There Has Been a 'Sea Change' in Privacy Rights in Canada, Warns Watchdog

The man tasked with defending Canadians' personal information, once decried as a government stooge, directly chastised the federal government over its efforts to track and surveil Canadians — and recommended that the new government put safeguards on how the government uses "big data" to spy on its citizens.

In his annual report, Daniel Therrien, the Privacy Commissioner of Canada, looked at three pieces of legislation that "taken together, these initiatives have resulted in what can only be described as a sea change for privacy rights in Canada."

The first, C-44, allows Canadian spies to operate abroad and gives them more ability to obtain information without disclosing its origins; C-13, which creates new legal authority for cops and public servants to obtain Canadians' personal data without a warrant; and C-51, the anti-terrorism legislation that opens the door for wide new intelligence-gathering and sharing.

All three bills, which are now law, were introduced by the Conservatives, but supported by the Liberals.

The Liberals have said they will change aspects of C-51, but have said little about the other two pieces of legislation.

In his report, released last week, Therrien recommended fixes for each bill — that the government include language to prevent CSIS from obtaining and using data that has been obtained through torture; that the law be updated to clarify when police are allowed to obtain Canadians' data from their internet or cellphone companies without a warrant; and that legislation be introduced to toughen protections for Canadians' privacy when departments want to share their information.

C-51 especially raised the ire of the commissioner.

The new law, he wrote, "provides 17 government institutions involved in national security with virtually limitless powers to monitor and, with the assistance of Big Data analytics, profile ordinary Canadians, with a view to identifying security threats among them."

The law now permits departments and agencies to share personal information found in their systems if they believe the data is "relevant," as opposed to actually necessary, as the commissioner suggested the law should read.

So far, the Liberal government has been largely silent on its timeline to undo some of the changes of C-51. In the party's platform, which outlined their proposed changes to the law, there is no mention of how the party intends on reforming the information-sharing provisions of the bill.

In a speech to the House of Commons in February, now-Prime Minister Justin Trudeau lauded the information sharing provisions of C-51 as "proper steps" to protect the security of Canada.

Related: New Mass Surveillance Laws Come to Canada, France, and the United Kingdom, as the NSA May Have Its Wings Clipped

An interview request to Justice Minister Jody Wilson-Raybould regarding the report went unanswered.

Therrien's report also looked at privacy breaches across the government, including how the Canadian Border Services Agency (CBSA) targets travellers in Canadian airports.

The agency adopted a program of Scenario Based Targeting, an American system which uses various data metrics to target passengers. It collects, as the report notes, "name, date of birth, citizenship, contact phone numbers, seat number, payment information and more" in order to analyze the information "to identify individuals who are or may be involved with terrorism or terrorism-related crimes or other serious offences that are transnational in nature."

Therrien worried that this program was tantamount to racial profiling.

"Our office's concern with the new method is that travellers may now be targeted for increased scrutiny if they fit the general attributes of a group — and individuals may be subjected to recurring and unnecessary attention at the border because of characteristics they cannot change, such as age, gender, nationality, place of birth, racial and/or ethnic origin," the report reads.

Therrien recommended that the CBSA actually prove that the system is necessary, and publish what sort of metrics they're using to target supposedly-risky travellers.

The CBSA, according to Therrien, "responded positively" and will publish more information on the program in 2016.

Follow Justin Ling on Twitter: @justin_ling