Editor's note: The IAPP is policy neutral. We publish contributed opinion pieces to enable our members to hear a broad spectrum of views in our domains.
If Data Privacy Day used to feel like a polite nod to the calendar — a sort of "don't forget to floss" message for privacy pros — this year's edition showed just how much Canada has leveled up. With Data Privacy Day now stretching into a full‑blown Privacy Week and AI governance dominating the national conversation, the country's regulators, professionals and even businesses using it as an awareness moment brought an energy we haven't quite seen before.
One noteworthy headline act was the pan-Canadian KnowledgeNet event, the first of its kind: at least nine Canadian cities linked through a shared theme, with local chapters gathering privacy pros in person while joining a national kickoff panel on AI governance. nNovation's Constantine Karbaliotis, AIGP, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP, helmed the opening discussion masterfully — a mix of practical insights, real‑world examples and the kind of straight‑talking governance advice privacy pros appreciate when the AI hype cycle becomes a bit too hyped.
British Columbia Information and Privacy Commissioner Michael Harvey and Newfoundland and Labrador Information and Privacy Commissioner Kerry Hatfield set the tone by grounding the discussion in the actual impacts of AI on citizens. Constant themes carried through the panel: trust, governance and the growing urgency for organizations to stop treating AI adoption as an experiment and instead build frameworks that support safe, responsible deployment.
From there, each city broke out into its own on‑the‑ground discussion. Ottawa drew about 20 participants — and other cities reportedly matched that energy — with conversations that were refreshingly practical: how are you handling AI internally? What's working? What's not? Where does risk management still feel like triage?
Meanwhile, over at the Information and Privacy Commissioner of Ontario, Data Privacy Day turned into something closer to a mini‑symposium on AI in health care. Their event, which from what I understand had 200 people in-person and more than 2,000 joining virtually, featured a formidable roster of experts — researchers, clinicians and academics — and the discussions focused less on abstract AI ethics and more on what actually goes right or wrong when AI tools hit real health‑care environments. Privacy safeguards, responsible innovation and patient trust were the recurring themes.
The IPC didn't stop there. It released new guidance on "AI scribes," those increasingly popular tools promising to ease clinical documentation. The message was clear: efficiency is great, but not at the cost of exposing personal health information or introducing bias. The IPC paired the guidance with a practical checklist to help health information custodians ask the right questions before procurement or deployment. The IPC also released additional joint AI guidance with the Ontario Human Rights Commission — another welcome sign of regulators converging on privacy and human‑rights considerations in the AI context.
Federally, the Office of the Privacy Commissioner of Canada used Data Privacy Week to champion a clear and simple theme: "Prioritize privacy by design." The OPC pushed out targeted messages, shared guidance and encouraged Canadians and organizations to reflect on how they handle personal information. The underlying message: bake in privacy early and often, because it builds trust, strengthens compliance and prevents regret later. The OPC also emphasized the great importance of international collaboration.
From my vantagepoint I noticed many businesses also took the theme seriously, using the week as a chance to run internal awareness campaigns. Privacy professionals embraced it with their usual enthusiasm — posting, sharing, debating and treating Data Privacy Day like the Super Bowl of compliance culture.
Rounding out the week, Michael Geist highlighted something that often comes up in Canadian digital policy circles: despite speculation, Canada is not heading toward a national digital ID, following a government statement clarifying that no national digital ID system is being implemented. So, ostensibly we may all have a bit more privacy as a gift this Data Privacy Day. At least that's one side of the argument against a national ID. Others can suggest something like this could enhance privacy by preventing fraud. But I digress.
This year's Data Privacy Day/Week showed something important: Canada isn't treating privacy as a ceremonial observance anymore. The mix of national events, cross‑sector collaboration, regulator engagement and AI‑focused guidance suggests a country that understands both the stakes and the opportunities ahead.
Kris Klein, CIPP/C, CIPM, FIP, is the country leader, Canada, for the IAPP.
This article originally appeared in the Canada Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.
