Bell by Mike Schaffner (CC BY-NC-ND 2.0) https://flic.kr/p/g4EcLg

Bell by Mike Schaffner (CC BY-NC-ND 2.0) https://flic.kr/p/g4EcLg

News

Why the Privacy Commissioner Doesn’t Need Legal Reforms To Require Transparency Reports

Privacy Commissioner of Canada Daniel Therrien was in the news this week as he expressed concern with the evasiveness of Canada’s spy agencies and the ongoing refusal of some of Canada’s telecom companies (namely Bell) to issue transparency reports. I’ll have more to say about privacy and government agencies in my technology law column next week, but on the issue of telecom transparency reports, I believe that Therrien already has the necessary legal mandate to act now. Therrien urged all telecom companies to release transparency reports, noting:

“I think Canadians are telling us, first of all, that they would much prefer that data be shared from telcos to government only with a warrant, with a court authorization. But when that does not happen, Canadians expect that there be transparency…frankly, if there’s not more progress I will continue to call for legislation on this issue.”

I wrote about why Canada’s telecom transparency reporting still falls short late last month, emphasizing that a non-binding approach to transparency reporting has been a failure. I indicated that there is a strong argument that the law already requires companies to issue transparency reports as part of their obligation to be accountable and open under PIPEDA. Principle 4.1.4(d) establishes the following requirement under the law:

Organizations shall implement policies and practices to give effect to the [privacy] principles, including:
(d) developing information to explain the organization’s policies and procedures

Moreover, Principle 4.8.1 states that:

Organizations shall be open about their policies and practices with respect to the management of personal information.

To date, discussion of these provisions has focused on the need for publicly-available privacy policies. Yet there is no reason to think that they are limited merely to those policies. Ensuring that an organization is fully accountable for the information it collects, uses, and discloses should include reports that explain policies, procedures, and practices around information disclosures to law enforcement.

Commissioner Therrien does not need to lobby for legal reforms or wait for the government to act. There are no legal barriers to disclosure and any decision to withhold such information is a choice made by telecom providers such as Bell. The Privacy Commissioner should launch an immediate investigation, demand that Bell (and any other holdouts) explain why they have not issued transparency reports and revealed their disclosure practices to date, and issue findings on whether they are violating the law.

4 Comments

  1. It’s outrageous that Bell – and perhaps other telecom’s – refuses to provide a transparency report. Nothing in the reports reveals anything that would hamper a legitimate police investigation, nor does it disclose any proprietary business “secrets.”

    It is typical of the arrogance of Bell that it is balking at what at least some of its competitors do regularly. Maybe Bell is afraid that we will discover – as we have with BlackBerry – that it is handing over customer information willy-nilly to authorities with no real stopgap to prevent the release of things law enforcement has no right to see.

  2. There is a fine line that separates privacy from transparency. While at a corporate level transparency should be encourages but down to consumer level privacy should be held as a priority objective.

    • Exactly Sean!
      Secrecy, Privacy and Transparency are three different aspects that must be dealt differently but not to forget that there should be a balance in between the three.

  3. Perfect analysis,good job