TORONTO, ON (June 27, 2019) – In his 2018 Annual Report, Privacy and Accountability for a Digital Ontario, Brian Beamish, Ontario’s Information and Privacy Commissioner, recommends several initiatives to enhance both access to information and protection of privacy in Ontario. Among the commissioner’s recommendations is a call to modernize Ontario’s privacy laws to address the risks posed by smart city technologies.

Ontario’s privacy laws are outdated in the face of current digital technologies and practices such as sensors, big data analytics, and artificial intelligence. A review and modernization of the  Freedom of Information and Protection of Privacy Act and its municipal counterpart would ensure effective and independent oversight of practices related to personal information.

“The technologies available today have the potential to unlock many benefits for communities and enable governments to deliver services more effectively and efficiently. However, they can collect, use, and generate large amounts of data, including personal information. The use of data and technology must not come at the expense of privacy; Ontario needs an updated legislative framework that includes effective and independent oversight of practices related to personal information.”

~ Brian Beamish, Information and Privacy Commissioner of Ontario

This recommendation is one of several tabled by the commissioner in his annual report. Further recommendations include:

Renewed call for oversight of political parties – the large amount of sensitive personal information held by political parties, together with advances in the technologies enabling them to collect, integrate and analyze data, reveals a widening gap in protection and oversight of individual privacy rights. Sophisticated data practices can be used to target individuals, manipulate public opinion and influence election outcomes. The risk of breaches, both intentional and through human error, rises with the use of big data technology. The most effective way to hold Ontario’s political parties accountable for the privacy, ethical, and security risks associated with data collection is to make them subject to privacy requirements set out in out in Ontario’s privacy laws.

The use of artificial intelligence to curb privacy breaches in the health sector – artificial intelligence (AI) has the ability to identify minute anomalies in network systems, signalling privacy breaches in real time. It can be used to interpret network activity in ways that would not be possible through manual auditing and other preventative mechanisms. I would like to see the widespread use of AI to address the ongoing problem of unauthorized access in the health sector.

The commissioner’s full recommendations, the year in review and comprehensive statistics, including freedom of information requests, compliance rates, appeals and privacy complaints, are available in the IPC 2018 Annual Report, Privacy and Accountability for a Digital Ontario.



This post is also available in: French