It was not the dream of certain companies or departments to be investigated by the Privacy Commissioner, and I understand that. In the case of the mobility data, the government used experts. It was not legally required to consult us on the details.
To my mind, the basic issue is that citizens do not have the information they need. In any event, the rules governing the use of technology and information are so complex and the contracts are so complicated that we cannot expect that the normal and usual course of action for a consumer with a potential problem would be to lodge a complaint with my office.
That leads us to proactive audits. In my opinion, proactive audits would be very helpful in restoring trust in government and companies as to the use of mobility data. They are already conducted in other countries, and even in some Canadian provinces. They would allow the commissioner's office to verify compliance, or in other words to guarantee citizens that their data is being used correctly. From time to time, the commissioner's office could conduct specific audits to ensure that, in a given sector or company, the information that the company or department says it is using in accordance with the law is indeed being used that way.
Ultimately, what the government did was legal under the current act. In my opinion, however, it did not inspire a great deal of confidence in citizens and consumers. The commissioner's office needs the tools to conduct these proactive audits. They should not be broad or seek to examine all commercial or government activities. Rather, they should evaluate the risk and the environment to ensure that certain practices that might be problematic for the public are subject to investigation. In addition, the concerns would have to be confirmed, in which case the commissioner's office could recommend or, better yet, order changes, or confirm that everything was done correctly. That would inspire public trust.