News release
Commissioner’s annual report: Pandemic raises privacy concerns highlighting urgency of law reform
Public health crisis has pushed daily activities online, underscoring critical need for change
NOTE: News conference (by telephone) with the Commissioner TODAY at 11:30 a.m. ET. Details follow below.
GATINEAU, QC, October 8, 2020 – The COVID-19 pandemic is raising important new privacy issues in a context where federal laws do not provide Canadians with effective protection, according to the Privacy Commissioner’s latest annual report.
The report discusses the Office of the Privacy Commissioner of Canada’s work to assist public and private sector organizations during the public health care crisis as well as lessons drawn from that work.
New public health measures such as contact tracing applications are raising questions about privacy protection around the globe. At the same time, the need for social distancing has accelerated the digitization of daily activities that also raise privacy concerns.
“Federal laws are simply not up to protecting our rights in our rapidly evolving digital environment,” says Commissioner Daniel Therrien. “Privacy and the pursuit of public health and economic recovery are not contradictory. They can, and must be, achieved concurrently.”
“We need a legal framework that will allow technologies to produce benefits in the public interest while also preserving our fundamental right to privacy. This is an opportune moment to demonstrate to Canadians that they can have both.”
Since the beginning of the pandemic, technologies have been very useful in halting the spread of COVID-19 by allowing essential activities to continue safely.
They are also creating new risks. For example, telemedicine creates risks to doctor-patient confidentiality when virtual platforms involve commercial enterprises. E-learning platforms can capture sensitive information about students’ learning disabilities and behavioural issues.
The Commissioner cited his office’s review of the COVID Alert exposure notification application as an example of how privacy respectful practices can be built into the design of an initiative to achieve public health goals. Indeed, the office’s work during the pandemic has shown that privacy is not an impediment to public health and other public interests.
However, the pandemic is creating challenges that underscore how good privacy protection must not be merely something government and companies are free to do if they wish, but rather a legal requirement they must respect.
Despite the positive conclusion to discussions on COVID Alert, the federal government asserted that the app does not collect personal information and therefore the Privacy Act did not apply.
Canada was once a world leader on privacy, but federal privacy laws have fallen behind much of the rest of the world. While many of our trading partners have spent the past decade building up robust protections for data protection.
Other work by the OPC
The Commissioner’s annual report also addresses other work under the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act, Canada’s federal private sector privacy law. This includes statistical information, descriptions of business and government advisory work, as well as summaries of investigations.
Highlighted investigations include one that examined privacy issues related to RateMDs.com, a website where patients can rate and review health care professionals, and another related to a leak related to a Supreme Court nomination. Both of these investigations reinforced the need to modernize federal privacy laws.
Related content
- 2019-20 Annual Report to Parliament on the Personal Information Protection and Electronic Documents Act and the Privacy Act
- Commissioner's statement
- Graphic: Privacy protection: Canada and its trading partners
News conference details:
Privacy Commissioner Daniel Therrien will hold a news conference to discuss the annual report.
October 8, 2020, at 11:30 a.m. ET
CALL IN INFORMATION
Note to editors: Journalists may call to join the news conference. For that number, please email communications@priv.gc.ca in advance of the start of the news conference. (This line is available to media only.)
For more information:
NOTE: To help us respond more quickly, journalists are asked to please send requests for interviews or further information via e-mail.
Figure 1: Privacy Protection: Canada and its trading partners
Text version of Figure 1
| Jurisdiction | Year privacy law last updated | Defining privacy as a human right | Rule-making authority | Demonstrable accountability | Order-making powers | Administrative monetary penalties | Private right of action |
|---|---|---|---|---|---|---|---|
| Canada (PIPEDA) | 2015 | no | no | no | no | no | no* |
| Argentina | 2018 | yes | yes | yes | yes | yes | yes |
| Brazil | 2018 | yes | yes | yes | yes | yes | yes |
| European Union | 2018 | yes | yes | yes | yes | yes | yes |
| United Kingdom | 2018 | yes | yes | yes | yes | yes | yes |
| Australia | 2012 | yes | yes | yes | yes | yes | yes |
| Mexico | 2016 | yes | yes | yes | yes | yes | no |
| South Korea | 2018 | yes | yes | yes | yes | yes | no |
| New Zealand | 2020 | yes | yes | yes | yes | no | no |
| Singapore | 2012 | no | yes | yes | yes | yes | yes |
| Japan | 2015 | no | yes | yes | yes | yes | no |
| California (California Consumer Protection Act) | 2019 | no | yes | yes | no | Yes | yes |
|
* The Personal Information Protection and Electronic Documents Act (PIPEDA) currently provides for a right for individuals to bring an organization to the Federal Court to seek remedies such as an order requiring the organization to correct its practices and/or damages, but only following an investigation and report of findings, or notice of discontinuance by the Office of the Privacy Commissioner of Canada (OPC). |
|||||||
- Date modified: