Protecting the Fundamental Right to Privacy in the Digital Age | TheFutureEconomy.ca

Protecting the Fundamental Right to Privacy in the Digital Age

CybersecurityPolicyTech
Philippe Dufresne
Philippe Dufresne
Privacy Commissioner of Canada
Part of Future in Focus: Data Protection Day
Published on

In a digital age where technological innovation and economic prosperity are increasingly fueled by the ability to harness personal information in novel ways, privacy has become a growing area of importance for both individuals and organizations. 

From artificial intelligence (AI) to biometrics, surveillance and social media, more personal information is being collected, used, and shared than ever before.

Ensuring that we can benefit from the advances, innovations, and conveniences that these technologies offer while protecting privacy will be critical to our success as a free and democratic society.

As Privacy Commissioner of Canada, this is my challenge as I work to empower individuals so that they may confidently participate in the digital economy knowing that organizations have the tools that they need to manage people’s data responsibly and in accordance with privacy laws. 

With technology evolving faster than our regulatory frameworks, finding innovative ways to mitigate privacy risks is paramount. This is driving the work of my team at the Office of the Privacy Commissioner of Canada (OPC), focusing on maximizing our impact to protect individuals’ fundamental right to privacy in this digital era. 

Never has the need been more acute.

Cybersecurity Threats and the Rise of Data Breaches

Computer scientists in server hub workspace frightened by hacker passing firewall and stealing data. Security breach notification on monitor in data center surprising IT specialists

One of the biggest and most concerning privacy trends in Canada and around the world is the growing threat and severity of cyber breaches.

“In Canada last year, businesses reported nearly 700 privacy breaches to my Office, affecting approximately 25 million individual accounts—twice as many accounts affected as the previous year for a similar number of breaches.”

Globally, data breaches more than tripled between 2013 and 2022. In Canada last year, businesses reported nearly 700 privacy breaches to my Office, affecting approximately 25 million individual accounts—twice as many accounts affected as the previous year for a similar number of breaches. 

Ransomware and malware attacks are rising sharply and increasingly involve more sophisticated threat actors. Indeed, 46% of all breaches reported to the OPC from businesses last year involved cyber incidents, a 13% increase over the previous year.

The proliferation of AI and its impact on privacy is another trend that the OPC is monitoring closely. 

“Among the privacy concerns are transparency, the collection and use of personal information for training AI systems, and the impact of synthetic media, including deepfakes, on individuals and society.”

The integration of AI into the applications that are used by individuals and organizations offers numerous efficiencies and conveniences but also presents new risks. Among the privacy concerns are transparency, the collection and use of personal information for training AI systems, and the impact of synthetic media, including deepfakes, on individuals and society. 

As children and youth embrace new technologies and experience much of their lives online, we must also ensure that their personal information is protected and that their best interests are a primary consideration in the design of products and services that concern or impact them. Around the world, lawmakers, regulators, and caregivers are increasingly seeking solutions to better protect children in a digital world. 

The challenges are significant, but with each challenge, there is opportunity. 

Protecting Privacy in the Digital World

Above view of concentrated Asian IT engineer typing on laptop while connecting it to server in dark neon room

Championing children’s privacy, addressing and advocating for privacy in this time of technological change, and maximizing our impact are my three strategic priorities for the OPC. Advancing them requires concerted effort and collaboration across organizations and jurisdictions. 

Organizations can guard against data breaches and cyber-attacks by fostering a culture of privacy, embedding privacy protections into products and services early on, conducting risk assessments before rolling out initiatives that may impact privacy, and establishing privacy standards.

The OPC has also developed new tools to help organizations meet their obligation to report breaches that may result in serious harm to individuals. Breach reports can be submitted directly on our website, and we will soon launch a tool to help organizations assess the severity of a breach. 

With respect to generative AI, I am working closely with my provincial, territorial, and global counterparts to establish and promote principles for the responsible, trustworthy and privacy-protective development, provision, and use of the technology.

“Developers and providers of generative AI and AI-based applications should embed privacy in the design, conception, operation, and management of new products and services and consider the unique impact that these tools have on vulnerable groups and children.”

For organizations, I continue to underscore the need to consider privacy implications from the outset. Organizations must also be transparent about their use of AI and personal information handling practices, and be accountable for any AI-generated decisions about individuals, such as whether to grant someone a loan or a job.

Developers and providers of generative AI and AI-based applications should embed privacy in the design, conception, operation, and management of new products and services and consider the unique impact that these tools have on vulnerable groups and children.

Along with several provincial counterparts, the OPC is also investigating OpenAI, the company behind ChatGPT. The results of this investigation will help to inform our recommendations to both the public and private sectors with respect to the use of the technology.

Importantly, this investigation demonstrates that while Canada’s privacy laws need to be modernized, our current laws continue to apply. They were designed to be technology-neutral, and the OPC remains committed to their application, even in complex spaces such as AI.

Championing Privacy Through Collaboration and Innovation

It is clear that cross-regulatory collaboration is essential to continue to protect the rights and interests of Canadians in the digital space. To that end, I am working with my competition, copyright, and broadcasting counterparts through the Canadian Digital Regulators Forum to explore the impact of synthetic media, including deepfakes, on our respective mandates. 

Championing children’s privacy is another area that demands collaboration. With my provincial and territorial counterparts, I have called on both the public and private sectors to put young people’s interests first by setting clear limits on when and how their personal information may be used or shared. 

“For organizations, it is essential to identify and minimize privacy risks at the design stage, make the strongest privacy settings the default, turn off location tracking, and reject deceptive practices and incentives that influence young people to make poor privacy decisions.”

I have also called on lawmakers to review, amend or adopt legislation as necessary to ensure that it includes strong safeguards, transparency requirements, and access to remedies for young people. 

For organizations, it is essential to identify and minimize privacy risks at the design stage, make the strongest privacy settings the default, turn off location tracking, and reject deceptive practices and incentives that influence young people to make poor privacy decisions or to engage in harmful behaviours. 

My ongoing investigation into TikTok with several provincial counterparts is focused on the company’s privacy practices as they relate to young users. My Office is also now consolidating input following an exploratory consultation on age assurance aimed at establishing guidance on how and when online services should confirm the age of a user in order to restrict young people from accessing certain content.

These are my priorities for the next few years. It is where I believe the OPC can have the greatest impact on Canadians and where the greatest risks lie if the issues are not addressed.

In a world in which data knows no borders, these goals cannot be achieved unilaterally. Only through domestic and international collaboration, through consistent rules and standards that facilitate interoperability and reduce administrative burdens, will we achieve a level of privacy protection appropriate for the digital age. 

See the Full Series
We use cookies to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. Learn more about our cookies.