Pragmatic Privacy: Reform of the Federal Privacy Act
This post is the second in a series on the consultation paper published by Treasury Board Secretariat on proposed reform of the federal Privacy Act. The first can be found here. This post focuses on the first of six themes in the document: Enabling integrated services.
If I had to sum up the new consultation paper on reform of the Privacy Act, I would describe it as a document about pragmatic privacy. It is about how government will protect privacy while enabling the uses that it needs and wants to make with data. It is not about the ideal of privacy, nor is it really about where the line should be drawn between government and citizen when it comes to the use of personal data. I am not suggesting that the document ignores the importance of privacy as a value; but I am proposing that the overall approach is pragmatic.
The pragmatism is evident in first of six themes chosen to lead the consultation paper on reform of the federal Privacy Act: “Enabling integrated services”. This set of reforms is aimed at facilitating horizontal information sharing across the federal government. Horizontal data sharing has, to date, been limited by the Privacy Act, since the vertical siloing of personal data within departments and agencies was initially seen as a way to protect privacy. Only those departments or agencies that had collected information directly from individuals had access to that data.
Horizontal sharing reflects two broad modernization goals. The first is to make it simpler for Canadians to access government services without having to provide or update the same information multiple times when dealing with programs housed in different departments. The second is less overt in the discussion paper, which describes :
[…] a new, purpose-based approach that allows government institutions to reuse and securely share personal data with each other and with their provincial, territorial, or municipal partners without asking for consent, if it clearly serves a public interest or directly benefits individuals, such as improving service delivery or program activities.
This is broad language that will surely include using data in analytics and AI systems to develop and deliver services.
The consultation paper makes it clear that horizontal data sharing will be subject to strict conditions which will include sharing only the information that is necessary for the stated purpose, sharing in the “least privacy-invasive way possible”, and having in place strong safeguards to protect privacy. (Note: Some of these issues are part of subsequent themes and proposals in the discussion document, and I will dig into them in later posts in this series). The document also promises that individuals will be informed of any reuse or sharing of their personal data, although it seems that this will be through plain language notices “published in a central registry before the data is shared or reused.” This transparency is important but note how the technological infrastructure to ensure transparency seems already determined. It will not be done through individual notice nor will it be through an Estonian-style citizen portal (called Data Tracker) which allows individuals to see who within government has accessed their personal data and when.
The general move towards horizontal data sharing is evident in the reforms of some provincial public sector data protection laws. For example, Alberta’s new Protection of Privacy Act contains, in Part 3, a framework governing “data matching”, which is defined in s. 1(f) as “linking personal information between 2 or more databases or other electronic sources of information”. Nova Scotia’s revised Freedom of Information and Protection of Privacy Act allows for personal information to be shared horizontally if it is “necessary for the delivery of a common or integrated program or activity” (s. 70, s. 71(g)). Data linking is also permitted for research or statistical purposes in s. 72. It is unsurprising, then, that a reform of the federal Privacy Act would seek to better enable horizontal data sharing. However, this objective is buried in the first theme in language about enabling better services and requiring individuals only to provide information once instead of multiple times. The broader goals of horizontal data sharing should be more explicit.
It is important to note that the data sharing envisaged is not just horizontal within the federal government, since the discussion paper refers to the potential to share information with provincial, territorial or even municipal governments. There is nothing inherently wrong with sharing information across governments. In Canada we sometimes create unnecessary barriers to getting things done, especially across layers of government. Yet there are also substantial risks with horizontal data sharing. These can include unwarranted surveillance, and problematic uses of data in AI systems that drive decision-making. Safeguards, transparency and accountability will be crucial.
As part of the infrastructure to support horizontal data sharing, the consultation paper puts forward a model which would designate “certain programs or institutions as the official sources for specific types of personal data”. TBS admits that there would be set-up time required for this infrastructure, but that it will ultimately “reduce the need for repeated data collection, lower storage costs, and simplify updates to personal data for individuals by allowing them to maintain their data in fewer trusted locations.”
The combination of discussion of privacy rules and infrastructure in the same document is part of the ‘pragmatic privacy’ approach. It highlights one of the differences between Privacy Act reform housed at TBS rather than in the Department of Justice. Past consultation papers from Justice have focused on privacy principles and reform of specific statutory provisions, with little discussion of the infrastructure required. On this model, principle precedes design. By contrast, the TBS consultation paper has one eye on privacy principles and another on how the new data infrastructures that will be required might be built. Another difference is that past discussion papers have been very specific about what provisions of the Privacy Act are targeted for change and how they might be changed. This consultation document discusses legislative changes in more general terms.
One thing is clear: in this first theme, the discussion of reform of the Privacy Act is closely tied to new data infrastructure. Public sector data protection laws have an odd relationship to infrastructure. What the law allows and does not allow can dictate how data infrastructure is designed and built. Conversely, how data infrastructure is built can establish a reality to which privacy laws must adapt. We seem to be at a transition point, where new data infrastructure is clearly contemplated (some of it is sketched out in this document). At the same time, Privacy Act reform is underway to enable the new ways of collecting and handling data that this infrastructure will enable. Privacy reform is therefore in part about how privacy will be protected within this new infrastructure – but the new infrastructure, which will enable new uses of personal data across the federal government, will also transform long-held expectations about privacy that stem in part from what was and was not previously possible. There is a fundamental paradigm shift. This is a Privacy Act being rewritten for a government that has access to more data than ever before and has tools to do more with that data than ever imagined in 1983. The nature and scale of data use has changed. It is a vision of a Privacy Act that is about enabling use and reuse of data.
The next post in this series will consider the second theme in the document: Enhancing Accountability and Transparency.