Yes. We recommend having something similar to what exists in provincial privacy statutes: an express deemed authorization for organizations to be able to de-identify. I would suggest that the frameworks already exist. If an individual or a corporation were to be re-identifying some dataset, they would have no authority under PIPEDA or provincial legislation to do so. They would be barred from just outwardly in a vacuum re-identifying, so they would have an existing framework to deal with that, and there would be remedies under the federal or provincial statutes to address that.
On May 30th, 2017. See this statement in context.