Monday, September 23, 2013

Privacy law losing relevance, Commissioner says

Jennifer Stoddart, the Privacy Commissioner of Canada, is continuing her pre-retirement campaign calling for reform of Canada's private and public sector privacy laws. On the private sector side, she is calling for the Commissioner to have order-making powers and the ability to levy fines against companies that break Canadian privacy laws. One illustration she uses is a comparison to Canada's competition laws:

To put the issue in perspective, Stoddart offered a recent case in which the competition bureau released its findings of an investigation into price fixing for chocolate products. In that case, the heads of several leaders in the candy industry, including Nestlé Canada Inc. and Mars Canada Inc., face penalties up to $10 million and/or five years in prison.

“We’re talking about chocolate bars,” Stoddart said. “This is for fixing the price of chocolate bars. How much more important is Canadians’ privacy? And yet there’s no real sanction for misusing it.”

Many countries with privacy laws similar to those in Canada are able to impose fines, including the United Kingdom, Ireland, France and Holland, she said.

On the public sector side, she notes that the federal Privacy Act is over thirty years old and has hardly been reviewed, let alone revised, to ensure it is keeping up with the times.

For more, check out: Privacy law losing relevance, commissioner says |


David Collier-Brown said...

It recently struck me that we have laws against the possession of stolen property, but not of stolen information.

We quite properly charge thieves with possession of stolen property when we cannot catch them red-handed. It's a different but still serious charge, and their are safeguards and case law to prevent it from being misused.

I therefor wonder if there is a case for prosecuting those who are in possession of stolen or otherwise illegally obtained information.

I see mention of stolen credit-card information in R. v. Harvey-Langton, 2012 MBPC 64 (CanLII), and wonder if there is any broader prohibition than "possessing credit card data fraudulently and without colour of right, contrary to s. 342(3)(a)"

As a matter of good public policy, I would like our security services, police forces and private companies nervous about holding information illegally.

It might also give the privacy commissioner another arrow for her bow...

[This was triggered by the Swedish article "Swedish Police discovered having illegal database of romani including children", at

stone said...

Amazing! David , thanks for your sharing, it's uesful to me.