Privacy commissioners listed 11 access to information and privacy principles
A joint resolution of the federal, provincial and territorial information and privacy regulators on June 2 has called on their respective governments to show leadership by applying certain principles in implementing and modernizing the information and privacy regimes.
The information and privacy regulators urged governments to respect the quasi-constitutional rights to privacy and access to information and use the lessons learned during the COVID-19 pandemic to safeguard Canadians’ information and privacy rights.
The resolution noted that the pandemic has seriously affected the protection of such rights in Canada and has brought to light the urgent need for strong access to information and privacy law. The regulators call for the modernization of the access-to-information system through technology and innovation.
The resolution listed five access principles. First, the regulators urge institutions to recognize the importance of transparency and to respect the right to access information during an emergency through measures included in business continuity plans. Second, institutional leaders should guide information management in the new operating environment and document institutional decisions, keeping with open, transparent, and responsible government principles.
Third, governments should advance the proactive and voluntary disclosure of information that is of significant public interest. Fourth, public bodies should inform the public about protecting their privacy and ensure the fair distribution of risks and benefits. Fifth, institutions should use technology and innovation to promote transparency in the public interest and with the needs of a digital society.
The resolution then discussed six privacy principles, which call for the interpretation of privacy laws through recognizing the fundamental right to privacy and applying it in a modern and sustainable way, the viewing of privacy laws and best practices to ensure responsible data use and the incorporation of “privacy by design” principles in emergency measures.
The privacy principles listed by the resolution also asked governments to ensure that emergency response and recovery measures that involve the exceptional collection, use and disclosure of personal information without consent remain necessary and proportionate in scope. The resolution also calls on government to destroy the personal information collected upon the end of the crisis, with certain exceptions, and to observe the principles of data minimization and use limitation.
An earlier joint resolution, issued by the privacy regulators on May 19, covered the development of COVID-19 vaccine passports and how privacy rights can be addressed and protected concerning such vaccine passports.