Teresa Scassa - Blog

Canada’s Access to Information Act is outdated and inadequate – and has been that way for a long time. Information Commissioners over the years have called for its amendment and reform, but generally with little success. The current Information Commissioner, Suzanne Legault has seized the opportunity of Canada’s very public embrace of Open Government to table in Parliament a comprehensive series of recommendations for the modernization of the legislation.

The lengthy and well-documented report makes a total of 85 recommendations. This will only seem like a lot to those unfamiliar with the decrepit statute. Taken as a whole, the recommendations would transform the legislation into a modern statute based on international best practices and adapted both to the information age and to the global movement for greater government transparency and accountability.

The recommendations are grouped according to 8 broad themes. The first relates to extending the coverage of the Act to certain institutions and entities that are not currently subject to the legislation. These include the Prime Minister’s Office, offices of Ministers, the bodies that support Parliament (including the Board of Internal Economy, the Library of Parliament, and the Senate Ethics Commissioner), and the bodies that support the operations of the courts (including the Registry of the Supreme Court, the Courts Administration Service and the Canadian Judicial Council). A second category of recommendations relates to the need to bolster the right of access itself. Noting that the use of some technologies, such as instant messaging, may lead to the disappearance of any records of how and why certain decisions are made, the Commissioner recommends instituting a legal duty to document. She also recommends adding a duty to report any unauthorized loss or destruction of information. Under the current legislation, there are nationality-based restrictions on who may request access to information in the hands of the Canadian government. This doesn’t mean that non-Canadians cannot get access – they currently simply have to do it through a Canadian-based agent. Commissioner Legault sensibly recommends that the restrictions be removed. She also recommends the removal of all fees related to access requests.

The format in which information is released has also been a sore point for many of those requesting information. In a digital age, receiving information in reusable digital formats means that it can be quickly searched, analyzed, processed and reused. This can be important, for example, if a large volume of data is sought in order to analyze and discuss it, and perhaps even to convert it into tables, graphs, maps or other visual aids in order to inform a broader public. The Commissioner recommends that institutions be required to provide information to those requesting it “in an open, reusable, and accessible format by default”. Derogation from this rule would only be in exceptional circumstances.

Persistent and significant delays in the release of requested information have also plagued the system at the federal level, with some considering these delays to be a form of deliberate obstruction. The Report includes 10 recommendations to address timeliness. The Commissioner has also set out 32 recommendations designed to maximize disclosure, largely by reworking the current spider’s web of exclusions and exemptions. The goal in some cases is to replace outright exclusions with more discretionary exemptions; in other cases, it is to replace exemptions scattered across other statutes with those in the statute and under the oversight of the Information Commissioner. In some cases, the Commissioner recommends reworking current exemptions so as to maximize disclosure.

Oversight has also been a recurring problem at the federal level. Currently, the Commissioner operates on an ombuds model – she can review complaints regarding refusals to grant access, in adequate responses, lack of timeliness, excessive fees, and so on. However, she can only make recommendations, and has no order-making powers. She recommends that Canada move to an order-making model, giving the Information Commissioner expanded powers to oversee compliance with the legal obligations set out in the legislation. She also recommends new audit powers for the Commissioner, as well as requirements that government institutions consult on proposed legislation that might affect access to information, and submit access to information impact assessments where changes to programs or activities might affect access to information. In addition, Commissioner Legault recommends that the Commissioner be given the authority to carry out education activities aimed at the public and to conduct or fund research.

Along with the order-making powers, the Commissioner is also seeking more significant consequences for failures to comply with the legislation. Penalties would attach to obstruction of access requests, the destruction, altering or falsification of records, failures to document decision-making processes, and failures to report on unauthorized loss or destruction of information.

In keeping with the government’s professed commitments to Open Government, the report includes a number of recommendations in support of a move towards proactive disclosure. The goal of proactive disclosure is to have government departments and institutions automatically release information that is clearly of public interest without waiting for an access to information request that they do so. Although the Action Plan on Open Government 2014-2016 sets goals for proactive disclosure, the Commissioner is recommending that the legislation be amended to include concrete obligations.

The Commissioner is, of course, not alone in calling for reform to the Access to Information Act. A private member’s bill introduced in 2014 by Liberal leader Justin Trudeau also proposes reforms to the legislation, although these are by no means as comprehensive as what is found in Commissioner Legault’s report.

In 2012 Canada joined the Open Government Partnership, and committed itself to an Action Plan on Open Government. This Action Plan contains commitments grouped under three headings: Open Information, Open Data and Open Dialogue. Yet its commitments to improving access to information are focussed on streamlining processes (for example, by making it possible to file and pay for access requests online, creating a virtual library, and making it easier to search for government information online.) The most recent version of the Action Plan similarly contains no commitments to reform the legislation. This unwillingness to tackle the major and substantive issues facing access to information in Canada is a serious impediment to realizing an open government agenda. A systemic reform of the Access to Information Act, such as that proposed by the Information Commissioner, is required.

Published in Privacy

A news story from January 2015 puts squarely into focus some of the challenges of privacy and open government.

The story centred on the Canadian legal information website CanLII, although the privacy issues it raises relate more directly to how government institutions protect personal information when seeking to comply with open courts and open government principles.

CanLII, a non-profit corporation that is managed by the Federation of Law Societies of Canada, is a tremendously important information resource in Canada. Since its inception, it has become instrumental in ensuring that Canadians have free online access to primary Canadian legal materials. It follows in the tradition of other Legal Information Institutes in the United States, Australia and Britain/Ireland. CanLII includes all Canadian and provincial statutes and regulations, case law from all federal and provincial courts, and case law from a growing number of administrative tribunals. Prior to CanLII’s appearance on the scene, these materials were found either on the shelves of law libraries, or were accessible through commercial databases that charged fees for access. In essence, they were not easily accessible to Canadians without significant effort or cost. In a legal system in which “ignorance of the law is no excuse”, and in which an ever-growing number of Canadians have no choice but to represent themselves in legal proceedings, this kind of public access seems essential. CanLII’s efforts to liberate these legal materials make an interesting story with plenty of open government lessons. (I have written about the evolution of CanLII here,).

The news story that broke in January related to a Romanian website that had scraped the content from CanLII and reposted it to another website hosted in Romania. In doing so, it allowed for the circumvention of technological measures put in place by CanLII that prevented Google from indexing terms found in court and tribunal decisions. These measures were put in place by CanLII largely to protect the privacy of individuals whose names and personal information may feature in court decisions. By contrast, the Romanian materials are fully searchable.

This situation raises several interesting issues of privacy and open government. At first glance, it may look like a failure of CanLII’s efforts to put into place effective technological measures to protect individual privacy. (CanLII has reportedly upgraded its technological protections, although the cases initially scraped from the site remain out of its control). But CanLII is really only the second line of defence. The first line of defence, is, of course, the courts and tribunals themselves that provide case law to CanLII as well as increasingly through their own websites.

The problem of “public personal information” is a thorny one, and it arises in this context as well as in many others. Public personal information is information that is legally public (government registry information, for example, or information in court decisions). While this information has long been public in nature, its widespread, immediate and limitless distribution was never contemplated in the pre-internet age in which decisions to make it public were made. Thus, there are important privacy issues surrounding how and under what conditions such information is made public, as well as how the public interest in openness should be balanced against individual rights to privacy in an internet and big data age.

In Canada, the open courts principle means that the proceedings of courts are open to public scrutiny – it’s a fundamental principle that justice must not only be done, it must be seen to be done. This means not only that, barring exceptional circumstances, court and tribunal hearings are public, as are the decisions reached in those cases. In fact, not only does this serve transparency and accountability values, the publication of court and tribunal decisions allows lawyers and members of the public to consult these decisions to better understand the law, and to learn how courts and tribunals interpret and apply legislation. In exceptional circumstances, courts may issue publication bans in relation to certain court hearings; courts may also order certain personal information (including, in some cases, names of individuals) redacted from court decisions. For example, in decisions involving young offenders, only initials are used. The names of victims of sexual assaults may also be redacted.

In the pre-internet dark ages, the redaction of names and other personal information from court decisions was less significant because these decisions did not circulate widely. Few members of the public, for exmpale, were curious enough to go down to a law library to trawl through case reporters in the hope of spotting the name of someone they knew. Internet access and online publication of decisions changes things significantly. Fully searchable databases of court and administrative tribunals can leave individuals substantially exposed with respect to a very broad range of personal information. Decisions in divorce cases may include a detailed account of assets and liabilities, and may also recount grim details of personal conduct. Decisions of workers’ compensation tribunals may contain significant amounts of personal health information; the same can be said of human rights tribunals, pension and disability tribunals, and so on. In many civil cases where plaintiffs allege damages for anxiety, stress, or depression caused by the harm they suffered, courts may engage in a detailed discussion of the evidence presented. In personal injury law suits, there may be considerable discussion of personal health information. This is just a sample of some of the personal information that may be found in court decisions. In digital form, this information is available to nosy neighbors, malefactors, and data miners alike.

Courts and tribunals publish their decisions in conformity with the open courts principle. Online publication, however, raises significant privacy concerns that must be balanced against the open courts principle. The Canadian Judicial Council has considered this issue, and has issued guidelines for courts as to how to prepare decisions for online publication. The Office of the Privacy Commissioner of Canada has also weighed in on the issue with respect to the practices of federal administrative tribunals. The problem is, of course, that these guidelines are not mandatory, and, as Christopher Berzins has noted, there no consistent approach across the broad range of courts and tribunals in Canada. Further, in some cases, there may be genuine debate about whether certain details are required in order to meet the open courts principle. For example, if we are to understand why a certain award of damages is made in a particular case, we need to understand the nature of the evidence presented, and how the judge assessed that evidence.

So much for the first line of defence. Ideally, courts and tribunals, prior to making decisions available for online publication, should address privacy issues. Many do, some do not. Not all do so to the same extent or in the same way. In some cases, the open courts principle will outweigh privacy considerations – although whether technical or other solutions should be instituted is an excellent question. The fact remains that much personal information ends up being published online through important resources such as CanLII. CanLII itself has introduced a second line of defence – technological measures to ensure that the personal information is not accessible through search engines. What the story about the Romanian website has taught us is that this line of defence is entirely porous. It has also taught us that as more and more public personal information is made available in formats that allow for easy dissemination, greater attention needs to be paid – by courts and by governments at all levels – to the challenges of public personal information.

Published in Privacy
Wednesday, 02 July 2014 07:07

Privacy and Open Government

The public-oriented goals of the open government movement promise increased transparency and accountability of governments, enhanced citizen engagement and participation, improved service delivery, economic development and the stimulation of innovation. In part, these goals are to be achieved by making more and more government information public in reusable formats and under open licences. The Canadian federal government has committed to open government, and is currently seeking input on its implementation plan. The Ontario government is also in the process of developing an open government plan, and other provinces are at different stages of development of open government. Progress is also occurring at the municipal level across Canada, with notable open data and/or open government initiatives in Vancouver, Toronto, and Ottawa (to give a few examples).


Yet open government brings with it some privacy challenges that are not explicitly dealt with in existing laws for the protection of privacy. While there is some experience with these challenges in the access to information context (where privacy interests are routinely balanced against the goals of transparency and accountability (and see my posting on a recent Supreme Court of Canada decision on this issue), this experience may not be well adapted to developments such as open data and proactive disclosure, nor may it be entirely suited to the dramatic technological changes that have affected our information environment. In a recent open-access article, I identify three broad privacy challenges raised by open government. The first is how to balance privacy with transparency and accountability in the context of “public” personal information (for example, registry information that may now be put online and broadly shared). The second challenge flows from the disruption of traditional approaches to privacy based on a collapse of the distinctions between public and private sector actors. The third challenge is that of the potential for open government data—even if anonymized—to contribute to the big data environment in which citizens and their activities are increasingly monitored and profiled.

I invite you to have a look at this article, which is published in (2014) 6 Future Internet 397-413.

Published in Privacy

On April 24, 2014 the Supreme Court of Canada handed down a decision which at least touches upon the thorny question of what constitutes “personal information”. This question is particularly important to governments that are contemplating the proactive release of government data under commitments to open government. The issue is far from academic, as federal, provincial and municipal governments in Canada have all taken steps in this direction. Indeed, the Ontario government has just signaled its own commitment to open government, which will include proactive disclosure of government data.

Most public sector data protection laws in Canada define “personal information” as essentially information about an identifiable individual. This means that “personal information” is more than just information that actually identifies an individual (their name or social insurance number, for example) but also includes any other information that, if linked with other available information, could lead to the identification of a specific individual. Thus, a government contemplating the proactive disclosure of data sets under an open data program, would have to ensure that the data sets were free not just of individuals’ names and identification numbers, but also free of data that could be linked back to specific individuals. This can be more challenging than one might think, particularly as we live in an environment where more and more data is becoming easily available from both public and private sector sources, and where search engines, algorithms and computing power make mining and matching information increasingly fast, inexpensive and easy.

The case – Ministry of Community Safety and Correctional Services v. Information and Privacy Commissioner (Ontario) – involved an access to information request made by a journalist to the Ministry of Community Safety and Correctional Services. The journalist sought the disclosure of the number of registered sex offenders in Ontario who lived within each postal code forward sortation area (the area designated by the first three digits of a postal code). The journalist did not seek access to this information by full postal code, presumably because this finer level of detail might lead to the identification of those individuals, particularly where there were relatively few residences associated with a particular postal code. While Ontario maintains a sex offender registry, the locations of the registered sex offenders are not public information. The register is intended primarily for use by law enforcement officials. The journalist planned to create a map which would allow the public to see a more generalized geographic representation of where registered sex offenders in Ontario were living. The Ministry refused to disclose this information on the basis that it could lead to the identification of specific individuals. It argued not just that the information could not be disclosed because it fell within the definition of “personal information” but also because its release would interfere with law enforcement, endanger the life or physical safety of the individuals, and might hamper the control of crime (by making sex offenders less likely to comply with the registration requirements out of fear of identification). All of these bases are exceptions to disclosure of information under the provinces Freedom of Information and Protection of Privacy Act (FIPPA). The Ministry’s refusal was appealed by the journalist to the Office of the Information and Privacy Commissioner, which ordered that the information be disclosed. The Commissioner’s decision was upheld by the courts all the way up to the Supreme Court of Canada, which also upheld the order to release the information sought by the journalist.

The Supreme Court considered three issues: the level of deference due to the decision of the Information Commissioner, whether access was ordered for purposes inconsistent either with FIPPA or with the law governing the sex offender registry, and whether the Commissioner’s interpretation of the scope of the law enforcement exceptions to information disclosure was appropriate. Yet underlying these issues was a key question which itself was not in dispute before the Court. This was whether the information sought constituted personal information – in other words, information about an identifiable individual. The approach of the Commissioner to this question was not part of the appeal, yet once it was accepted that the information sought was not personal information, it would be difficult to find that any of the harm-based exceptions to disclosure would apply – no matter what interpretation they were given – because information that could not lead to the identification of specific individuals would be highly unlikely to cause them harm and, in theory at least, less likely to deter them from complying with the registry requirements.

In refusing to disclose the information, the Ministry had argued that the information being sought was personal information because it could be linked with other available information in order to re-identify individuals. This issue of the potential for re-identification is central to the question of whether information qualifies as a personal information, and in the context of open data, it will be crucial in decisions about whether certain data sets may be proactively disclosed. It is important to note that the Commissioner in this case observed that the Ministry had not advanced any cogent evidence of the potential for re-identification. This point was picked up by the courts below, and the Supreme Court of Canada agreed. Writing for the Court, Justice Cromwell noted that “the Commissioner determined that the Ministry did not provide any specific evidence explaining how the Record could be cross-referenced with other information in order to identify sex offenders. We find this to be a reasonable determination.” (at para 60) Indeed, very little specific evidence was provided, and the court dismissed more general literature on re-identification as “unconvincing and generic scholarly research on ‘identifiability’.” (at para 60) The Court also agreed with the Commissioner’s rejection of the Ministry’s assertions that more information might someday be available on the Internet that could, if matched with the sex offender data, lead to identification. Justice Cromwell stated: “it must be stressed that the Ministry only referred vaguely to the unpredictability of internet developments and did not provide any specifics about how identification could occur.” (at para 61).

The case involved a dispute over the release of data in the context of a specific access to information request. Yet there are lessons here for those tasked with identifying data sets for proactive release for the purposes of open data. These might be summarized as follows:

  • The definition of “personal information” under access to information and data protection laws in Canada tends to be broad and will include information about an identifiable individual. Thus it is important to consider not just whether there are specific personal identifiers in the data set, but whether this data could, if matched with other available data, lead to the identification of specific individuals.
  • In considering the likelihood of re-identification, it would seem that the balance between the goals of transparency and accountability and those of privacy protection do not require ‘worst case scenario’ or extreme hypothetical speculation. In the access to information context, the department or agency in question would bear the burden of justifying a refusal to disclose, and justification must be more than assertions. Presumably the same standard would apply to proactive disclosure. The law does not require excessive caution.
  • In considering the possibility of re-identification, it might also be appropriate to consider how sensitive the personal information would be if re-identification were achieved. In Ministry of Community Safety, the information at risk of disclosure through re-identification was highly sensitive – the location of registered sex offenders. Presumably this might give some an incentive to attempt re-identification, perhaps warranting greater caution in the decision about whether to release the information. Nevertheless, the Commissioner, and ultimately the courts, still required some evidence that re-identification was possible.

 

Published in Privacy

The goals of the open government movement – which has spread rapidly around the world in the last five years – are to increase government transparency and accountability, to engage citizens and increase their participation in government, and to improve governance. This is to be done primarily through enhanced access to government information and improved methods of citizen-government interaction. Open government includes three main streams: open access, open data, and open participation. The open data stream also carries with it the goal to stimulate innovation and economic development by making government data available in reusable and interoperable formats and under open licences.

Canada signed on to the Open Government Partnership in 2011. In doing so, it committed to taking a number of steps, including developing an Action Plan for open government that would set out specific goals and commitments. The OGP also requires governments to report on their progress, and provides independent review of each government’s updates.

Canada’s Action Plan for Open Government set out a series of commitments spread over a 3 year period. It was published in 2012 and Canada submitted its first self-assessment report to the OGP in 2013. This progress report has been the subject of an independent review by the OGP, through its independent reporting mechanism, and a copy of this review is now available for public comment.

The independent review confirms that the Canadian government has made significant progress on a number of the commitments it set out in its Action Plan, and that many of these commitments are either on target or ahead of schedule. Some of these achievements are considered to be “clearly relevant” to the values of the OGP and of potentially high impact. These include the completion and launch of a new Open Government Licence (commented on in an earlier blog post), measures taken under the International Aid Transparency Initiative, the online publication of resource management data, and the electronic publication by federal regulators of regulatory plans.

The review, carried out by Carleton University Professor Mary Francoli, does note, however, that a number of the government’s other commitments are less ambitious and less directly relevant to the goals of the OGP. This does not mean that they are not worth doing, just that they are less impactful. One issue, therefore, would seem to be whether the government’s plan has struck the right balance between ambitious and significant goals and low hanging fruit.

A further concern is that the broad commitment to open government has been channelled primarily into developments around open data. While open data is important, and while developments in this area have been meaningful, open access and open participation are crucial components of open government and are essential to realizing its objectives. Indeed, one of the recommendations in the review document relates to the need for the government to broaden its focus so as to give more attention to open access and participation.

Through her consultation with stakeholders and other organizations, Francoli identifies a broad range of concerns over how the federal government communicates with citizens, and how it compiles, shares and archives information. The review is particularly critical of the government’s tepid improvements to access to information in Canada, and it suggests that nothing short of legislative reform will deliver necessary improvements. The review also indicates that there have been shortcomings in citizen and stakeholder engagement and participation in the development of the goals and priorities of open government. The review also makes recommendations regarding improved information flows, the need to ensure that data is released in useable formats and with appropriate metadata, and the need to expand integrity commitments. While the review notes that open government has a strong champion at the federal level in the Treasury Board Secretariat President Tony Clement, it also identifies a need for broader support within the government.

A copy of the report and information on how to provide comments and feedback on it are available here.

 

 

A recent Federal Court of Appeal decision may have significant implications for the licensing of government data by federal and provincial governments. Nautical Data International Inc v. C-Map USA Inc. is a decision that relates to a lawsuit brought by Nautical Data against the defendant C-Map after C-Map allegedly used data from Canadian Hydrographic Service charts and maps to create its digital charts. Nautical Data took the position that it had acquired the rights, through an exclusive licence, to the raw data that was used in the preparation of the charts, and that these rights were infringed by C-Maps activities. Of course, the two parties were competing in the production of digital navigation products.

Typically, government data licences, whether open or otherwise, assert that the government has rights in the data being licensed. Even the federal government’s recently proposed Open Data Licence covers information that is defined as “information protected by copyright or by database right...”. Leaving aside the imported and inappropriate reference to database rights that do not exist in Canada (see my earlier blog on this point), the government is clearly assuming that it has copyright in the data that is the subject of such licenses. Geobase’s Unrestricted Use Licence Agreement also boldly asserts that “Canada is the owner of or has rights in the data (the Data) addressed by the terms and conditions of this Agreement”. The claims, evident in these open licences, are repeated in more closed licences as well. The licence at issue in the Nautical Data case defined CHS data as “any data owned by Canada and maintained by CHS”.

This idea that data can be “owned” and that copyright law is the vehicle for this ownership is clearly evident in these and in many other licences in both the private and public sectors. This is the case, notwithstanding the fact that in copyright law, there can be no monopoly in facts or data. Copyright will only protect an original expression of facts or data. In a compilation of data, that expression will be manifest in an original selection or arrangement of the data. Even if there is an original selection or arrangement, the protection extends only to that selection or arrangement; it never extends to the underlying data.

While copyright academics have made this point before, it has largely fallen on deaf ears. That is why the comments by the Federal Court of Appeal on this point are so interesting. While the decision is not on the merits of the case (the litigation was about whether summary judgment should be rendered on the issues; the court ruled was that it should not – that the matter should proceed to trial) Justices Nadon and Sharlow state quite plainly that “there can be no copyright in information.”(at para 11). Moreover, they express a certain surprise at the wording of the licence. They state:

Section 6.1 is intended to be a formal acknowledgement of Crown copyright, but it refers to copyright in the CHS Data. Either the parties were unaware that copyright could not subsist in information (which we would not presume), or they understood the phrase “CHS Data” by necessary implication to mean or at least include the CHS Works, even though the definition of “CHS Data” in the licence seems to limit its meaning to “data”. (at para 13)

This is perhaps one of the politest ways possible to criticize the drafting of the licence. Justices Nadon and Sharlow go on to note that the allegation in the licence that the Crown “owns” the data is similarly troublesome. They state: “If it is intended to mean that data can be owned in the same way as property can be owned, then there is some question as to whether it is correct as a matter of law. . . . there is no principle of property law that would preclude anyone from making use of information displayed in a publicly available paper nautical chart, even if the information originated with the Crown or is maintained by the Crown.” (at para 14)

These statements are both interesting and important, and direct attention towards the rather thorny issues around the protection of data in Canada. Data producers, whether in the public or private sectors, have asserted claims to copyright in their data that are far stronger than the law apparently supports. They can do this largely because to challenge such a claim would require engaging in costly and time-consuming litigation which is beyond the reach of ordinary citizens and many businesses as well. It is perhaps the law’s version of Stephen Colbert’s ‘wikiality’ – let’s call it legiality: if you can get enough people to say that certain rights exist, then perhaps for all intents and purposes they do.

Although the copyright issues are not fully litigated in this installment of the Nautical Data saga, the statements by Justices Nadon and Sharlow are a jurisprudential shot across the bows (if you will forgive the nautical reference) of those who claim excessive rights to data in copyright licenses. Whether it is the Nautical Data case that will eventually provide the clarification of the law on these issues or other cases that may be working their way through the system, it really is time for our courts to reinforce the Federal Court of Appeal's clear message regarding over-claiming data licences: there simply is no copyright in facts.

Published in Copyright Law
<< Start < Prev 1 2 Next > End >>
Page 2 of 2

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law