The Competition Bureau is scrutinizing the data practices of the Liberals, Conservatives and NDP, in response to a complaint from a group founded by Jim Balsillie. The move could change how federal political parties are required to treat personal information, which has so far been exempt from privacy laws.
The investigation: The federal antitrust watchdog is looking into “allegations that the three political parties have made misleading statements about the manner in which they collect, use and/or disclose the personal information of Canadians,” spokesperson Marie-Christine Vézina confirmed in a statement to The Logic.
The complaints: In September 2019, the Centre for Digital Rights (CDR)—a non-profit started by Balsillie, the former co-CEO of Research in Motion (now BlackBerry)—asked the bureau to look into “the large scale misuse of big data and targeted digital advertising” by the three parties, as well as their “harvesting techniques, analytics [and] algorithms.” The group claims those actions violate the Competition Act’s provisions against deceptive marketing practices. The CDR has also filed objections to the parties’ data practices with the federal and B.C. privacy commissioners, the Canadian Radio-television and Telecommunications Commission and the commissioner of Elections Canada, alleging violations of the privacy, anti-spam and voting laws, respectively. The group said the various regulators are considering its complaints.
The legal situation: Federal political parties aren’t covered by Canada’s consumer or government laws on personal information, meaning they don’t have to report data breaches to those affected or the federal privacy commissioner, and individuals can’t find out what data the organizations have collected on them. That exemption exists despite repeated recommendations from regulators and parliamentary committees, and it means the federal privacy commissioner’s office likely won’t be able to enforce the results of any CDR-prompted investigation. It may have more luck in B.C., where the provincial watchdog has asserted that it has jurisdiction over federal parties. Meanwhile, Canada’s updated elections legislation does require parties to publish privacy policies, but the privacy commissioner’s office found they fell short of the principles it and the elections commission issued.
Why it matters: Since the privacy probes are unlikely to yield enforceable results, and the Liberal government is calling for yet more parliamentary study before making any changes to the relevant laws, antitrust action may be the most promising route for the CDR. In a February 2018 report, the Competition Bureau stated that organizations “should truthfully represent pertinent information [about their collection of data to allow consumers to make informed choices,” and that “using data to deceive”—for example, targeting advertising at vulnerable individuals—is covered under existing law, just like other misleading practices.
What happens next: The Competition Bureau is in the process of gathering evidence about the parties’ practices, and “there is no conclusion of wrongdoing at this time,” Vézina said. But generally, the watchdog has the option to take civil instances of deceptive marketing practices to the Competition Tribunal or the courts, which can order an end to offending practices and fine organizations up to $10 million.
Didn’t make the cut: The Greens, the only party to experience a data breach in the 2019 federal election—when it published campaign training videos containing real voters’ personal information—and the Bloc Québécois are not currently part of the investigation.
Continue the conversation on The Logic Council, our subscriber-only Slack channel.