Participants adopted resolutions on security and facial recognition during the conference
The Office of the Privacy Commissioner of Canada (OPC) recently attended the 44th Global Privacy Assembly in Istanbul to discuss the impact of technology on privacy.
With the theme “A Matter of Balance: Privacy in the Era of Rapid Technological Advancements,” the conference highlighted the importance of achieving a balance between privacy and technologies based on data processing. From October 25 to 28, participants discussed privacy matters of international interest and concern, such as facial recognition technology, artificial intelligence, big data, mass surveillance on the web, blockchain and the metaverse, and cross-border data transfers.
“The privacy concerns raised by new and emerging technologies are not exclusive to Canada. Privacy regulators around the world are grappling with the same issues,” Commissioner Philippe Dufresne said. “In an age in which data flows transcend borders, cross-jurisdictional and cross-regulatory collaboration has never been more important.”
“By working together, we can streamline our investigative processes, promote greater harmony in the application of laws, expand our capacity to take enforcement action, and amplify the compliance impact of those actions,” Dufresne added.
Resolutions on cybersecurity and facial recognition adopted
During the conference, the OPC adopted a resolution concerning the appropriate use of personal information in facial recognition technology alongside more than 120 privacy regulators worldwide. In the resolution, they outlined the following principles and expectations for organizations seeking to use the technology:
- Lawful basis: Organizations using facial recognition should have a clear lawful basis for the collection and use of biometrics;
- Reasonableness, necessity, and proportionality: Organizations should establish and demonstrate the reasonableness, necessity, and proportionality of their use of facial recognition;
- Protection of human rights: Organizations should particularly assess and protect against unlawful or arbitrary interference with privacy and other human rights;
- Transparency: The use of facial recognition should be transparent to affected individuals and groups;
- Accountability: The use of facial recognition should include clear and effective accountability mechanisms;
- Data protection principles: The use of facial recognition should respect all data protection principles, including those previously mentioned.
They also adopted a second resolution during which they committed to building capacity to strengthen cybersecurity regulation and improve their collective understanding of the harms that may result from a cyber incident.
OPC won innovation award
The OPC also received an innovation award during the conference for developing a tool that offers organizations an automated solution to assess if a privacy breach presents a real risk of significant harm to affected individuals.
According to the OPC, organizations must, under Canada’s federal private sector privacy law, report breaches of security safeguards and notify affected individuals if there is a reasonable basis to believe that the breach has created a real risk of significant harm.
“Many breaches go unreported because organizations are not sure whether they meet the legal reporting threshold,” Dufresne said. “I have been struck by the innovative spirit espoused at the OPC, and the RROSH tool is a fine example of that. I look forward to watching the ongoing evolution of the tool.”