The Liberal government is working to enshrine in law federal political parties’ ability to gather, store and exploit sensitive information about Canadian voters without oversight or rules.
The Liberals’ budget bill, introduced in April, allows parties to “collect, use, disclose, retain and dispose” of Canadians’ personal information as long as they follow their own self-policed privacy policies.
The move comes as the major federal parties are fighting B.C.’s privacy watchdog in court over that office’s ruling that federal parties must adhere to provincial privacy laws. The proposed federal law would supersede provincial privacy rules.
While the proposed changes require parties and their representatives to adhere to their privacy policies, those policies are not subject to any oversight – meaning Canadians essentially have to take parties at their word.
It would mean that, unlike private companies or government agencies, political parties will continue to hoover up private details about Canadians with zero oversight and almost no rules.
Prime Minister Justin Trudeau said last month that federal parties need a “homogenous and cohesive” regime across Canada to handle Canadians’ sensitive information. His government’s budget bill does that, in the sense that it means federal parties will continue to operate with almost no privacy rules whatsoever.
At a meeting of the Senate’s legal and constitutional affairs committee Wednesday evening, Privacy Commissioner Philippe Dufresne said the proposed changes do not establish “minimum privacy requirements” for political parties.
Dufresne noted that all parties are required to do is adhere to their own privacy policies, which they can revise whenever they wish.
“Given the importance of privacy and the sensitive nature of the information being collected, Canadians need and deserve a privacy regime for political parties that goes further than self-regulation and that provides meaningful standards and independent oversight to protect and promote electors’ fundamental right to privacy,” Dufresne told the committee.
“It is wholly inadequate and cynical,” wrote Colin Bennett, a professor at the University of Victoria who has advocated for privacy reform, in a recent column in The Hill Times.
“If this passes, federal political parties will continue to be the only category of organization in Canada that do not have to abide by the basic privacy standards that apply to government agencies, private businesses, and non-profit organizations. Politicians have consistently resisted applying these same rules to their own operations.”
Global News reported last month that the Liberals were planning to introduce federal privacy rules that would supersede any provincial protections – after the B.C. privacy commissioner ruled that federal parties operating in the province should be subjected to provincial privacy laws.
A federal official, speaking on a not-for-attribution basis at the budget briefing for journalists, suggested the move to legislate was directly influenced by the B.C. case – something Trudeau himself strongly suggested in a press conference last month.
The Liberals, Conservatives and New Democrats are arguing against the B.C. commissioner’s ruling in court, with the case set to be heard on May 8.
B.C.’s privacy watchdog, Michael McEvoy, told Global News last month that he believed any federal law should be at least as stringent as provincial privacy rules. The Liberals’ proposed rules do not meet that standard.
Data is crucial to modern campaigning. Parties use information from disparate sources – from door-to-door canvassing, online petitions and in-person events – to help shape their policies and political outreach efforts.
The Liberals are assumed to have an edge on their competition in the data game. Katie Telford, Trudeau’s longtime chief of staff, told the Liberal faithful in 2016 that the party’s data operations were a crucial part of their historic 2015 election victory.
But all federal parties have an interest in shielding their data operations from public scrutiny. Without independent oversight, parties are free to collect information from whatever source they wish, and to use it however they want.
And unlike private companies or government departments, if parties are hacked or suffer some kind of breach, they have no legal obligation to inform Canadians whose data has been pilfered.
Because there is no independent oversight, Canadians have no idea if that has already happened.
In the wake of the 2016 presidential election in the United States, the Liberal government put an increased emphasis on protecting the “integrity” of Canadian elections and the democratic process.
But despite giving increased authority to national security and law enforcement agencies, and putting in place a panel to warn Canadians about potential foreign interference campaigns, the government has done little to address vulnerabilities within parties themselves.
If a hacker wanted to steal information about Canadian voters, they could target Elections Canada –which has bolstered its cyber defenses in conjunction with the Communications Security Establishment (CSE), the country’s cybersecurity and espionage agency – or they could target political parties.
Unlike departments and agencies shielded by CSE, federal political parties have no baseline requirements for cybersecurity and no obligation to inform Canadians once they’ve been compromised. If the Liberal Party was hacked and had its data on individual voters stolen, it would be up to them to notify Canadians.
Global News asked the Prime Minister’s Office why the government is exempting political parties from privacy rules. In a brief statement, a spokesperson for Trudeau said his comments from last month stand, and declined further comment.