Teresa Scassa - Blog

Schedule 56 of the Budget Bill introduces a new statute, the Simpler, Faster, Better Services Act, 2019 (SFBSA), that, once passed, will take effect when proclaimed by the Lieutenant Governor. That passage is a foregone conclusion is evidenced by the fact that the role of Chief Digital and Data Officer, created under the statute, has already been filled with the announcement of the appointment of Hillary Hartley. The goal of the SFBSA is to “promote the transformation of government services in Ontario” (s. 1). Among other things, the Act provides for the appointment of a Chief Digital and Data Officer (CDDO) who is tasked with promoting the development and implementation of public sector digital services; providing advice to public sector organizations on digital services; assessing the design, development and effectiveness of these services; and promoting the use of data and effective data management (s. 3(1)). The CDDO will also promote the proactive publication of data by public sector organizations and involve the public in the design and implementation of digital services. Under s. 3(3) of the Act, the CDDP must also establish a digital and data action plan which, in broad terms, will develop initiatives to promote the adoption of digital services, and the improvement of existing services. The action plan will also promote the development of “effective data management and data sharing across public sector organizations”, and will specifically promote the use of technology that is scalable and interoperable. The action plan must also set targets and indicators for the evaluation of progress, and is to be reviewed and adapted as necessary at least every three years.

The CDDO is also charged, under s. 4 of the Act with setting standards for digital services and for open data. The open data standards can include “requirements to make specified datasets publicly available”, and will also include formal and technical standards for the data. This can include standards with respect to metadata, as well as the frequency and manner by which data sets are to be made public.

Interestingly, while this section is described as addressing “open data standards”, the requirements in the SFBSA actually relate to making public sector data “publicly available”. This is subtly different from open data in the classic sense. For example, s. 4(3)(d) allows the CDDO to set “the terms by which a public sector organization shall grant licences for the use of the datasets it publishes”. This suggests that some data might be made publicly available under more restrictive terms and conditions than traditional open data. Examples of possible restrictions might include non-commercial use limitations, or requirements that no attempts be made to reidentify deidentified data in the licensed data set. They might even include fees for access to some data sets, as nothing in the SFBSA actually requires the data to be provided free of charge. The statute also provides for the enactment of regulations, and these regulations can formalize the adopted standards.

The CDDO is also charged with maintaining a catalogue listing and describing all public sector datasets, including those that are required to be publicly available. The only exceptions relate to information that must be kept confidential under a law of Canada or Ontario, or information relating to “confidential law enforcement activities or other matters involving public safety or security” (s. 4(10)). The inventory and the standards developed for public sector data must also be made publicly available.

The SFBSA sets out, in s. 5, principles that must be followed by public sector organizations in developing and using digital services. Section 5(2) identifies principles that should guide the management of data and its public release.

The CDDO has some enforcement powers under the legislation in the sense that she may find organizations to be non-compliant and order them to change their practices, and can provide notice of non-compliance to the Management Board of Cabinet.

It should be noted that this statute is meant to apply both to public sector organizations (government ministries and public bodies), as well as “broader public sector organizations”. This latter category will include organizations referred to in a Schedule to the SFBSA, notably municipalities, school boards and universities, and some health services facilities.

Overall, this is a very interesting piece of public policy. Although provincial, federal and municipal governments across Canada have made commitments to open data, Ontario is the first to legislate open data requirements (or at least ‘publicly available data’ requirements). The establishment of a CDDO with a legislated mandate is also a positive commitment to improving digital and data services in the province. The principles that will guide digital services development and delivery as well as data management are important, straightforward, and public-interest oriented. The importance of this legislation, as Amanda Clarke says in her excellent post (with more to follow), “is exactly why this policy change demands broad and sustained scrutiny”.

While the substance of this statute is interesting and important, the process behind it is problematic. In February 2019 the Ontario government launched its data strategy consultation. The first step (which ended in March) was to accept submissions from the public. The second was to establish an advisory panel that would continue consultations and ultimately report in the Fall of 2019. Yet the SFBSA seems to contain precisely the kinds of measures contemplated by the data strategy consultation. In doing so it calls into question the genuineness of the consultation process. The process deficiencies are further reinforced by the fact that the SFBSA is crammed into an omnibus budget bill which will ultimately pass with a minimum of scrutiny and debate. It’s an interesting statute and an important piece of public policy, but the public and democratic process around it is not good.

Published in Privacy
Thursday, 07 February 2019 08:09

Ontario Launches Data Strategy Consultation

On February 5, 2019 the Ontario Government launched a Data Strategy Consultation. This comes after a year of public debate and discussion about data governance issues raised by the proposed Quayside smart cities development in Toronto. It also comes at a time when the data-thirsty artificial intelligence industry in Canada is booming – and hoping very much to be able to continue to compete at the international level. Add to the mix the view that greater data sharing between government departments and agencies could make government ‘smarter’, more efficient, and more user-friendly. The context might be summed up in these terms: the public is increasingly concerned about the massive and widespread collection of data by governments and the private sector; at the same time, both governments and the private sector want easier access to more and better data.

Consultation is a good thing – particularly with as much at stake as there is here. This consultation began with a press release that links to a short text about the data strategy, and then a link to a survey which allows the public to provide feedback in the form of answers to specific questions. The survey is open until March 7, 2019. It seems that the government will then create a “Minister’s Task Force on Data” and that this body will be charged with developing a draft data strategy that will be opened for further consultation. The overall timeline seems remarkably short, with the process targeted to wrap up by Fall 2019.

The press release telegraphs the government’s views on what the outcome of this process must address. It notes that 55% of Canada’s Big data vendors are located in Ontario, and that government plans “to make life easier for Ontarians by delivering simpler, faster and better digital services.” The goal is clearly to develop a data strategy that harnesses the power of data for use in both the private and public sectors.

If the Quayside project has taught anyone anything, it is that people do care about their data in the hands of both public and private sector actors. The press release acknowledges this by referencing the need for “ensuring that data privacy and protection is paramount, and that data will be kept safe and secure.” Yet perhaps the Ontario government has not been listening to all of the discussions around Quayside. While the press release and the introduction to the survey talk about privacy and security, neither document addresses the broader concerns that have been raised in the context of Quayside, nor those that are raised in relation to artificial intelligence more generally. There are concerns about bias and discrimination, transparency in algorithmic decision-making, profiling, targeting, and behavioural modification. Seamless sharing of data within government also raises concerns about mass surveillance. There is also a need to consider innovative solutions to data governance and the role the government might play in fostering or supporting these.

There is no doubt that the issues underlying this consultation are important ones. It is clear that the government intends to take steps to facilitate intra-governmental sharing of data as well as greater sharing of data between government and the private sector. It is also clear that much of that data will ultimately be about Ontarians. How this will happen, and what rights and values must be protected, are fundamental questions.

As is the case at the provincial and federal level across the country, the laws which govern data in Ontario were written for a different era. Not only are access to information and protection of privacy laws out of date, data-driven practices increasingly impact areas such as consumer protection, competition, credit reporting, and human rights. An effective data strategy might need to reach out across these different areas of law and policy.

Privacy and security – the issues singled out in the government’s documents – are important, but privacy must mean more than the narrow view of protecting identifiable individuals from identity theft. We need robust safeguards against undue surveillance, assurances that our data will not be used to profile or target us or our communities in ways that create or reinforce exclusion or disadvantage; we need to know how privacy and autonomy will be weighed in the balance against the stimulation of the economy and the encouragement of innovation. We also need to consider whether there are uses to which our data should simply not be put. Should some data be required to be stored in Canada, and if so in what circumstances? These and a host of other questions need to be part of the data strategy consultation. Perhaps a broader question might be why we are talking only about a data strategy and not a digital strategy. The approach of the government seems to focus on the narrow question of data as both an input and output – but not on the host of other questions around the digital technologies fueled by data. Such questions might include how governments should go about procuring digital technologies, the place of open source in government, the role and implication of technology standards – to name just a few.

With all of these important issues at stake, it is hard not to be disappointed by the form and substance of at least this initial phase of the government's consultation. It is difficult to say what value will be derived from the survey which is the vehicle for initial input. Some of the questions are frankly vapid. Consider question 2:

2. I’m interested in exploring the role of data in:

creating economic benefits

increasing public trust and confidence

better, smarter government

other

There is no box in which to write in what the “other” might be. And questions 9 to 11 provide sterling examples of leading questions:

9. Currently, the provincial government is unable to share information among ministries requiring individuals and businesses to submit the same information each time they interact with different parts of government. Do you agree that the government should be able to securely share data among ministries?

Yes

No

I’m not sure

10. Do you believe that allowing government to securely share data among ministries will streamline and improve interactions between citizens and government?

Yes

No

I’m not sure

11. If government made more of its own data available to businesses, this data could help those firms launch new services, products, and jobs for the people of Ontario. For example, government transport data could be used by startups and larger companies to help people find quicker routes home from work. Would you be in favour of the government responsibly sharing more of its own data with businesses, to help them create new jobs, products and services for Ontarians?

Yes

No

I’m not sure

In fairness, there are a few places in the survey where respondents can enter their own answers, including questions about what issues should be put to the task force and what skills and experience members should have. Those interested in data strategy should be sure to provide their input – both now and in the later phases to come.

Published in Privacy

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law