cause more and more personal
information to be collected and shared by private organizations, PIPEDA
and its provincial counterparts will become increasingly important
tools in safeguarding Canadians' personal information against misuse
by profit-motivated organizations and ensuring that those organizations
are able to compete in the marketplace on a level playing field.
The offices of the Information Commissioner and Privacy Commissioner
were created in 1983 with the passage of the Access to InformationAct and
the Privacy Act, respectively. As the Supreme Court of Canada
observed in Lavigne, the mandates of the commissioners are
many significant respects . . . in the nature of an ombudsman's role." The
Court described the nature of that role as follows:
An ombudsman is not counsel for the complainant. His or her duty is to examine both sides of the dispute, assess the harm that has been done and recommend ways of remedying it. The ombudsman's preferred methods are discussion and settlement by mutual agreement. As Dickson J. wrote in British Columbia Development Corp. v. Friedmann,  2 S.C.R. 447, the office of ombudsman and the grievance resolution procedure, which are neither legal nor political in a strict sense, are of Swedish origin, circa 1809. He described their genesis (at pp. 458-59):
As originally conceived, the Swedish Ombudsman was to be the Parliament's overseer of the administration, but over time the character of the institution gradually changed. Eventually, the Ombudsman's main function came to be the investigation of complaints of maladministration on behalf of aggrieved citizens and the recommendation of corrective action to the governmental official or department involved.
The institution of Ombudsman has grown since its creation. It has been adopted in many jurisdictions around the world in response to what R. Gregory and P. Hutchesson in The Parliamentary Ombudsman (1975) refer to, at p. 15, as"one of the dilemmas of our times"namely, that"(i)n the modern state . . . democratic action is possible only through the instrumentality of bureaucratic organization; yet bureaucratic power - if it is not properly controlled - is itself destructive of democracy and its values."
The factors which have led to the rise of the institution of Ombudsman are well-known. Within the last generation or two the size and complexity of government has increased immeasurably, in both qualitative and quantitative terms. Since the emergence of the modern welfare state the intrusion of government into the lives and livelihood of individuals has increased exponentially. Government now provides services and benefits, intervenes actively in the marketplace, and engages in proprietary functions that fifty years ago would have been unthinkable.
Appropriately, the offices of the Information and Privacy Commissioners are designed to be independent of the administrative branch of government. Each commissioner is appointed by the Governor in Council (Cabinet), with approval by resolution of the Senate and House of Commons. They are appointed on good behaviour for seven years and may be removed by the Governor in Council on address of the Senate and House of Commons. They receive the same salaries as judges of the Federal Court, and they report on their activities to Parliament, not to the Government.
In keeping with the ombudsman function, the primary duty of both the Information and Privacy Commissioners is to independently and impartially investigate and make recommendations with respect to complaints from persons alleging that a government institution has breached their rights under the Access to Information Act or Privacy Act. Both commissioners have robust investigative powers, including the rights to summon and enforce the appearance of witnesses, compel witnesses to give evidence or produce documents, and enter premises of government institutions and inspect records found there. Both also have the authority to access any document (except Cabinet confidences) under the control of a government institution, including documents that would otherwise be protected by a legal privilege. After completing the investigation, the Commissioner must report his or her findings to the head of the government institution in question. If the Commissioner finds that the complaint is well-founded, the Commissioner may recommend that the government institution take corrective action. Neither Commissioner has the power to order the release of information or compel the institution to do anything or refrain from doing anything with respect to the information. If the government institution does not follow the Commissioner's recommendation to disclose information, either the complainant or the Commissioner (with the consent of the complainant) may apply to the Federal Court for a review of the institution's decision. The Court has the power to order the disclosure of the information.
The Information and Privacy Commissioners also have a number of other important functions. The Privacy Commissioner, for instance, is empowered to audit government institutions to ensure that they are complying with their obligations under the Act, recommend changes to effect compliance, and report failures to comply to the institution and Parliament. The Privacy Commissioner may also assess whether a government institution's decision to designate a data bank as exempt from disclosure was correct, and ask the Federal Court to rule on the question if the government institution fails to accept the Commissioner's determination that it was not. Both commissioners must also submit annual reports to Parliament and may in addition submit special reports with respect to urgent matters.
In recent years, the Privacy Commissioner has also taken on another
substantial set of responsibilities. With the enactment of Part I of
PIPEDA, the Privacy Commissioner has become responsible for overseeing
the application of privacy norms across a broad swath of the private
sector. As is the case under the Privacy Act, the Privacy
Commissioner's chief role under PIPEDA is to attempt to resolve complaints
that organizations have violated their obligations with respect to
the collection, use, or disclosure of personal information. Like the Privacy
Act, PIPEDA gives the Commissioner strong investigative powers,
but it reserves decision making authority for the Federal Court, which
has remedial powers similar to those provided by the Access to
Information Act and the Privacy Act. The
Commissioner is given only the power to make recommendations. PIPEDA
also authorizes the Privacy Commissioner to initiate investigations and
audit organizations' personal information management practices. Unlike
the Access to Information Act and Privacy Act, PIPEDA
also expressly obliges the Commissioner to promote the purposes of
the Act by, among other things, conducting public educational programs,
undertaking and publishing research, and encouraging organizations
to develop compliance policies. And
in keeping with the constitutional reality of shared jurisdiction over
privacy protection, PIPEDA also empowers the Privacy Commissioner to
consult with provincial authorities to ensure that
is protected in as consistent a manner as possible."
Apart from their express, statutory duties, the Information and Privacy Commissioners have been active in promoting the values of access and privacy in a variety of national and international fora. Commissioners have commented on proposed legislation and government policies, appeared before parliamentary committees, conducted surveys, sponsored research, published summaries of findings, and given public lectures.
It can be seen, then, that while the primary role of the Information
and Privacy Commissioners continues to be that of an ombudsman - investigating
complaints and issuing advisory findings - their functions are in fact
multi-faceted. As Colin J. Bennett has said of the Privacy Commissioner,
"expected at some point to perform seven interrelated roles:
ombudsman, auditor, consultant, educator, policy advisor, negotiator
and enforcer." Many
of these roles, I would add, are also performed by the Information
Commissioner. And each of these roles, and the increasingly strenuous
demands they place on the offices of the two commissioners, must be
considered in assessing the wisdom of any form of merger.
- Date modified: