The strategic privacy priorities
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
In 2015, Privacy Commissioner of Canada Daniel Therrien established four strategic privacy priorities in support of his vision to give Canadians more control over their personal information. This page provides describes the four priorities, the goal for each, and some of the activities the Office of the Privacy Commissioner of Canada (OPC) intends to undertake. The Commissioner has also identified five strategic approaches that the Office will use to achieve its goals.
Economics of personal information
OPC Goal: The OPC will enhance the privacy protection and trust of individuals so that they may confidently participate in an innovative digital economy.
Description of priority
As our personal information becomes increasingly monetized and serves as a new form of currency that drives our new digital economy, the incentive to collect and use it for new innovative purposes can barely be contained. Every day there are new, creative ideas on how businesses can derive more profit from our personal information and whole new business models are redefining our concept of commercial activity.
Individuals, left completely to their own devices, can hardly be expected to demystify complex business relationships and complicated algorithms to make informed choices about which companies they wish to do business with based on a clear calculus of risks and benefits. Time and again, we have heard individuals bemoan the fact that if they want to participate meaningfully as digital consumers and access new goods and services that have replaced older ones no longer available, they have no real choice other than to “close their eyes”, “block their nose” and click “I accept”.
Planned activities
The OPC will strive through our investigative and research work to unpack, understand and make more transparent these new business models; through our technology lab, and working with technology associations, manufacturers and security experts, we will contribute to the development of creative and innovative privacy-enhancing solutions; through our guidance and outreach efforts, particularly aimed at SMEs, we will encourage organizations to explain the privacy implications of their new products and services in a language that individuals could more readily understand; through our internal research work and our Contribution Program, we will stay ahead of emerging technologies such as the Internet of Things and digital payment systems; through our compliance functions, we will complement our existing investigative powers under PIPEDA with alternative enforcement possibilities such as industry codes of practice and new compliance agreements made possible through Bill S-4.
Our policy work will help to build normative frameworks around new business models and will seek to identify enhancements to the consent model so that concerns raised both by individuals and organizations are addressed. In the short term, we will produce a discussion paper outlining challenges with the current model, suggesting potential solutions (including self-regulation, greater accountability and enhanced regulation), and seeking to clarify the roles of individuals, organizations, regulators and legislators. We will then engage stakeholders. In the medium term, we will identify improvements, apply those within our jurisdiction and be prepared to recommend legislative changes as appropriate.
Government surveillance
OPC Goal: The OPC will contribute to the adoption and implementation of laws and other measures that demonstrably protect both national security and privacy.
Description of priority
There is no doubt we live in a different world than we did fifteen years ago. The Commissioner’s own professional background as a senior justice lawyer working in Public Safety and National Security portfolios has sensitized him to the real risks we face with escalating and distributed threats of terrorism. No one would contest the need to protect the safety of our citizens. Canadians want to be and feel secure, but not at any and all costs to their privacy—particularly when it comes to their own privacy. What they want is a balanced, well-measured and proportionate approach. It has become far too naive to believe that only “bad people’s” privacy is at stake or “if we have nothing to hide, we have nothing to fear”. For we now know that in order to identify people who pose risk of terrorism, all Canadians are potentially under scrutiny. Sometimes, tragic mistakes are made and subtle—or not so subtle—forms of racial discrimination result. As public reaction to Bill C-51 has recently shown us, we are all now caught in this web and our interests, activities, and sanctity of our innermost thoughts are at stake.
Planned activities
In the short term, through timely and useful advice on Privacy Impact Assessments, Information-Sharing Agreements and regulations, we will seek to reduce the privacy risks associated with the recently adopted Anti-terrorism Act, 2015. As regards the lawful access provisions of Bill C-13, we will work with others and provide guidance to both public and private sectors to establish standards for transparency and accountability reports related to the communication of personal information by companies to law enforcement agencies. In the short and medium terms, we will examine and report on how national security legislation such as Bill C-51 is implemented. We will use our review and investigative powers to examine the collection, use and sharing practices of departments and agencies involved in surveillance activities to ensure that they conform with the Privacy Act. We will report our findings to Parliamentarians and the public, and issue recommendations for potential improvements to policies or legislation, as warranted.
Reputation and privacy
OPC Goal: The OPC will help create an online environment where individuals may use the Internet to explore their interests and develop as persons without fear that their digital trace will lead to unfair treatment.
Description of priority
With the advent of social media and new communication technologies, things we may have said or done in the past, once regretted but long since moved on from, are now capable of being indefinitely captured, shared beyond our span of control, and brought up again completely out of context—sometimes with devastating consequences. What others post about us, sometimes malevolently, or sometimes for well-intentioned purposes (open courts, journalistic, open government, archival etc.) may be very difficult to have taken down. The whole world is grappling with the implications of a net that never forgets and the long term impacts this will have on our human behavior and our human relationships.
What we think, what we read, what we search, where we are, what we buy—once our own business, is now everyone’s business. Organizations and governments amalgamate our digital trails in order to create profiles about us, make inferences about our interests, categorize us in terms of potential risk and predict our future behaviour. Who we really are as persons is taking a backseat to who others think we are. Our digital selves are assigned to groups and related assumptions about such groups—a practice which some may find in and of itself offensive, let alone the unfair consequences that may result.
Planned activities
In the short term, we plan to launch a dialogue on reputation and privacy, starting with a research paper. In the short and medium terms, through in-house research and the Contributions Program, we will advance knowledge and understanding of online reputational risks; we will develop a policy position on potential recourse mechanisms, such as the right to be forgotten in the Canadian legal context; working with technology associations and manufacturers, we will contribute to possible technological solutions such as privacy by obscurity, anonymization or automatic deletion options; through our education and outreach efforts, and in collaboration with key partners, we will help improve digital literacy particularly among vulnerable populations, including the young and the elderly; through our investigations, we will get to the root of some of the reputational issues complainants are most concerned about, and help shape organizational practices through our remedial recommendations and court enforcement, as needed.
The body as information
OPC Goal: The OPC will promote respect for the privacy and integrity of the human body as the vessel of our most intimate personal information.
Description of priority
There was a time when the concept of privacy, at least legally speaking, was understood as engaging one of three distinct zones of privacy: informational privacy, bodily privacy and territorial privacy. With the advent of wearable computing and bodily tracking devices, these distinctions have become increasingly blurred. As the connections between information technology, geo-location technology and the human body become integrated through smart devices and the Internet of Things (and people), personal information has become more intimately sensitive than ever and the potential privacy incursions may become greatly amplified. The exploitation of this information for commercial profit-making motives or to assist government surveillance efforts, may adversely affect not only our right to privacy in respect of our personal information, but our bodily integrity and our very dignity as human beings.
Planned activities
In the short term, we will conduct an environmental scan of new health applications and digital health technologies being offered on the market and research their privacy implications. In the medium term, we will provide guidance, particularly to SMEs and app developers, on how to build privacy protections into their new products and services while avoiding certain “no-go” zones altogether; through our education and outreach efforts, we will help inform Canadians about the privacy risks associated with wearable devices and direct-to-consumer genetic testing, and offer options for protecting themselves; we will work with government departments to maximize the potential, and minimize the risks, associated with new forms of biometrics.
We will have pursued our stakeholder dialogue with the insurance industry in the short term, and then with other secondary users of personal information in order to balance the business need for personal information about health and body with people’s right to have their privacy respected without adverse economic impact on them or their families.
Strategic approaches for achieving the goals of the privacy priorities
The Commissioner also identified five strategic approaches that the Office will use to achieve the identified goals for the priorities:
- Exploring innovative and technological ways of protecting privacy;
- Strengthening accountability and promoting good privacy governance;
- Protecting Canadians’ privacy in a borderless world;
- Enhancing our public education role; and
- Enhancing privacy protection for vulnerable groups.
- Date modified: