Privacy Commissioner of Canada Daniel Therrien believes the question about whether privacy legislation should be amended is in the past. It is no longer should the country's privacy laws be amended, but what is the best way to do so, and with the announcement of the
A revamped privacy law should remain tech neutral, principle based and crafted in a manner to keep it from going out of date, Therrien said.
"I do think that modern privacy legislation should start by defining privacy in its proper breadth," Therrien said. "This, I think, would ensure that it will endure over time despite the certainty of technological developments."
A revamped version of the Personal Information Protection and Electronic Documents Act should be drafted as a real statue and not be an industry code of conduct. Principle-based legislation can be created to resemble more classic forms of a statue, which can be done in the case of new Canadian privacy law by looking at examples on the provincial level.
One of the 10 principles listed out in the Digital Charter is an emphasis on real accountability. Accountability is an important principle as it is currently framed; however, he pointed out, it is not sufficient enough "to protect Canadians from companies that claim to be accountable but actually are not."
The commissioner admitted even should his office receive fining authority, it still may not be sufficient. He pointed to Facebook's ability to put away
"No need to write to us at this point, your work is not lost," Therrien said. "We need to regroup at the OPC and confirm our new approach, which we will confirm soon."
While much of the future of Canadian privacy law is up in the air, Therrien shared some good news for his office in the interim, announcing his office may receive a 15% increase in its budget from the federal government, as well as temporary funding to assist in a backlog of PIPEDA and Privacy Act complaints.
When the temporary funding expires in 2021, Therrien estimates the OPC will have fulfilled 90% of the 200 complaints currently filed. On top of the PIPEDA and Privacy Act complaints reside reported data breaches. Since the mandatory breach notification rule went into effect in November, Therrien said the number of reported incidents has increased fivefold.
Prior to any form of funding, the OPC has only been able to review the breaches on a superficial level. Therrien expects the OPC will be able to thoroughly review those cases with more resources at its disposal.
There will be no shortage of action in the upcoming months and years. Regardless of where Canadian privacy legislation falls, Therrien has a view of where the country is going, which includes a framework that bolsters innovation while respecting the rights of citizens.
Change is coming to Canada, he said, and the goal is to find the best way to allow Canadians to participate in the digital economy with the confidence that their rights will be upheld.