Internet Privacy in Canada

Canadian privacy laws regulate data protection and the disclosure, collection, use, and disposal of personal information. At the same time, many users have voiced concerns about compliance with federal regulations and feel that steps are needed to protect their internet privacy.

What Canadians Think

A recent survey released by the Office of the Privacy Commissioner reveals that 92 percent or the majority of respondents are concerned about the protection of personal data. Of them 87 percent share that they are concerned about how social media websites collect information. The vast majority or 90 percent expressed concerns about the use of personal details to make important decisions, including healthcare coverage, insurance claims, and job decisions. The majority of the interviewed or 75 percent also think that it is the job of the government to safeguard privacy. Only 38 percent of respondents believe that businesses respect their internet privacy compared to 55 percent sharing the same for the government authorities. Facts actually confirm this. The poll shows that 74 percent of Canadians uninstalled or chose not to install phone apps out of concern how their data would be handled. About the same percentage (75 percent) limited the types of personal details that can be shared through their mobile phone. The poll was conducted in February, 2019 and involved over 1,500 respondents.

Applicable Laws

The main pieces of legislation that regulate online data protection are the Privacy Act and PIPEDAor Personal Information Protection and Electronic Documents Act. PIPEDA outlines a number of principles that guide information practices, including accuracy, limiting collection, consent, identifying purposes, and accountability. Fair data management is also guided by the principles of openness, limiting retention, disclosure, and use, recourse, and individual access. Accuracy refers to the use of complete and accurate information while individual access helps ensure that all persons have access to their personal data and if they request so, they must be informed about disclosure and use. The principle of transparency requires that organizations disclose their practices and policies, including in brochures and other materials, listing the entity’s codes, standards, and policies and the address, title, and name of the official responsible for the implementation of practices and policies. Users should also be informed about the use and type of data that is collected and held by the entity and how they can access it. Finally, PIDEPA also contains safeguards, including technological, organizational, and physical measures. Examples of technological measures include encryption and password use while organizational measures involve limiting access and security clearances. There are also physical methods of protection such as limiting access to office spaces and locking cabinets.

The Privacy Act regulates the use of personal data by the federal government. Access to information can be refused to individuals in case of solicitor-client privilege, when an individual requested information about another person, or when investigations or national defense are concerned. Access to medical records can also be refused if the person requesting them will not benefit from getting familiar with the contents.

The Privacy Commissioner of Canada is responsible for the investigation of complaints filed by individuals who have privacy concerns. The Commissioner is also tasked with raising awareness, conducting research, publishing information, and conducting audits. Among the main strategies that guide his work are strengthening data protection for members of vulnerable groups, protecting privacy in a world without borders, and identifying technological and innovative ways for information protection.

Five Eyes Agreement

This is an agreement to exchange information about serious security issues, which was signed by Canada, Australia, New Zealand, the United Kingdom, and the USA. Data collected by different entities can be exchanged, including businesses, organizations, and individual parties. In Canada, the agencies responsible for data sharing include the Canadian Security Intelligence Service, Communications Security Establishment, and Canadian Forces Intelligence Command.