Canada’s cyber spy agency says it mistakenly shared Canadians’ data with foreign partners between 2020–2023, raising privacy concerns.
Intelligence Watchdog Flags Privacy Breach
Canada’s Communications Security Establishment (CSE) has acknowledged it improperly shared information about Canadians with international intelligence partners between 2020 and 2023. The revelation came after a review by Intelligence Commissioner Simon Noël, whose annual oversight report was tabled in Parliament earlier this week.
Incident Triggers Ministerial Notification
CSE spokesperson Janny Bender Asselin confirmed that the agency notified the Minister of National Defence last year upon discovering that it failed to properly strip Canadian data from intelligence shared with allied nations. The data had been gathered incidentally during operations targeting foreign entities.
Scope and Partners Remain Undisclosed
While CSE emphasized that it acted swiftly to contain the breach, it has not revealed how many Canadians were affected or which countries received the data. The agency claims operational security limits further disclosure. However, CSE said it sought confirmation from its partners that the improperly shared data has been deleted.
Oversight Measures Bypassed
The report from Commissioner Noël noted that the incident occurred despite existing legal safeguards. Under Canadian law, CSE must obtain ministerial authorization for operations that could impact the privacy of Canadians, with the commissioner ensuring compliance. In this case, the agency did not adhere fully to the conditions of its authorization.
Public Trust and Transparency Challenged
The disclosure has sparked criticism from privacy advocates and legal experts. Matt Malone, director of the Canadian Internet Policy and Public Interest Clinic, called the incident a serious breach of public trust. He warned that it highlights longstanding concerns about CSE’s expanding role under new cybersecurity legislation, including Bill C-8, which would mandate incident reporting by private industry.
Internal Review and Legislative Context
The CSE says the matter will be addressed in more detail in its upcoming annual report. It has also reported the breach to federal oversight agencies, including the Office of the Privacy Commissioner. Meanwhile, critics argue the case adds urgency to reform efforts aimed at tightening privacy protections across federal intelligence and cybersecurity operations.
For continuous coverage and real-time updates, keep following Maple News Wire.
