 |
| Ayo Adesomoju |
This two-part series begins by examining some legislative framework governing municipal transparency and analyzing key decisions from the Information and Privacy Commissioner of Ontario (IPC) and the court to demonstrate that transparency is a legal obligation.
Part one (see below for link) emphasizes that transparency and privacy obligations must be balanced and demonstrates that they are not legally inconsistent. Building on the foundation set in part one, part two shows how the two duties work together in practice, forming a complementary regime that requires municipalities to balance openness with responsible information management. The article concludes with best practice recommendations for public sector professionals.
1. Overview
The first article examined the legislative foundations of transparency in municipal governance, focusing on statutory obligations under the Municipal Act, 2001, the Planning Act and other Ontario statutes that mandate openness and public access to information. Through an analysis of public meetings, records, planning processes and relevant IPC decisions, the article demonstrated that municipalities are often legally required to disclose information including, in some circumstances, personal information as part of accountable and participatory governance.
This follow-up article builds on that foundation by examining how those transparency obligations interact with the Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M.56 (MFIPPA), and how privacy laws and regulations do not operate as a barrier to openness, but as a framework for responsible and principled information management.
2. MFIPPA and the privacy framework
Alena Butusava: ISTOCKPHOTO.COM
Balancing transparency and privacy
In its guidance document Open Government and Protecting Privacy, (March 2017), the IPC emphasizes that privacy is not an obstacle to transparency; rather, proactively managing privacy risks is essential to making open-government initiatives work. Effective open-government practices must increase public access to information without disclosing personal data, as releasing identifiable details can cause significant and lasting harm. Consistent with this principle, Ontario’s Open Data Directive expressly forbids the publication of personal information under the Open Government Licence, reinforcing that openness must always be paired with strong privacy safeguards.
Access rights
Section 4 of MFIPPA establishes the Act’s core commitment to transparency by granting the public the right of access to records, subject to exemptions that protect sensitive information, including personal information. MFIPPA strictly limits the collection, use and disclosure of personal information unless a legal authority permits otherwise and s. 32 of MFIPPA allows disclosure where another statute expressly authorizes it.
The Supreme Court of Canada in Dagg v. Canada (Minister of Finance), [1997] 2 S.C.R. 403, a case decided under similar provisions in the Access to Information Act, R.S.C., 1985, c. A-1, illustrates that access to government information must be balanced with a broad and protective view of personal privacy, emphasizing that identifiable details should not be disclosed unless there is a clear and compelling public interest.
IPC Orders underscore that disclosure decisions must consider statutory exemptions and the public interest. In Order PO-3973; Cabinet Office (Re), [2019] O.I.P.C. No. 155, the IPC decided that the premier’s mandate letters were not exempt under s. 12 of FIPPA (Freedom of Information and Protection of Privacy Act, R.S.B.C. 1996, c. 165), which is the provincial equivalent of s. 6 of MFIPPA, because they did not reveal the substance of cabinet deliberations. The IPC emphasized that statutory exemptions should be interpreted narrowly and not used to shield information that does not genuinely meet the legislative criteria.
3. Are transparency laws and MFIPPA in conflict?
In Schachter v. Canada, [1992] 2 S.C.R. 679, the Supreme Court of Canada explained that legal inconsistency arises only where two rules are mutually exclusive; they cannot operate concurrently as compliance with one results in the breach of the other.
That is not the case when municipal transparency obligations intersect with privacy protections. The Planning Act and the Municipal Act clearly require municipalities to disclose certain information as part of open and accountable governance. MFIPPA, in turn, expressly allows disclosure where another statute mandates it, ensuring that transparency requirements can be met without violating privacy law.
Practical or administrative difficulties do not create a legal inconsistency; they simply require thoughtful implementation. Taken together, these statutes operate in a complementary manner: transparency laws determine what information must be made public, while MFIPPA ensures that only the necessary information is disclosed, and that personal information is protected wherever possible.
4. Best practice for municipalities
To navigate the balance between transparency and privacy, municipalities should adopt the following practices:
- Apply a privacy impact or “invasion of privacy” test to evaluate each disclosure on a case-by-case basis.
- Provide clear notice of collection, especially where information will form part of a public record.
- Limit disclosure to what is statutorily required and avoid publishing unnecessary personal information.
- Limit automated tools from accessing and indexing published content by putting technical controls in place that ensure only genuine human visitors, not automated systems, can view certain online information.
- Adopt retention and de-publication policies to remove sensitive and personal information once no longer required to be published.
- Maintain written policies and staff training on transparency and privacy obligations.
- Establish an escalation path for sensitive or high-risk cases.
Conclusion
Municipalities operate at the intersection of transparency and privacy. While statutes such as the Planning Act and Municipal Act mandate openness, MFIPPA ensures that personal information is handled responsibly. These laws are not contradictory; they form a coherent framework that supports democratic participation while protecting individual rights.
By adopting thoughtful policies and best practices, municipalities can meet their legal obligations, maintain public trust and uphold the values of openness and accountability that underpin Canadian public service.
This is part two of a two-part series. Part one: Balancing transparency and privacy in municipal governance: Analysis of the Planning Act and MFIPPA.
Ayo Adesomoju is a corporate privacy officer with the Regional Municipality of Hamilton and a certified privacy professional. He has extensive experience advising on privacy, data governance and regulatory compliance, with a background in commercial law. His work focuses on operationalizing privacy compliance, risk mitigation and responsible use of emerging technologies. Ayo may be contacted via amadesomoju@gmail.com.
The opinions expressed are those of the author and do not reflect the views of the author’s employer, its clients, Law360 Canada, LexisNexis Canada or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
Interested in writing for us? To learn more about how you can add your voice to Law360 Canada, contact Analysis Editor Yvette Trancoso at Yvette.Trancoso-barrett@lexisnexis.ca or call 905-415-5811.