Canada privacy regulators emphasize importance of data protection for digital ID
Data privacy regulators in Canada have, in a resolution, called on state governments to place a premium on data protection as the country develops its digital ID ecosystem.
The advocates, drawn from federal, provincial and territorial privacy regulation institutions, hold that while digital identity systems come with a litany of benefits, it is worthwhile for government authorities to put in place guardrails that guarantee data privacy, security, transparency and accountability.
It is only through this, they add, that digital ID can be widely adopted by citizens and trusted for access to certain public services, according to an announcement.
Underscoring the importance of data privacy and trust, Canada’s Privacy Commissioner Philippe Dufresne said: “The development and implementation of a digital ID ecosystem is a tremendous opportunity to demonstrate how innovation and privacy protection can coexist.”
“By identifying, understanding and mitigating privacy concerns at the outset, governments and stakeholders will engender trust among Canadians and show their commitment to privacy as a fundamental right,” adds Dufresne.
Among other things, the privacy commissioners define what the digital ID ecosystem properties should be, individual rights and remedies to be considered, as well as issues of governance and oversight.
On individual rights, for instance, the resolution recommends that individual participation in a digital identity ecosystem should be voluntary and optional; that individuals should be in control of their personal information, and that redress to an independent body with adequate resources and powers should be provided for individuals in the event of rights violations.
According to the commissioners, government should be open and transparent enough about the defined purposes of the digital identity systems, what personal information will be used, how and by whom; and must also work to establish clear accountability mechanisms to meet transparency and privacy obligations, including providing authority and resources for regulators to exercise adequate oversight and impose appropriate penalties for non-compliance.
In June, Canada proposed draft legislation for data privacy and protection.