Since the dawn of the internet age, Canadians use and rely on personal computers and smart devices for everyday tasks and interactions. Internet use, however, requires that users’ personal data be stored online. This begs the question, how is this personal data protected?
In the 2020-2021 Survey of Canadians on Privacy-Related Issues, almost 90% of respondents expressed concern about Canada’s apparent lack of robust data privacy protections. These privacy concerns centered around individuals’ ability to choose what information they share with other people. Being able to control the privacy of one’s information allows individuals to live without being afraid of what other people may think of them. For example, the COVID-19 pandemic forced Canadians to rely on digital interactions when the government instructed them to conduct business and socialize ‘virtually’ to avoid contracting and spreading the virus. This dramatic shift to online living has brought attention to data privacy issues associated with internet use.
Personal data sets have become a goldmine for governments and businesses to track, monitor, and analyze to predict voting and purchasing patterns. Since the 1990s, approximately 80% of internet-based businesses have profited from selling personal data. Businesses tend to frame their harvesting of personal data as consensual, claiming that individuals give them their data for free to use their services. In reality, this exchange of data is more coerced than consensual. Individuals are forced to choose whether to ‘opt-out’ of using said service and having their data collected or to ‘opt-into’ using the service and thereby have their data exploited.
Governments also benefit from this type of data collection and analysis, but unlike businesses, they face an ethical conundrum as they are supposed to protect individuals’ privacy from possible infringements. The Government of Canada acknowledged the need for data protection legislation in 2019 when it created a Digital Charter that discussed how best to protect privacy in the newly digitized world. This Charter, however, is not legally binding and has not provided a much-needed legislative update to address concerns about Canadian citizens’ privacy in the internet age.
Canadians’ privacy is currently protected by domestic, constitutional, and international rights and laws. Domestically, the 1984 Privacy Act protects individuals’ personal information from government misuse. The 2001 federal Personal Information Protection and Electronic Documents Act regulates how privacy is to be treated in all commercial activities, and provincial legislation like Alberta’s 2003 Personal Information Protection Act regulate privacy within commercial affairs in the provinces. Constitutionally, a right to privacy has been found to exist in both “Section 7, (the right to life, liberty and the security of the person), and Section 8 (the right to be secure against unreasonable search or seizure)” of the Canadian Charter of Rights and Freedoms. In the 2013 Supreme Court of Canada case R.v. Vu, the Court implied that an individual’s right to privacy also extends to digital data. Internationally, Canada has endorsed several treaties such as the 1948 Universal Declaration of Human Rights, the 1966 International Covenant on Civil and Political Rights, and the 1990 Convention of the Rights of the Child that all acknowledge the existence and importance of a right to individual privacy.
Although there are these existing protections for Canadian citizens’ data privacy, the country’s privacy legislation is no longer current. It has not been updated since the early 2000s, leaving data privacy vulnerable in our increasingly digital world. The international treaties that Canada has signed acknowledging a fundamental right to privacy have not been effectively translated into domestic laws or constitutional amendments. With the use of artificial intelligence, facial recognition technology, and other advanced computing technology becoming commonplace, Canada needs new legislation that specifically protects citizens’ data privacy.
Although Canadians have a constitutional right to privacy, and Canada recognizes privacy as a fundamental human right, there is currently no legislation that specifically protects data privacy. New data privacy legislation, such as Bill C-11 or Bill C-27, is needed in Canada to protect citizen’s personal data explicitly. Not only is the misuse of data becoming a major concern among the populace, but Canada’s trading partners like the EU also require Canada to update its user data protections to share data with European businesses. Bill C-11 was a step in the right direction, but even it failed to address concerns about political and governmental organizations’ use of personal data, data security, and user consent. Bill C-27 now offers a new glimmer of hope for Canadians’ privacy in the digital age.
Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.