Law in Quebec

The Quebec government last year published a 191-page discussion paper that pledged to curb the culture of secrecy that is seemingly well-entrenched within the public sphere by relaxing restrictions and vowing to taking a proactive approach towards releasing information. But the Commission said the government’s proposals do not go far enough to close the loopholes that currently exist and nor does it introduce measures to strengthen the province’s privacy legislation, both of which should be “modernized” simultaneously to ensure the harmonization of rules and concepts, said the report.

The paramountcy of public interest should be at the heart of reforms to access to information legislation, asserts the Commission. Access to documents in the hands of public bodies should be the rule rather than the exception, something that is not the case. Legislative exemptions are often scripted in very broad terms, noted Poitras. In many cases exemptions allow a public body to deny access to a document simply because it corresponds to a certain category of information. In other cases, a public body can reject a request for a government report if the report is less than 10 years old. In yet others, the decision rests in the hands of civil servants who do not have to provide any justification for their refusal.

“Little by little, stroke by stroke, law after law there were exemptions that were added, and faced with these restrictions judges took a conservative approach and themselves added yet more restrictions,” said Vincent Gautrais, a Université de Montréal law professor and chair holder of the L.R. Wilson Chair in Information Technology and E-Commerce Law. “Even interpretations by the Commission’s  administrative adjudicators at times added to the restrictive jurisprudence.”

The Commission’s report recommends that public bodies should only be allowed to refuse access to information requests only if there is a “real” risk of harm. “Why should a report that contains advice or recommendations be in itself confidential,” asked rhetorically Poitras. “One must evaluate the context and possible consequences of divulging the information to decide whether or not it should be accessible.”

The Commission also “invites” the provincial government to close loopholes now in existence that grant professional corporations “quasi absolute” discretion to decide what documents it can release. And it urges the government to clarify access to information provisions surrounding professional secrecy because a growing number of public bodies are invoking professional secrecy to deny access to documents prepared by professionals covered by Quebec’s Professional Code. Though all Quebec professionals subjected to the Code can invoke professional secrecy, the report believes that professional secrecy should be summoned only in exceptional circumstances when refusing access to information.

On the privacy front, the Commission recommends following in the footsteps of the federal government and make it a mandatory requirement for organizations to give notice to affected individuals and the Commission when a data breach takes place. (The federal Digital Privacy Act received royal assent more than a year ago but is still not in force because the federal government has to complete the drafting of data breach notifications and reporting regulations). The Commission is also calling on the provincial government to bolster consentment requirements around the collection, use or disclosure of personal information by including the notion of “sensitive” information.

All in all, the Commission’s 67 recommendations fall broadly into three distinct categories, remarked Loïc Berdnikoff, an access to information and privacy expert with Montreal law firm Lavery, de Billy. Some of the recommendations essentially seek to legislate certain rules that were developed over the years by jurisprudence to “eliminate any ambiguities,” other recommendations such as data breach notifications strive for a “certain homogeneity” with Canadian jurisdictions, and yet others will impose new obligations on public and private organizations alike, said Berdnikoff. “The report seeks to address some of the difficulties the Commission has faced over the past few years or expects to face in the future,” said Berdnikoff. “The Commission is hoping for greater transparency within public bodies while providing greater protection around the collection and use of personal information. Obviously this was a very strong statement by the Commission that something needs to be done, and it’s not just a general statement. They have been able to identify at least 67 problems.”

Gautrais believes that the Commission’s recommendations are far too fussy and not nearly as ambitious and bold as they should have been. He also warns that careful thought should be given to a legislative overhaul as legislators, albeit with good intentions, end up creating more problems than solving them when trying to address issues sparked by new technologies.

“What the Commission is doing with this very long report is patch things up,” said Gautrais. “Almost all of the recommendations are centred on details. But judges on the whole already do a good job of adapting changes into current legislation. Each time legislators decide that because there are new technologies the legislation should be changed, there are new difficulties and challenges. As a general rule, jurisprudence does a relatively good job of adapting to new realities.”