Appearance before the Standing Committee on Access to Information, Privacy and Ethics on the Briefing with the Information, Privacy, Lobbying, and Conflict of Interest and Ethics Commissioners

February 23, 2016
Ottawa, Ontario

Opening Statement by Daniel Therrien
Privacy Commissioner of Canada

(Check against delivery)


Good morning Mister Chair and Members of the Committee.  I am delighted to appear before you today to introduce the work of my office and share with you our priorities for the coming years.  The mission of the Office of the Privacy Commissioner of Canada is to protect and promote the privacy rights of individuals.  To that end, my Office is responsible for overseeing compliance with the Privacy Act, which covers federal institutions, and the Personal Information Protection and Electronic Documents Act – or PIPEDA – Canada’s federal, private sector privacy law. PIPEDA does not apply in provinces that have enacted substantially similar legislation, except in relation to federal works, undertakings and businesses, or interprovincial or international transfers of personal information.  We have a strong collaborative relationship with provincial privacy commissioners.

My office protects privacy rights by, for example, investigating complaints, conducting audits and pursuing court action. Our goal, within the limits of our ombudsman role, namely to make recommendations and not binding orders, is to ensure that departments and organizations comply with their legal obligations and that the rights of individuals in relation to the collection, use and disclosure of their personal information are respected.

We promote privacy rights by, for example, publishing our own research and funding independent research into privacy issues, engaging in public education and stakeholder outreach activities and by publishing relevant material on our website, including tips and guidance.

Strategic Privacy Priorities

The fast-paced evolution of the digital world, which many characterize as a fourth industrial revolution, is having a profound impact on privacy.  Technologies, such as always-on smartphones, geospatial tools, wearable computing, cloud computing, “Big Data” (advanced analytics), genetic profiling and the Internet of Things, raise significant, novel and highly complex privacy issues regarding collection, use and disclosure of personal information.  New technologies bring many benefits for individuals and economic growth for society.  But they also raise important risks, such as government and corporate surveillance, and potentially the loss of personal control and autonomy. 

In this complex, new environment, modernization of our privacy frameworks and the pressing need for greater transparency around how technology is used is critical to maintaining citizens’ trust in government and the digital economy.

Last year, after wide-ranging consultations with various stakeholders, we established four strategic privacy priorities to help achieve the ultimate goal of helping Canadians exercise greater control over their personal information.  These priorities, which will guide our work for the next few years, are as follows:

The economics of personal information

With this priority, we aim to enhance the privacy protection and trust of individuals so they can participate in the digital economy with confidence.  One of our first key actions will be starting an exercise to examine the consent model and identify ways to enhance users’ control. 

This spring, we will produce a discussion paper outlining challenges with the current model.  We will then consult stakeholders on potential solutions, ranging from enhanced notices and information to consumers, technological solutions, greater self-regulation and accountability by organizations, to enhanced government regulation.  We should be able to suggest solutions some time in 2017, apply those that are within our jurisdiction immediately, and recommend legislative amendments, if necessary. 

Government surveillance

Under government surveillance, our goal is to contribute to the adoption and implementation of laws and other measures that demonstrably protect both national security and privacy. 

Our initial work, already under way, is to carry out a review of how the information-sharing provisions of the Anti-Terrorism Act of 2015 are being implemented.  The results of our survey, we hope, should provide a more concrete basis on which to assess the legislation and make any further recommendations regarding possible amendments.  We will publish our initial findings in a report to Parliament later this year.

We also plan to be active on the issue of warrantless access by law enforcement to the personal information of citizens held by private-sector organizations.  Last June, we provided input into Industry Canada’s transparency guidelines, which establish standards for transparency and accountability reports from companies that share personal information with law enforcement.  Rules encouraging private sector reporting are a good start, but greater transparency from the public sector is just as important.  It is, after all, the public sector that is seeking and receiving the personal information of Internet users for law enforcement purposes.  We have therefore asked that federal institutions begin issuing their own transparency reports.  We find it unfortunate that they have not yet followed in the footsteps of their corporate partners. 

Reputation and privacy

On reputation and privacy, we want to help create an environment where people can use the Internet to explore their interests and develop as individuals without fear that their digital trace will lead to unfair treatment. Under this priority, we will work to help enhance digital literacy among vulnerable populations such as youth and seniors. 

Last month, we issued a discussion paper seeking stakeholder views on what practical, technical, policy or legal solutions should be considered to mitigate online reputational risks, and how best to provide individuals with recourse when their online reputation is negatively affected by information they themselves or others have posted about them. 

The body as information

And for our fourth and final priority, the body as information, our goal is promoting respect for the privacy and integrity of the human body as the vessel of our most intimate personal information.   In doing so, we will seek to learn more about the privacy implications of new technologies that collect information both about and from within our bodies.   From there, we will work to inform both consumers and developers about the potential privacy risks of these technologies and how they can be mitigated.

Privacy Act Reform

On a final note, we are aware of the Government’s commitments to reform the Access to Information Act and its support for Open Government initiatives.  While I support these objectives, I would emphasize, at the technical level, how important it is that the ATIA and the Privacy Act be seen as a “seamless code” as characterised by the Supreme Court of Canada.  More fundamentally, privacy should be seen as an enabler of transparency and open government by providing individuals with access to their personal information, held by federal institutions.  But it is also a legitimate limit to openness if personal information risks being revealed inappropriately.  For these reasons, the two statutes need to be considered together, and I stand ready to provide you with solutions that would ensure the Privacy Act is responsive to the realities of today’s digital world.

With that, I would welcome your questions.

Date modified: