On October 8, 2020, Daniel Therrien, Privacy Commissioner of Canada released his Annual Report to Parliament. It highlighted that the pandemic has made clear that the privacy laws of Canada are outdated, and need to be amended to better protect the privacy interests of Canadians. The pandemic has forced us to rely more heavily on digital resources – to conduct business, to attend school, to receive treatment from our health care providers.
“More broadly, the pandemic has accelerated the digital revolution – bringing both benefits as well as risks for privacy.”
As in the previous annual report, the Commissioner noted that privacy is a fundamental human right (the freedom to live and develop free from surveillance). He stated, “[r]egulating privacy is essential not only to support electronic commerce and digital services; it is a matter of justice.”
Commissioner Therrien was critical of the current privacy legislation, in that it does not afford Canadians an appropriate level of protection suited to today’s digital environment. This is a criticism that has been lobbied for several years by the Office of the Privacy Commissioner. He stated:
With the pandemic accelerating the digitization of just about every aspect of our lives, the future we have long been urging the government to prepare for has arrived in a sudden, dramatic fashion. This rapid societal transformation is taking place without the proper legislative framework to guide decisions and protect fundamental rights.
Canadians do not feel like their privacy is being properly protected – by businesses or by the government. Research conducted by the Office of the Privacy Commissioner showed that 90% of Canadians are concerned about their inability to protect their privacy. Of those surveyed, just 38% felt businesses respect their privacy rights, while only 55% believe the government respects their privacy. This lack of public confidence underscores the importance of privacy protection in both the private and public sectors.
The Privacy Commissioner’s proposed reforms include:
- New privacy laws to have a rights-based foundation. A central purpose of the law should be to protect privacy as a human right held by all.
- Private sector privacy law no longer to be drafted as an industry code of conduct.
- Addition of enforcement mechanisms to offer quick and effective remedies for people whose privacy rights have been violated and to encourage compliance with legislation.
- Empowering the Privacy Commissioner to make binding orders and impose consequential administrative penalties for non-compliance with laws, and to conduct proactive privacy inspections.
The Office of the Privacy Commissioner’s report highlights the importance of ensuring compliance with applicable privacy legislation. The proposed reforms will serve to better protect an individual’s privacy rights, and increase penalties for those organizations that choose to infringe on those privacy rights.
The Lerners Privacy, Data and Information Security Group conducts Compliance Reviews to ensure that a business is in compliance with applicable privacy statutory obligations, and provides recommendations to improve its privacy protection program. A strong privacy protection program will increase consumer confidence in a business’ protection of their privacy rights.