May 31, 2022 - Health Sector, Private Sector, Public Sector

Privacy Round-Up (Volume 15)

In this edition of the Round-Up:

  • Diane McLeod has been recommended for appointment as Alberta's next Information and Privacy Commissioner. The Select Special Information and Privacy Commissioner Search Committee tabled its report in the legislature on May 24, recommending the appointment effective August 1;



  • As part of an effort to further promote collaboration on private sector privacy issues (including inter-jurisdictional investigations, enforcement, and policy priorities), a Memorandum of Understanding was signed by the Office of the Privacy Commissioner of Canada (OPC), the Information and Privacy Commissioner of Alberta, the Information and Privacy Commissioner for British Columbia, and the Commission d’accès à l’information du Québec;


  • An analysis of its work in support of its strategic priorities was published by the OPC. In 2015, the OPC identified as priorities (i) the economics of personal information, (ii) government surveillance, (iii) reputation and privacy, and (iv) the body as information. The OPC notes that work on these priorities has reinforced the conclusion that “effective privacy protection demands immediate rights-based law reform”;


  • One year after identifying four strategic priority areas, the Office of the Information and Privacy Commissioner of Ontario (OIPC Ontario) announced a permanent new Strategic Advisory Council focused on: (i) privacy and transparency in a modern government, (ii) children and youth in a digital world, (iii) trust in digital health, and (iv) next generation law enforcement; 


  • The Information and Privacy Commissioner of Ontario, Patricia Kosseim, outlined key takeaways (and related ethical considerations) from the OIPC Ontario's investigation into the sale of de-identified data by a health information custodian (HIC) to a third-party corporation, including:
    • De-identification is a use under the Personal Health Information Protection Act (PHIPA);
    • De-identification is permissible without consent under PHIPA, subject to certain conditions; 
    • Sale of de-identified data must be clearly and explicitly reflected in a public notice; 
    • The HIC must take reasonable steps to ensure the security and protection of personal health information (including during the process of de-identifying data), and include specific contractual provisions in any sale agreement with a third party to ensure the information remains de-identified;


  • As his term comes to an end, Privacy Commissioner of Canada Daniel Therrien is re-emphasizing key recommendations for federal privacy law reform. These recommendations are outlined both in a statement responding to the report issued by the ETHI committee on the collection and use of mobility data by the Government of Canada and in a separate OPC statement. Additionally, the OPC published a legal opinion in response to concerns about its position that “any future law be entrenched within a rights-based framework that recognizes privacy as a human right, and as an essential element for the exercise of other fundamental rights”;


  • In his speech to the Select Standing Committee on Finance and Government Services, the Information and Privacy Commissioner for British Columbia, Michael McEvoy, emphasized the expected impacts of amendments to the provincial public sector privacy legislation (see details about Bill 22 in volume 6 of the Round-Up), progress relating to BC private sector privacy law reform, and other details about the ongoing work of his office;


  • A new tool developed by the Digital Advertising Alliance of Canada (DAAC) allows consumers to opt-out of (or revoke prior consent regarding) certain digital advertising activity. The new mechanism will apply to companies using token identifiers for interest-based advertising; 


  • Hackers and researchers who identify security vulnerabilities in the Government of Quebec’s computer system may be eligible to receive payments of between $50 - $7,500 dollars as part of the province’s new "bug-bounty program";



  • A recent court ruling regarding the Information and Privacy Commissioner of Newfoundland’s powers under the province’s Access to Information and Protection of Privacy Act will be appealed as a matter of public interest. The Office of the Information and Privacy Commissioner of Newfoundland released comments on the matter, criticizing the decision for finding that “the Commissioner could no longer review records relating to a denial of access to information if the denial cited solicitor-client privilege as its basis”.


* * *

Sign up for AccessPrivacy's complimentary e-news updates to receive each edition of the Round-Up by email. The archive of past editions of the Privacy Round-Up is available to AccessPrivacy Knowledge Portal subscribers. 

Please note: some of the embedded links direct to resources available only to AccessPrivacy Knowledge Portal subscribers. However, if you are having issues opening links to publicly available materials, please try clearing your browser cache (including cookies and files) before clicking the link again.