A modern Privacy Act should enhance Canadians’ trust in how federal public bodies treat, manage and protect their personal information. The Government of Canada’s vision is for a modern Act that better reflects contemporary expectations about how federal public bodies should protect individuals’ personal information and make better use of their information to keep Canadians safe, provide innovative solutions to the challenges Canadians face, and make Canadians’ lives easier. A modernized Privacy Act should reflect how federal public bodies are effective stewards of the personal information Canadians entrust to them, while allowing them to improve and adapt to new changes in society and technology over time.
Three supporting pillars
This vision for modernizing the Privacy Act is supported by three pillars:
Ensuring essential equivalence with other leading data protection regimes
The Privacy Act is only one component of an increasingly global framework that links regulation of personal information practices in both the public and the private sectors across many jurisdictions. The Act should strive to be consistent with other leading data-protection regimes in Canada and elsewhere to ensure a comparable equivalence with the core requirements of those regimes. At the same time, the Privacy Act has many unique features that have served Canadians well over the years and the Act remains a strong foundation for made-in-Canada enhancements.
One place to start is stronger alignment between the Privacy Act and the federal legislation that applies to the private sector, the Personal Information Protection and Electronic Documents Act. Coherence between these federal laws can simplify the personal information protection regime for everyone, enhance domestic interoperability, prevent gaps in accountability where public and private sector entities interact, and further confirm the Privacy Act’s alignment with established global standards. Although they sometimes use different terminology and approaches, both Acts were influenced by the OECD’s foundational Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The OECD Guidelines were established in 1980 and updated in 2013 to reflect important developments in international data protection, including the evolution of Convention 108, the APEC Privacy Framework, and Europe’s General Data Protection Regulation. A modernized Privacy Act should reflect important ongoing international developments as well.
A modern Privacy Act should emphasize technological neutrality. This will allow federal public bodies to explore different and new means of carrying out their roles and ensure the Act retains its relevance in the face of new technologies. It will also allow them to regulate new practices and respond quickly to change.
Consultation has concluded. Thank you for your contributions.