THE OFFICES OF THE INFORMATION AND PRIVACY COMMISSIONERS: THE MERGER AND RELATED ISSUES
Proponents of the single commissioner model also argue that it promotes a more trusting, cooperative, and therefore more productive relationship between the commissioner and government. There are two prongs to this argument. First, it is asserted that government institutions would be willing to work more cooperatively with a commissioner whom they perceive to be an impartial arbiter as opposed to a
"single-value" advocate. Second, it is contended that a single commissioner would be able to use some of the goodwill generated by the typically more consultative privacy work to dampen some of the hostility and resistance inhering in the relationship between commissioners and governments on access issues.
There is some empirical support for these arguments. In each of the provinces that have adopted the single commission model, the commissioner appears to have achieved a better working relationship with government on access issues than has traditionally been the case at the federal level. This does not mean that there are not at times marked differences of opinion between governments and commissioners in the provinces. It means that there are continuing, healthy relationships based on their understandings of one another's position.
The reasons for this difference are not entirely clear. Many of the individuals I consulted noted that the history, structure, and culture of the federal bureaucracy differs in many ways from those in the provinces. The federal public service, it was observed, is larger and more decentralized than its provincial counterparts, and its agencies are consequently often more autonomous, opaque, and idiosyncratic. Fostering a culture of openness and transparency may therefore be more challenging in the federal sphere than in the provinces. Access requests in the federal sector, I was told, are also more often directly or indirectly related to partisan political debates than is the case in the provinces. It is also possible that federal access requests more frequently involve high-profile or controversial issues than those in the provinces. To the extent that these differences between the provincial and federal governments exist, switching to a single commissioner model in the federal sphere is not likely to improve matters.
It is also possible, however, that the interactions that single commissioners have with government on the privacy front, which tend to be more consultative and less adversarial than is the case with access, may foster a more cooperative approach on access issues. Government officials who have engaged in productive dialogue with the commissioner on privacy issues are less likely to adopt a hostile and adversarial stance in discussions with the same commissioner on access issues. To the extent that this true, adopting the single commissioner model in the federal jurisdiction might improve the quantity and quality of access to government information.
"Information and Privacy Commissioner" could also turn out to have a greater capacity to influence government on both access and privacy issues than the existing commissioners. As discussed, under the current system there are very few instances of real conflict between access and privacy values. A unified office would, therefore, rarely be required to
"balance" the two values in performing its various functions. Government officials may nonetheless be inclined to give more weight to the advice given by a commissioner responsible for upholding both principles than that stemming from a commissioner mandated to vindicate only one. A unified office might also have more success in encouraging government institutions to adopt more comprehensive and proactive information policies that take both access and privacy considerations into account at all stages of the information
"life cycle." The recommendations of an
"Information and Privacy Czar," in other words, may have more of an impact on legislation, policy, and practice than the sum of the advice of separate information and privacy commissioners. By presiding over a larger, unified office, a single commissioner may also command more attention and respect from the media and members of the public. This in turn may influence government officials to be more receptive to the commissioner's advice and recommendations.
The provincial experiences demonstrates that there are real benefits to be gained by moving to a single commissioner model in cultivating a cooperative and productive relationship between the commissioner and the government on access, and to a lesser extent, privacy issues. Given the significant differences that exist between the provincial and federal environments, however, it is difficult to assess the magnitude of this benefit. As mentioned in the Delagrave Report, there are undoubtedly ways in which relations between the federal government and the Information Commissioner's Office could be improved. But given the nature of the bureaucracy and political environment at the federal level, it may be naive to believe that any commissioner, whether operating out of a unified or single purpose office, could productively pursue the kind of cooperative, non-adversarial approach that seems to work in the provinces. To the extent that this is true, the policy aims of the Access to Information Act may be served best by a single minded, single purpose advocate. I would think, however, that the single commissioner model would be at least somewhat more effective in fostering openness and transparency in government than the two commissioner model.
It has been argued that the mandates of the offices of the Information Commissioner and the Privacy Commissioner are inherently incompatible and that merging them could lead to
"real or perceived bias." I do not agree. There is no reason to think that a single commissioner, institutionally independent and operating at arms-length from government, could not impartially and fairly balance any conflict between access and privacy concerns. Judges and administrative adjudicators engage in this kind of balancing on a daily basis. The fact that a single federal information and privacy commissioner would, in some respects, act as an advocate for both access and privacy principles would not detract from that commissioner's ability to balance the two values impartially in the few cases where they come into conflict. As mentioned, under the existing federal model, the Information Commissioner must balance access and privacy concerns
in making recommendations in cases where government institutions have refused an access request on the basis that compliance would entail the release of non-exempted personal information.
However, while I would not characterize the single commissioner model as creating what lawyers would call either a conflict of interest or a reasonable apprehension of bias, there is a danger that a merger (or the appointment of a single commissioner to preside over both offices) could diminish the vigour with which the access or privacy regimes (or both) are overseen. As discussed, one strength of the current model is that it gives both access and privacy values a distinct, high-profile spokesperson. This may be especially important for advocates in both camps who, under the current regime, feel that they have an official champion. Whether by reason of predilection or circumstance, a single commissioner may at times emphasize one element of his or her mission at the expense of the other.
It was primarily for this reason that Information Commissioner Reid backed away from his 2003 merger proposal. His most recent views on the matter are instructive:
When you issue a public paper, you have to be prepared for the reaction to it. I received, in response to my paper of October 2003, a great deal of thoughtful feedback from members of Parliament, members of the media, academics, access requesters, the interim Privacy Commissioner, and from my provincial colleagues. Almost everyone disagreed with me. They made a strong case for keeping two commissioners and, thereby, ensuring a vigorous public debate about resolving conflicts between privacy and openness rather than incestuous, in-house discussion leading to a single-commissioner position.
Those who commented on my proposal, reminded me that the leaders and citizens of Canada have been well-served by having separate commissioners fighting and advocating for the values of openness and privacy. We have, as a result, a healthier balance between these two values in Canada than does the United States, where freedom of information takes pride of place, or than does Great Britain, where privacy holds sway.
I have been impressed by these arguments; I have recanted; I no longer advocate the single-commissioner model. I accept that there are few shortcomings in the dual-commissioner model and I now admit that the dual-commissioner model is far less open to abuse than would be the single-commissioner model. In the single-commissioner model, it is certainly possible that one value - openness or privacy - would get preferential treatment. In the single-commissioner model, that which is most healthy in a democracy - public debate - gives way to internal, bureaucratic discussion and compromise.
Commissioner Reid's position is supported by the Australian Law Reform Commission and Administrative Review Council, which considered a similar proposal to merge the freedom of information and privacy regimes in that country. It stated:
There is a need to ensure that the principles of openness and privacy each have a clearly identifiable and unambiguous advocate. The balance between FOI [freedom of information] and privacy can sometimes be a fine one and it may be difficult for an individual not to develop, or be perceived to have developed, a stronger allegiance to one over the other which could lead to accusations of bias in favour of either openness or privacy.
I do not wish to overstate the danger of favouritism inhering in the one commissioner model. At the provincial level at least, a single commissioner may be able to devote adequate attention to and concern for both access and privacy concerns. At the federal level, however, where the size of government is larger, the geographic expanse of the jurisdiction much greater, the range of threats to access and privacy broader, and the scrutiny of interested parties more acute, having two
"single purpose" commissioners best enables the vigorous oversight of Canadians' rights to both access to government information and personal privacy.
Even if a single federal commissioner were equally committed to access and privacy, there remains the question whether the commissioner would have the time to fulfill both mandates adequately. The appointment of a single federal
"Information and Privacy Commissioner" would require assistant or deputy commissioners to become much more involved in the management of the office. While the current Information and Privacy offices have assistant commissioners, in a merged office these officials would necessarily take on even greater responsibilities. The individuals in these positions are undoubtedly capable, but by definition the positions do not carry the same measure of credibility and prestige as a
"Commissioner." It is especially important for the Information and Privacy Commissioners to achieve and maintain a prominent public profile by, among other things, appearing personally at national and international conferences, parliamentary committee hearings, and public speaking
engagements. It is also crucial for the commissioners to be as involved as possible in the drafting of key policy papers, annual reports, and other publications. The active participation of the commissioners in these activities is, in my view, especially critical at a time when technological and other societal changes are presenting ever-greater challenges to the protection of the privacy and access rights of Canadians. A single commissioner would simply not be able to engage in these endeavours as frequently or extensively as two commissioners.
A merger or cross-appointment, moreover, would also likely diminish the commissioners' ability to be personally involved in the resolution of complaints. This would be particularly detrimental to the access to information regime. Information Commissioner Reid reports that he is currently able to review and approve approximately 90 percent of the complaints that are processed by his office. This
"hands-on" approach, he states, is necessary to maintain consistency in the handling of complaints and ensure that the vast majority of complaints are successfully resolved. I agree. Particularly in models where the commissioner has no order-making power (as is the case at the federal level), it is vitally important for the commissioner to be actively and visibly involved in the complaints resolution process. This involvement serves at least two important purposes. First, it helps the commissioner to foster and maintain relationships with the government officials responsible for access
decisions. And secondly, it allows the moral authority attaching to the office to be brought to bear, when necessary, to persuade government institutions to comply with their obligations under the Access to Information Act. Adopting a single commissioner model would detract from these objectives.
It is also likely that a merger would diminish the capacity of a combined office to engage in public education, research, consultation, policy advice, and other non-complaints related activities, especially with respect to privacy issues. In the early 1980's, when the Access to Information Act and Privacy Act were first adopted, access to information and privacy were often thought to be opposite sides of the same
"information management" coin. A quarter of a century later, it is apparent that this characterization is inapt. While the functions of the access to information regime have remained fundamentally unchanged, the range of issues and concerns related to privacy has expanded dramatically. In 2005, the Privacy Commissioner must assess and respond to the threats posed by an ever-increasing number of privacy-invasive technologies that did not exist (and could not even have been contemplated) in 1983. And this assessment must now be made not only in
relation to privacy threats emanating from government (which was the sole concern of the Commissioner until 2001), but also from those arising out of private sector activity. The range of concerns facing the Privacy Commissioner's office, moreover, is beginning to extend beyond the realm of informational privacy, and now includes such intrusions into private and domestic life as unwanted telephone and email solicitations. So whatever truth there may be to the
"same coin" adage (which some would contest), it is likely to become decreasingly relevant in the total landscape of future privacy protection needs.
The work of the Information Commissioner's office, in contrast, continues to be dominated by the complaint resolution process. Understandably, the Commissioner makes every attempt to resolve complaints in a timely manner. Given current resource constraints, his ability to achieve this objective is continually under strain. If responsibility for handling these complaints were given to a merged commission, there is a danger that vitally important policy work in the privacy field would be neglected in favour of the need to maintain reasonable turn-around times for access complaints. Some of the individuals I consulted indicated that this problem exists to some extent in a number of the provinces where the single commissioner model prevails.
In theory, the problem could be mitigated by giving a merged office sufficient resources to ensure an adequate level of service for both complaint resolution and other functions. In practice, however, governments have myriad and diverse funding priorities, and are not always able or willing to provide the resources necessary for agencies to fulfill every aspect of their mandates. The problem could also be mitigated to some degree by keeping the existing offices intact and appointing a single commissioner to preside over both. A single commissioner's time would still have to be split between the two offices, however, and any time devoted to ensuring the timely resolution of access complaints would take away from the commissioner's ability to engage in crucial policy work on the privacy side.
Again, it is important not to exaggerate the advantages of the two commissioner model in this context. The provincial experience demonstrates that a single commissioner can play an active role in resolving complaints, developing policy, and performing other necessary functions. The workload facing a single federal commissioner, however, would be substantially greater than that of any provincial commissioner. As mentioned, the federal commissioners deal with a larger and more decentralized bureaucracy. They must also grapple with many highly controversial access and privacy issues (such as those associated with law enforcement, national security, and international affairs) that are not nearly as prominent in the provincial sphere.
Lastly, the diversity of skills and breadth of knowledge that would be required of a single commissioner could make it more difficult to find an appropriate person to oversee both the access to information and privacy regimes. There are undoubtedly many talented persons in Canada who are experienced in both areas, including many of the individuals who are serving or have served as commissioners in the federal and provincial sphere. However, as we have witnessed, the effectiveness of agencies based on the ombudsman model is to a considerable extent dependent on the wisdom, savvy, and integrity of the individual in charge. There is always a risk that the person selected will, for one reason or another, not be up to the task. This risk would be magnified however, by requiring that person to perform an additional function.
To summarize, while I am confident that a single commissioner would be able to act fairly and impartially in the infrequent occasions when access and privacy values conflict, I am not nearly as confident that he or she would be able to devote adequate concern and attention to both values. For a variety of reasons, the demands facing the federal Information and Privacy Commissioners are greater than those placed on the provincial commissioners. There is consequently great advantage in having separate commissioners at the federal level, each serving as an official champion for a distinct value and each able to promote that value unencumbered by other commitments.
As stated at the outset of this Part, the burden of persuasion lies with those advocating a merger of the offices of the Information and Privacy Commissioners or a cross-appointment of a single commissioner to both offices. I have concluded that this burden has not been met. Each of the one and two commissioner models has advantages and disadvantages. In the abstract, neither is demonstrably superior to the other. But considering the unique features of the federal access to information and privacy environments, and the investments that interested parties have made in the existing structure, moving to a single commissioner model would, in my estimation, have a detrimental impact on the policy aims of the Access to Information Act, the Privacy Act, and the Personal Information Protection and Electronic Documents Act.
There is little practical conflict between the mandates of the two commissioners. In the rare cases where they have differing views, there is great benefit in having these views aired and debated in government, the courts, and public discourse. It may be that a single commissioner would be able to develop a more productive relationship with government on access issues, and so lead to a greater openness and transparency in public affairs. Given the nature of the federal bureaucracy and political environment, however, I am not confident that a merger or cross-appointment would lead to substantial improvements on this front. Lastly, there is an acute risk that switching to a single commissioner would diminish the attention that is currently provided to access and privacy rights. There is a real danger that a single
"Information and Privacy Commissioner" would be overburdened and thus unable to respond as effectively to the increasingly demanding challenges posed to both the
access and privacy regimes.
It can be seen, then, that while in theory there may be benefits to be gained from adopting the one commissioner model at the federal level, these benefits are modest and uncertain. The disadvantages of that model, in contrast, are both greater and more likely to materialize. I am therefore of the view that the better course to follow is to continue the system of two separate commissioners.
I am supported in this conclusion by the vast majority of the persons consulted during the course of conducting this review. The current federal Information Commissioner is now firmly opposed to a merger, and though she does not categorically dismiss the idea, it is evident from her written submissions that the Privacy Commissioner harbours serious concerns about it and clearly does not favour it at the present time. For their part, most of the former commissioners, as well as academics, users of the systems, practitioners, and advocates are solidly in favour of maintaining a two commissioner model. Perhaps most tellingly, the provincial Information and Privacy Commissioners consulted, though satisfied that the one commissioner system works very well in the provinces, were either adamantly opposed to a merger at the federal level or at least reluctant to endorse the idea.
If, however, a merger were ever proceeded with, it should be undertaken with an abundance of care. There was almost complete unanimity among those consulted that such a step should not be taken immediately. To do so would be very disruptive for both offices. This would be particularly true of the Privacy Commissioner's office, which is still reeling from the disruption caused by the events surrounding the retirement of the last permanent commissioner as well as the recent addition of the responsibilities assosciated with PIPEDA. Lastly, no merger or cross-appointment should occur until there has been time for comprehensive study and reform of the Access to Information Act, the Privacy Act, and PIPEDA.
- Date modified: