He welcomed the new report from the Standing Committee on Access to Information, Privacy and Ethics
In response to a new report from the Standing Committee on Access to Information, Privacy, and Ethics (ETHI), Canada’s Privacy Commissioner, Philippe Dufresne, has called for amendments to the Privacy Act to address privacy risks posed by federal government technologies capable of extracting personal data from mobile devices and computers.
Dufresne welcomed the committee’s findings, emphasizing the urgency of updating privacy laws to protect Canadians’ rights amid rapid technological advancements. He noted that the Privacy Act has not undergone significant changes in 40 years, and the use of new tools requires stricter legal obligations to promote trust in government institutions.
The ETHI report includes several recommendations supported by Dufresne, such as explicitly recognizing privacy as a fundamental right in both the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA). The commissioner urged granting his office the authority to issue orders and recommendations in cases of legal violations. He also advocated for requirements that government institutions conduct privacy impact assessments (PIAs) before deploying high-risk data-collection tools and consult with the Privacy Commissioner’s Office on initiatives that could affect privacy.
Dufresne further stressed the need for transparency, the inclusion of privacy by design in new technologies, and the principles of necessity and proportionality in government programs. “Amending the Privacy Act is a pressing need,” Dufresne stated, urging that federal institutions prove that any privacy intrusion serves a substantial purpose and is proportionate to the benefits gained.
The Public Service Alliance of Canada (PSAC) expressed similar concerns about the use of intrusive technological tools on federal employees, many of whom work in call centers and law enforcement roles. In its response, PSAC criticized departments for failing to conduct required PIAs and insisted that all assessments be completed before acquiring technology. The union called for regular reviews of PIAs throughout the technology's lifecycle and the proactive disclosure of results to both employees and the union.
PSAC also pointed out gaps in senior officials' accountability, recommending that the Treasury Board implement a directive to enforce compliance. The union warned that without robust measures, increasingly sophisticated technologies could compromise employees’ privacy rights.
Both Dufresne and PSAC hope that the committee’s study will lead to stronger protections and processes, ensuring that new technologies enhance efficiency without undermining fundamental privacy rights.
