Earlier this week, I opened my mailbox to find the above pictured campaign flyer from the Conservative Party. The flyer asks “Who Is the Real Friend of Israel and the Jewish Community in Canada” on the outside and tries to make the case for the Conservatives on the inside. The flyer was personally addressed to my family and was apparently sent to many Jewish households (or presumed Jewish households). As I noted in a tweet yesterday, I don’t know how my family made it into the Conservative party list. The party might have visited the house, saw a mezzuzah on the door, and made the connection. Maybe it bought a list with the name from a community organization or publication. Or perhaps it just guessed based on geographic areas or names.

Regardless, there are three things I do know. First, this is not the first time this has happened as Jewish new year mailers were sent out years ago by the Conservatives. Second, there is a long history that tells us that lists of Jewish households is a bad idea. Third, successive governments – whether Liberal or Conservative – have declined to do anything about this, preferring that political parties operate with few privacy law restrictions or obligations. As a result, I am unable to file an access request with the party to identify how my family ended up on the list.

The political party loophole in Canadian privacy law has been identified as a problem for many years. PIPEDA, the private sector privacy law, only covers commercial activities, leaving political parties outside its scope. The Privacy Act, the public sector privacy law, applies solely to the federal government, which does not encompass political parties. To date, only British Columbia has adjusted its privacy law to cover political parties. Bill C-76, the electoral reform law, creates requirements for a privacy policy but little else. In fact, as the Privacy Commissioner of Canada notes in its guidance document they have no oversight role with respect to these new obligations.

The issue has attracted increasing attention in recent years, particularly in the aftermath of the Cambridge Analytica scandal and the realization that the combination of political parties, mass data collection, and no privacy laws creates significant risks for individual Canadians. Last December, the Standing Committee on Access to Information, Privacy and Ethics released a report titled Democracy Under Threat: Risks and Solutions in the Era of Disinformation and Data Monopoly. The first recommendation calls for the application of privacy legislation to political parties:

That the Government of Canada amend the Personal Information Protection and Electronic Documents Act in order to subject political parties to it, taking into account their democratic outreach duties.

Note that this recommendation came despite the fact that during the hearings the Liberal party witness opposed the measure (“The LPC does not support extending the application of PIPEDA in its current form to political parties, as it’s intended to address commercial activity. It’s not intended to address political activity.”) and the Conservative party witness declined to take a position (“He did not wish to take a position on whether political parties should be subject to privacy laws or whether the Privacy Commissioner should have oversight authority over political parties’ activities”). Only the NDP witness supported the change (“stated unequivocally that the federal government should extend the application of PIPEDA to political parties.”). Yet the committee was persuaded to make the recommendation after also hearing from academic experts, the Chief Electoral Officer, and the Privacy Commissioner of Canada.

Despite the strong record and committee recommendation, the government declined to implement the recommended reforms. Its response stated:

The Government recognizes that the operating environment for political parties has changed significantly in recent times. With the rise of social media, it is easier than ever to reach voters and to gather a wide range of personal information on the electorate. Given this, and the important role political parties play within Canada’s democracy in educating and mobilizing the electorate, they are vulnerable to threats and attacks from malicious actors, which, if successful, could significantly undermine the public’s trust and damage our democratic institutions and processes.



To help ensure that political parties do their part to protect Canadians’ personal information, measures were introduced in Bill C-76, the Elections Modernization Act, which received Royal Assent on December 13, 2018. Political parties will be required to have a publicly available, easily understandable policy for the protection of personal information. Political parties will also be required to submit their privacy policy as part of their application for registration with Elections Canada and will have to maintain it to keep their registered status. These measures will serve as an important first step to ensuring greater transparency about the ways political parties collect, secure and use data. The Committee’s recommendations will inform the Government as it continues to reflect on the extension of Canada’s privacy protection frameworks to political parties.

Merely relying on published privacy policies isn’t good enough. As Liberal cabinet ministers tweet their disapproval of the Conservative flyer, a more meaningful response would be a commitment that this will be the last federal election in which Canada’s political parties are not subject to binding and enforceable privacy laws.