The current Canadian government has been in a lot of trouble recently over nominations to various federal offices. It’s been accused of cronyism, overly partisan, inappropriate and even illegal nominations to senior positions. Many have been rejected. It comes as no surprise then to find that Prime Minister, Stephen Harper, has nominated someone who seems almost entirely inappropriate to be the next federal Privacy Commissioner.
The nominee, Daniel Therrien, has spent almost all his career as a government insider. If Therrien was a privacy expert, this wouldn’t necessary be an obstacle even to someone taking a job which is supposedly an arm’s length position, as much a watchdog on government as a government office.
If he was a privacy expert.
But he’s not.
Therrien’s experience comes mainly in corrections (prisons and parole offices) and latterly with immigration and border issues. He’s currently the Assistant Deputy Attorney General, Public Safety, Defence and Immigration Portfolio, at the Department of Justice. It is in this position that he has had some involvement with privacy issues, and in some ways, this involvement makes his nomination even more troubling.
Therrien was one of the leaders of the Canadian negotiating team that dealt with the privacy principles of the Beyond the Border Accord, the agreement that essentially allows the USA to extend its ‘perimeter’ around Canada (the original proposed version of the agreement was refered to as the North American Perimeter agreement).
So what do the principles say? Essentially they are a vague set of reaffirmations of well-understood data protection principles combined with the recognition of domestic laws. They don’t do anything specific or new. They certainly will not guarantee that sensitive personal information is not shared across borders or provide for genuine protection when they are. And it seems clear that while necessity and proportionality and data quality are all referenced, necessity seems to trump everything else. As the final principle on ‘Retention’ states:
“The United States and Canada are to retain personal information only so long as necessary for the specific purpose for which the information was provided or further used.”
But as we know from almost everything that has happened since 9/11, necessity is the mother of expansion.
In addition, most of the principles also use the phrase “in accordance with their respective domestic laws”, or similar. A paragraph on ‘Effective Oversight’ states
“A system of effective data protection supervision is to exist in the form of a public supervisory authority or authorities with effective powers of intervention and enforcement. These powers may be carried out by a specialized public information protection authority or by more than one supervisory public authority to meet the particular circumstances of different legal systems.”
Translated, this means “business as usual.” Canada can carry on having its system of Commissioners and the USA can carry on having its in-house Privacy Officers. This does nothing to resolve the issue of what happens when privacy laws and systems of oversight are in conflict or incompatible – as they frequently are.
The Prime Minister is quoted in the press release as saying: “I am pleased that Daniel Therrien has agreed to be nominated for the position of Privacy Commissioner. He is a well-qualified candidate who would bring significant experience in law and privacy issues to the position.”
I guess it all depends what one considers to be ‘significant experience’. He has some experience. But he is neither a privacy lawyer not a privacy expert by training nor has be become such by virtue of his career. And his limited experience is almost entirely in the context of the furthering of neoliberal trade and security agreements with the USA, it is not in domestic privacy protection.
Daniel Therrien may well have had an impeccable professional record. He may well be an excellent Assistant Deputy Attorney General. He may well be a good person. But none of those things are the issue here: Therrien is not “a well qualified candidate” to be the federal Privacy Commissioner. He could, like the current interim Commissioner, Chantal Bernier, legitimately be appointed as Deputy Commissioner in order to build up his qualification in the area. But as the Commissioner? No.
Luckily, this nomination is not a foregone conclusion. It must be approved by both the Senate and House of Commons, and Liberals, NDP and Greens have all voiced concerns already. I am adding my own voice to this in saying that this nomination must be challenged in the most robust terms. Personally, I also think it’s a great shame that the capable and directly experienced Bernier was not given the opportunity to retain the seat that she has only been keeping warm for the next Commissioner…