Wanted: Privacy Commissioner of Canada. Salary: $295,500. Bilingualism required, law degree an asset. The ideal candidate would bring "strong professional ethics, sound judgment, objectivity and diplomacy."
Daniel Therrien applied when that job posting went online last November, a journey that led him into a firestorm this month.
The career government lawyer was largely an unknown in Canada's privacy community – even he acknowledged as much. He went on to make the cut for the secretive six-person shortlist, and then a two-person shortlist, before Treasury Board President Tony Clement picked him.
Mr. Therrien's nomination was announced May 28 and the reaction was swift. A former commissioner slammed the pick and a provincial commissioner said flatly she didn't know him. The NDP opposed it, saying he was too close to government programs that run up against privacy rights, and a report surfaced, citing a source, that he wasn't the selection committee's preferred candidate (a notion that Globe sources close to the committee offer differing views on, suggesting there was no consensus pick recommended to Mr. Clement).
It was a rocky welcome for a man who has had to take the job on the fly as government pushes through two bills with privacy implications – C-13, which gives telecommunications companies immunity for handing over data voluntarily to police, and S-4, which governs how private companies share data. Further, a major Supreme Court decision last Friday said that Canadians have a right to privacy online.
(How are Canada's privacy laws about to change? Read The Globe's easy explanation)
Mr. Therrien wasted little time in acting as commissioner, speaking out against C-13's current form and suggesting S-4 be reviewed after the Court ruling. On Tuesday, Mr. Therrien sat down with The Globe to discuss pressing privacy issues, his nomination, Edward Snowden and Twitter. Below is an excerpt, edited and condensed for length and clarity.
I want to ask about Friday's court decision. You called it "seminal." What will be the ripple effect be?
There are a number of points that the court made that are very important. First, and perhaps more concretely, all of the discussion in and around C-13 around how sensitive subscriber information is, and whether it deserves privacy protection under law – in this case, under the Charter – has now been put to bed. The Supreme Court agrees that this is sensitive information, that it is entitled to constitutional protection. That is a huge clarification from the Supreme Court.
Was government pushing back on that point?
They've said they will analyze the decision. Some lessons I think are fairly clear. So the idea there would be voluntary disclosure from service providers to law enforcement agencies, it is now clear that that is not going to pass constitutional muster. I think that is clear.
Do you expect them to amend the bill?
We'll see whether the bill is amended. At a minimum, I would say the immunity clause in Bill C-13 becomes essentially meaningless as authority for telcos [telecommunications companies] to share information with law enforcement... That immunity clause is not lawful authority in itself. The Supreme Court has clarified there has to be some other lawful authority, normally a court order or a warrant.
Let me ask about Communications Security Establishment Canada. Will you conduct an audit or a privacy impact assessment on CSEC's operations?
Not necessarily. I think who exactly examines this question is a bit complex. Of course, there is a CSE commissioner who has jurisdiction over CSEC operations... Clearly with the revelations of the past year or so, Canadians are hearing about certain practices of national security agencies and they are concerned. I think, given the background I have, I would say that law enforcement and national security are not careless and are not disrespectful of the law. But because it is their job to inform government of risks to national security of the country, their natural tendency is to collect more and more information to paint a picture to government of what the risks are... My role as Privacy Commissioner will be to ensure that I am the champion for the privacy rights of Canadians, particularly ordinary Canadians. I will do that, as I think my comments on C-13 demonstrate. The revelations of the last year certainly raise concerns. People are thirsty to know more about these issues. What is it government is collecting on their behalf to protect their safety? There needs to be more public discussion. How that is to occur, I don't have any firm preconceived views.
Under Bill S-4, companies can share data. Does the Court ruling affect that?
That would be an issue I think parliamentarians should look to. Because clearly, again, the starting point of the Supreme Court's analysis is subscriber information, linked to sites people visit, is sensitive information and deserves a high level of protection from a privacy perspective. That is true for sharing information with law enforcement, but that is equally true for sharing information between private companies. So yes, I think there's certainly an issue to look at. Now, that being said, S-4 has many positive features that are in line with recommendations made by this office before.
Will you focus more on government privacy investigations than your predecessors?
I would not say so. Clearly, I come from the public sector and I am more knowledgeable about these issues, and these issues are absolutely high in the public mind because of recent revelations. But at the same time, there has been excellent work by this office under [previous commissioners Jennifer] Stoddart and Chantal Bernier that I will continue. Since my arrival, I have of course been briefed on some of these activities. I'm extremely impressed with the work of this office in relation to the privacy rights of Canadians, vis a vis private companies. I think it absolutely deserves to be continued and enhanced.
Ms. Stoddart's first annual report mentions concerns with cross-border data sharing. You worked on that subject from within government. Did you deal with her on that?
What I was involved in, and what I did consult with Madame Stoddart on, were the privacy principles which were safeguards actually. I did not deal with Madame Stoddart on the agreements whereby data is shared with the U.S. I'm not saying I had no role whatsoever in these agreements, but my role was extremely limited. My role was mostly on privacy principles.
What do you think about Edward Snowden? What do you make of him?
I will leave the question of whether he should face prosecutions and so on to others. I've heard Secretary of State [John] Kerry speak to this recently. That is not my focus. But there's no question that there has been a lot put in the public eye recently, and I think that is a good thing. I am in favour – the office has traditionally been in favour – of more transparency and accountability. The fact that there is more public discussion of these issues is an excellent thing. National security agencies have a tendency to collect information, but they also have a tendency to keep their methods of operation secret... I think it is possible for law enforcement, national security, to give out to Canadians more of why and how they do things without endangering their method of operation. I would encourage them to do that.
An official in your office told a Senate committee you're seeing a surge in privacy breaches being reported. Do you need more funding, more staff?
No. We'll manage this based on our assessment of the breaches that are more material.
What surprised you about your nomination process?
I would say there were misconceptions out there in some of the stories... I was interested in the position. I applied. There were a number of steps to this process. After each step, I was told that I was on the list of candidates still being considered. And, at the end of the day, of course Minister Clement told me he was recommending my appointment. So the idea that I was not among the top candidates is inconsistent with what I have been told. I was there at every step, including the last one.
How did it make you feel to see that come out like that?
Obviously I was not pleased, but I think I will leave it at that.
How can Canadians keep their data safe in an era of Facebook and Twitter?
I would advise Canadians to be very careful as to what they put on the Internet, on social media and so on. It's very easy to put information there, it takes a second, but once it's out there it's practically impossible to retrieve it. So what you put out there will be in the public for a long, long time.
Are you going to use Twitter in your job?
I do not use social media currently. I prefer other methods, the Internet and telephone, to communicate with my family and friends. And I'm sure I'll be looking forward to advice from my new friends at the office to whether I should engage in social media.
Carefully?
Carefully, of course.
Josh Wingrove is a parliamentary reporter in Ottawa.