I think both should have the same powers. I don't know quite how the Privacy Commissioner came to that conclusion. There's been a long series of analysis on this issue.
I would make the point that Canada is probably the only country in the world where the issues of access to information and privacy are seen as two sides of the same coin. In most other places, countries either have a data protection act and no freedom of information, or they have freedom of information and no data protection.
The logic of doing that back in the 1980s was very persuasive. Since then, the two regimes have diverged, particularly as a result of the enactment of PIPEDA, which gives the Privacy Commissioner authority over a range of institutions in the privacy sector and responsibility for a range of issues that were never contemplated when the Privacy Act was promulgated.