December 29, 2022 - Private Sector, Public Sector

Privacy Round-Up (Volume 19)

In this Edition of the Round-Up:

Legislative Updates 

Regulatory Authority Updates

Case Law Updates

New AccessPrivacy Offerings

Legislative Updates

  • The Federal Government's privacy legislative reform agenda continues to advance, as Bill C-27 (the Digital Charter Implementation Act, 2022), which would replace PIPEDA with new federal private sector privacy legislation, has moved to second reading in the House of Commons. Whether the proposed regime for the regulation of AI will continue at the same pace remains unclear, as on November 28, the Speaker ruled to separate the vote on Bill C-27. Members of Parliament will vote on Part 3 of the Bill (the Artificial Intelligence and Data Act) separately from Parts 1 and 2 (the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act).

 

  • A Working Group of the Canadian Anonymization Network (CANON) has submitted to Innovation, Science and Economic Development Canada (ISED) proposed amendments to the de-identification and anonymization provisions in Bill C-27. One of CANON’s core objectives is to advocate for balanced legislative and policy standards for anonymization that enable innovative and beneficial uses of data, while reasonably protecting against foreseeable privacy risks. CANON's recent Legislative Reform Roundtable webinar, focusing on these proposed amendments, is also available on-demand

 

 

 

  • A study of “on device investigative tools” used by the Royal Canadian Mounted Police is the focus of a report released by the House of Commons' Standing Committee on Access to Information, Privacy and Ethics (ETHI). The Office of the Privacy Commissioner of Canada (OPC) issued a statement summarizing key recommendations within the report. As reported in Volume 17 of the Round-Up, Commissioner Dufresne recently appeared before the ETHI Committee to discuss the RCMP’s use of investigative tools and implications under the Privacy Act.

 

Regulatory Authority Updates

  • Canada’s Privacy Commissioners have focused on challenges arising from the emerging “digital identity ecosystem” in Canada. In a joint resolution, Commissioners and other regulatory authorities stressed the need for governments and stakeholders to respect privacy and transparency rights in the design and operation of systems managing the exchange and verification of digital identity information. The resolution includes a non-exhaustive list of conditions and properties to be integrated into a legislative framework applicable to the creation and management of digital identities;

 

  • A resolution on the appropriate use of personal information in facial recognition technology has been adopted by the OPC, along with over 120 data protection authorities from Canada, Europe, and elsewhere. The resolution outlines the following principles and expectations for organizations seeking to use facial recognition technology: (i) lawful basis; (ii) reasonableness, necessity and proportionality; (iii) protection of human rights; (iv) transparency; (v) accountability; (vi) data protection principles;

 

  • Processing times for requests to access administrative documents, personal information and other information in the public sector are the subject of a study carried out by the Commission d’accès à l’information du Québec (CAI). The CAI has summarized best practices for reducing delays in response times, discussing the impact of the COVID-19 pandemic in this area and setting out recommendations for public sector bodies for processing such requests;

 

 

 

  • With “gaming gear topping the [holiday] wish lists of kids and adults alike”, the OPC has published a blog post outlining tips to help gamers better protect their personal information while playing video games online; 

 

 

  • The OPC joined other member authorities at the 58th Asia Pacific Privacy Authorities (APPA) forum to discuss “key issues ranging from children’s online privacy and cross-border data transfers to artificial intelligence and privacy enhancing technologies”;

 

  • The CAI has released its 2021-2022 Annual Report, focusing in large part on the Bill 64 reform of Quebec's public- and private-sector privacy and access laws. The CAI stressed that although it has launched a series of workstreams to assist organizations with meeting their new compliance obligations (in particular, the launch of its Espace évolutif resource and guidance hub), it requires additional funding from the Legislative Assembly in order to effectively administer the amended legislation; 

 

 

Case Law Updates

  • Companies collecting and storing personal information cannot be found liable for the tort of intrusion upon seclusion when they suffer a cyberattack by a third-party hacker. The Court of Appeal for Ontario has confirmed in a trilogy of decisions that the tort is meant to apply to those who actually invaded or intruded upon a plaintiff’s privacy by accessing that plaintiff’s private information. 

 

  • A recent Federal Court decision considered procedural fairness issues in the context of evidence derived from artificial intelligence tools. The case involved two applicants who raised issues of procedural fairness surrounding possible reliance by the Refugee Protection Division (RPD) on facial recognition technology in their decision-making process. The applicants sought judicial review of the RPD decision revoking their refugee status. The court found that the decision was unreasonable, in part because the Minister had not disclosed the methodology used in procuring the photo comparison evidence in question. As Dr. Teresa Scassa explains in a recent blog post, "[t]he decision is important for setting some basic standards to meet when it comes to reviewing evidence that may have been derived using AI".

 

New AccessPrivacy Offerings:

 

***

Sign up for AccessPrivacy's complimentary e-news updates to receive each edition of the Round-Up by email. The archive of past editions of the Privacy Round-Up is available to AccessPrivacy Knowledge Portal subscribers

Please note: if you are having issues opening links to publicly available materials, please try clearing your browser cache (including cookies and files) before clicking the link again.