Overview

We are improving privacy protections for Ontarians by setting rules for how organizations can collect, use and disclose personal information.

Our goal is to help ensure that the public can confidently:

  • participate in the digital economy
  • use the digital platforms they rely on to buy goods and services
  • stay connected with their community
  • do business in Ontario

Privacy rules require organizations to be transparent about:

  • what personal information they collect
  • how they use it
  • what personal information they disclose to third parties

Privacy rules also require organizations to safeguard the personal information in their custody and notify individuals and oversight bodies if there is a privacy breach that could result in significant harm to individuals.

Learn how we’re proposing to better protect your privacy.

How to participate

There are different ways for you to participate.

Online survey

The consultation is now closed – it ran from August 13th to October 16th, 2020.

Virtual townhall sessions

We held virtual townhall sessions to discuss how to improve private sector privacy laws in Ontario. Sessions were held on:

  • Monday, October 5, 2020, from 1:00 p.m. to 3:30 p.m. EST
  • Tuesday, October 13, 2020, from 1:00 p.m. to 3:30 p.m. EST

For industries, technical experts and impacted stakeholders

Written submissions

We invited technical experts and organization representatives to:

  • submit a formal response to us about how we can improve privacy protections in the private sector
  • submit on Ontario’s Regulatory Registry

Direct outreach

We will also consult with industries and other impacted stakeholders regarding technical, legal and operational elements of modernizing privacy for a digital world.

Improving privacy law

We are exploring specific proposals to improve private sector privacy protections for Ontarians. These proposals aim to:

  • address gaps in the existing legislation
  • put in place comprehensive, up-to-date and robust rules that will protect privacy rights and increase confidence in digital services

We want Ontarians to have more access and control over their own privacy when interacting with business and organizations, by being:

  • better informed about how their personal information is used, and what they are agreeing to when providing it
  • able to withdraw consent and retrieve their data more easily
  • certain that Ontario’s businesses will uphold their privacy even in the use of new technologies and digital business models

Proposals

  1. Increased transparency for individuals, providing Ontarians with more detail about how their information is being used by businesses and organizations
  2. Enhanced consent provisions allowing individuals to revoke consent at any time, and adopting an “opt-in” model for secondary uses of their information
  3. Right for individuals to request information related to them be deleted, subject to limitations (this is otherwise known as “Erasure” or “the right to be forgotten”)
  4. Right for individuals to obtain their data in a standard and portable digital format, giving individuals greater freedom to change service providers without losing their data (this is known as “Data Portability”)
  5. Increased enforcement powers for the Information and Privacy Commissioner to ensure businesses comply with the law, including the ability to impose penalties
  6. Introducing requirements for data that has been de-identified and derived from personal information to provide clarity of applicability of privacy protections
  7. Expand the scope and application of the legislative framework beyond the private sector and commercial organizations, and
  8. Create a legislative framework to enable the establishment of data trusts for privacy protective data sharing.

About privacy law

In Ontario, there are currently several different privacy laws that apply to various jurisdictions. They include the:

  • Personal Information and Electronic Documents Act (PIPEDA) for businesses
  • Ontario Freedom of Information and Protection of Privacy Act (FIPPA) for provincial public sector organizations, such as the provincial government, select provincial agencies, hospitals, universities and colleges
  • Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) for municipal public sector entities, such as municipalities, school boards, transit commissions and police service boards
  • Personal Health Information Protection Act (PHIPA) for health organizations, such as hospitals, long-term care facilities and pharmacies

Some common examples of personal information that these different organizations could collect include:

  • home address
  • telephone numbers
  • email address
  • date of birth
  • educational history

Privacy issues and risks

A privacy breach, also commonly known as a leak, occurs when personal information held by an organization has been inappropriately accessed, used or stolen from the organization.

Privacy breaches can result from:

  • cyberattacks
  • employees using their own credentials to inappropriately access or steal personal information
  • improper administrative, technical and physical safeguards at the organization

The overcollection, overuse or inappropriate disclosure of personal information in public places, commercial spaces, the home and workplaces can also compromise an individual’s right to privacy. It can infringe on people’s ability to communicate, organize and associate freely. For example:

  • Use of facial recognition technology, cellular signal interception, or automatic tracking by GPS-enabled devices can significantly reduce or effectively eliminate privacy about individuals’ whereabouts
  • Many smart home devices suffer from security vulnerabilities, and can capture and transmit sensitive personal information which may be vulnerable to monitoring and misuse (for example, interception of audio and video feeds).

Your privacy matters

We are requesting your feedback in order to help us understand the privacy concerns of Ontarians and how to best address these concerns through policy, law or regulation.

This feedback will be used by the Ministry of Government and Consumer Services to help us develop a privacy protection framework for Ontario that meets your needs.

For questions on how information collected on this page will be used, please contact us:

Manager of Access and Privacy Strategy and Policy Unit
Ministry of Government and Consumer Services
Enterprise Recordkeeping, Access and Privacy Branch
access.privacy@ontario.ca

Updated: June 18, 2021
Published: August 13, 2020