Fix Privacy in Canada

There’s one simple reason why private companies and public bodies can keep violating our privacy: the Privacy Commissioner in charge of overseeing our privacy laws in Canada has no enforcement power to punish them.

Again and again, we suffer from careless data breaches and bad actors who get away with stealing our personal information because they know our privacy laws are incapable of protecting us. No improvements to our laws will matter so long as our watchdog has no teeth. But if enough of us raise our voice to demand change, we can get the law to start working to defend us.

Sign the petition calling for the Canadian government to give the Privacy Commissioner of Canada the power to enforce Canada’s privacy laws!

To: Prime Minister Justin Trudeau, Minister of Innovation, Science, and Economic Development François-Philippe Champagne, and President of the Treasury Board Jean-Yves Duclos

I’m calling on the federal government to introduce immediate reforms that give the Privacy Commissioner of Canada the full powers necessary to enforce Canada’s privacy laws for the private and public sectors. This means legally-binding Order making powers and the ability to levy fines that are significant and flexible.

Over the past few years, repeated incidents have shown that our current legal framework is inadequate in providing protections against data breaches and bad actors who seek to use our personal information in ways that counteract our laws and values. It is time for the government to keep its promise and to stand up for Canadians by giving our Privacy Commissioner the enforcement powers they need.

This campaign is hosted by OpenMedia. We will protect your privacy, and keep you informed about this campaign and others. Find OpenMedia's privacy policy here.

Why do we need to fix our privacy laws? 

This is actually pretty straightforward: The Privacy Commissioner of Canada, who oversees our privacy laws, must have the power to enforce the laws and give penalties to those who violate them. It’s that simple. That way, when our privacy is violated, someone will be charged with and able to fix the problem. 

Over the last year, our community has fought a number of violations of our privacy, including: 

  • Clearview AI making nearly every person in Canada a suspect in criminal investigations through their facial recognition technology.1,2
  • The medical laboratory company, LifeLabs, breaching the personal information of 15 million Canadians.3
  • Statistics Canada collecting the sensitive financial information of Canadians without their consent.4

Without meaningful independent enforcement powers for the Privacy Commissioner, our community is largely alone in this fight; citizens need to file personal or collective lawsuits against the companies themselves, and we don’t have to tell you who has the deep pockets to win those cases. 

Okay, so there’s a privacy enforcement problem. But how big is it, and does it really affect me?

At the end of 2018, private sector organizations began having to report their data breaches to the Office of the Privacy Commissioner of Canada. At the end of 2019, after only one complete year of reporting, they learned that more than 28 million Canadians had their personal information breached in that time alone.5

That’s a snapshot of how bad the problem is in the private sector. We don’t even know what’s happening in the public sector. And we have no idea what happened prior to 2018. 

Wondering if you’ve been impacted by a data breach? You can find out by entering your email address on the website linked in this footnote.6

So there’s a problem and it affects me. Now what?

Now we get as many as people as possible to sign this petition to demand that the federal government gives the Office of the Privacy Commissioner the enforcement powers it needs to protect our privacy!

This is what we’ve been promised and it’s not revolutionary. In the United States, the Federal Trade Commission has the power to impose fines on bad actors. In 2019, they imposed a $5 billion fine on Facebook.7

In the United Kingdom, the Information Commissioner’s Office can also impose fines for privacy violations. For example, in October of 2020, they levied a fine of £20 million against British Airways.8

And right here in Canada, British Columbia’s Privacy Commissioner has the ability to issue legally binding orders against public bodies. As of writing, in late October, they’ve issued 45 so far this year against entities like government ministries, public universities, and crown corporations.9

Our federal government shouldn’t be the last government to take our privacy seriously. By giving the Office of the Privacy Commissioner enforcement powers, we’ll make sure the private sector complies with our privacy laws, and demand more accountability and transparency from our public bodies.

Great! I’m onboard. What can I do?

Sign the petition, and share it with your networks! We need as many people as possible to speak out if we’re going to fix privacy in Canada.


  1. Take back your data from Clearview AI - OpenMedia
  2. Ban police use of facial recognition technology in Canada - OpenMedia
  3. LifeLabs data breach: We need action! - OpenMedia
  4. Good news: Privacy wins in Statistics Canada case - OpenMedia
  5. A full year of mandatory breach reporting: What we’ve learned and what businesses need to know - Office of the Privacy Commissioner of Canada
  6. Have I been pwned? - Troy Hunt
  7. FTC imposes $5 billion penalty and sweeping new privacy restrictions on Facebook - Federal Trade Commission
  8. ICO fines British Airways £20m for data breach affecting more than 400,000 customers - Information Commissioner's Office
  9. Orders - Office of the Information and Privacy Commissioner of BC

Press: Matt Hatfield | Phone: +1 (888) 441-2640 ext. 1  | [email protected]