OTTAWA—Government agencies are asking telecoms and social media companies to turn over Canadians’ user data at “jaw-dropping” rates, with nearly 1.2 million requests in 2011 alone.

Which government and law enforcement agencies are requesting the data from the companies remains shrouded in secrecy. And the companies themselves are refusing to disclose further details, according to Canada’s privacy watchdog.

But privacy experts say the sheer number of requests, revealed Tuesday for the first time, is “staggering” in scale.

“I would have been surprised at 100,000,” said David Fraser, a privacy lawyer with McInnes Cooper. “The numbers that we had before today were incredibly vague; the numbers that we have now are unsettling.”

Information released by the federal privacy commissioner revealed that companies keep detailed records of access requests by government authorities, but do not report the numbers publicly.

Nine companies representing a “substantial portion” of the Canadian telecom market responded anonymously to the commissioner’s request for information.

Based on responses from just three of the nine providers, 784,756 users and accounts were subject to disclosure to government agencies in 2011.

It’s not clear from the report what information was sought by agencies, how much data was released, or what judicial oversight — if any — was involved.

The companies say they don’t inform their customers when their information is turned over to authorities, meaning the vast majority of those customers would have no knowledge of the transaction.

When asked if the companies would consider releasing the information to the privacy commissioner’s office, the telecoms responded with one word: “No.”

“We have tried, many times. We have sought out information from the telecoms to find out, and they’ve given us very general comments,” said Chantal Bernier, the interim privacy commissioner.

“We would like there to be a provision in law that creates a framework, a legal framework, to let Canadians know exactly what is (the scope of) the warrantless access.”

The Star requested interviews with Bell, Rogers and Telus. All three companies, in prepared statements, responded that they take the privacy of their customers very seriously.

“Any request for information about lawful access activities should be made to the law enforcement agencies involved,” wrote Jacqueline Michelis, a spokeswoman for Bell.

“Bell will not do so without guidance from applicable government authorities, including the Office of the Privacy Commissioner, as to the level of disclosure we are permitted.”

The Department of Public Safety declined an interview request by the Star. Industry Minister James Moore, whose department is responsible for the telecom sector, refused to comment on the story when asked by reporters in the House of Commons.

While the information released Tuesday gives no indication what data is being sought, documents tabled in Parliament earlier this month provide a clue.

The Canada Border Services Agency made almost 19,000 requests for data between April 1, 2012 and March 31, 2013. The vast majority of those requests were for “basic subscriber information,” and did not require a warrant.

Michael Geist, one of Canada’s leading Internet privacy experts, said “basic subscriber information” is actually a very broad term that allows police agencies to link Internet activity to a customer’s identity.

Geist, who also writes a weekly column for the Star, said legislation currently before Parliament will actually expand the number of organizations that can ask telecoms and social media companies to voluntarily hand over their customers’ information, and protect those companies from civil or criminal lawsuits.

“It is a structure that allows for the massive disclosure of personal information with no court oversight whatsoever,” Geist said.

Loading... Loading... Loading... Loading... Loading... Loading...

“It’s stunning to think that this is what the government is proposing.”

Geist said most Canadians are not aware that their data is being passed from companies to the government and would have little choice in the matter even if they did.

“What choice do you have, other than simply going off-line? The reality is your data is out there, it’s obviously being collected, and it can be used and disclosed many times without any kind of oversight,” he said.