Tags
access to information
AI
AIDA
AI governance
AI regulation
Ambush Marketing
artificial intelligence
big data
bill c11
Bill c27
copyright
data governance
data protection
data strategy
freedom of expression
Geospatial
geospatial data
intellectual property
Internet
internet law
IP
open courts
open data
open government
personal information
pipeda
Privacy
smart cities
trademarks
transparency
|
Tuesday, 07 February 2023 13:50
Court decision explores reidentification risk in access to information request
A recent decision of the Federal Court of Canada exposes the tensions between access to information and privacy in our data society. It also provides important insights into how reidentification risk should be assessed when government agencies or departments respond to requests for datasets with the potential to reveal personal information. The case involved a challenge by two journalists to Health Canada’s refusal to disclose certain data elements in a dataset of persons permitted to grow medical marijuana for personal use under the licensing scheme that existed before the legalization of cannabis. [See journalist Molly Hayes’ report on the story here]. Health Canada had agreed to provide the first character of the Forward Sortation Area (FSA) of the postal codes of licensed premises but declined to provide the second and third characters or the names of the cities in which licensed production took place. At issue was whether these location data constituted “personal information” – which the government cannot disclose under s. 19(1) of the Access to Information Act (ATIA). A second issue was the degree of effort required of a government department or agency to maximize the release of information in a privacy-protective way. Essentially, this case is about “the appropriate analytical approach to measuring privacy risks in relation to the release of information from structured datasets that contain personal information” (at para 2). The licensing scheme was available to those who wished to grow their own marijuana for medical purposes or to anyone seeking to be a “designated producer” for a person in need of medical marijuana. Part of the licence application required the disclosure of the medical condition that justified the use of medical marijuana. Where a personal supply of medical marijuana is grown at the user’s home, location information could easily be linked to that individual. Both parties agreed that the last three characters in a six-character postal code would make it too easy to identify individuals. The dispute concerned the first three characters – the FSA. The first character represents a postal district. For example, Ontario, Canada’s largest province, has five postal districts. The second character indicates whether an area within the district is urban or rural. The third character identifies either a “specific rural region, an entire medium-sized city, or a section of a major city” (at para 12). FSAs differ in size; StatCan data from 2016 indicated that populations in FSAs ranged from no inhabitants to over 130,000. Information about medical marijuana and its production in a rapidly evolving public policy context is a subject in which there is a public interest. In fact, Health Canada proactively publishes some data on its own website regarding the production and use of medical marijuana. Yet, even where a government department or agency publishes data, members of the public can use the ATI system to request different or more specific data. This is what happened in this case. In his decision, Justice Pentney emphasized that both access to information and the protection of privacy are fundamental rights. The right of access to government information, however, does not include a right to access the personal information of third parties. Personal information is defined in the ATIA as “information about an identifiable individual” (s. 3). This means that all that is required for information to be considered personal is that it can be used – alone or in combination with other information – to identify a specific individual. Justice Pentney reaffirmed that the test for personal information from Gordon v. Canada (Health) remains definitive. Information is personal information “where there is a serious possibility that an individual could be identified through the use of that information, alone or in combination with other available information.” (Gordon, at para 34, emphasis added). More recently, the Federal Court has defined a “serious possibility” as “a possibility that is greater than speculation or a ‘mere possibility', but does not need to reach the level of ‘more likely than not’” (Public Safety, at para 53). Geographic information is strongly linked to reidentification. A street address is, in many cases, clearly personal information. However, city, town or even province of residence would only be personal information if it can be used in combination with other available data to link to a specific individual. In Gordon, the Federal Court upheld a decision to not release province of residence data for those who had suffered reported adverse drug reactions because these data could be combined with other available data (including obituary notices and even the observations of ‘nosy neighbors’) to identify specific individuals. The Information Commissioner argued that to meet the ‘serious possibility’ test, Health Canada should be able to concretely demonstrate identifiability by connecting the dots between the data and specific individuals. Justice Pentney disagreed, noting that in the case before him, the expert opinion combined with evidence about other available data and the highly sensitive nature of the information at issue made proof of actual linkages unnecessary. However, he cautioned that “in future cases, the failure to engage in such an exercise might well tip the balance in favour of disclosure” (at para 133). Justice Pentney also ruled that, because the proceeding before the Federal Court is a hearing de novo, he was not limited to considering the data that were available at the time of the ATIP request. A court can take into account data made available after the request and even after the decision of the Information Commissioner. This makes sense. The rapidly growing availability of new datasets as well as new tools for the analysis and dissemination of data demand a timelier assessment of identifiability. Nevertheless, any pending or possible future ATI requests would be irrelevant to assessing reidentification risk, since these would be hypothetical. Justice Pentney noted: “The fact that a more complete mosaic may be created by future releases is both true and irrelevant, because Health Canada has an ongoing obligation to assess the risks, and if at some future point it concludes that the accumulation of information released created a serious risk, it could refuse to disclose the information that tipped the balance” (at para 112). The court ultimately agreed with Health Canada that disclosing anything beyond the first character of the FSA could lead to the identification of some individuals within the dataset, and thus would amount to personal information. Health Canada had identified three categories of other available data: data that it had proactively published on its own website; StatCan data about population counts and FSAs; and publicly available data that included data released in response to previous ATIP requests relating to medical marijuana. In this latter category the court noted that there had been a considerable number of prior requests that provided various categories of data, including “type of license, medical condition (with rare conditions removed), dosage, and the issue date of the licence” (at para 64). Other released data included the licensee’s “year of birth, dosage, sex, medical condition (rare conditions removed), and province (city removed)” (at para 64). Once released, these data are in the public domain, and can contribute to a “mosaic effect” which allows data to be combined in ways that might ultimately identify specific individuals. Health Canada had provided evidence of an interactive map of Canada published on the internet that showed the licensing of medical marijuana by FSA between 2001 and 2007. Justice Pentney noted that “[a]n Edmonton Journal article about the interactive map provided a link to a database that allowed users to search by medical condition, postal code, doctor’s speciality, daily dosage, and allowed storage of marijuana” (at para 66). He stated: “the existence of evidence demonstrating that connections among disparate pieces of relevant information have previously been made and that the results have been made available to the public is a relevant consideration in applying the serious possibility test” (at para 109). Justice Pentney observed that members of the public might already have knowledge (such as the age, gender or address) of persons they know who consume marijuana that they might combine with other released data to learn about the person’s underlying medical condition. Further, he notes that “the pattern of requests and the existence of the interactive map show a certain motivation to glean more information about the administration of the licensing regime” (at para 144). Health Canada had commissioned Dr Khaled El Emam to produce and expert report. Dr. El Emam determined that “there are a number of FSAs that are high risk if either three or two characters of the FSA are released, there are no high-risk FSAs if only the first character is released” (at para 80). Relying on this evidence, Justice Pentney concluded that “releasing more than the first character of an FSA creates a significantly greater risk of reidentification” (at para 157). This risk would meet the “serious possibility” threshold, and therefore the information amounts to “personal information” and cannot be disclosed under the legislation. The Information Commissioner raised issues about the quality of other available data, suggesting that incomplete and outdated datasets would be less likely to create reidentification risk. For example, since cannabis laws had changed, there are now many more people cultivating marijuana for personal use. This would make it harder to connect the knowledge that a particular person was cultivating marijuana with other data that might lead to the disclosure of a medical condition. Justice Pentney was unconvinced since the quantities of marijuana required for ongoing medical use might exceed the general personal use amounts, and thus would still require a licence, creating continuity in the medical cannabis licensing data before and after the legalization of cannabis. He noted: “The key point is not that the data is statistically comparable for the purposes of scientific or social science research. Rather, the question is whether there is a significant possibility that this data can be combined to identify particular individuals.” (at para 118) Justice Pentney therefore distinguishes between the issue of data quality from a data science perspective and data quality from the perspective of someone seeking to identify specific individuals. He stated: “the fact that the datasets may not be exactly comparable might be a problem for a statistician or social scientist, but it is not an impediment to a motivated user seeking to identify a person who was licensed for personal production or a designated producer under the medical marijuana licensing regime” (at para 119). Justice Pentney emphasized the relationship between sensitivity of information and reidentification risk, noting that “the type of personal information in question is a central concern for this type of analysis” (at para 107). This is because “the disclosure of some particularly sensitive types of personal information can be expected to have particularly devastating consequences” (at para 107). With highly sensitive information, it is important to reduce reidentification risk, which means limiting disclosure “as much as is feasible” (at para 108). Justice Pentney also dealt with a further argument that Health Canada should not be able to apply the same risk assessment to all the FSA data; rather, it should assess reidentification risk based on the size of the area identified by the different FSA characters. The legislation allows for severance of information from disclosed records, and the journalists argued that Health Canada could have used severance to reduce the risk of reidentification while releasing more data where the risks were acceptably low. Health Canada responded that to do a more fine-grained analysis of the reidentification risk by FSA would impose an undue burden because of the complexity of the task. In its submissions as intervenor in the case, the Office of the Privacy Commissioner suggested that other techniques could be used to perturb the data so as to significantly lower the risk of reidentification. Such techniques are used, for example, where data are anonymized. Justice Pentney noted that the effort required by a government department or agency was a matter of proportionality. Here, the data at issue were highly sensitive. The already-disclosed first character of the FSA provided general location information about the licences. Given these facts, “[t]he question is whether a further narrowing of the lens would bring significant benefits, given the effort that doing so would require” (at para 181). He concluded that it would not, noting the lack of in-house expertise at Health Canada to carry out such a complex task. Regarding the suggestion of the Privacy Commissioner that anonymization techniques should be applied, he found that while this is not precluded by the ATIA, it was a complex task that, on the facts before him, went beyond what the law requires in terms of severance. This is an interesting and important decision. First, it reaffirms the test for ‘personal information’ in a more complex data society context than the earlier jurisprudence. Second, it makes clear that the sensitivity of the information at issue is a crucial factor that will influence an assessment not just of the reidentification risk, but of tolerance for the level of risk involved. This is entirely appropriate. Not only is personal health information highly sensitive, at the time these data were collected, licensing was an important means of gaining access to medical marijuana for people suffering from serious and ongoing medical issues. Their sharing of data with the government was driven by their need and vulnerability. Failure to robustly protect these data would enhance vulnerability. The decision also clarifies the evidentiary burden on government to demonstrate reidentification risk – something that will vary according to the sensitivity of the data. It highlights the dynamic and iterative nature of reidentification risk assessment as the risk will change as more data are made available. Indirectly, the decision also casts light on the challenges of using the ATI system to access data and perhaps a need to overhaul that system to provide better access to high-quality public-sector information for research and other purposes. Although Health Canada has engaged in proactive disclosure (interestingly, such disclosures were a factor in assessing the ‘other available data’ that could lead to reidentification in this case), more should be done by governments (both federal and provincial) to support and ensure proactive disclosure that better meets the needs of data users while properly protecting privacy. Done properly, this would require an investment in capacity and infrastructure, as well as legislative reform.
Published in
Privacy
Tuesday, 07 August 2018 09:19
Ontario Court of Appeal Confirms Order to Disclose Physician Billing Information
Some years ago, a reporter from the Toronto Star filed an access to information request to obtain the names of the top 100 physician billers to Ontario’s Health Insurance Program (OHIP). She also sought the amounts billed, and the physicians’ fields of specialization. The information was in the hands of the Ministry of Health and Long-Term Care, and the request was made under Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA). The Ministry refused to disclose the records on the basis that they constituted the physicians’ personal information. An adjudicator with the Ontario Information and Privacy Commissioner’s Office disagreed, and ordered disclosure. An appeal by the Ontario Medical Association (OMA) to the Ontario Divisional Court was unsuccessful (discussed here). On August 3, 2018, the Ontario Court of Appeal dismissed the OMA’s further appeal of that decision. The relatively brief and unanimous Court of Appeal decision made short work of the OMA’s arguments. The Court found that the adjudicator’s determination that the information was not personal information was reasonable. FIPPA specifically excludes from the definition of personal information “the name, title, contact information or designation of an individual that identifies the individual in a business, professional or official capacity”. The OMA had argued that the disclosure of the names in conjunction with the billing information meant that the disclosure would include personal information that “describes an individual’s finances, income, assets, liabilities…”. FIPPA provides in s. 21(3) that the disclosure of personal information is presumptively an invasion of privacy when it falls within this category. However, the Court found that the billing information constituted “the affected physicians’ gross revenue before allowable business expenses such as office, personnel, lab equipment, facility and hospital expenses.” (at para 25) The Court agreed with the adjudicator that the gross billing information did not reveal the actual income of the physicians. It stated: “where, as here, an individual’s gross professional or business income is not a reliable indicator of the individual’s actual personal finances or income, it is reasonable to conclude not only that the billing information is not personal information as per s. 2(1), but also that it does not describe “an individual’s finances [or] income”, for the purpose of s. 21(3)(f).” (at para 26) The OMA had resisted disclosure because the billing information might give the public, who might not understand the costs associated with running a medical practice, a distorted idea of the physicians’ personal finances. Ironically, the Court found that the differences between billing information and actual income were so different that it did not amount to personal information. The OMA had objected to what it considered to be the OIPC’s changed position on the nature of this type of information; in the past, the OIPC had accepted that this information was personal information and had not ordered disclosure. The Ontario Court of Appeal observed that the adjudicator was not bound to follow precedent; it also observed that there were differences of opinion in past OIPC decisions on this issue, and no clear precedent existed in any event. The decision is an important one for access to information. A publicly funded health care system consumes substantial resources, and there is a public interest in understanding, analyzing, critiquing and discussing how those resources are spent. The OMA was understandably concerned that public discussions not centre on particular individuals. However, governments have been moving towards greater transparency when it comes to monies paid to specific individuals and businesses, whether they are contractors or even public servants. As the Court of Appeal noted, FIPPA balances access to information with the protection of personal privacy. The public interest clearly prevailed in this instance.
Published in
Privacy
Tuesday, 01 May 2018 07:05
Ontario Court rules that open courts principle trumps privacy; finds part of Ontario's access to information law unconstitutional
What is the proper balance between privacy and the open courts principle when it comes to providing access to the decisions of administrative tribunals? This is the issue addressed by Justice Ed Morgan in a recent Ontario Superior Court decision. The case arose after the Toronto Star brought an application to have parts of Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) declared unconstitutional. To understand this application, some background may be helpful. Courts in Canada operate under the “open courts principle”. This principle has been described as “one of the hallmarks of a democratic society” and it is linked to the right of freedom of expression guaranteed by s. 2(b) of the Canadian Charter of Rights and Freedoms. The freedom of expression is implicated because in order for the press and the public to be able to debate and discuss what takes place in open court, they must have access to the proceedings and to the records of proceedings. As Justice Morgan notes in his decision, the open courts principle applies not just to courts, but also to administrative tribunals, since the legitimacy of the proceedings before such tribunals requires similar transparency. Administrative bodies are established by legislation to carry out a number of different functions. This can include the adjudication of matters related to the subject matter of their enabling legislation. As the administrative arm of government has expanded, so too has the number and variety of administrative tribunals at both the federal and provincial levels. Examples of tribunals established under provincial legislation include landlord-tenant boards, human rights tribunals, securities commissions, environmental review tribunals, workers’ compensation tribunals, labour relations boards, and criminal injury compensations boards – to name just a very few. These administrative bodies are often charged with the adjudication of disputes over matters that are of fundamental importance to individuals, impacting their livelihood, their housing, their human rights, and their compensation and disability claims. Because administrative tribunals are established by provincial legislation, they are public bodies, and as such, are subject to provincial (or, as the case may be, federal) legislation governing access to information and the protection of personal information in the hands of the public sector. The applicability of Ontario’s Freedom of Information and Protection of Privacy Act is at the heart of this case. The Toronto Star brought its application with respect to the 14 administrative tribunals found in the list of institutions to which FIPPA applies in a Schedule to that Act. It complained that because FIPPA applied to these tribunals, the public presumptively had to file access to information requests under that statute in order to access the adjudicative records of the tribunals. It is important to note that the challenge to the legislation was limited a) to administrative tribunals, and b) to their adjudicative records (as opposed to other records that might relate to their operations). Thus the focus was really on the presumptive right of the public, according to the open courts principles, to have access to the proceedings and adjudicative records of tribunals. Justice Morgan noted that the process under FIPPA requires an applicant to make a formal request for particular records and to pay a fee. The head of the institution then considers the request and has 30 days in which it must advise the applicant as to whether access will be granted. The institution may also notify the applicant that a longer period of time is required to respond to the request. It must give notice to anyone who might be affected by the request and must give that person time in which to make representations. The institution might refuse to disclose records or it might disclose records with redactions; a dissatisfied applicant has a right of appeal to the Information and Privacy Commissioner. In addition to the time required for this process to unfold, FIPPA also sets out a number of grounds on which access can be denied. Section 42(1) provides that “An institution shall not disclose personal information in its custody or under its control”. While there are some exceptions to this general rule, none of them relates to adjudicative bodies specifically. Justice Morgan noted that the statute provides a broad definition of personal information. While the default rule is non-disclosure, the statute gives the head of an institution some discretion to disclose records containing personal information. Thus, for example, the head of an institution may disclose personal information if to do so “does not constitute an unjustified invasion of personal privacy” (s. 21(1)(f)). The statute sets out certain circumstances in which an unjustified invasion of personal privacy is presumed to occur (s. 21(3)), and these chiefly relate to the sensitivity of the personal information at issue. The list includes many things which might be part of adjudication before an administrative tribunal, including employment or educational history, an individual’s finances, income, or assets, an individual’s eligibility for social service or welfare benefits, the level of such benefits, and so on. The Toronto Star led evidence that “the personal information exemption is so widely invoked that it has become the rule rather than an exemption to the rule.” (at para 27). Justice Morgan agreed, characterizing non-disclosure as having become the default rule. FIPPA contains a “public interest override” in s. 23, which allows the head of an institution to release records notwithstanding the applicability of an exception to the rule of disclosure, where “a compelling public interest in the disclosure of the record clearly outweighs the purpose of the exemption.” However, Justice Morgan noted that the interpretation of this provision has been so narrow that the asserted public interest must be found to be more important than the broad objective of protecting personal information. In the case of adjudicative records, the Information and Privacy Commissioner’s approach has been to require the requester to demonstrate “that there is a public interest in the Adjudicative Record not simply to inform the public about the particular case, but for the larger societal purpose of aiding the public in making political choices” (at para 31). According to Justice Morgan, “this would eliminate all but the largest and most politically prominent of cases from media access to Adjudicative Records and the details contained therein” (at para 32). The practice of the 14 adjudicative bodies at issue in this case showed a wide variance in the ways in which they addressed issues of access. Justice Morgan noted that 8 of the 14 bodies did not require a FIPPA application to be made; requests for access to and copies of records could be directed by applicants to the tribunal itself. According to Justice Morgan, this is not a problem. He stated: “their ability to fashion their own mechanism for public access to Adjudicative Records, and to make their own fine-tuned determinations of the correct balance between openness and privacy, fall within the power of those adjudicative institutions to control their own processes” (at para 48). The focus of the court’s decision is therefore on the other 6 adjudicative bodies that require those seeking access to adjudicative records to follow the process set out in the legislation. The Star emphasized the importance of timeliness when it came to reporting on decisions of adjudicative bodies. It led evidence about instances where obtaining access to records from some tribunals took many weeks or months, and that when disclosure occurred, the documents were often heavily redacted. Justice Morgan noted that the Supreme Court of Canada has already found that s. 2(b) protects “guaranteed access to the courts to gather information” (at para 53, citing Canadian Broadcasting Corp. v. New Brunswick (A.G.)), and that this right includes access to “exhibits entered into evidence, photocopies of all such records, and the ability to disseminate those records by means of broadcast or other publication” (at para 53). He found that FIPPA breaches s. 2(b) because it essentially creates a presumption of non-disclosure of personal information “and imposes an onus on the requesting party to justify the disclosure of the record” (at para 56). He also found that the delay created by the FIPPA system “burdens freedom of the press and amounts in the first instance to an infringement” of s. 2(b) of the Charter (at para 70). However, it is important to note that under the Charter framework, the state can still justify a presumptive breach of a Charter right by showing under s. 1 of the Charter that it is a reasonable limit, demonstrably justified in a free and democratic society. In this case, Justice Morgan found that the ‘reverse onus’ placed on the party requesting access to an adjudicative record to show why the record should be released could not be justified under s. 1 of the Charter. He noted that in contexts outside of FIPPA – for example, where courts consider whether to impose a publication ban on a hearing – the presumption is openness, and the party seeking to limit disclosure or dissemination of information must show how a limitation would serve the public interest. He stated that the case law makes it clear “that it is the openness of the system, and not the privacy or other concerns of law enforcement, regulators, or innocent parties, that takes primacy in this balance” (at para 90). Put another way, he states that “The open court principle is the fundamental one and the personal information and privacy concerns are secondary to it” (at para 94). On the delays created by the FIPPA system, Justice Morgan noted that “Untimely disclosure that loses the audience is akin to no disclosure at all” (at para 95). However, he was receptive to submissions made by the Ontario Judicial Council (OJC) which had “admonished the court to be cognizant of the complex task of fashioning a disclosure system for a very diverse body of administrative institutions” (at para 102). The OJC warned the court of the potential for “unintended consequences” if it were to completely remove tribunals from the FIPPA regime. The concern here was not so much for privacy; rather it was for the great diversity of administrative tribunals, many of which are under-resourced and under-staffed, and who might find themselves “overwhelmed in a suddenly FIPPA-free procedural environment” (at para 103). Justice Morgan also noted that while the Toronto Star was frustrated with the bureaucracy involved in making FIPPA applications, “bureaucracy in and of itself is not a Charter violation. It’s just annoying.” (at para 104) He noted that the timelines set out in FIPPA were designed to make the law operate fairly, and that “Where the evidence in the record shows that there have been inordinate delays, the source of the problems may lie more with the particular administrators or decision-makers who extend the FIPPA timelines than with the statutory system itself” (at para 105). He expressed hope that by removing the ‘reverse onus’ approach, any issues of delay might be substantially reduced. As a result, Justice Morgan found the “presumption of non-disclosure for producing Adjudicative Records containing “personal information” as defined in s. 2(1)” to violate the Charter. Given the complexity of finding a solution to this problem, he gave the legislature one year in which to amend FIPPA. He makes it clear that tribunals are not required to follow the FIPPA request process in providing access to their Adjudicative Records, but it does not breach the Charter for them to do so. This is an interesting decision that addresses what is clearly a problematic approach to providing access to decisions of administrative tribunals. What the case does not address are the very real issues of privacy that are raised by the broad publication of administrative tribunal decisions. Much ink has already been spilled on the problems with the publication of personal information in court and tribunal decisions. Indeed the Globe24hr case considered by both the Office of the Privacy Commissioner of Canada and the Federal Court reveals some of the consequences for individual privacy when such decisions are published in online repositories. Of course, nothing in Justice Morgan’s decision requires online publication, but openness must be presumed to include such risks. In crafting a new legislative solution for adjudicative records, the Ontario government might be well advised to look at some of the materials produced regarding different strategies to protect privacy in open tribunal decisions and might consider more formal guidance for tribunals in this regard.
********************** Interested in the issues raised by this case? Here is a sampling of some other decisions that also touch on the open courts principle in the context of administrative tribunals: Canadian Broadcasting Corp. v. Canada (Attorney General) United Food & Commercial Workers Union Local 1518 v. Sunrise Poultry Processors Ltd. These three cases deal with individuals trying to get personal information redacted from tribunal decisions destined to be published online in order to protect their personal information: Fowlie v. Canada; A.B. v. Brampton (City); Pakzad v. The Queen
Published in
Privacy
Tuesday, 26 September 2017 06:26
Bill C-58's Order-Making Powers: A Huge Disappointment
As part of Right to Know week, I participated in a conference organized by Canada’s Office of the Information Commissioner. My panel was asked to discuss Bill C-58, an Act to amend the Access to Information Act. I have discussed other aspects of this bill here and here. Below are my thoughts on the Commissioner’s order-making powers under that Bill. Bill C-58, the Act to amend the Access to Information Act will, if passed into law, give the Information Commissioner order-making powers. This development has been called for repeatedly over the years by the Commissioner as well as by access to information advocates. Order-making powers transform the Commissioner’s recommendations into requirements; they provide the potential to achieve results without the further and laborious step of having to go to the Federal Court. This is, at least the theory. For many, the presence of order-making powers is one of the strengths of C-58, a Bill that has otherwise been criticized for not going far enough to reform a badly outdated access to information regime. Before one gets too excited about the order-making powers in Bill C-58, however, it is worth giving them a closer look. The power is found in a proposed new s. 36.1, which reads: 36.1 (1) If, after investigating a complaint described in any of paragraphs 30(1)(a) to (d.1), the Commissioner finds that the complaint is well-founded, he or she may make any order in respect of a record to which this Part applies that he or she considers appropriate, including requiring the head of the government institution that has control of the record in respect of which the complaint is made (a) to disclose the record or a part of the record; and (b) to reconsider their decision to refuse access to the record or a part of the record. Although this appears promising, there is a catch. Any such order will not take effect until after the expiry of certain periods of time. The first of these is designed to allow the head of the institution to ask the Federal Court to review “the matter that is the subject of the complaint.” The second time period is to allow third parties (for example, someone whose personal information or confidential commercial information might be affected by the proposed order) or the federal Privacy Commissioner to apply to the Federal Court for a review. (The reason why the Privacy Commissioner might be seeking a review is the subject of an earlier post here). The wording of these provisions makes it clear that recourse to the Federal Court is neither an appeal of the Commissioner’s order, nor an application for judicial review. Instead, the statute creates a right to request a hearing de novo before the Federal Court on “the matter that is the subject of the complaint”. As we know from experience with the Personal Information Protection and Electronic Documents Act, such a proceeding de novo does not require any deference to be given to the Commissioner’s report, conclusions or order. One need only compare these order-making powers with those of some of the Commissioner’s provincial counterparts to see how tentative the drafters of Bill C-58 have been. Alberta’s Freedom of Information and Protection of Privacy Act states simply “An order made by the Commissioner under this Act is final.”(s. 73) British Columbia’s statute takes an approach which at first glance looks similar to what is in C-58. Section 59 provides: 59. (1) Subject to subsection (1.1), not later than 30 days after being given a copy of an order of the commissioner, the head of the public body concerned or the service provider to whom the order is directed, as applicable, must comply with the order unless an application for judicial review of the order is brought before that period ends. Like C-58, s. 59 of B.C.’s Freedom of Information and Protection of Privacy Act provides for a delay in the order’s taking effect depending on whether the head of the institution seeks to challenge it. However, unlike C-58, the head of the institution must seek judicial review of the order (not the matter more generally). Judicial review is based on the record that was before the original adjudicator. It is also a process that requires some deference to be shown to the Commissioner. A report on the modernization of Canada’s access to information regime compared the current ombuds model with the order-making model. It found that the order making model was preferable for a number of cogent reasons. Two of these were:
These are very sound reasons for moving to an order-making model. Unfortunately, the model provided in Bill C-58 does not provide these advantages. Because it allows for a hearing de novo, there is no incentive to put everything before the adjudicator – new evidence and arguments can be introduced before the Federal Court. This will do nothing to advance the goals of accountability and transparency; it might even help to obstruct them.
Published in
Privacy
Monday, 10 July 2017 12:48
Court orders disclosure of names of Ontario's top-billing physicians; doctors plan to appealToronto Star journalist Theresa Boyle has just won an important victory for access to information rights and government transparency – one that is likely to be challenged before the Ontario Court of Appeal. On June 30, 2017, three justices of the Ontario Divisional Court unanimously upheld an adjudicator’s order that the Ministry of Health and Long-Term Care disclose the names, annual billing amounts and fields of medical specialization of the 100 top-billing physicians in Ontario. The application for judicial review of the order was brought by the Ontario Medical Association, along with many of the doctors on the disputed list (the Applicants). The amount that the Ontario Health Insurance Program (OHIP) pays physicians for services rendered is government information. Under the Freedom of Information and Protection of Privacy Act (FOIPPA), the public has a right of access to government information – subject to specific exceptions that serve competing issues of public interest. One of these is privacy – a government institution can refuse to disclose information if it would reveal personal information. The Ministry had been willing to disclose the top 100 amounts billed to OHIP, but it refused to disclose the names of the doctors or some of the areas of specialization (which might lead to their identification) on the basis that this was the physicians’ personal information. The Adjudicator disagreed and found that the billing information, including the doctors’ names, was not personal information. Instead, it identified the physicians in their professional capacity. FOIPPA excludes this sort of information from the definition of personal information. The Applicants accepted that the physicians were named in the billing records in their professional capacity. However, they argued that when those names were associated with the gross amounts, this revealed “other personal information”. In other words, they argued that the raw billing information did not reflect the business overhead expenses that physicians had to pay from their earnings. As a result, this information, if released, would be misinterpreted by the public as information about their net incomes. They argued that this made converted it into “other personal information relating to the individual” (s. 2(1)(h)). How much doctors bill OHIP should be public information. The idea that the possibility that such information might be misinterpreted could be a justification for refusal to disclose it is paternalistic. It also has the potential to stifle access to information. The argument deserved the swift rejection it received from the court. The Applicants also argued that the adjudicator erred by not following earlier decisions of the Office of the Information and Privacy Commissioner (OIPC) that had found that the gross billing amounts associated with physician names constituted personal information. Adjudicator John Higgins ruled that “Payments that are subject to deductions for business expenses are clearly business information.” (at para 18) The Court observed that the adjudicator was not bound to follow earlier OIPC decisions. Further, the issue of consistency could be looked at in two ways. As the adjudicator himself had noted, the OIPC had regularly treated information about the income of non-medical professionals as non-personal information subject to disclosure under the FOIPPA; but for some reasons had treated physician-related information differently. Thus, while one could argue that the adjudicator’s decision was inconsistent with earlier decisions about physician billing information, it was entirely consistent with decisions about monies paid by government to other professionals. The Court found no fault with the adjudicator’s approach. The Applicants had also argued that Ms Boyle “had failed to establish a pressing need for the information or how providing it to her would advance the objective of transparency in government.” (para 31). The court gave this argument the treatment it deserved – they smacked it down. Justice Nordheimer observed that applicants under the FOIPPA are not required to provide reasons why they seek information. Rather, the legislation requires that information of this kind “is to be provided unless a privacy exception is demonstrated.” (at para 32) Justice Nordheimer went on to note that under access to information legislation, “the public is entitled to information in the possession of their governments so that the public may, among other things, hold their governments accountable.” He stated that “the proper question to be asked in this context, therefore, is not “why do you need it?” but rather is “why should you not have it.”” (at para 34). This decision of the Court is to be applauded for making such short work of arguments that contained little of the public interest and a great deal of private interest. Transparency within a publicly-funded health care system is essential to accountability. Kudos to Theresa Boyle and the Toronto Star for pushing this matter forward. The legal costs of $50,000 awarded to them make it clear that transparency and accountability often do not come cheaply or without significant effort. And those costs continue to mount as the issues must now be hammered out again before the Ontario Court of Appeal.
Published in
Privacy
Tuesday, 04 July 2017 12:37
ATIA reform Bill creates new relationship between Information and Privacy Commissioners over "personal information"
Bill C-58, the government’s response to years of calls for reform of Canada’s badly outdated Access to Information Act has been criticized for falling far short of what is needed and from what was promised during the last election campaign. I share this concern. However, this blog post focuses on a somewhat different issue raised by Bill C-58 – the new relationship it will create around privacy as between the Offices of the Information Commissioner and the Privacy Commissioner of Canada. While Canadian provinces combine access to information and the protection of personal information in the hands of government under a single statute and a single commissioner, the federal government has kept these functions separate. As a result, there is a federal Information Commissioner charged with administering the Access to Information Act and a federal Privacy Commissioner charged with administering the Privacy Act. In 2001, the Privacy Commissioner was also given the task of overseeing Canada’s private sector data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA). Certainly at the federal level it makes sense to separate the two regimes. While there is a close relationship between access and privacy (citizens have a right of access to their personal information in the hands of government, for example; and access rights are limited by the protection of the personal information of third parties), access to information and the protection of privacy have important – and sometimes conflicting – differences in their overall objectives. The reality is, as well, that both bring with them substantial and growing workloads, particularly at the federal level. Just as the role of the Privacy Commissioner has expanded with the addition of new responsibilities under PIPEDA, with the rapid advance of information technologies, and with new challenges at in relation to the actions of law enforcement and national security officials, so too has the Information Commissioner’s role been impacted by technology, and by the growing movement towards open government and open data. In spite of these different spheres of activity, there remain points of intersection between access and privacy. These points of intersection are significant enough that changes to the role of one Commissioner may have implications for the other. For example, a government institution under the ATIA can refuse to disclose records if doing so would reveal third party personal information. The Information Commissioner, fielding a complaint about such a refusal, will consider whether the information at issue is personal information and whether it should be disclosed. The federal Privacy Commissioner, dealing with complaints regarding the mishandling of personal information, must also determine what is or is not personal information. This overlap is poised to be affected by proposed changes to the ATIA. First, Bill C-58 will make the definition of “personal information” in the ATIA match that in the Privacy Act. Second – and significantly – the Bill will give the Information Commissioner order-making powers. This means that the Information Commissioner can rule on whether information in the hands of a government institution is or is not personal information. The decision will be binding and enforceable if it is not challenged. The Privacy Commissioner currently does not have order-making powers (these are on the wish-list for Privacy Act reform). Ironically, then, this means that the Information Commissioner will be in a position to make binding orders regarding what constitutes personal information in the hands of government whereas the Privacy Commissioner cannot. Even if the Privacy Commissioner eventually gets such powers, there will still be the potential for conflicting decisions/interpretations about how the definition of personal information should be applied to particular types of information. No doubt in recognition of the potential for conflict in the short and longer term, Bill C-58 provides for the Information Commissioner to consult with the Privacy Commissioner. The proposed new section 36.2 reads: 36.2 If the Information Commissioner intends to make an order requiring the head of a government institution to disclose a record or a part of a record that the head of the institution refuses to disclose under subsection 19(1), the Information Commissioner may consult the Privacy Commissioner and may, in the course of the consultation, disclose to him or her personal information. [my emphasis] In theory then, the Information Commissioner should touch base with the Privacy Commissioner before making orders regarding what is or is not personal information, or perhaps even whether certain personal information is subject to disclosure. It is worth noting, however, that the new provision uses the verb “may”, rather than “must”. Neither consultation nor consensus is mandatory. Bill C-58 anticipates potential problems. A revised section 37(2) requires the Information Commissioner to give notice to the Privacy Commissioner before any order is made regarding the disclosure of personal information. Section 41(4) then provides: 41(4) If neither the person who made the complaint nor the head of the institution makes an application under this section within the period for doing so, the Privacy Commissioner, if he or she receives a report under subsection 37(2), may, within 10 business days after the expiry of the period referred to in subsection (1), apply to the Court for a review of any matter in relation to the disclosure of a record that might contain personal information and that is the subject of the complaint in respect of which the report is made. Thus, if the Privacy Commissioner disagrees with a decision of the Information Commissioner regarding what constitutes personal information or whether it should be released, he can apply to a court to have the dispute resolved before a final order is made by the Information Commissioner. Note that this can happen even if the applicant and the government institution are satisfied with the Commissioner’s proposed resolution. It will be interesting to see whether the Privacy Commissioner will get order-making powers if and when the Privacy Act is reformed. This seems likely. What will be even more interesting will be whether any decision by the Privacy Commissioner about what constitutes “personal information” will similarly be open to challenge by the Information Commissioner, with the outcome to be settled by the Federal Court. This too seems likely. In the provinces, decisions about personal information for access and privacy purposes are made by a single Commissioner. The best way to achieve consensus as to the meaning of “personal information” at the federal level with two different Commissioners with different mandates, will be to have any conflicts referred to the courts. This will add a layer of delay in any case where disputes arise, although in theory at least, with open lines of communication between the two Commissioners, such disputes may be few and far between. Nevertheless, there may be a disadvantage in pushing controversies over the definition of “personal information” directly to the courts which lack the same experience and expertise as the two Commissioners in an increasingly complex data landscape. True, the courts already have the last word when it comes to interpreting the definitions of personal information in either statute. But those interpretations have, to date, been confined in impact to one or the other of the statutes and understood in the context of the particular legislative goals underlying the specific statute at issue. The impact of these changes will interesting to monitor.
Published in
Privacy
Monday, 26 June 2017 07:52
ATIA reform bill addresses review of documents covered by solicitor-client privilege
Note that for ease of reference the different provisions of the bills/laws discussed here are reproduced at the end of this post. The Liberal government, which had promised during the last election campaign to reform Canada’s outdated Access to Information Act (ATIA) has tabled its reforms in Bill C-58. First reviews of the bill, by key users of the ATIA such as academics and journalists have been highly critical of the many ways in which the proposed reforms fall short of what was promised. While acknowledging the importance and salience of these critiques, this post will focus on two very specific amendments in this Bill that are most welcome. Government departments and agencies subject to the ATIA have long been able to refuse to disclose records covered by solicitor-client privilege. This is an important exception. As the Supreme Court of Canada stated in Blood Tribe, “Solicitor-client privilege is fundamental to the proper functioning of our legal system.” (at para 9). The court noted that the privilege permits a free flow of legal advice between lawyer and client, and stated that without solicitor-client privilege, “access to justice and the quality of justice in this country would be severely compromised.” (para 9) It is not surprising, therefore that documents covered by solicitor-client privilege would not be disclosable under the ATIA. In the same vein, the right to access one’s personal information under the federal Privacy Act, or the Personal Information Protection and Electronic Documents Act (PIPEDA), is similarly limited – access cannot be had to records containing personal information that are subject to solicitor-client privilege. While this is understandable, the problem has long been that there has been no proper oversight of assertions of solicitor-client privilege by record-holders. The courts have treated the privilege as so absolute, that only the most explicit statutory language will permit a Commissioner (whether the Information Commissioner or a Privacy Commissioner) to review such documents in order to determine whether the claimed privilege is actually justified. In Blood Tribe, the Supreme Court of Canada found that the rather open-ended language in PIPEDA did not meet the test, and as a result the federal Privacy Commissioner could not review claims of solicitor client privilege in records containing personal information under that statute. Much clearer language was needed. While the outcome in Blood Tribe is fair enough, a 2016 decision by the Supreme Court of Canada seemed to move from protecting solicitor client privilege to fetishizing it. In Alberta (Information and Privacy Commissioner) v. University of Calgary, the Supreme Court of Canada considered wording in Alberta’s Freedom of Information and Protection of Privacy Act that was quite a bit more explicit than that in PIPEDA, and that appeared quite sufficient to give Alberta’s Commissioner the power to review claims of solicitor-client privilege in government records sought through access to information requests. Yet the majority of the Court determined that Blood Tribe dictated that only the clearest statutory language could derogate from the protection of solicitor-client privilege. They took the position that solicitor-client privilege was no mere privilege of the law of evidence. It arose in circumstances outside the court room, and had the character of “an important civil and legal right and a principle of fundamental justice in Canadian law.” (at para 41) Because of this, the majority ruled that the wording of the statute, which allowed the Commissioner to access records “despite . . . any privilege of the law of evidence” (s. 56(3) was “not sufficiently clear, explicit and unequivocal to evince legislative intent to set aside solicitor-client privilege.” (at para 44) It should be noted that Justice Cromwell wrote a separate opinion in University of Calgary making it clear that he strongly disagreed with the interpretation of the majority, and stating that in his view the language of the statute was perfectly clear and gave the necessary powers to the Commissioner. The majority decision in University of Calgary was so surprising that Ontario’s Information and Privacy Commissioner in his Annual Report released in mid-June 2017, asked the Ontario government to amend very similar language in Ontario’s Freedom of Information and Protection of Privacy Act so as to make it crystal clear that the Ontario Commissioner has the power to review claims of solicitor client privilege in documents being withheld by government departments and agencies. If passed, Bill C-58 will amend section 36(2) of the ATIA to provide in language that even the most punctilious judge would find hard to ignore, that the Information Commissioner can review records being withheld on the basis of solicitor-client privilege in order to determine whether such privilege is properly claimed. Notably, the bill will also amend the Privacy Act to add similar language giving the Privacy Commissioner the power to review records withheld under claims of solicitor client privilege. Both sets of amendments make it clear that this review does not constitute a waiver of those privileges or of professional secrecy. It is a necessary compromise to ensure a proper balancing of interests. These changes, at least, should be welcome.
Statutory language discussed in the above post:
PIPEDA (interpreted in Blood Tribe and found to be too vague to support review by the Commissioner): 12.1 (1) In the conduct of an investigation of a complaint, the Commissioner may [. . . ] (c) receive and accept any evidence and other information, whether on oath, by affidavit or otherwise, that the Commissioner sees fit, whether or not it is or would be admissible
Access to Information Act (currently): 36 (2) Notwithstanding any other Act of Parliament or any privilege under the law of evidence, the Information Commissioner may, during the investigation of any complaint under this Act, examine any record to which this Act applies that is under the control of a government institution, and no such record may be withheld from the Commissioner on any grounds. Privacy Act (currently): 34 (2) Notwithstanding any other Act of Parliament or any privilege under the law of evidence, the Privacy Commissioner may, during the investigation of any complaint under this Act, examine any information recorded in any form under the control of a government institution, other than a confidence of the Queen’s Privy Council for Canada to which subsection 70(1) applies, and no information that the Commissioner may examine under this subsection may be withheld from the Commissioner on any grounds. Freedom of Information and Protection of Privacy Act (Alberta) (at issue in University of Calgary and found to be insufficient): 56(3) Despite any other enactment or any privilege of the law of evidence, a public body must produce to the Commissioner within 10 days any record or a copy of any record required under subsection (1) or (2). Ontario’s Freedom of Information and Protection of Privacy Act: 52 (4) In an inquiry, the Commissioner may require to be produced to the Commissioner and may examine any record that is in the custody or under the control of an institution, despite Parts II and III of this Act or any other Act or privilege, and may enter and inspect any premises occupied by an institution for the purposes of the investigation. R.S.O. 1990, c. F.31, s. 52 (4).
Proposed Amendment to the Access to Information Act in Bill C-58: 36 (2) Despite any other Act of Parliament, any privilege under the law of evidence, solicitor-client privilege or the professional secrecy of advocates and notaries and litigation privilege, and subject to subsection (2.1), the Information Commissioner may, during the investigation of any complaint under the Part, examine any record to which this Part applies that is under the control of a government institution, and not such record may be withheld from the Commissioner on any grounds. Proposed Amendment to the Privacy Act in Bill C-58: 34 (2) Despite any other Act of Parliament, any privilege under the law of evidence, solicitor-client privilege or the professional secrecy of advocates and notaries and litigation privilege, and subject to subsection (2.1), the Privacy Commissioner may, during the investigation of any complaint under the Act, examine any information recorded in any form under the control of a government institution, other than a confidence of the Queen’s Privy Council for Canada to which subsection 70(1) applies, and no information that the Commissioner may examine under this subsection may be withheld from the Commissioner on any grounds.
Published in
Privacy
Friday, 16 June 2017 07:12
Ontario court weighs in on relationship between access to information and freedom of expression
A recent court decision (Assn. for Reformed Political Action Canada v. Ontario) raises some interesting questions about the relationship between the Charter right to freedom of expression and access to information rights. On June 9, 2017, Justice Labrosse of the Ontario Superior Court of Justice ruled that a statutory exemption to Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) violated s. 2(b) of the Canadian Charter of Rights and Freedoms, and could not be justified under s. 1. He issued a suspended declaration of invalidity, giving the province 12 months to repair the offending legislation. Like other access to information regimes in Canada, Ontario’s FIPPA sets a default rule that citizens have a right of access to information in the hands of government and its agencies and departments. This default rule is subject to a number of exceptions that allow government institutions to refuse to disclose information that would, among other things, violate solicitor client privilege, reveal third party confidential commercial information, or adversely impact privacy rights. When a government institution refuses to release all or some of the requested information on one of these statutory grounds, the requesting party can complain to the Office of the Information and Privacy Commissioner (OIPC), which is authorized to resolve such disputes. That, in a nutshell, is the regime established under FIPPA. In this case, the applicants challenged a provision of FIPPA that was added to the statute in 2012. Section 65(5.7) provides that “This Act does not apply to records relating to the provision of abortion services.” The Applicants argued that this exception violated their right to freedom of expression under s. 2(b) of the Charter by limiting their right of access to information. In a 2010 decision, the Supreme Court of Canada held that there was no constitutional right of access to information; rather, access was a “derivative” right related to the freedom of expression. A denial of access to information could violate the freedom of expression where access “is a necessary precondition of meaningful expression on the functioning of government.” (at para 30) Justice Labrosse’s decision therefore turns on a conclusion that the denial of access to the statistical data at issue in this case prevents “meaningful expression on the functioning of government.” In this case, Justice Labrosse characterizes the information currently available as “less than 50% of some of the statistical information on a matter of important public interest.”(at para 6). To be clear, the effect of s. 65(5.7) is not to prohibit the disclosure of information relating to the provision of abortion services. Rather, it simply removes decisions about the disclosure of such information from the statutory scheme. The Ontario government argued that freedom of expression rights were not affected by s. 65(5.7) because hospitals and/or the government could still release such information outside of the statutory scheme. Indeed, the government of Ontario had disclosed statistical information about abortion services to the applicant, and had even argued that because this information had been provided, the application was moot. Prior to 2012, requests for data relating to the provision of abortion services could be made to government departments or agencies that were in possession of such data. For example, the Ministry of Health would have data about the number of abortions billed to OHIP, and those data could be sought through an access to information request. In responding to requests, the department or agency would ensure that the release of data was not subject to any of the exceptions in the legislation. Any disputes would be dealt with by the OIPC. In 2012, FIPPA was amended so as to include hospitals under the legislative scheme. This meant that the public would be able to make freedom of information requests to hospitals for data about their services. It was at this time that the legislation was amended to add s. 65(5.7). Justice Labrosse noted that the government’s justification for the addition of this exception was “to address the concern that disclosure of records relating to the provision of abortion services could pose risks to the safety and security of [hospital] patients, health care providers and other staff.” (at para 59). He characterized this as a pressing and substantial objective. He expressed skepticism, however, about the government’s stated secondary objective which was to “allow hospitals to decide if they wish to voluntarily disclose records relating to the provision of abortion services.” (at para 59). He noted that there was no policy framework put in place for such disclosures, and that no voluntary disclosures had ever been made. Justice Labrosse essentially found that the exemption of the application of FIPPA to information about abortion services, which, as argued by the government, leaves hospitals and other government bodies free to disclose this information outside the FIPPA scheme, violates the freedom of expression. It is therefore the failure to ensure a framework for access to information, with all of its balancing exceptions and limitations that presents the constitutional problem. In rejecting the sufficiency of assurances by government that information can be provided outside of FIPPA on a voluntary basis, he noted that “Ontario has not pointed to any policy or legislative provision which would allow interested parties to rely on voluntary disclosure by Ontario.” (at para 40) Justice Labrosse also rejected Ontario’s claims that Charter rights were not affected since statistical data was already available from other sources such as the Canadian Institutes for Health Information (CIHI), billing information voluntarily disclosed by the government, and statistical information available in some scholarly research. The government argued that this information was sufficient to allow for an informed public debate. In his view, significant discrepancies between the government data and the CIHI data meant that the CIHI data was not an adequate substitute. He also added that “requiring interested parties to project forward from dated statistical information published in journals” (at para 42) was also not sufficient to allow for meaningful public discussion. Although Justice Labrosse accepted that the government had a pressing and substantial concern in protecting the safety and security of patients and health care providers, he found that the s. 65(5.7) went too far. He noted that the exception “includes no criteria to allow for disclosure of records which do not impact the objective of protecting the privacy and safety of patients seeking abortion services” (at para 66). The suspended declaration of invalidity means that the government now has 12 months in which to try to craft an exception that better balances their objectives with the public right of access to information. It is worth comparing the provision struck down in this case with the new exemption in FIPPA for information relating to medically assisted dying. Medically assisted dying is also controversial and the government was clearly concerned about possible privacy and security implications for individuals and institutions. Yet the solution they crafted is much narrower than the broad exemption for information relating to abortion services. A new section 65(11) provides that: “This Act does not apply to identifying information in a record relating to medical assistance in dying.” This exception is only with respect to “identifying information”, rather than with respect to “records” more generally. Section 65(12) defines “identifying information as information “(a) that relates to medical assistance in dying, and (b) that identifies an individual or facility, or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual or facility”. This provision may well serve as a model for the government as it crafts a new exception to replace s. 65(5.7).
Published in
Privacy
Tuesday, 27 September 2016 06:32
Reflections on Open Government in Canada for Right to Know Week 2016
Note: I was invited by Canada’s Information Commissioner and the Schools of Journalism and Communication, and Public Policy and Administration at Carleton University to participate in a workshop to launch Right to Know Week 2016. This was a full afternoon workshop featuring many interesting speakers and discussions. This blog post is based on my remarks at this event. For the last 5 years or so, governments at all levels across Canada have been embracing the open government agenda. In doing so, they have expressed, in various ways, new commitments to open data, to the proactive disclosure of government information, and to new forms of citizen engagement. Given that the core goals of the open government movement are to increase government transparency and accountability in the broader public interest, these developments are positive ones. There is a risk, however, that public commitments to open government have become a bit of a ‘feel good’ thing for governments. After all, what government doesn’t want to publicly commit to being open, transparent and accountable? As a result, it is important to look behind the rhetoric and to examine the nature of the commitments made to open government in Canada and to question how meaningful and enduring they really are. For the most part, commitments to open government in Canada have been manifested in declarations, policy documents, and directives. These documents express government policy and provide direction to government actors and institutions. Yet they are “soft law” at best. They are not enacted through a process of legislative debate, they are not expressed in laws that would have to be formally repealed or amended in order to be altered, there are no enforcement or compliance mechanisms, and they remain subject to change at the whim of the government in power. Directives and policies, of course, can provide rapid and responsive mechanisms for operationalizing changes in government direction, and so I am not criticizing decisions to set open government in motion through these various means. But I am suggesting that a longer term commitment to open government might require some of these measures to be expressed in and supported by legislation in order to become properly entrenched. For example, much effort has been invested by the federal government in creating an open licence to facilitate reuse of government data and information. After a slow and sometimes painful process, we now have a pretty good open government licence. It is based on the UK OGL and is very user friendly compared to earlier iterations. It is bilingual and it can be customized to be used by governments at all levels in Canada (for example, a version of this licence was just adopted by city of Ottawa). This reduces the burden on provincial and municipal governments contemplating open government and it creates the potential for greater legal interoperability (when users combine data or information from a number of different governments in Canada). But let us not forget why we need an open government licence in Canada. An open licence permits the public to make use of works that are protected by copyright without the need to ask permission or pay royalties, and with the fewest restrictions on re-use as possible. Government works in Canada – and this includes court decisions, statutes, Hansard, government reports, studies, to name just a few – are protected by copyright under section 12 of the Copyright Act. One might well ask why, instead of toiling for years to come up with the current open licence, the government has not shown its commitment to openness by abolishing Crown copyright. It’s not as radical as it might sound. In the U.S., s. 105 of the Copyright Act expressly denies protection to works of the U.S. government without any obvious negative consequences. In the U.S., these works are automatically in the public domain. This legislated, hard law solution makes the commitment real and relatively permanent. Yet as things stand in Canada, government works are protected by copyright by default, and governments choose which works to make available under the open licence and which they wish to provide under more onerous licence terms. They can also decide at some point to tear up the open licence and go back to the way things used to be. Crown copyright in its current incarnation sets the default at ‘closed’. It is true that some aspects of open government are already part of our legislative framework. We have had freedom of information/access to information laws for decades now in Canada, and these laws enshrine the principle of the public’s right to access information in the hands of government. However, the access to information laws that we have are ‘first generation’ when it comes to open government. The federal Act is currently being reviewed by Parliament, and we might see some legislative change, though how much and how significant remains to be seen. As Mary Francoli has pointed out, there wasn’t really a need for further review – the new government had plenty of material on which to take action in proposing amendments to the Act. The many deficiencies in the Access to Information Act have been well documented. For example, in 2015 the Information Commissioner set out 85 proposed reforms to the statute to modernize and improve it. The June 2016 Report by the Standing Committee on Access to Information, Privacy and Ethics on its Review of the Access to Information Act takes up many of these proposals in its own recommendations for extensive reforms to the Act. We are now awaiting the government’s response to this report. Rather than review the many recommendations already made, I will highlight those that relate to my broader point about enshrining open government principles in legislation The Access to Information Act as it currently stands is premised on a model of individuals asking for information from government, waiting patiently while government puts together the requested information, and then complaining to the Commissioner when too much information is redacted or withheld. Open government promises both information and data proactively, in reusable formats, and without significant restrictions on reuse. While proactive disclosure of information and open data cannot replace the access to information model (which is, itself, capable of considerable improvement), they will provide quicker, cheaper and more effective access in many areas. Yet the Access to Information Act does not currently contain any statement about proactive disclosure. Proactive disclosure – also referred to as “open by default” is not really “open by default” unless the law says it is. Until then, it is just an aspirational statement and not a legal requirement. We see a proliferation of policies and directives at all levels of government that talk about proactive disclosure, but there are not firm legal commitments to this practice, or to open data. And, although I have been focussing predominantly on the federal regime, these issues are relevant across all levels of government in Canada. A core principle of open data is that the data sets provided by governments should be made available in open, accessible and reusable formats. Proactive disclosure of information should also be in reusable formats. Access under the conventional regime is also enhanced when the information disclosed is in formats that facilitate analysis and reuse. Yet even under the existing access model, there is no default requirement to provide requested information in open, accessible and reusable formats. It is important to remember that it is not enough just to provide ‘access’ – the nature and quality of the access provided is relevant. The format in which information is provided in a digital age can create a barrier to the processing or analysis of information once accessed. I would like, also, to venture onto territory that is not addressed in the calls for reform to access to information laws. Another challenge that I see for open data (and open information) in Canada relates to the sources of government data. I am concerned about the lack of controls over the use of taxpayer dollars to create closed data. As we move into the big data era, governments will be increasingly tempted to source their data for decision-making from private sector suppliers rather than to generate it in-house. We are seeing this already; an example is found in recent decisions of some municipal governments to source data about urban cycling patterns from cycling app companies. There will also be instances where governments contract with the private sector to install sensors to collect data, or to process it, and then pay licence fees for access to the resulting proprietary data in the hands of the private sector companies. In these cases, the terms of the license agreements may limit public access to the data or may place significant restrictions on its reuse. This is a big issue. All the talk about open government data will not do much good if the data on which the government relies is not characterized as “government data”. It is important that governments develop transparent policies around contracts for the collection, supply or processing of data that ensure that our rights as members of the public to access and reuse this data – paid for with our tax dollars – are preserved. Even better, it might be worth seeing some principle to this effect enshrined in the law.
Published in
Geospatial Data/Digital Cartography
Tuesday, 09 February 2016 10:19
Evaluating Canada's Open Government Progress
Carleton University’s Mary Francoli has just released her second report on Canada’s progress towards its Open Government commitments as part of its membership in the Open Government Partnership. The report is currently open for public comment. The report offers a detailed and thorough assessment of the commitments made by the Canadian government in its second Action Plan on Open Government and the extent to which these commitments have been met. For those interested in open government, it makes interesting reading, and it also sets out a number of recommendations for moving the open government agenda forward in Canada. Because the report is a review of Canada’s progress on meeting its commitments, it is shaped by those commitments rather than by, for example, a list of open government priorities as identified by multiple stakeholders. Indeed, problems with stakeholder consultation and engagement are themes that run through this report. Although Francoli notes that there have been improvements over time, there is clearly still work to be done in this regard. Francoli’s detailed review shows that progress has certainly been made in moving forward the open government agenda. She notes that “significant progress” has been made with respect to many of the government’s commitments in the second Action Plan, and that in some cases the government’s progress has exceed its commitments. Not surprisingly, however, much remains to be done. Francoli identifies a number of shortcomings flagged by stakeholders that form the basis for her recommendations. Foremost among the shortcomings is the woeful state of Canada’s Access to Information Act. Although this legislation has been the subject of criticism and calls for reform for decades – and by a broad range of stakeholders – the previous government remained impervious to these demands. That an open government agenda could be advanced with much fanfare without tackling access to information in any substantive way should undermine confidence in Canada’s commitment to open government. Top among Francoli’s recommendations, therefore, is reform of the legislation, and she has written a separate opinion piece on this topic in the Hill Times. In this article she notes with frustration that although the new Liberal government expressed a commitment to reform the access to information regime in its election platform, that commitment is now being expressed in terms of a “review” of the legislation. Francoli justifiably questions whether we really need further review given the many studies already conducted and the ink already spilled about the deficiencies in the legislation. A commitment to meaningful reform might just require swifter action. Other issues flagged by Francoli include what she refers to as a “data deficit” – the apparent stalling of progress in the release of open data and the lack of diversity in the available data at the federal level. The concerns over a data deficit extend to the cancellation of government-led data collection; the axing of the long-form census being perhaps the most notorious (though not the only) example of this. Although the census has been revived, Francoli notes that other cancelled studies have not. Further, Francoli cautions that the government’s web renewal strategy is having the effect of pushing departments and agencies to reduce digital content available over the web, with the resultant loss of content available to the public. This latter concern ties in as well to Francoli’s recommendation that the government develop and publicize a clear policy on the preservation of digital material. In addition to recommendations related to these issues, Francoli also recommends that the government overhaul the Advisory Panel on Open Government. This Panel (on which I served) met only very rarely, and opportunities to provide feedback became very limited by tight time constraints imposed on the few meetings that did take place. Francoli is concerned about a disjunction between stakeholders’ perspectives on open government and those of the government, and she sees an Advisory Panel with a new mandate and a new mode of operation as being one way to ensure more open lines of communication. There may be a common misperception that open data and proactive disclosure are inexpensive and resource-light endeavors (after all, the government is just publishing online information already gathered, right?). Yet, this is far from the case. Open data in particular is resource-intensive, and Francoli notes that the two Action Plans had identified no additional resources for open government (apart from the $3 million dollars set aside for the mysterious Open Data Exchange (ODX)). She therefore also recommends that the government commit the necessary resources to open government in future action plans. Francoli’s report can be found here, and comments on the report can be made here. The comments are public, and it is also possible to read comments by other stakeholders and to engage in dialogue about the report. With a new government in the process of setting its open government agenda, this is an opportunity to help shape its direction.
Published in
Geospatial Data/Digital Cartography
|
Electronic Commerce and Internet Law in Canada, 2nd EditionPublished in 2012 by CCH Canadian Ltd. Intellectual Property for the 21st CenturyIntellectual Property Law for the 21st Century: Interdisciplinary Approaches |