A Proposal for Privacy Innovation in Canadian Law, Technology, and Corporate Culture

Waël Hassan, PhD (Founder, KI Design)

October 2016

Note: This submission was contributed by the author to the Office of the Privacy Commissioner of Canada’s Consultation on Consent under PIPEDA.

Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.


Summary

Many believe that privacy as we know it is at a crossroads. Can data protection flourish in this brave new world of technological change, or will it decay? Economic, legal, technical, and corporate innovation will all be crucial in helping to direct the future of data protection in Canada. The OPC’s consultation paper is on point and rather needed as privacy laws have become dated. This proposal will address the four questions put to stakeholders:

1. What roles, responsibilities and authorities should the parties responsible for promoting the development and adoption of solutions have to produce the most effective system?

We will begin by proposing new relationships between government, technology entrepreneurs, and corporate and business leaders to strengthen and enhance privacy in Canada. Privacy-focused strategic alliances between government, major corporations, and innovation agencies can offer significant benefits to their various stakeholders, resulting in economic growth, improved legal compliance, and stronger privacy protections for individuals.

2. What, if any, legislative changes are required?

The EU’s pending data protection legislation contains many elements that Canada should consider adopting, including a horizontal legal approach, mutual responsibility for data, national regulation of multinational corporations, strong compliance validation mechanisms, breach notification requirements, financial penalties, and individual and collective options for recourse.

3. Of the solutions identified in the discussion paper, which ones have the most merit and why?

Emerging technologies have great potential to support privacy and individual control over personal data. Risk-based de-identification can be used effectively to protect privacy in big data contexts. Data “tagging” can support the management of privacy preferences across services, and in future could allow individuals to maintain control over personal content shared online.

Additional enforcement powers for the OPC are another key solution. The European Union offers an example of a strong governance and enforcement model that can effectively motivate corporate compliance with privacy laws.

4. What solutions have we not identified that would be helpful in addressing consent challenges and why?

Apart from the question of individual consent, a public conversation is needed about the ethical use of big data, even in anonymized form. The OPC can act to create more dynamic and accessible forums for individuals to express their concerns and complaints about how their data is used by corporations and other entities.

The full submission is available in the following language(s):

English (PDF document)

Note: As this submission was provided by an entity not subject to the Official Languages Act, the full document is only available in the language provided.
Date modified: