Good morning, Mr. Chair and members of the committee.
I am delighted to appear before you today to introduce the work of my office and share with you our priorities for the coming years.
The mission of the Office of the Privacy Commissioner of Canada is to protect and promote the privacy rights of individuals. To that end, my office is responsible for overseeing compliance with the Privacy Act, which covers federal institutions, and the Personal Information Protection and Electronic Documents Act—or PIPEDA—Canada's federal, private sector privacy law.
PIPEDA does not apply in provinces that have enacted substantially similar legislation, except in relation to federal works, undertakings and businesses, or interprovincial transfers of personal information.
We have a strong collaborative relationship with provincial privacy commissioners. My office protects privacy rights by, for example, investigating complaints, conducting audits and pursuing court action. Our goal, within the limits of our ombudsman role, namely to make recommendations and not binding orders, is to ensure that departments and organizations comply with their legal obligations and that the rights of individuals in relations to the collection, use and disclosure of their personal information are respected.
We also promote privacy rights by, for example, publishing our own research and funding independent research into privacy issues, engaging in public education and stakeholder outreach activities and by publishing relevant material on our website, including tips and guidance.
I will now discuss our strategic privacy priorities.
The fast-paced evolution of the digital world, which many characterize as a fourth industrial revolution, is having a profound impact on privacy. Technologies such as always-on smartphones, geospatial tools, wearable computing, cloud computing, “big data”—advanced analytics—genetic profiling and the Internet of Things, raise significant, novel and highly complex privacy issues regarding collection, use and disclosure of personal information.
New technologies bring many benefits for individuals and economic growth for society. But they also raise important risks, such as government and corporate surveillance, and potentially the loss of personal control and autonomy.
In this complex, new environment, modernization of our privacy framework and the pressing need for greater transparency around how technology is used is critical to maintaining citizens' trust in government and the digital economy.
Last year, after wide-ranging consultations with various stakeholders, we established four strategic privacy priorities to help achieve the ultimate goal of helping Canadians exercise greater control over their personal information. These priorities, which will guide our work for the next few years, are as follows.
I will begin with the economics of personal information. With this priority, we aim to enhance the privacy protection and trust of individuals so they can participate in the digital economy with confidence. One of our first key actions will be starting an exercise to examine the consent model and identify ways to enhance users' control.
This spring, we will produce a discussion paper outlining challenges with the current model. We will then consult stakeholders on potential solutions, ranging from enhanced notices and information to consumers, technological solutions, greater self-regulation and accountability by organizations, to enhanced government regulation.
We should be able to suggest solutions some time in 2017, apply those that are within our jurisdiction immediately, and recommend legislative amendments, if necessary.
Our second priority is government surveillance. Under government surveillance, our ultimate goal is to contribute to the adoption and implementation of laws and other measures that demonstrably protect both national security and privacy. Our initial work, already under way, is to carry out a review of how the information-sharing provisions of the Anti-terrorism Act of 2015 are being implemented. The results of our survey should provide, we hope, a more concrete basis on which to assess the legislation and make any further recommendations regarding possible amendments. We will publish our initial findings in a report to Parliament later this year.
We also plan to be active on the issue of warrantless access by law enforcement to the personal information of citizens held by private sector organizations. Last June we provided input into Industry Canada's transparency guidelines, which established standards for transparency and accountability reports from companies that share personal information with law enforcement. Rules that encourage private sector reporting are a good start, but greater transparency from the public sector is just as important. It is, after all, the public sector that is seeking and receiving the personal information of Internet users for law enforcement purposes. We have therefore asked that federal institutions begin issuing their own transparency reports. Frankly, we find it unfortunate that they have not yet followed in the footsteps of their corporate partners.
Our third priority is reputation and privacy. On reputation and privacy, we want to help create an environment in which people can use the Internet to explore their interests and develop as individuals without fear that their digital trace will lead to unfair treatment. Under this priority, we will work to help enhance digital literacy among vulnerable populations, such as youth and seniors.
Last month we issued a discussion paper seeking stakeholder views on what practical technical policy or legal solutions should be considered to mitigate online reputational risks and how best to provide individuals with recourse when their online reputation is negatively affected by information that they themselves have posted or that others have posted about them.
Our fourth priority is the body as information. Here our goal is to promote respect for the privacy and integrity of the human body as the vessel of our most intimate personal information. In doing so, we will seek to learn more about the privacy implications of new technologies that collect information both about and from within our bodies. From there, we will work to inform both consumers and developers about the potential privacy risks of these technologies and how they can be mitigated.
On a final note, we are of course aware of the government's commitments to reform the Access to Information Act and its support for open government initiatives. While I support these initiatives, I would emphasize at the technical level how important it is that the Access to Information Act and the Privacy Act be seen as a “seamless code”, as was characterized by the Supreme Court of Canada in a case in 2003. More fundamentally, privacy should be seen as an enabler of transparency and open government by providing individuals with access to their personal information held by federal institutions, but there is is also a legitimate limit to openness when there is a risk of personal information being revealed inappropriately.
For these reasons, the two statutes need to be considered together. I stand ready to provide you with solutions that would ensure that the Privacy Act is responsive to the realities of today's digital world.
Thank you for your attention. I would be glad to take your questions.