Bill C-30 under scrutiny due to privacy concerns
In Canada, both federal and Ontario privacy commissioners have expressed concern over Bill C-30, which they say is too invasive and encroaches too much on one’s privacy.
C-30 would required telecommunications service providers to give police people’s names, addresses, phone numbers, e-mail addresses and Internet protocol addresses, which identifies a person on a computer, on the basis of a simple request and not a court-issued warrant.
Moreover, there were more concerns raised over the use of biometrics which prompted the Office of the Privacy Commissioner of Canada to issue a guidance document entitled “Data at Your Fingertips: Biometrics and the Challenges to Privacy” last November.
The Ontario Information and Privacy Commissioner has developed a different approach called “privacy by design”, where any product that uses biometrics as an identifier should be designed with privacy and security in mind.
According to the Ontario Privacy Commission, it is a “pre-emptive approach that requires the integration of privacy considerations into new programs and databases from the outset, and not as an afterthought.”
Privacy by design can also be incorporated in any program or service that requires collection of personal data through biometrics.
As Ann Cavoukian, Ontario’s privacy commissioner has said: “Fortunately, privacy solutions exist but they must be embedded early into the biometric matching system to be effective. When deployed properly, Biometric encryption defeats many of the major privacy concerns surrounding the collection and use and misuse of biometrics: there is no retention of a biometric image or template, which significantly enhances security and diminishes the risk of data matching against other databases. Biometric encryption can be deployed with no meaningful loss of system functionality.”
Should police be given lawful access to our biometrics information?