Indigenous governments require access to data needed to govern. Privacy statutes provide pathways to such access, whether by enabling data flows from the private sector to government institutions or by enabling data flows between different types and levels of government institutions. But the new proposed privacy legislation—like the existing Personal Information Protection and Electronic Documents Act (PIPEDA)—treats some forms Indigenous government the same way it treats banks and telecoms. Indigenous governments should not be regulated as if they were part of the federally regulated private sector. Nor should they necessarily be made subject to the public sector legislation. For one thing, public sector legislation also required an overhaul for consistency with UNDRIP. But more importantly, we need to create legislative pathways to recognize Indigenous data laws.
Indigenous data should be governed according to Indigenous laws and values. Although this will take time to implement, there is no excuse for ignoring potential short-term steps to improve non-Indigenous laws. For example, there are a number of provisions in the new proposed privacy law that permit the disclosure of personal information for research purposes. Such provisions already exist in our current laws. However, there are no guardrails to require that where this is the information of Indigenous persons that the research adhere to OCAPⓇ principles (Ownership, Control, Access and Possession)—a set of principles developed by the First Nations Information Governance Centre and already operationalized in research across the country.
Other provisions of the new proposed privacy law permit the disclosure of “de-identified information” without knowledge or consent for “socially beneficial purposes.” However, again, there is no requirement that where this information pertains to Indigenous communities that there be authorization from those communities. There are better models to follow—including BC’s new Anti-Racism Data Act, which has a number of provisions requiring consultation and collaboration with Indigenous peoples.
There are many other provisions that should be re-examined through an Indigenous Data Sovereignty lens.
In its original consultations regarding the Digital Charter, the federal government indicated that it heard from Indigenous Peoples and received the message that the goal of Indigenous Data Sovereignty needed to be respected, including frameworks like the OCAPⓇ principles, and that digital and data transformation must be assessed through the lens of Canada’s obligations to implement UNDRIP. Unfortunately, none of this translated into Bill C-27’s implementation of the Digital Charter. This is unacceptable.
Indigenous Data Sovereignty requires a fundamental rethink of many of Canada’s data laws, not just those laws proposed in Bill C-27. But the need for a comprehensive future plan should not be an excuse for the lack of a current plan of any kind. The path towards reconciliation includes our digital world and it needs to start now.