ETHI Committee Report
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
List of Recommendations
As a result of their deliberations committees may make recommendations which they include in their reports for the consideration of the House of Commons or the Government. Recommendations related to this study are listed below.
Recommendation 1
That the Government of Canada ensure that federally regulated institutions and organizations involved in the development or use of artificial intelligence tools in an employment context guarantee that employee privacy is considered at all stages in the development or use of such tools.
Recommendation 2
That the Government of Canada amend the Privacy Act to include an explicit obligation for government institutions to conduct privacy impact assessments before using high-risk technological tools to collect personal information and to submit them to the Office of the Privacy Commissioner of Canada for assessment.
Recommendation 3
That the Government of Canada amend the preamble to the Privacy Act and the Personal Information Protection and Electronic Documents Act to indicate that privacy is a fundamental right.
Recommendation 4
That the Government of Canada grant the Office of the Privacy Commissioner of Canada the power to make recommendations and issue orders in both the public and private sectors when it finds violations of the laws for which it is responsible.
Recommendation 5
That the Government of Canada amend the Privacy Act to include the concept of privacy by design and an obligation for federal institutions subject to the Act to meet this standard when developing and using new technologies.
Recommendation 6
That the Government of Canada amend the Privacy Act to include explicit transparency requirements for government institutions, except where confidentiality is necessary to protect the methods used by law enforcement authorities and ensure the integrity of their investigations.
Recommendation 7
That the obligation for federal government institutions to conduct privacy impact assessments under the Privacy Act, as provided for in Recommendation 2, apply in particular when a federal government institution plans to use a powerful new technological tool that could have an impact on privacy.
Recommendation 8
That the Government of Canada amend the Privacy Act to require federal government institutions—before they launch an initiative, activity or program that could have an impact on privacy—to consult the Office of the Privacy Commissioner of Canada; to provide the relevant details about their initiative, activity or program to the Office within a set time frame; and to take into account the Office’s opinion following this consultation.
Recommendation 9
That the Government of Canada amend the Privacy Act to include the concepts of necessity and proportionality by requiring federal government institutions to demonstrate that any activities and programs they pursue that could have an impact on privacy are necessary to achieve a pressing and substantial purpose and that the intrusion on privacy is proportional to the benefits to be gained.
Recommendation 10
That the Government of Canada update its Directive on Privacy Impact Assessment to ensure compliance.
Recommendation 11
That the Government of Canada impose an obligation on federal government institutions to consult with the Office of the Privacy Commissioner of Canada when dealing with privacy risk evaluations of their programs and tools.
Recommendation 12
That the Government of Canada impose an obligation on federal government institutions to perform regular reviews of existing privacy impact assessments.
Recommendation 13
That the Government of Canada impose an obligation on federal government institutions to continue to proactively remind employees of their obligations and to continue to keep employees up to date about device security.
Recommendation 14
That the Government of Canada review and implement stricter safeguards to limit any unnecessary access to any extracted data.