A vision for modernizing the Privacy Act

22 days ago
CLOSED: This discussion has concluded.

A modern Privacy Act should enhance Canadians’ trust in how federal public bodies treat, manage and protect their personal information. The Government of Canada’s vision is for a modern Act that better reflects contemporary expectations about how federal public bodies should protect individuals’ personal information and make better use of their information to keep Canadians safe, provide innovative solutions to the challenges Canadians face, and make Canadians’ lives easier.  A modernized Privacy Act should reflect how federal public bodies are effective stewards of the personal information Canadians entrust to them, while allowing them to improve and adapt to new changes in society and technology over time.  

Three supporting pillars 

This vision for modernizing the Privacy Act is supported by three pillars:

  1. Respect for individuals based on well established rights and obligations for the protection of personal information that are fit for the digital age.

  2. Accountability that is both meaningful and transparent. Being accountable means federal public bodies demonstrating that they have strong governance and oversight practices to help ensure they are responsible stewards of the personal information in their hands.

  3. Adaptability to allow federal public bodies to innovate. New technologies, new business models, new capabilities, disruptive change, and unforeseen circumstances are the norm today. A modern Act should create a flexible framework that supports federal public bodies in effectively dealing with constant change. A one-size-fits-all approach to personal information regulation would reflect neither individuals’ expectations nor the variety of contexts in which federal public bodies collect, use and share personal information. 

Ensuring essential equivalence with other leading data protection regimes

The Privacy Act is only one component of an increasingly global framework that links regulation of personal information practices in both the public and the private sectors across many jurisdictions. The Act should strive to be consistent with other leading data-protection regimes in Canada and elsewhere to ensure a comparable equivalence with the core requirements of those regimes. At the same time, the Privacy Act has many unique features that have served Canadians well over the years and the Act remains a strong foundation for made-in-Canada enhancements.

One place to start is stronger alignment between the Privacy Act and the federal legislation that applies to the private sector, the Personal Information Protection and Electronic Documents Act. Coherence between these federal laws can simplify the personal information protection regime for everyone, enhance domestic interoperability, prevent gaps in accountability where public and private sector entities interact, and further confirm the Privacy Act’s alignment with established global standards. Although they sometimes use different terminology and approaches, both Acts were influenced by the OECD’s foundational Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The OECD Guidelines were established in 1980 and updated in 2013 to reflect important developments in international data protection, including the evolution of Convention 108, the APEC Privacy Framework, and Europe’s General Data Protection Regulation. A modernized Privacy Act should reflect important ongoing international developments as well.

Technological neutrality 

A modern Privacy Act should emphasize technological neutrality. This will allow federal public bodies to explore different and new means of carrying out their roles and ensure the Act retains its relevance in the face of new technologies. It will also allow them to regulate new practices and respond quickly to change.

Share on Facebook Share on Twitter Share on Linkedin Email this link

Consultation has concluded. Thank you for your contributions.

    <span class="translation_missing" title="translation missing: en-US.projects.forum_topics.show.load_comment_text">Load Comment Text</span>