|
||||||||
|
Privacy: A New Human Right Julien Delisle October 24, 1994 I am certain that human rights have always been part of the adult vocabulary of the members of this audience. Many of you were in your early teens - it that - when Canada's Charter of Rights and Freedoms came into force in April, 1982. You have grown up with the language of fundamental freedoms, democratic, legal and equality rights spoken around you. Those of us who have been around for a few decades longer will remember the proclamation of the Canadian Bill of Rights - the statement of rights that set us on our future course for protecting fundamental human rights through the Charter. Both the Charter and the Bill of Rights owe their existence in large part to the work of the United Nations. The 1948 Universal Declaration of Human Rights has been the foundation for how Canadians understand and respect human rights. The preamble of the Universal Declaration proclaims the rights within it as a "common standard of achievement for all peoples and all nations". In Canada, we have sought to implement that common standard. Inherent in the concept of human rights in this country is privacy. Privacy has been described by Louis Brandeis, a U.S. Supreme Court justice as "the right to be let along". However, this is really too simple a definition of what is in fact a complex concept. This complexity stems in part from the use of "privacy" to describe any of a series of rights or "interests":
One might call this privacy of information. Privacy issues seem to have percolated to the surface of public consciousness only in recent years, corresponding perhaps to the increasing computerization of our society. But they have for more than a generation been part of the language of human rights. The Universal Declaration contains an important principle often associated with privacy protection. Article 3 states:
You may recognize the echo of those words in the International Covenant on Civil and Political Rights and in section 7 of our Charter. Article 12 of the Universal Declaration explicitly states a privacy right:
Again, similar language can be found in the International Covenant on Civil and Political Rights. The European Convention for the Protection of Human Rights and Fundamental Freedoms and the Quebec Civil Code recognize privacy. Constitutions of several American states include an explicit right of privacy.
Unfortunately, our main constitutional source of human rights protection, the Charter of Rights, contains no explicit privacy protection. Canadians have no clearly stated protection against the actions of our governments that violate the fundamental human rights of privacy. If Jean Chrétien's 1980 constitutional proposal had been accepted, the Charter would include a right to privacy - a right described by the Canadian Bar Association as "the prerequisite to freedom of speech, expression, thought, conscience, opinion, assembly and association". Now that's a fundamental human right! Despite support from David Crombie and Svend Robinson, its inclusion was narrowly defeated, in part because there was a perception that the notion of privacy had not quite "matured"! During the recent 1992 constitutional talks, the Privacy Commissioner of Canada renewed the call for the inclusion of an explicit right to privacy in the Charter. Unfortunately, despite some strong support for this amendment, an explicit privacy right still has not found its way into the Charter. Canadian courts have tried to fill this gap. They have interpreted provisions of the Charter as offering constitutional privacy protection, most often in the context of the criminal law. These provisions are section 7, which I described above, and section 8, the right to be secure against unreasonable search or seizure. Beyond these various instruments for protecting privacy, and most relevant for my purposes, is the federal Privacy Act. The Act came into force in 1983. It sets out a code of what we call "fair information practices". It regulates what information about individuals some 150 government institutions can collect, how they can collect it, how they can use and disclose it, and the rights of the individuals to see and request correction of information about them held by the government. Government institutions, the Act says, must do the following:
The Privacy Commissioner of Canada - Bruce Phillips - is in charge of ensuring that federal institutions respect the provisions of the Privacy Act. He now has provincial counterparts in four provinces - but not yet New Brunswick - to ensure that provincial governments adhere to fair information practices. Quebec, ahead of all other jurisdictions in Canada, extended its privacy laws this year to cover the private sector. Some of you may ask why we get so worked up about privacy - why privacy has found its way into so many legal instruments around the world. Let me move from the lofty idealism of international human rights conventions and Canadian laws to the real world. Let me talk about the practical manifestations of this right to privacy in our world. Let me also talk about the very real threats to that rights. George Orwell was probably the first person this century to point to the dangers of a loss of privacy. His book 1984 did not speak of privacy in specific terms. But who among us could read of the camera in the corners of his room, the spectre of Big Brother watching, without being chilled to the bone at the thought of such powerful state control? Why were we chilled? Simply because the intrusion into the private lives depicted in 1984 represented a loss of control of how we as human beings lead our lives. And Orwell, though in my ways an accurate prophet of the privacy intrusions to come later this century, missed many of the most powerful forms of intrusion with us today. He addressed government control of individuals through knowledge of their activities. The power of the private sector to intrude - among the growing threats to privacy in our real world - was not even mentioned. Orwell did not foresee the power of computers to assemble information about each of us. He did not conceive of computers drawing ever more detailed profiles of our likes, dislikes, habits, health, financial matters and, perhaps most important, our opinions. Nor did he foresee the power of biotechnologies - drug testing and genetic testing among them - to intrude into our lives. Many members of this audience will soon be entering the workforce. There is an increasing likelihood in this country that you will be chosen for a job in part by a bit of biotechnological digging into you habits. Drug testing, for example - the testing of your urine to see if you have used illegal drugs - has gained a foothold in Canada. You eligibility for a job may now be determined, not by you academic background and whether you can actually do the job, but by whether you have used an illegal substance. Present testing technology can detect use of some drugs - marijuana, for example - up to a month after use. The new wave of drug testing will involve testing your hair or fingernails to see what drugs you may have ingested over the past several months, or even years. Jean Charest, Kim Campbell and Bill Clinton have all admitted smoking marijuana. How would they fare today if they were students looking for a job? Unlike alcohol testing, drug testing cannot tell whether the person is now impaired. In short, the information generated by drug testing is virtually useless as an indicator of a threat to safety or productivity. A positive drug test of you air plane pilot will not tell you if you pilot is impaired. Why then do we insist on testing? In 1990, my office released a report on drug testing and privacy. The report accepted that drug testing might be acceptable in extremely limited circumstances. It most definitely opposed the widespread testing that we are beginning to see in government and the private sector. Drug testing represents one of the most disturbing developments that are putting the privacy of human beings at risk. The state and those in the private sector who have control over us - our employers - are digging into our bodies based on what is the flimsiest of justifications. Hot on the heels of drug testing is the potential misapplication of another biotechnology - genetic testing. Rapid advances in genetic technology that were unimaginable only a few years ago are identifying individual genes and the functions they perform. Tests may soon be available to identify people with an increased genetic risk of high blood pressure, heart disease, manic-depressive illness or schizophrenia. I stress that most of these tests will indicate only an increased risk, not a certainty of developing the condition. Other, related medical tests are being developed to identify very early signs of cancer. How many employers will want to hire as a senior executive someone with even a slightly increased genetic risk of schizophrenia, or Alzheimer's? How many employers will want to hire someone with a genetically heightened sensitivity to harm from workplace chemicals? Why hire someone who may have an increased genetic risk - if one exists - for drug dependency or alcoholism? How many people would want to hire a person whose blood tests show early signs of cancer? Why not simply hire a genetically superior worker and leave the rest to the fate that Darwin predicted for them - languishing in the background while only the fittest survive and prosper? Genetic technology, used improperly in the workplace, can become a tool for massive and misdirected discrimination. That is the danger of transplanting the science of genetics from the medical field, where it belongs, to the employment field, where it largely does not belong. Even the broad anti-discrimination protections in human rights codes and international conventions may not offer sufficient protection in practice. Human rights tribunals in some areas of the country are already overwhelmed with cases. Genetic screening in the workplace may still seem like science fiction, bit it is not. As early as the 1970's, Americans - often black - were being excluded from certain types of employment because they carried the sickle cell trait, a genetic condition of red blood cells. While we know of no genetic testing for employment in Canada at present, a limited amount still occurs in the United States. And if you don't believe that Canadians are capable of genetic discrimination, I remind you of perennial discrimination that racial groups and women continue to suffer in Canada. This is genetic discrimination of the most fundamental kind - based on race or sex. In 1992, our office released a report, Genetic Testing and Privacy. The report specifically addressed the issue of workplace screening and monitoring. The report recommended that employers should in general be prohibited from collecting personal genetic information about job applicants or employees. (I say "in general" because employers clearly do collect some relatively open forms of genetic information - sex, height, etc.). Yet there will certainly be more interest in employee testing as genetic tests become cheaper and more reliable, and as biotechnology companies tout the merits of their testing products, as they have with drug testing. Perhaps this does not sound too Orwellian to you. It may even sound like the employer is trying to protect employees from harm. However, some employers will almost certainly use genetic technology to exclude some workers from employment altogether. Big Business turns into Big Brother, deciding whether a worker has the right genetic "stuff". How many of use want to be judged on the basis of our genes, with little or no account taken of the things that make us human? The implications of genetic technology and genetic testing reach far beyond the workplace, into reproductive technologies, criminal investigations, suitability for insurance and even suitability to conceive children. These technologies and our attitudes towards them have profound implications for our liberty as human beings. At a deeper level, genetic and drug testing may be symptoms of a deeper societal disease - the growing thirst of governments and employers for control of others through information about them. Other symptoms of the disease are all around us - video cameras in the workplace, the monitoring of telephone calls and computers, the use of card entry systems and tracking devices to identify employee movements, polygraph tests and psychological tests. All represent assaults on our privacy, sometimes for good reason, but too often not. New Brunswick will confront privacy issues on another front. The government of this province wants New Brunswick to be at the forefront of fast developing communications technologies - the so-called information highway. The information highway will bring sophisticated communications technologies and the ability to assemble and transmit vast amounts of information, including sensitive personal information about individuals, with increasing ease. In Canada alone, information industries are worth about $45 Billion a year and employ more than 300,000 people. Governments, banks, pharmacies and telemarketers are using their sophisticated products and services. By the year 2005, information industries are projected to grow to $90 Billion and employ twice as many Canadians. It makes sense from almost every perspective for New Brunswick to enter the information highway. The highway promises substantial economic benefits. And the beauty of the highway is that those developing it need not live in Canada's major metropolitan centres. But the information highway can also import serious privacy problems. In the past, the village gossip regularly strolled the community for interesting tidbits of information. Now we have the technology to drag-net information and share it around the world. We must not allow the technology of the information highway to mesmerize us into ignoring their implications for privacy. Let me offer just a few examples of the potential for harm. As more and more services become computerized, the interactions between individuals and those services will become easier to follow. The record kept by companies of your long distance phone calls and credit card transactions are perhaps the most obvious examples. This information about the transactions you take part in every day is called just that - "transactional information". Today you can get access to magazines, newspapers and books by computer modem. A wonderful technology, yet, but what if using this technology generates a trail of information about your reading preferences? What if you transactional information indicates that you like reading literature defined by thee government of the day as "subversive"? If the McCarthyist witch hunts for communists in the 1950s were taking place today, rest assured that the witch hunters would be looking up what information you have downloaded from the local library's database. In this age of political correctness, your reading or viewing preferences might come under scrutiny to ensure that they do not offend the rules of the day. Some of you may remember Judge Robert Bork, candidate for the U.S. Supreme Court, whose video rental records revealed that he had rented an item called "Cat on a Hot". It turned out to have been, not some soft porn title, but the Tennessee Williams' classic, "Cat on a Hot Tin Roof" but the damage was already done. Will we one day have an Internet police that tracks the information we seek? Should intimate details of your life be easily available for general consumption by the public, the private sector, or government? Who should have access to your data profile? The dissemination of vast quantities of personal information through new information technologies is giving rise to these very questions. Once information is downloaded from a government database to a private one, Canadians will have little or no recourse against misuse or further, wrongful disclosure. They may not even know who is using their information and in what fashion. We need new laws, not in the 21st century, long after the highway is opened. We need it now. I have eight specific suggestions: 1. Individuals must be given control over the personal details transmitted on the highway. 2. Individuals must be assured that information will go when and where they direct it to go. 3. The collection of personal information must be restricted to details essential to providing a service. 5. Records of how and when individuals use they system must not be gathered without consent. 6. Cryptography and other security measures must guard the privacy of electronic communications. 7. There must be no charge for privacy protection. 8. Government must accept an oversight role to monitor protection of privacy on the highway. We must elevate this issue to its proper place in the policy agenda. That means marshalling the energy of all sectors, private and public, in a co-ordinated and co-operative effort to ensure that this technology in particular and all technology in general remains the useful servant of the general good, not the sinister tool of control and domination of the many by the few. These are just some of the privacy issues - drug testing, genetic testing, the information highway, we face in our post-Orwellian world. There are many, many others. We will be relying heavily on the United Nations Universal Declaration of Human Rights and similar expressions of concern for human rights as we seek to protect our fundamental right to privacy. It is a lasting testament to the power of the principles contained in the Universal Declaration that they are being invoked in situations that even the most visionary of its drafters could not have contemplated almost half a century ago. But to invoke these human rights provisions, we need to understand the human rights consequences of our actions. We must begin to incorporate privacy into our assessment of advances in technology. Privacy is only one of the many elements in the intriguing process of moving into the 21st century, but it is an important one. How well privacy fares - that is to say, how much respect for human dignity and individuality is preserved - will determine whether in the end we have a society where God truly does come out of the machine. Principles for the Information Highway General 1. Privacy is a fundamental human right. The introduction of increasingly sophisticated information technologies does not change this. 2. Governments must ensure that technology does not limit a person's privacy unless there is a clearly defined public interest in limiting the right. Principles from Privacy Commissioner's Annual Report
Specific Provisions 1. Collection Same statutory rule as section 4 of the Privacy Act: No collection of personal information unless it relates directly to an operating program or activity of the institution. In addition:
2. Direct Collection and Stating the Purpose of Collection Same statutory rule as section 5 of the Privacy Act. That is:
3. Use Use of collected information should be subject to a rule similar to that in section 7 of the Privacy Act. That is:
Government institutions - but not the private sector - would also be allowed to use the information for a purpose for which the information may be disclosed without consent under the disclosure provisions of the Act (section 8(2)). 4. Accuracy, Completeness, Timeliness of Information Rule contained in section 6(2) of the Privacy Act could apply, with modifications, to private and public sectors. The rule requires taking all reasonable steps to ensure that personal information that is used for an administrative purpose (that is, for making a decision about an individual) is as accurate, up-to-date and complete as possible. 5. Retention and Disposal of Information Section 6(1) of the Privacy Act requires institutions to keep information that has been used for an administrative purpose for a period of time set by regulations. Personal data held by the private sector could also be made subject to retention requirements. Section 6(3) of the Privacy Act requires government institutions to dispose of personal information in accordance with regulations and directives or guidelines. Personal data held by the private sector could also be made subject to disposal requirements. 6. Disclosure Disclosure by government would be subject to the same (or modified) disclosure provisions now contained in section 8 of the Privacy Act. The general rule would be no disclosure of personal information beyond the institution without the person's consent. However, several exceptions would be allowed to this rule to respond to legitimate needs of government to disclose personal information while performing its functions. Disclosure by the private sector would be much more limited. The strict rule would prohibit disclosing personal information outside an organization (or perhaps even among separate groups within a large organization) without the informed and genuine consent of the individual. Exceptions, much narrower than those now allowed for government, might be allowed - for example, disclosure where the disclosure is in the public interest or where it is considered essential to the efficient functioning of the private sector. 7. Security of Information Systems Three groups would have responsibility for safeguarding personal information:
The initial controller and the recipient have similar responsibilities:
The carrier of the information would have no responsibility relating to the collection, use, retention or disposal of the information, or for allowing the persons affected access to the information. The principal duty of the carrier would be to prevent unauthorized access to the information from when it receives information from the original controller to when it delivers information to the recipient. The carrier would have no right to retain the information being transmitted. 8. Means to Ensure Compliance with Fair Information Practices Because government is entrusted with large volumes of personal information, there must be some mechanism to ensure the confidence of the public that rules protecting that information will be followed. This may require more extensive powers that now exist to ensure respect for data protection principles. With the private sector, the primary motivation for access to personal data is profit. Some may argue that voluntary codes of conduct are adequate to guide the private sector. Others, however, suggest that voluntary codes are inadequate in light of the profitability of acquiring and manipulating personal data. To ensure compliance, regulators may need powers of inspection and powers of enforcement. The sensitivity of the mishandles personal information (and therefore, the harm caused by the mishandling) could dictate the means of enforcement: warnings, prohibitions on the handling of personal information, fines or, as an absolute last resort, imprisonment. As well, individuals harmed by how companies handle their personal information could be given a statutory right to claim civil damages. 9. Federal-Provincial and International Cooperation A coherent regulatory framework across jurisdictions is necessary to ensure that information handlers will not simply seek the jurisdiction with the most lax privacy regulation. As well, the ease with which personal data can flow across borders necessitates common standards to avoid massive confusion about the rules. 10. Privacy Should Not Cost Individuals should not be required to pay for privacy protection. 11. Duty to Provide Privacy Protection Where Possible Both private sector organizations and government should have at least an ethical duty, and in some circumstances a legal duty, to provide privacy protection when delivering services.
|
|||||||
 |
© 2007 Atlantic Human Rights Centre, St. Thomas University |
|||||||
