Ontario's Information and Privacy Commissioner calls for law reforms

Use of data and technology must not come at the expense of privacy, says commissioner

Ontario's Information and Privacy Commissioner calls for law reforms
Ontario Information and Privacy Commissioner Brian Beamish

Ontario Information and Privacy Commissioner Brian Beamish has put forward several initiatives to enhance both access to information and protection of privacy in the province.

The recommendations were detailed in IPC’s 2018 annual report, titled “Privacy and Accountability for a Digital Ontario.”

Among the commissioner’s recommendations is a call to modernize Ontario's privacy laws to address the risks posed by smart city technologies. According to Beamish, Ontario's privacy laws are outdated in the face of current digital technologies and practices such as sensors, Big Data analytics and artificial intelligence. As such, a review and modernization of the Freedom of Information and Protection of Privacy Act and its municipal counterpart would ensure effective and independent oversight of practices related to personal information.

Another recommendation is improved oversight of political parties, due to the large amount of sensitive personal information held by these parties. Advances in the technologies enabling political parties to collect, integrate and analyze data have revealed a widening gap in protection and oversight of individual privacy rights.

According to the report, sophisticated data practices can be used to target individuals, manipulate public opinion and influence election outcomes. The risk of breaches, both intentional and through human error, rises with the use of Big Data technology. The most effective way to hold Ontario's political parties accountable for the privacy, ethical and security risks associated with data collection is to make them subject to privacy requirements set out in out in Ontario's privacy laws, the report says.

The report also called for the use of AI to curb privacy breaches in the health sector. AI has the ability to identify minute anomalies in network systems and privacy breaches in real time. It can be used to interpret network activity in ways that would not be possible through manual auditing and other preventive mechanisms. Beamish recommended wider adoption of AI to address the ongoing problem of unauthorized access in the health sector.

“The technologies available today have the potential to unlock many benefits for communities and enable governments to deliver services more effectively and efficiently,” said Beamish in a statement. “However, they can collect, use and generate large amounts of data, including personal information. The use of data and technology must not come at the expense of privacy; Ontario needs an updated legislative framework that includes effective and independent oversight of practices related to personal information.”