Skip to content.

B.C. Privacy Regulator Finds B.C. Privacy Law Applies to Federal Political Parties

On March 1, 2022, the B.C. Office of the Information and Privacy Commissioner (“BC OIPC”) found that the B.C. Personal Information Protection Act (“PIPA”) applies to federal political parties.[1] This decision is the first in which a privacy regulator in Canada has asserted jurisdiction over federal political parties.[2] It signals to federal political parties that they must ensure their personal information collection, use, and disclosure practices in British Columbia comply with PIPA, even if they are not subject to similar requirements in other provinces. Below, we summarize the decision and what it means for federal political parties in greater detail.

The Decision

Three B.C. residents asked four registered federal political parties — all unincorporated associations — for information about the parties’ collection, use, and disclosure of their personal information. All four parties responded. Dissatisfied, the individuals filed a complaint with the BC OIPC under PIPA. Three parties objected on the ground that PIPA does not apply to them.

The BC OIPC disagreed. It made five key findings:

  1. Federal political parties are “organizations”. PIPA applies generally to “every organization”.[3] Federal political parties fall within PIPA’s broad definition of “organization[s]”, which includes “unincorporated association[s]”.[4] They are therefore presumptively subject to PIPA.
     
  2. Federal political parties are not excluded from PIPA’s application. PIPA does not expressly exclude political parties from its scope. Nor does the exclusion[5] for personal information collection, use, or disclosure covered by the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) apply. PIPEDA does not cover all activities of federal political parties, which do not qualify as federal “works, undertakings or businesses”.
     
  3. PIPA is valid. PIPA is a valid provincial law. Its purpose is to protect personal information by regulating organizations’ personal information handling practices. Although PIPA may have incidental effects on elections, those incidental effects do not make the law invalid. PIPA falls within the provincial government’s powers over property and civil rights in the province,[6] and over matters of a local or private nature.[7]
     
  4. PIPA is operable. The constitutional doctrine of paramountcy renders a valid provincial law inoperative to the extent that it conflicts with a valid federal law. This doctrine does not apply because PIPA does not conflict with any federal law. For example, PIPA does not conflict with the Canada Elections Act (“CEA”), which governs federal elections in Canada.
     
  5. PIPA is applicable. The constitutional doctrine of interjurisdictional immunity renders a valid provincial law inapplicable to the extent that it seriously intrudes on the core of a federal head of legislative power. This doctrine does not apply because PIPA does not seriously intrude on the legislative authority necessary to enable federal political parties to carry out their mandates.

The respondents have until March 31, 2022 to apply to the B.C. Supreme Court for judicial review of the BC OIPC’s decision.

What the Decision Means for Federal Political Parties

The BC OIPC’s decision means that federal political parties’ personal information collection, use, and disclosure practices in British Columbia must comply with PIPA. This decision creates new challenges for federal political parties.

At the federal level, PIPEDA generally applies to organizations that collect, use, or disclose personal information “in the course of commercial activities”.[8] The Office of the Privacy Commissioner of Canada (“OPC”), which is responsible for administering PIPEDA, has interpreted the words “commercial activities” as not covering the “general activities” of federal political parties.[9] The OPC has suggested, however, that

a federal political party could be subject to the Act to the extent that it engages in a “transaction, act or conduct or any regular course of conduct” that is of a commercial character. This could be the case, for example, were a federal political party to sell, barter, or lease a donor or membership list, an activity expressly contemplated by the definition of “commercial activity”. It could also be the case where a registered political party engages in “pure commercial transactions” … , for instance, when a political party sub-leases an office at fair market value.[10]

Thus, according to the OPC, federal political parties must comply with PIPEDA to the extent they collect, use, or disclose personal information in the course of “commercial activities”.[11]

In addition, the CEA requires federal political parties to meet certain privacy requirements. For example, following the December 2018 enactment of the Elections Modernization Act, the CEA requires federal political parties to adopt, file, and publish a privacy policy containing prescribed elements.[12] The OPC has issued guidance on these elements and best practices for federal political parties’ privacy policies. The CEA also prohibits federal political parties from using personal information contained in the list of electors for any unauthorized purposes.[13] These requirements apply uniformly across Canada, consistent with the CEA’s objective of establishing a level playing field for federal elections.

At the provincial level, only Alberta, Quebec, and British Columbia have enacted private sector privacy laws. Alberta’s privacy law expressly excludes registered parties,[14] whereas Quebec recently amended its elections laws to apply only certain provisions of its privacy law to political parties.[15] In British Columbia, the BC OIPC has interpreted PIPA as covering both provincial[16] and federal[17] political parties. Ontario has proposed enacting a privacy law that would cover political parties,[18] but has not yet introduced a bill. Political parties are thus subject to different privacy law requirements depending on the province in which their activities take place.

Consequently, the privacy law landscape for federal political parties in Canada is growing increasingly complex. This increasing complexity comes at a time when federal political parties’ digital engagement with voters is at an all-time high. Within this complex landscape, federal political parties need to develop sound strategies for engaging effectively with voters while complying with all applicable privacy law requirements.

We Can Help You

Our Public Sector group has decades of experience advising and representing both government actors and private enterprises that do business with governments. Please contact Awi Sinha to learn more about how we can help you.

  _____________________________________________

[1] Conservative Party of Canada (Re), 2022 BCIPC 13.

[2] In an earlier decision, however, the BC OIPC found that PIPA applies to federal riding associations: Courtenay-Alberni Riding Association of the New Democratic Party of Canada (Re), 2019 BCIPC 34.

[3] Personal Information Protection Act, S.B.C. 2003, c. 63 [PIPA], s. 3(1).

[4] PIPA, s. 1.

[5] PIPA, s. 3(2)(c).

[6] Constitution Act, 1867, s. 92(13).

[7] Constitution Act, 1867, s. 92(16).

[8] Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 [PIPEDA], s. 4(1)(a).

[9] OPC, “Letter Regarding Complaint Against Federal Political Parties” (25 March 2021). See also Barbara McIsaac, Kris Klein & Shaun Brown, Law of Privacy in Canada (Toronto: Thomson Reuters) (electronic loose-leaf, updated March 2022), § 4:36, fn. 10.

[10] OPC, “Letter Regarding Complaint Against Federal Political Parties” (25 March 2021) [emphasis in original].

[11] The proposed new federal privacy law — Bill C-11, the Consumer Privacy Protection Act, which died on the order paper when Parliament was dissolved in August 2021 — did not expressly cover federal political parties. For more on the proposed Consumer Privacy Protection Act, see our Deep Dive on Bill C-11.

[12] Canada Elections Act, S.C. 2000, c. 9 [CEA], s. 385(2)(k).

[13] CEA, s. 111(f).

[14] Personal Information Protection Act, SA 2003, c P-6.5, s. 4(1)(m).

[15] Bill 64, An act to modernize legislative provisions as regards the protection of personal information (2021, c. 25, assented to 22 September 2021), s. 86. For more on Bill 64, see our Bill 64 Blog Series.

[16] See, e.g., BC OIPC, Investigation Report F13-04 (1 August 2013), at 7-8; BC OIPC, Investigation Report P19-01 (6 February 2019), at 7.

[17] Conservative Party of Canada (Re), 2022 BCIPC 13.

[18] Government of Ontario, “Ontario Private Sector Privacy Reform” (Discussion Paper) (13 August 2020), at 3.

Authors