Episode 11: Reinterpreting Canadian Privacy Law - David Fraser On Cross-Border Data Transfers, the Right to De-Index, and the Facebook Investigation

October 21, 2021 00:35:54
Episode 11: Reinterpreting Canadian Privacy Law - David Fraser On Cross-Border Data Transfers, the Right to De-Index, and the Facebook Investigation
Law Bytes
Episode 11: Reinterpreting Canadian Privacy Law - David Fraser On Cross-Border Data Transfers, the Right to De-Index, and the Facebook Investigation

Oct 21 2021 | 00:35:54

/

Show Notes

Daniel Therrien, the Privacy Commissioner in Canada, is in the courts battling Google over a right to de-index. He’s calling for order making after Facebook declined to abide by his recommendations. And he’s embarked on a dramatic re-interpretation of the law premised on incorporating new consent requirements into cross-border data transfers. David Fraser, one of Canada’s leading privacy experts, joins the podcast to provide an update on the recent Canadian privacy law developments and their implications.

The podcast can be downloaded here and is embedded below. The transcript is posted at the bottom of this post or can be accessed here. Subscribe to the podcast via Apple Podcast, Google Play, Spotify or the RSS feed. Updates on the podcast on Twitter at @Lawbytespod.

Credits:

CBC, Privacy Commissioners Say Canada Has a Lot of Catching Up To Do
Office of the Privacy Commissioner of Canada, PIPEDA and Your Business
CNBC, Everything You Need to Know About a New EU Data Law That Could Shake Up Big US Tech
CTV News
CBC News, Facebook Broke Privacy Laws, Watchdogs Report

Transcript:

LawBytes Podcast – Episode 11 | Convert audio-to-text with Sonix

Michael Geist:
This is LawBytes, a podcast with Michael Geist

Michael McEvoy:
Canada is far far behind I think many jurisdictions. Europe certainly the United States doesn’t have comprehensive privacy legislation by any means but through the Federal Trade Commission there is some element of regulation of privacy and obviously we’ve seen that with the latest investigation of Facebook. Canada has a lot of catching up to do in this regard both at a federal and provincial level.

Michael Geist:
There’s a lot happening in the Canadian privacy world. Daniel Therrien, the Privacy Commissioner of Canada, is in the courts battling Google over a right to de-index. He’s calling for order making power after Facebook declined to abide by his recommendations. And he’s embarked on a dramatic reinterpretation of the law premised on incorporating new consent requirements into cross-border data transfers. Underlying it all is a Privacy Commissioner of Canada who is seemingly frustrated with the law he’s been given to enforce. After years of calling for change he’s taking matters into his own hands with what feels like statutory amendments without actual amendments. Here to provide an update on the recent developments and their implications is David Fraser, one of Canada’s leading privacy experts, a partner at the law firm McInnes Cooper, and an active blogger at privacylawyer.ca.

Michael Geist:
David thanks so much for joining me on the podcast.

David Fraser:
My pleasure. Thank you.

Michael Geist:
So there is as I guess is always the case a lot happening in the Canadian privacy world but it’s really feels like underlying it quite a bit of it is a Privacy Commissioner of Canada who’s pretty frustrated with the law that he’s been given to enforce. And after years of calling for reform with limited success there’s the sense that he’s taking matters into his own hands almost by reinterpreting some of the law without actual statutory amendments. There’s there’s a number of examples but the one that is certainly quite a lot of people’s attention within the privacy world has to do with cross-border data transfers. So why don’t we start there. Perhaps you could can explain what a cross-border border data transfer is and why these issues really matter.

David Fraser:
Yeah. Certainly they happen quite often. That’s just the reality of the way that the world works right now particularly where it’s so mediated by technology. Probably the the one that people are most familiar with is you’re a Canadian. And you’re using a U.S. service provider. It could be Facebook it could be Google or it could be Amazon or whoever. And the data associated with whatever that activity is is going to be going to the U.S. to be processed or it ends up stored in a U.S. data center. And there’s also many examples where Canadian companies take advantage of cloud technology or efficiencies of scale where data is stored elsewhere. And then there’s also the much more traditional notion of let’s say you’re Air Canada and you’re flying a passenger to Paris you’re obviously going to have to move that passenger’s information to Paris if they want to check in at the airport to come back. So this sort of thing has happened for a very long time and happens quite regularly. And so it’s not an unusual occurrence and it’s just but it’s certainly it’s increasing particularly as so much of the data processing and data storage capacity in the world is outside of Canada.

Michael Geist:
Ok so we’re talking it sounds like even just from that brief description this is touching on everybody’s lives today from the kind of communication services they use to their banking to travel to just such a wide range of activity sometimes for the purposes as you suggest to store the data or to process it sometimes because the transactions are activities themselves are cross-border in nature. So I suppose the starting point from a legal perspective is how has Canadian privacy law traditionally treated these issues.

OPC:
What exactly does accountability mean for my business. Accountability means that you need to make sure someone in your organization is responsible for protecting the personal information you collect and that you give that person the tools and support to do it right.

David Fraser:
Since PIPEDA first came into effect in 2001 it hasn’t made any explicit distinction between activities that are taking place in Canada and activities are taking place elsewhere. And I guess one can assume that that was probably an explicit choice because at the time that PIPEDA was being drafted they already had the example of the European Data Protection Directive which preceded the GDPR which did regulate cross-border data transfers that did require if he were a data controller in the European Union and we wanted to transfer data outside of the European Union for somebody else to process on their behalf or if we were doing it on your own it had to go to a jurisdiction that had adequate privacy protection or there were other mechanisms that they could do that. So there is an explicit regulatory scheme in Europe related to cross-border data transfers. And the drafters of PIPEDA I assume expressly decided not to do that but focused on the first principle of the Canadian Standards Association Model Code for the protection of personal information which is entitled accountability, which requires any organization that is the primary custodian of that information and most often the organization that collected it in the first place from the consumer from the employee if they’re going to transfer information to anybody else to process regardless of where that takes place. They have to make sure that their service provider implements adequate protections for that information essentially requiring them to treat it as though they would treat it themselves subject to to our laws.

David Fraser:
And I’ve often taken a look at that and seen it as when it comes to the cross-border transfer, we need to make sure that your contract that you have with your service provider is going to be enforceable which requires taking a look at the legal system and rule of law in that other jurisdiction and a risk analysis related to that. And I think that’s the that’s the general consensus among practitioners of privacy law since 2001. Then we had guidance from Jennifer Stoddart the privacy commissioner at the time in 2009 related to cross-border data transfers which essentially made that the policy of the the Privacy Commissioner of Canada and did bring to the fore a notion that in their view their consumers should be given notice of this fact and usually that would be done in their privacy policies. So if you wanted to know where the your service provider or where the company was going to be processing information you’d be able to find it in that privacy policy as part of the openness principles. They’re kind of working together off the accountability principle and the openness principle that kind of clears the way towards doing that.

Michael Geist:
There’s a lot there and I just want to in a sense back up a little bit and unpack some of those pieces and so. So what I’m hearing you saying is that back when the private sector privacy law, PIPEDA, as you said here in Canada was being drafted there were a number of different policy options presumably available to Canada. They could have adopted the European style approach that as you mentioned essentially establishes some limitations on transfers across borders to ensure that it goes to jurisdictions that have laws that are viewed as adequate.

CNBC:
GDPR stands for the General Data Protection Regulation. If it sounds complicated. Well it is. It’s a set of sweeping data privacy rules going into effect across Europe and it applies to any company in the world with customers in the EU.

Michael Geist:
We’ve got a number of options for the future for the moment we meet that adequacy standard and that presumably could have been a model that we might have adopted. But as you suggest that’s not the one we adopted. We instead use this accountability principle and as you mentioned it effectively requires that an organization collecting the data is accountable for it no matter where it goes. So I I trust that that means that once your bank or your airline or your social media platform whoever has collected that personal information as long as they have appropriate consent it’s up to them to decide where it gets stored, where it gets processed, the Canadian law doesn’t really preclude moving it around to different jurisdictions around the world.

David Fraser:
That’s right and the organization that collected it in the first place which would be subject to Canadian privacy laws no doubt is the one that’s on the hook if anything happens to it even if it’s the subcontractors fault for example. And so I think that the incentives are built in there that to make sure that those protections are appropriate in place appropriately in place and would be primarily policed by the organization that collected the information in the first place.

Michael Geist:
Right. So they’re on the hook for this. Do they primarily achieve that today by way of contract which you mentioned that’s part of what you do. Is there an expectation though that they go beyond that many listeners will be familiar with all kinds of contracts and nobody really takes the time to read and there’s always questions about enforceability. Is simply papering this deal to say I’m requiring you service provider in another country to meet certain standards good enough or do Canadian privacy laws or at least the Privacy Commissioner’s Office under some of the guidance that you referenced expect something more.

David Fraser:
Well I would think it would be circumstance specific but certainly you could not just paper something and hand it over to a service provider who you know is not going to live up to those live up to those obligations and certainly it would be risky to do that because the first organization continues to be accountable for what happens to it. So if their service provider mistreats the information, misuses it, or even uses it for their own purposes because that takes it from being a transfer to an actual disclosure then they’re going to be on the hook for that but we don’t have our principles based legislation doesn’t put in place for example specific auditing requirements but that certainly has been a trend.

David Fraser:
Now one thing that’s that’s been interesting because GDPR and actually the Data Protection Directive before it did require these sorts of contracts to be in place between what is called in Europe controllers and processors. There has become a real consensus built up in terms of what these agreements should look like and what the auditing mechanism should be should be within them. But certainly it’s one of the things about again principles based legislation is the sensitivity of the information is probably going to be taken into account and the greater the risk related to the processing, the greater diligence. I think one would have to do in order to make sure that the service provider is capable of performing these and to make sure that they are in fact doing these things.

Michael Geist:
So there’s there’s a range of ways in which you would meet those your responsibilities and as you suggest it’s pretty context specific. Now that’s been the approach in Canada for a long time and there’s been guidance in place for for about a decade now but the Privacy Commissioner of Canada Daniel Therrien had surprised many just a few weeks ago by proposing a significant change. Perhaps you can describe what the commissioner’s office now has in mind.

David Fraser:
Yeah I wouldn’t characterize as they’re proposing a significant change. I guess he announced the significant change with respect to his own interpretation of the statute. So we’ve had this consensus since 2001 and so for more than 15 years on how cross-border transfers need to be managed and then certainly we had some formalization of that with Jennifer Stoddart’s guidance in 2009 and so what the current commissioner has proposed is that consent will be required for all transfers of personal information and his guidance focused on cross-border data flows. But I think one of the significant issues that a whole lot of people noticed almost immediately is that because our statute doesn’t deal with export of information from Canada at all it’s not even mentioned. If you required consent for a transfer outside of Canada, you have to require consent for a transfer within Canada and his logic, which I don’t agree with, is that a transfer even though transfers are called transfers compared to disclosures which in the statute are called disclosures. His view is that a transfer is a disclosure and a disclosure requires consent and therefore you have to get consent for any transfer of information. So he’s focused on cross-border but there’s going to be a collateral effect on any sort of movement of information from one company to another from one company to a service provider that I think is ultimately going to be very disruptive. And it’s been interesting because I’ve spoken to a large number of people who practice in this area many of whom think that ultimately it’s not rooted in the statute and ultimately will be probably more disruptive.

David Fraser:
What in my personal view what should have happened and certainly if he wants to rethink these things absolutely that’s I think law reform is part of his job and he should have had a consultation on the topic with a proposal that would then be taken to parliament and taken to the government to say look that the cross-border data transfers are now a concern of ours and for some reason that that concern has become more acute since 2001 and this is the way we need to rethink it rather than unilaterally abandoning what had been the consensus of the interpretation of his statute for quite a long time now which will really kind of throw a monkey wrench into a whole bunch of things.

David Fraser:
So one example is you cannot clear a credit card transaction in Canada entirely in Canada. You use your Visa, MasterCard or your American Express that is actually that has to be cleared in the United States. That’s just the way that the system works. So how are you going to interpose consent into that system. And it’s one thing if you talk about it on a go forward basis for any kind of new collections, use or disclosure. But most people have credit cards in their pockets that they’ve had for a dozen years. If they’re going to be incumbent upon the banks or Visa to go back to all of those consumers and say hey look we need your consent. Oh and here’s another kind of vehicle defect that the logic is if you don’t consent we’re going to take away your credit card which turns consent in that context into a bit of an illusion.

Michael Geist:
Sure no it doesn’t sound like that’s real consent if the option is you have the credit card or you just don’t.

David Fraser:
That’s right. Yeah. So to take a take it or leave it sort of sort of scenario which when we have more recent amendments to PIPEDA that talk about kind of raising the level of consent the threshold for consent and what’s required. It really doesn’t make sense to have like two steps forward on the transfer issue and one step backward on consent.

Michael Geist:
Right. And that sounds like if we unpack what you’ve just said it sounds like we’re talking about a whole series of concerns. There’s certainly the concern about the impact that had that it would have on surely current practices the impact that this would have on many of. Much of the data that’s already been collected or the relationships that exist between various organizations and their customers. There’s the concern that this isn’t cross-border at all that this is just data transfers full stop which is just such a common activity within current modern commercial activities that’s going to have a profound impact there. And then I suppose there’s finally this concern that we’ve got a privacy commissioner that it appears is reinterpreting longstanding approaches doing so rather than going through a consultative process that it would ultimately lead to actual legislative reform is in effect simply saying well this has been the law all along. I’m just changing how I’m interpreting that law.

David Fraser:
Yeah and I think that that comes to the bigger picture issue which is that I think that we have a commissioner who wants significant changes to our statute much more dramatic changes than any of his predecessors did. And in the absence of parliaments affecting those changes he is looking at the statute and seeing what he can do himself to give effect to those changes and I have concerns about that from just a rule of law perspective the kind of Parliament has handed him a statute and said this is this is a framework within which you operate. So there’s this four corners to that statute and we need certainty within it. That’s a kind of creative reinterpretations that only get him partway where he wants to go or are problematic. So just again on that on the cross border part of it I have clients who are for example American companies that operate in Canada that have in fact stored data in Canada. But let’s say they consolidate their back office stuff and they want to move all their Canadian data to a data center in the United States or to offices in the United States. They can do that without they’re unaffected by this because it’s not a transfer from one company to another it’s the US company operating in Canada moving it to the US and surely if the mischief to be addressed is the cross-border movement of information that should be captured but it’s not because it doesn’t get its hooks into the transfer provisions within principle one in the statute.

Michael Geist:
That’s an interesting illustration of how something designed to deal even with cross-border data transfers may not in some circumstances. What does it say about the accountability principle? If when you’ve got the commissioner seemingly tossing it away or acknowledging that it is not as effective as has previously been suggested if the commissioner’s in a sense saying we relied previously on the accountability principle for data be transferred as necessary and now we’re going to escalate some of the requirements there with new consent requirements. That seems to suggest that he doesn’t have confidence that the accountability principle provides the level of protection that for many many years the office said it does.

David Fraser:
Yeah. And I think it’s not throwing out the accountability principle. I think it’s I guess just reading between the lines in terms of I haven’t had a conversation with him about it in any detail but supplementing it by the consent principle. And I think there’s other issues with it related to. So for example our system in Canada under PIPEDA requires consent for the purposes so you give notice of the purposes of the collection industry disclosure under principle too. And then we get consent for those purposes. So we actually have a recent decision I think of the Federal Court of Appeal that said it’s all about the purposes. It’s not about how it’s processed or where it’s processed. We have the Toronto Real Estate Board decision where one of the issues was whether or not real estate brokers had gotten an adequate consent to go from kind of limited access to information about real estate transactions in the back office to allowing that information to be made available online. And the Federal Court of Appeals said look they got consent for the purposes in the first place the purposes haven’t changed. That means by which people are getting access to that information with the means by which has been disseminated as the only thing that’s changed.

David Fraser:
And so I think that there’s a disconnect. So if you if you wanted to do regulating cross-border transfers you should do it properly and it’s to be done from the ground up rather than taking a bunch of square pegs and trying to fit them into a bunch of round holes. And so the commission’s consultation on this which I’m not sure how much of a consultation it is because he said this is our policy we’d like your input on it and please let us know by the Fourth of June how much it’s going to be informed that set that it really should have been a more holistic approach to say what do we have an issue with cross-border transfers. Is that in fact a problem. The Patriot Act boogey man that we saw in the early 2000s is no longer the big boogey man that recent people got their heads around it. So what is the issue and what would be the appropriate solution rather than saying unilaterally I see an issue with this and I’m going to try to address it within anything that I can justify in my statute. And it just doesn’t fit. And ultimately I think it’s up to Parliament to decide whether or not that’s that’s appropriate and in effect this goes further than the GDPR does when it comes to cross-border data transfers.

David Fraser:
Because if you’re in Europe you can move data to Canada without consent because Canada has adequacy there’s no adequacy mechanism in PIPEDA that that he could lean back on. And that’s that’s just that the nature of the statute.

Michael Geist:
Right so it’s more broad based even in Europe in that respect which is interesting.

David Fraser:
If the boogey man is kind of law enforcement access to information by US authorities which has always been the kind of the Patriot Act boogey man from many of these concerns about cross-border data transfers particularly coming out of British Columbia and Nova Scotia statutes. Would he really and can he really interpret the legislation to limit or restrict transfers to the United States, our most significant trading power for a trading partner. Again this suggests to me we really need to take a step backwards and look at it in the broader context and see what is the mischief we’re trying to address and then how do we manage that.

Michael Geist:
You mentioned that the Privacy Commissioner seems truly constrained by the law is now looking for ways to almost bust out or reinterpret cross-border data transfers is obviously the most recent most obvious example of that but are there others and in particular I’m thinking now around the so-called right to be forgotten or the commissioner would call it the Right to de-index.

CTV News:
Canadians could soon have the right to be forgotten. It’s a matter being considered by the Federal Court of Canada this year at the request of the Privacy Commissioner. The right to be forgotten would allow people to request search engines remove or potentially embarrassing links about them.

David Fraser:
So this is an example. And so the commissioner when Commissioner Therrien started came into office he did a tour around and was looking to prioritize kind of the strategic priorities for his office. And one of the priorities that identified was online reputation and did a significant consultation about it. He appeared to be kind of open minded and saying hey look does does PIPEDA. Does our federal privacy statute include or does it adequately deal with online reputation. And does it include a right to be forgotten. And if it does what would that what would that look like. And so if I recall correctly there were about 30 submissions were provided, 30 substantive submissions were provided as part of that consultation.

David Fraser:
Most of the expert consultations or submissions I did one and many people that we know did the submissions suggested to him that PIPEDA currently as it’s drafted does not include a right to be forgotten and many people also cautioned that there would be serious Charter issues with freedom of expression. So the European Union under GDPR and actually under the Data Protection Directive before it has been interpreted by the top court in Europe to include a right to de-indexing and a significant part of that background is that that decision was based not just on the privacy law but also on European constitutional documents which include a constitutionally entrenched right to privacy that is alongside a constitutionally entrenched right to freedom of expression. Now we only have in our charter a constitutionally entrenched freedom of expression and so there would likely be significant issues in any law that says that thou shalt not provide particular search results is going to affect freedom of expression and would have to be justified under Section 1. That’s a reasonable limitation provided provided by law. And so many people kind of cautioned that that you know this is not something that that could just be read into PIPEDA and even if you amended PIPEDA to include such a right you’d have to be very careful about the constitutional issues.

David Fraser:
Now at the end of that process he produced a document, which did contemplate in his interpretation of the statute that there is a right to de-indexing in the statute. And there have been a number of complaints sent to his office from individuals many of whom are really quite sympathetic looking to have search results removed from principally from Google as the largest search engine operator in Canada but from others as I understand it, where the contents lawfully exists on a website on a media site or on a blog or someplace else like that. And there’s no way to have it taken down because it’s not defamatory for example but looking to have it removed from search results if you search for that person’s name. So similar to the right as it has been implemented in Europe which has resulted in a reference to the Federal Court of Canada by the by the Privacy Commissioner to determine some of the questions that this raises. But certainly not all of them.

Michael Geist:
So the issue now before the courts do you know where that stands at the moment?

David Fraser:
I do. So kind of full disclosure I’m co-counsel for Google on that on that particular matter. And so the three questions were put to the three issues were put to the Privacy Commissioner with respect to kind of the issue in one particular complaint. So PIPEDA applies to the collection use and disclosure of commercial personal information in the course of commercial activity. And the position was put forward that operated the search engine connecting news media to news readers is not inherently commercial activity and therefore PIPEDA doesn’t apply to that search transaction. The second issue put forward to the commissioner was that there’s a journalism exception in PIPEDA that says PIPEDA does not apply to where the collection use the disclosure of personal information this for journalistic purposes and for no other purpose. And so it was put to the commissioner that since that connecting news media outlets with readers is a journalistic function and therefore PIPEDA doesn’t apply. The third issue was that at the end of the day any requirement under Canadian law by a Canadian regulator to remove links to content that legally exists on the Internet infringes the charter and cannot be saved by Section 1. And therefore the whole thing was unconstitutional and we had proposed to the Privacy Commissioner a kind of collaborative judicial review because during during the consultation pretty well everybody had an opportunity to have their say but ultimately it was going to be decided by a judge as happened in Europe. And so we proposed that the three questions be put to the courts in a judicial review. And instead the commissioner initiated what’s called a reference under the federal courts act where only the first two questions were put to the court. The charter issue was not expressly before the court. And they’ve of really gone out of their way to try to prevent the charter question from being heard by the court at this stage. And so so currently where it stands is that the number of media parties applied to interview including some of the publishers of the content at issue in this particular case and they were denied. And it was said that it was premature and an application was made to the motion through the case. Now that’s a judge and ultimately to prothonotary to clarify that there are constitutional issues that are inherent in the first two questions. And that was that we’ve got a decision a couple weeks ago where the prothonotary said that that’s ultimately going to be an issue for the trial judge or for the ultimate judge to determine and it was kind of premature to fully resolve that question now. So it’s in its process I would expect that we would probably see a hearing on the merits in the fall and hopefully a decision shortly after that.

Michael Geist:
Interesting that sort of case that people are certainly going to keep an eye on and one suspects had been before multiple courts with many interveners along the way given the kinds of issues that you’ve just talked about. We would be remiss before for we close if we did touch on the recent Facebook investigation and the results that came out both from the Federal Commissioner and the B.C. Commissioner, most notably in the aspect that I think got the most amount of attention was Facebook simply saying well those might be the recommendations that you have at this stage we’re not prepared to follow them.

CBC News:
Canada’s privacy commissioner is blasting Facebook in a new report. He says the social media giant broke this country’s privacy laws and when he told Facebook to clean up its act it said. Now the commissioner says that’s unacceptable.

Commissioner Therrien:
They disagree with our legal conclusions. I don’t think it should be on in 2019 in terms of privacy legislation that a company a private company with its interests can say to a regulator: Thank you very much for your conclusions on matters of law. But we actually disagree and we will actually continue as we were. It is completely unacceptable.

Michael Geist:
They got caught a lot of people by surprise. This notion that somehow privacy law compliance might be voluntary or that there might actually be some out there that would say well we don’t have to follow what the commissioner says. Could you talk a bit about your thoughts on that decision and the issues around enforcement which of course go to the heart of some of the things that the Privacy Commissioner has been talking about as a shortcoming within the law.

David Fraser:
Absolutely. And I don’t think there is there is any doubt that the commissioner is finding itself frustrated that his interpretations of the statute are not necessarily prevailing and that he doesn’t have the ability to order people to comply with with his view. And so I’m at a conference right now and there was a panel yesterday that included Michael McEvoy the Information Privacy Commissioner of British Columbia and Commissioner Therrien talking about the the Cambridge Analytica and Facebook investigation. And one of the things that was said by Commissioner Therrien was that he’s frustrated that that his view his interpretation of the statute doesn’t ultimately prevail. And that’s one of the reasons why he needs order making powers. And I think it’s worth kind of breaking that down a little bit and looking a little bit at what came up in that particular investigation and then the positions that Facebook put forward which included that. So in the whole kind of Cambridge Analytica thing, that the individuals used an app that existed on the platform of the Facebook platform that resulted in their information being transferred to the app owner for want of a better term and then that app owner contrary to the promises that they made to the users transferred it elsewhere and it was then it was misused in connection with the political activities and things like that and Facebook put forward the position as I understand it that in fact that Facebook isn’t primarily accountable for what happens by those app developers that an individual made a choice to use that particular app and instead of it being we can actually kind of go full circle a little bit. That wasn’t to transfer information that was disclosure of information to a third party. That was triggered by the user and therefore the accountability principle is not it’s not in play in the way that the Commissioner suggested. So ultimately it rested on a different completely different view of legally what was going on in that particular scenario. And I think we have an arguable position to put forward. And so they simply did not agree with the legal interpretation of the statute. And ultimately it goes to the courts in order to be resolved and that’s how PIPEDA was implemented. That’s how it was drafted in the late 1990s and came into effect in 2009. And we’ve also heard from the commissioner particularly Commissioner Therrien that he needs order making powers because he doesn’t have the ability to require companies to do ABC or D or is looking for it to impose penalties on them. In effect our statute was designed so that the parties can take it to the court and ultimately it’s going to be for the for the court to decide. So certainly so things are unfolding I guess in a way as they should as the statute was drafted. But I can see his concern about that. Now I also have concerns with just giving the commissioner an order making powers because you would have to significantly re-jig his office in order to make sure that you’ve had procedural fairness.

David Fraser:
So we have the example of the Canada Human Rights Commission and tribunal and the Competition commissioner and the Competition tribunal in order to make sure that the advocate is not also the investigator the judge jury and ultimate executioner. And I would point to the CRTC enforcement folks under CASL or anti spam law as being an example of what actually could go wrong when you kind of include too much of that within within one body and so certainly I expect we are going to have and kind of the rumours are that we’re going to probably hear an announcement from the governments related to perhaps a new PIPEDA review. And so if you’re looking at kind of order making powers we need to be very careful to make sure that all of those things are taken into account. One of the things that was quite interesting on this panel that I referred to was also the assistant information commissioner from the United Kingdom talking about all the different firewalls between different parts of that office because they also have investigators they actually have prosecutorial functions as well. So they can issue criminal charges under under UK law. But they have to bend over backwards and be very diligent to make sure that those different functions are insulated from the other in order to guarantee procedural fairness.

Michael Geist:
David thanks so much for joining me on the podcast.

David Fraser:
No it’s a pleasure anytime.

Michael Geist:
That’s the Law Bytes podcast for this week. If you have comments suggestions or other feedback, write to lawbytes.com. That’s lawbytes at pobox.com. Follow the podcast on Twitter at @lawbytespod or Michael Geist at @mgeist. You can download the latest episodes from my Web site at Michaelgeist.ca or subscribe via RSS, at Apple podcast, Google, or Spotify. The LawBytes Podcast is produced by Gerardo LeBron Laboy. Music by the Laboy brothers: Gerardo and Jose LeBron Laboy. Credit information for the clips featured in this podcast can be found in the show notes for this episode at Michaelgeist.ca. I’m Michael Geist. Thanks for listening and see you next time.

Convert audio to text with Sonix. Sonix is the best online audio transcription software

Sonix accurately transcribed the audio file, “LawBytes Podcast – Episode 11” , using cutting-edge AI. Get a near-perfect transcript in minutes, not hours or days when you use Sonix. Sonix is the industry-leading audio-to-text converter. Signing up for a free trial is easy.

Convert mp3 to text with Sonix

For audio files (such as “LawBytes Podcast – Episode 11”), thousands of researchers and podcasters use Sonix to automatically transcribe mp3 their audio files. Easily convert your mp3 file to text or docx to make your media content more accessible to listeners.

Best audio transcription software: Sonix

Researching what is “the best audio transcription software” can be a little overwhelming. There are a lot of different solutions. If you are looking for a great way to convert mp3 to text , we think that you should try Sonix. They use the latest AI technology to transcribe your audio and are one my favorite pieces of online software.

Other Episodes

Episode

February 06, 2023 00:28:43
Episode Cover

Episode 155: Mark Swartz on the Harm Caused by Canada’s Copyright Term Extension

Many Canadians started the new year with an unwelcome surprise as they learned that Canada had extended the term of copyright by additional 20...

Listen

Episode 0

July 17, 2023 00:34:56
Episode Cover

Episode 174: Chris Waddell on the Missing Context for Bill C-18 and the Challenges Faced by Canadian Media

The Online News Act has continued to create a political firestorm this summer with a legislative battle that leaves the future of some Canadian...

Listen

Episode

October 21, 2024 00:37:14
Episode Cover

Episode 216: Game Changer or More of the Same?: Patrick Leblond on the New Global E-Commerce Agreement

For over 25 years, the World Trade Organization, an intergovernmental organization based in Geneva, Switzerland that regulates and facilitates international trade, has grappled with...

Listen