Interview with the Privacy Commissioner of Canada

July 2007

Interviewee: Jennifer Stoddart, Privacy Commissioner of Canada

Subject: 29th International Conference of Data Protection and Privacy Commissioners

29th International Conference of Data Protection and Privacy Commissioners

Nymity is proud to sponsor and exhibit at the 29th International Conference of Data Protection and Privacy Commissioners.

September 25-28, 2007 in Montreal, Quebec

Register

Nymity: Before we begin, please clarify, is this conference for Data Protection and Privacy Commissioners only?

Stoddart: The Conference is open to anyone who is interested in privacy and data protection issues. Whether you are an academic, an NGO, a privacy consultant, an ATIP Coordinator, a business person, a regulator, a lawyer, a government official or an IT specialist, this conference will provide you with the information and tools you need to ensure your privacy requirements are fulfilled.

Nymity: For private-sector Privacy Officers, what are the major benefits of attending?

Stoddart: The conference will give Chief Privacy Officers (CPOs) a better understanding of the environment in which Data Protection and Privacy Commissioners work. It will give them a window into their current and future preoccupations.

The conference will help CPOs better understand the privacy issues they need to be thinking about, now and in the future. It will help them identify and minimize the privacy risks facing their organizations.

It presents a unique opportunity for CPOs to build relationships with their colleagues, government officials and Data Protection and Privacy Commissioners from different parts of the world.

Nymity: What are the main business drivers that led to the topic selection for the conference?

Stoddart: We've worked hard to ensure that the conference topics will appeal to a broad cross-section of people who work in the field of privacy protection and those who are eager to learn more about where it's headed in the years to come.

Data Protection and Privacy Commissioners need to be responsive to numerous challenges such as new information and communication technologies, public safety and anti-terrorism measures and the exponential growth of transborder data flows.

Terra Incognita is our chance to assess this shifting privacy landscape and develop our responsive capacity to address emerging issues challenging us as privacy professionals.

Nymity: What is the history of this conference? When was it opened to the public?

Stoddart: This is the 29th conference. The conference began in the 1970s when the first data protections laws were being passed. The conference has grown in size and scope over the years as more people have become interested in privacy issues. It was opened to the public at the Paris meeting in 1990.

Nymity: What is new for this year's conference?

Stoddart: This year’s Conference promises to enrich the intellectual debate on the issues by providing workbook materials as a starting point for most session topics. The workbook materials are being developed for the whole spectrum of issues: for relatively new privacy issues such as brain scanning and also to bring fresh perspectives to more familiar ones, such as privacy impact assessments.

The content of each workbook will vary depending on the focus of the session, but all will include an introduction to the session and some questions for debate. Most will include a commissioned paper by a subject-matter expert. The workbooks will also contain a variety of necessary resources, such as important bibliographical materials, that will satisfy the curiosity of participants who might be new to a particular subject but also the more rigorous requirements of key policy and decision-makers to locate trustworthy information about the privacy implications of our conference topics.

We believe that this approach will encourage a greater exchange of ideas among speakers and participants and open up opportunities to move forward on the many challenges that we need to address collectively.

Nymity: Why have the plenary sessions been identified as “dragons” and the conference theme of Terra Incognita?

Stoddart: Our theme, Privacy Horizons: Terra Incognita points to the challenge for privacy guardians entering into uncharted territory, to anticipate and prepare to tackle the "unknowns" in our field. We wanted evocative imagery for this situation and thought the "dragons" appropriately describe the six streams. The streams are as follows:

1. Public Safety,
2. Globalization,
3. Law Meets Technology,
4. Ubiquitous Computing,
5. The Next Generation and
6. The Body as Data.

We will grapple with the challenges posed by these dragons in more detail in some of the information and workshop sessions. Other workshop sessions will be designated as “dragon slayers” where techniques for dealing with the challenges that confront data protection and privacy commissioners will be explored.

Nymity: What does it mean to be accredited?

Stoddart: Accredited data protection authorities are, by virtue of their broad functions and depth of experience, the premier experts on the principles and practice of data protection and privacy in their jurisdiction. They have the clear mandate to promote and protect data protection and privacy across a wide sphere of activity and all the necessary legal powers to carry out the task. Four criteria must be met to obtain accreditation:

1. Legal basis - The data protection authority must be a public body established on an appropriate legal basis.
   
2. Autonomy and independence - The data protection authority must be guaranteed an appropriate degree of autonomy and independence to perform its functions.
   
3. Consistency with international instruments - The law under which the authority operates must be compatible with the principal international instruments dealing with data protection and privacy.
   
   The principal international instruments are the OECD Guidelines (1980), Council of Europe Convention No 108 (1981), UN Guidelines (1990) the EU Directive (1995), and, as far as they are relevant, the UN Principles relating to the Status and Functioning of National Institutions for the Protection and Promotion of Human Rights (1991).
   
4. Appropriate functions - The authority must have an appropriate range of functions with the legal powers necessary to perform those functions.

Only accredited authorities may vote on any resolution presented at an International DPAs Conference (although as far as possible resolutions are adopted by consensus rather than through a formal vote.) Only one vote may be cast on behalf of any country, and the resolution is adopted by simple majority of the countries present at a Conference. Where more than one delegate from any country is present at a Conference, the vote is to be cast by the national authority that must first consult the sub-national authorities of this country, which in any case have the option to make their positions known.

Nymity: Who is accredited? What about the USA?

Stoddart: See the list of accredited members at: http://www.privacyconference2007.gc.ca/PRIVACY-190094-v1-Accredited_DPAs_as_of_January_2007-English.pdf.

The USA presently has no DPA or other organization which is accredited. However, in past years, it has been customary for representatives of US government departments/agencies to attend the in camera meetings of international DPAs at the Conference as observers.

Nymity: What is a sub-national?

Stoddart: A sub-national DPA is one of territorially limited authority within a country, such as those found in Canada’s provinces, Australia’s states, Germany’s landers and Switzerland’s cantons. Gibraltar, Guernsey, Hong Kong and the Isle of Man are also accredited sub-national authorities. See the list of accredited members for more details - “B. Authorities with a Limited Sub-National Territory.”

Nymity: What are the pre-conferences that will be held in Canada?

Stoddart: As a lead up to Terra Incognita, my colleagues from provincial jurisdictions are hosting three Pre-Conferences which will enhance our program.

1. Dr. Ann Cavoukian, Ontario Information and Privacy Commissioner, will host a conference on September 24, 2007 exploring personal health information.
   
2. Mr. David Loukidelis, British Columbia Information and Privacy Commissioner, along with Mr. Frank Work, Alberta Information and Privacy Commissioner, will host a two-day conference on September 20 and 21, 2007 on private sector privacy. (Note:  Nymity is also a sponsor and exhibitor)
   
3. Mr. Jacques St-Laurent, Quebec’s President of the Commission d’accès à l’information, will host a conference on data protection in the context of la Francophonie, on September 24, 2007.

Finally, a civil society privacy workshop titled "Privacy Rights in a World under Surveillance" is being hosted on September 25, 2007, by the International Civil Liberties Monitoring Group (ICLMG). The OPC is providing the ICLMG with $100,000 in funding and financial support through its Grants and Contributions Program for the organization of this event.

Nymity: What are the social networking opportunities and who will be attending?

Stoddart: There will be many occasions for delegates to meet like-minded colleagues in both a formal and informal settings. We have planned a delightful Soirée, complete with spectacular entertainment, to be held at the Chalet du Mont Royal as well as an informal dine-around evening where delegates may choose from a variety of the best restaurants in Montreal.

Nymity: What are the anticipated outcomes from this conference?

Stoddart: The purpose of the Conference is to provide a forum to discuss key trends and issues related to privacy. The primary goal is to push the discussion on privacy rights and expectations further, challenging commonly-held assumptions and spearheading innovative solutions to public and private sector issues.

Nymity: What is your office's role for this conference?

Stoddart: I'm the host of this year's Conference. As such, my office is responsible for planning, managing, overseeing and executing all aspects of the Conference, from the program, speakers and registration to accommodation, meals and social events.

Nymity: In closing, what areas of the conference do you find most interesting?

Stoddart: It's going to be a bit challenging to pick a favorite session. Organizations may wish to consider bringing enough representatives to ensure that they can be part of as many sessions as possible. For example, they may want to hear about location-based tracking but they may also want to participate in discussions at the audit workshop, which occurs at the same time.