Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
Canada's big data story this week is definitely the federal artificial intelligence strategy sprint. Minister of AI and Digital Innovation Evan Soloman launched a rapid-fire 30-day AI strategy consultation with a themed task force, including one on building safe AI systems and strengthening public trust.
That's a clear opening for privacy folks who live the day-to-day realities of risk, accountability and evaluation, not just research or adoption. If you have views that could improve the strategy, especially on data governance or youth safeguards, this is the time to weigh in. I know many of us, who are assuming responsibility for managing or guiding others on integrating AI, will be watching closely or jumping right into these conversations.
Meanwhile, on the East coast, Nova Scotia tabled a rewrite of its Freedom of Information and Protection of Privacy Act that's worth flagging. There's some progress here, such as elevating the Office of the Information and Privacy Commissioner, extending privacy oversight to municipalities and requiring privacy assessments. But Information and Privacy Commissioner David Nurse called it a "missed opportunity" in key places, including the absence of order-making power. We'll see what happens as the law makes its way through committee. Will Nova Scotia get new laws before the federal government re-introduces something? A friendly wager, anyone?
Age assurance is also a hot topic. The Office of the Privacy Commissioner of Canada told a Senate Committee on Thursday that guidance is coming, building on its earlier consultation and the public feedback it received. With youth privacy in the spotlight after the joint TikTok investigation, I suspect the guidance to focus on proportionality, data minimization and verification methods that somehow manage to avoid over-collection. A lot of organizations have been asking for practical, privacy-protective clarity on how regulators expect this to be done, so hopefully we get it soon.
I'd be remiss if I didn't mention that in Canada we also marked the National Day for Truth and Reconciliation this week, 30 Sept. I know there are some non-Canadians receiving this newsletter as well, so for context, it's a day to listen and learn about the impacts of residential schools and, more broadly, the effects and impacts of colonialism.
For us working in privacy and data protection, it can include thinking about how data has been used in harmful ways. I don't usually hear too much from the privacy community during this time, but I do know that Data Protection Commissioner for the Bailiwick of Guernsey Brent Homan, a Canadian curler no less, had an interesting guest on his podcast this week, who spoke about the historic roots of Indigenous data privacy and why community-centered governance matters. This serves as a good reminder to remember the First Nations principles of ownership, control, access and possession and to keep Indigenous data sovereignty on our agendas.
I'll take this opportunity to say that the IAPP will continue to work on featuring Indigenous-related content on the Canada Privacy Symposium 2026 agenda. And on that note, the call for proposals closes 19 Oct. — that's just a couple of weeks away. We'd love to see strong submissions on these topics and so many of the other important topics for today and tomorrow.
Kris Klein, CIPP/C, CIPM, FIP, is the country leader, Canada, for the IAPP.
This article originally appeared in the Canada Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.
