Language selection


News release

Commissioner’s annual report: Pandemic raises privacy concerns highlighting urgency of law reform

Public health crisis has pushed daily activities online, underscoring critical need for change

NOTE: News conference (by telephone) with the Commissioner TODAY at 11:30 a.m. ET. Details follow below.

GATINEAU, QC, October 8, 2020 – The COVID-19 pandemic is raising important new privacy issues in a context where federal laws do not provide Canadians with effective protection, according to the Privacy Commissioner’s latest annual report.

The report discusses the Office of the Privacy Commissioner of Canada’s work to assist public and private sector organizations during the public health care crisis as well as lessons drawn from that work.

New public health measures such as contact tracing applications are raising questions about privacy protection around the globe. At the same time, the need for social distancing has accelerated the digitization of daily activities that also raise privacy concerns.

“Federal laws are simply not up to protecting our rights in our rapidly evolving digital environment,” says Commissioner Daniel Therrien. “Privacy and the pursuit of public health and economic recovery are not contradictory. They can, and must be, achieved concurrently.”

“We need a legal framework that will allow technologies to produce benefits in the public interest while also preserving our fundamental right to privacy. This is an opportune moment to demonstrate to Canadians that they can have both.”

Since the beginning of the pandemic, technologies have been very useful in halting the spread of COVID-19 by allowing essential activities to continue safely.

They are also creating new risks. For example, telemedicine creates risks to doctor-patient confidentiality when virtual platforms involve commercial enterprises. E-learning platforms can capture sensitive information about students’ learning disabilities and behavioural issues.

The Commissioner cited his office’s review of the COVID Alert exposure notification application as an example of how privacy respectful practices can be built into the design of an initiative to achieve public health goals. Indeed, the office’s work during the pandemic has shown that privacy is not an impediment to public health and other public interests.

However, the pandemic is creating challenges that underscore how good privacy protection must not be merely something government and companies are free to do if they wish, but rather a legal requirement they must respect.

Despite the positive conclusion to discussions on COVID Alert, the federal government asserted that the app does not collect personal information and therefore the Privacy Act did not apply.

Canada was once a world leader on privacy, but federal privacy laws have fallen behind much of the rest of the world. While many of our trading partners have spent the past decade building up robust protections for data protection.

Other work by the OPC

The Commissioner’s annual report also addresses other work under the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act, Canada’s federal private sector privacy law. This includes statistical information, descriptions of business and government advisory work, as well as summaries of investigations.

Highlighted investigations include one that examined privacy issues related to, a website where patients can rate and review health care professionals, and another related to a leak related to a Supreme Court nomination. Both of these investigations reinforced the need to modernize federal privacy laws.

Related content

News conference details:

Privacy Commissioner Daniel Therrien will hold a news conference to discuss the annual report.

October 8, 2020, at 11:30 a.m. ET


Note to editors: Journalists may call to join the news conference. For that number, please email in advance of the start of the news conference. (This line is available to media only.)

For more information:

NOTE: To help us respond more quickly, journalists are asked to please send requests for interviews or further information via e-mail.

Figure 1: Privacy Protection: Canada and its trading partners

Figure 1: Privacy Protection: Canada and its trading partners: see text version.


Privacy Protection: Canada and its trading partners
Jurisdiction Year privacy law last updated Defining privacy as a human right Rule-making authority Demonstrable accountability Order-making powers Administrative monetary penalties Private right of action
Canada (PIPEDA) 2015 no no no no no no*
Argentina 2018 yes yes yes yes yes yes
Brazil 2018 yes yes yes yes yes yes
European Union 2018 yes yes yes yes yes yes
United Kingdom 2018 yes yes yes yes yes yes
Australia 2012 yes yes yes yes yes yes
Mexico 2016 yes yes yes yes yes no
South Korea 2018 yes yes yes yes yes no
New Zealand 2020 yes yes yes yes no no
Singapore 2012 no yes yes yes yes yes
Japan 2015 no yes yes yes yes no
California (California Consumer Protection Act) 2019 no yes yes no Yes yes

* The Personal Information Protection and Electronic Documents Act (PIPEDA) currently provides for a right for individuals to bring an organization to the Federal Court to seek remedies such as an order requiring the organization to correct its practices and/or damages, but only following an investigation and report of findings, or notice of discontinuance by the Office of the Privacy Commissioner of Canada (OPC).

Date modified: