A new report from Canada’s privacy commissioner is warning new technologies that have seen mass adoption during the COVID-19 pandemic raise new privacy concerns, and underscore the need to reform privacy legislation.
“Privacy and the pursuit of public health and economic recovery are not contradictory.”
The report specifically noted that technologies and increased activity in the telemedicine and e-learning sectors are creating new privacy risks for Canadians. The commissioner asserted that current federal laws do not provide Canadians with effective protection against such risks.
“We need a legal framework that will allow technologies to produce benefits in the public interest while also preserving our fundamental right to privacy,” said Commissioner Daniel Therrien. “This is an opportune moment to demonstrate to Canadians that they can have both.”
The pandemic has dramatically accelerated the already rapid adoption of disruptive technologies in certain sectors; as schools were forced to close and move remote, doctors’ offices shut, and thousands of businesses shifted to a remote work reality.
Telemedicine and virtual care have exploded amid the pandemic. Businesses such as Maple have seen substantial growth since March. Maple went on to partner with pharmacy retail giant Shoppers Drug Mart, which later injected $75 million into the company.
RELATED: How COVID-19 set the stage for a Canadian healthtech boom
The demand for EdTech solutions has also risen sharply amid the global pandemic. This increased demand for Top Hat, which develops online learning solutions, was followed by the company acquiring the Canadian domestic higher education textbook businesses of Nelson Education, one of the country’s largest education publishers.
“Videoconferencing and other online services have been helpful in allowing some semblance of normal life to continue in the wake of the pandemic,” the report said. “At the same time, they are creating important new risks to privacy rights.”
The report cited two specific examples in the healthtech and EdTech sectors of these risks. Telemedicine, it noted, creates risks to doctor-patient confidentiality when virtual platforms involve commercial enterprises. Similarly, e-learning and educational technology platforms can capture sensitive information about students’ learning disabilities and other behavioural issues.
Artificial intelligence also presents fundamental challenges to privacy principles laid out in the Personal Information Protection and Electronic Documents Act (PIPEDA), the report claimed. PIPEDA governs how private sector organizations collect, use, and disclose personal information in the course of commercial business.
RELATED: Coveo CEO Louis Têtu believes tech will emerge victorious from COVID-19
The report said responsible innovation involving artificial intelligence systems must take place in a regulatory environment that respects fundamental rights and creates the conditions for trust in the digital economy. The commissioner noted that PIPEDA should establish stronger digital privacy and data-collection rights for Canadians.
The commissioner also cited his office’s review of the COVID Alert exposure notification app as an example of how privacy respectful practices can be built into the design of an initiative to achieve public health goals.
The concept for the federal government’s contact tracing app was initially met with backlash over its privacy implications and risks for Canadians who chose to use it. In July, the office of the privacy commissioner (OPC) said it was “satisfied” that the design of the COVID Alert app meets all the privacy principles.
Despite the OPC’s satisfaction with the app, its latest report noted that the pandemic is still underscoring how good privacy protection must be a legal requirement, rather something the government and companies are free to do if they wish.
The report argued that Canada still needs to reform its privacy legislation, which has not been updated since 2015 – putting it behind the United Kingdom, the European Union, and New Zealand, among others.
The OPC noted seven specific features it would like to see reflected in the country’s privacy laws:
- Defining privacy as a human right
- Rule-making authority in privacy legislation
- Demonstrable accountability
- Order-making powers
- Administrative monetary penalties
- Private right of action
“Federal laws are simply not up to protecting our rights in our rapidly evolving digital environment,” added Therrien. “Privacy and the pursuit of public health and economic recovery are not contradictory. They can, and must be, achieved concurrently.”
Image source Unsplash. Photo by Jae Park.