Remarks by the Privacy Commissioner of Canada to the Venice Privacy Symposium – Intervention on AI governance

April 20, 2026
Venice, Italy

Address by Philippe Dufresne
Privacy Commissioner of Canada

(Check against delivery)

---

Thank you. I am delighted to join my esteemed colleagues today to discuss the important topic of AI governance.

I am speaking to you as the Privacy Commissioner of Canada, and also as the Chair of the Global Privacy Assembly, which brings together more than 130 data protection and privacy authorities from around the world.

There are four key considerations that I believe must be at the heart of any discussion of artificial intelligence (AI) governance: privacy, trust, values, and collaboration.

I will frame my remarks this morning around these four themes.

First theme: Privacy must be central to AI development

AI is fueled by the massive collection of data, including personal information.

The first consideration, therefore, is that privacy must be a central component in the development of AI, and at the heart of AI regulation, so that AI, and other related emerging technologies, are developed and deployed in a responsible, privacy-preserving manner.

It is important for developers and providers of new technologies to embed privacy in the design, conception, operation, and management of their products and services. This includes consideration of the unique impact that these tools have on vulnerable groups – such as children, and those who have historically experienced discrimination or bias – to ensure that there are no unintended consequences of AI use.

These issues are a focus of my investigation in Canada into xAI, the company responsible for Grok, following reports that the chatbot was reportedly being used to create explicit images of individuals without consent.

While the company has since communicated publicly that it has implemented safeguards to address the matter, this investigation by my Office will examine whether the underlying issue – the use of personal information without consent to create explicit deepfakes – has been resolved or remains ongoing.

In response to serious concern about the creation of explicit images without consent, in February of this year, I also joined 60 of my global and domestic counterparts in signing a joint statement on AI-generated imagery and the protection of privacy.

The statement reminds organizations that AI content-generation systems must be developed and used in accordance with applicable legal frameworks, including those related to data protection and privacy.

I am very proud of the role played by the GPA’s International Enforcement Cooperation Working Group in coordinating this joint statement.

As another example of the GPA’s important convening role, at the annual conference in Seoul last September, I was one of 20 data protection and privacy authorities to sign a Joint Statement on Building Trustworthy Data Governance Frameworks for Artificial Intelligence with the aim of encouraging the development of innovative and privacy-protective AI.

Second theme: Building public trust is essential to AI success

Second, I believe that building public trust is essential to AI success and key to maximizing its value.

Technologies such as AI can bring economic, social, and public interest benefits, but the full value of this innovation will only be maximized if it is accompanied by trust.

Establishing appropriate safeguards that are known and transparent is key to building trust in innovation.

This was a key message in the 2025 G7 DPA Roundtable statement entitled “Promoting Responsible Innovation and Protecting Children by Prioritizing Privacy”, where we stated that “when individuals have confidence that their data is protected and used lawfully and responsibly, trust exists; where trust exists, innovation is embraced.”

In 2023, along with my domestic counterparts, my Office developed Principles for responsible, trustworthy and privacy-protective generative AI technologies to help organizations that develop, provide, or use generative AI to apply key privacy principles.

As privacy becomes increasingly important to consumers, prioritizing privacy in products and services will become a competitive advantage for organizations.

Third theme: AI governance should align with democratic and ethical values and indeed human rights

Privacy is an internationally recognized fundamental right, one that is both an essential precondition for citizens’ other freedoms, as well as a keystone right for democracy and freedom itself.

Three years ago, on the 75th anniversary of the proclamation of the Universal Declaration of Human Rights, I signed a joint statement on privacy and democratic rights on behalf of the Global Privacy Assembly’s Data Protection and Other Rights and Freedoms Working Group. Dr. Ana Brian Nougrères, United Nations Special Rapporteur on the Right to Privacy, who is here in Venice for the Symposium, was the other signatory.

Our joint statement pointed out that democratic rights can be curtailed through control of, and access to, personal information about the identity, thoughts, and beliefs of individuals. We also stressed that new technologies (AI) need principles and processes to assess risks to privacy, equality, fairness and freedom.

Last Fall, I was the lead sponsor of a resolution that was adopted at the Global Privacy Assembly conference in Seoul, which called for meaningful human oversight of decisions involving AI, particularly when those decisions could impact an individual’s fundamental rights and freedoms. This will have increasing relevance in the context of Agentic AI.

The Resolution noted that a human-centric approach to AI could bring important economic, societal and public interest benefits, including by growing prosperity and addressing global challenges.

Fourth theme: Collaboration with international and domestic regulators

The final consideration that I would like to discuss is collaboration.

Collaboration is a central component of my tenure as Privacy Commissioner of Canada, and of my role as Chair of the Global Privacy Assembly.

I believe that collaboration, including through joint enforcement initiatives – such as my joint investigation with the UK ICO into the 23andMe breach– and through a collective voice, such as joint statements and resolutions like those that I have just mentioned, is essential to better protect and promote privacy.

At the international level, the privacy community – through the efforts of organizations such as the Global Privacy Assembly and the G7 Data Protection and Privacy Authorities Roundtable – has focused on ensuring that privacy remains at the centre of design, development, deployment, and review of AI systems.

In its resolutions, the Global Privacy Assembly has maintained a human-centric, rights-preserving approach to AI. One that underscores transparency, explainability, and openness – that is, the need for clear, accessible information about how AI systems work, what data they use, and how decisions are made.

The global community has stressed that existing data protection laws apply to AI, including key principles such as having a valid legal basis for collecting and processing personal data, avoiding indiscriminate scraping or re-purposing of publicly available personal information, data minimization, transparency, safeguards and accountability.

We have stressed the need for AI to protect children with strong safeguards and raised the issue of the risks of deepfakes, in particular sexualized deepfakes.

We have also embraced the need for innovation and strong economies by collaborating with industry and promoting data free flows with trust and privacy enhancing technologies.

Data fuels innovation, and we need to use innovation to protect data.

Conclusion

AI governance is a global issue that requires a global response.

We must work together to make privacy central to AI development, to build trust, and to ensure that the technology aligns with our democratic and ethical values.

Collaboration is the key to achieving this.

We must create a framework for AI governance that prioritizes responsible innovation and data privacy and security from the outset. This will protect current and future generations, foster strong innovation and growth, and promote long-term success for our countries and our citizens.

Thank you.