M. Imtiaz Karamat is an IP Osgoode Alumnus and Associate Lawyer at Deeth Williams Wall LLP. This article was originally posted on E-TIPS™ For Deeth Williams Wall LLP on August 10, 2022.
On July 14, 2022, the Office of the Privacy Commissioner of Canada (OPC) provided its submission in response to a consultation launched by the Canada Border Services Agency (CBSA) on proposed Regulations for the Examination of Documents Stored on Personal Digital Devices (the Regulations).
The Regulations relate to Bill S-7, An Act to amend the Customs Act and the Preclearance Act, 2016, which strengthens safeguards around the examination of personal digital devices by CBSA officers and other border officials. The Regulations are meant to come into force as soon as possible following Royal Assent of Bill S-7 and would prescribe legally-binding controls for CBSA officers’ examination of personal digital devices. The CBSA opened the Regulations for public consultation in early April, with submissions due by July 15, 2022.
In its submission, the OPC notes that the Regulations, as currently drafted, address some of its concerns for border officers examining personal devices, such as (i) specifying the types of information that must be recorded by examining officers; and (ii) requiring officers to take “necessary steps” to ensure only documents stored on the device are accessible during examination. The OPC recommends that the Regulations be further enhanced to build on these elements and add other features that are not addressed in the current proposal, including the following:
- Note-Taking Requirements: The Regulations already require examining officers to record certain information when examining personal digital devices and the OPC proposes to build on this by requiring officers to note (A) if the officer changes their rationale for examining the device during the investigation; (B) the reason(s) why a particular document was examined; (C) any relevant communication between the officer and traveler; and (D) whether the search was resultant or not, and further steps taken after making this determination.
- Disabling Network Connectivity: The OPC proposes that the Regulations should expressly impose technical limitations to ensure the scope of the examination is limited to locally stored documents, such as requiring the activation of “airplane mode”, deactivating any WiFi connection, and ensuring the device is not sharing a connection with another device through Bluetooth or otherwise.
- Password Collection and Retention: The OPC considers passwords to be sensitive personal information when paired with other identifiers or matched with the device it unlocks. Therefore, it recommends that the Regulations add express controls around password collection, such as not retaining passwords when an examination is non-resultant.
- Solicitor-Client Privilege. The OPC recommends that the Regulations be amended to include the CBSA’s current policy requirements for dealing with solicitor-client privilege and other types of sensitive information of this nature.