Canadians won't accept weaker US privacy standards, watchdog warns
Canadian Press has the story:
OTTAWA -- Canadians won't accept weaker protection of their personal information simply to win a perimeter security deal with the United States, warns the federal privacy watchdog.
Privacy Commissioner Jennifer Stoddart says Canada shouldn't forget its own stringent standards during talks with the U.S. on a security pact expected to involve more sharing of sensitive data.
"My general observation would be that Canadians have high expectations of privacy and a deep commitment where personal information protection is concerned,'' Stoddart says in a submission to the government on the perimeter talks.
"As we have consistently found in our research and audit work, sharing data across borders must be undertaken in a manner that is both transparent and subject to specific controls.''
Prime Minister Stephen Harper and U.S. President Barack Obama issued a declaration in February that could lead to a formal North American security perimeter.
The deal is designed to expand co-operation on continental security while allowing for the smoother flow of goods and people across the clogged Canada-U.S. border.
Critics say Canada risks a loss of sovereignty and control over personal information about Canadians by forging such a deal.
The Conservative government says both sides value one another's constitutional and legal frameworks that protect privacy, civil liberties and human rights.
The countries are expected to publish an action plan on the perimeter security initiative in coming months.
Stoddart, however, notes Canada and the U.S. may differ on key points, including where there is a reasonable expectation of privacy, what exactly constitutes personal information, and the legal implications of transferring such information to third parties.
There have been many unanticipated side-effects of mass collection, analysis and sharing of personal data with U.S. security agencies, she notes in the submission released quietly by her office. These cases range from the inconvenience of being stopped at the border due to a suicide attempt five years in the past, to the tragic rendition of a Canadian citizen, Maher Arar, to torture in Syria.
Arar, despite having been cleared of any wrongdoing in Canada, remains on a U.S. security watchlist to this day, Stoddart points out.
With this in mind, she recommends Canada and the U.S. set clear controls and limits on information sharing and increase safeguards for cross-border data exchanges as part of a perimeter arrangement.
She also advises against storage of biometric data -- such as fingerprints and iris or retina scans -- in large, centralized databases to minimize the possibility such highly personal identifiers could be used for unintended purposes.
One element of a security deal is expected to be an entry-exit database that would track individuals as they enter or leave either Canada or the U.S. -- information that would be shared between the countries.
Stoddart notes such a system could include cross-border flow of biometric data to combat fraud -- amounting to "a major shift in the dynamics of our current data-sharing regime.''
In looking at other models, she contrasts the system used by the European Union -- which involves only the collection of photographs and limited sharing with police agencies -- to that of the United States, which collects photos and fingerprints from many foreign visitors and circulates data widely.
Canada should strongly push for a "made-in-Canada model'' heavily influenced by the European approach, Stoddart argues.
Adopting a U.S. model would see Canada share personal information with Washington about some visitors who have consciously decided not to travel to the U.S., she says.
"Such an approach would not only offend the value Canadians traditionally place in their privacy but may have the effect of hurting the reputation of Canada abroad as a destination of choice.''
Stoddart urges those negotiating the perimeter pact to ask several questions, including whether the primary use of data collected would be border security or law enforcement.
Policy-makers must also decide who oversees use of the information, which databases it will be linked to, and where and how it will be stored.
In addition, Stoddart asks:
-- What redress would Canada have if the U.S. used information illegally?
-- How would dual-passport holders be treated?
-- How will disputes over flagged countries -- namely Cuba -- be handled?