When Jennifer Stoddart ends her tenure as federal privacy commissioner later this year there will be a number of lingering questions about how personal information is handled in a digital era, but this one may be the most critical: Will anyone ever be able to stand up on behalf of individual Canadians with the intelligence she did?
Stoddart was the keynote speaker in Ottawa on Thursday at the Canadian Internet Forum hosted by the CIRA, the agency that governs the dot-ca domain. Perhaps understandably, she was introduced with the kind of career retrospective you’d expect of someone who’s held a job for close to a decade, but once she took the stage, Stoddart didn’t focus on the past. The CIRA event may mark one of her last major public appearances as privacy commissioner, and she didn’t waste it.
There are three major challenges facing the privacy of Canadians, she told the crowd. This includes the ongoing conflict between law enforcement agencies that want unfettered access to information on how Canadians use the Internet, the role of individual consumers in safeguarding their personal data, and the responsibility of businesses to treat customer records with integrity and respect.
“There is not necessarily a conflict between innovation and privacy. Getting privacy right can be a competitive advantage, it can help encourage trust,” she said, adding later that the Personal Information Protection and Electronic Documents Act (PIPEDA) is not necessarily going to be anyone’s savior. “PIPEDA’s soft approach of non-binding recommendation and the threat of reputational loss is only partially effective against the quasi-monopoly of these multinational Internet giants.”
You can say that again. Stoddart – who has notoriously taken Facebook, Google and others to task over the way personal data is managed – has never had the power to issue fines or other punitive measures that would possibly make organizations treat information more carefully.
Even as a piece of law, PIPEDA was supposed to be reviewed by the government for potential improvements nearly half a dozen years ago, a fact Stoddart pointed out with some bitterness. All she and her office can really do is draw attention to bad practices and articulate what the higher standard of behavior should be. It is remarkable how much she has been able to do within those parameters, frequently making national headlines with constructive criticism for some of the world’s biggest technology companies, who make policy changes based on her feedback.
Like PIPEDA itself, Stoddart become privacy commissioner before Facebook was founded, when Google was still just another search engine and mobile computing in relative infancy. She and her team have adapted to the challenges of those forces by issuing an ongoing stream of commentary and advisories in forms designed to appeal to a wide demographic. There have been position papers, yes, but also comic strips and graphic novels. “You can’t lecture people all the time on how to behave,” she said. “They want to get the message on their own.”
But we wouldn’t have gotten it on our own. We have needed Stoddart, who restored credibility to an office that was mired by her predecessor’s spending scandal and demonstrated just how vital it will remain as technology continues to evolve. Her mandate has been to help Canadians keep certain things in the shadows, but as her term nears its end, the work she’s done deserves as much exposure and recognition as possible.