As a result of their deliberations, committees may make recommendations which they include in their reports for the consideration of the House of Commons or the Government. Recommendations related to this study are listed below.

Recommendation 1 on the principle of consent:

That consent remain the core element of the privacy regime, but that it be enhanced and clarified by additional means, when possible or necessary.

Recommendation 2 on opt-in consent by default:

That the Government of Canada propose amendments to the Personal Information Protection and Electronic Documents Act to explicitly provide for opt-in consent as the default for any use of personal information for secondary purposes, and with a view to implementing a default opt-in system regardless of purpose.

Recommendation 3 on algorithmic transparency:

That the Government of Canada consider implementing measures to improve algorithmic transparency.

Recommendation 4 on the revocation of consent:

That the Government of Canada study the issue of revocation of consent in order to clarify the form of revocation required and its legal and practical implications.

Recommendation 5 on the Regulations Specifying Publicly Available Information:

That the Government of Canada modernize the Regulations Specifying Publicly Available Information in order to take into account situations in which individuals post personal information on a public website and in order to make the Regulations technology-neutral.

Recommendation 6 on legitimate business interests:

That the Government of Canada consider amending the Personal Information Protection and Electronic Documents Act in order to clarify the terms under which personal information can be used to satisfy legitimate business interests.

Recommendation 7 on depersonalized data:

That the Government of Canada examine the best ways of protecting depersonalized data.

Recommendation 8 on financial crimes:

a)    That paragraph 7(3)(d.2) of the Personal Information Protection and Electronic Documents Act be amended to replace the term “fraud” with “financial crime.”

b)   That the definition of “financial crime” in the Act include:

• fraud;
• criminal activity and any predicate offence related to money laundering and terrorist financing;
• all criminal offences committed against financial service providers, their customers or their employees;
• the contravention of laws of foreign jurisdictions, including those relating to money laundering and terrorist financing.

Recommendation 9 on specific rules of consent for minors:

That the Government of Canada consider implementing specific rules of consent for minors, as well as regulations governing the collection, use and disclosure of minors’ personal information.

Recommendation 10 on data portability:

That the Government of Canada amend the Personal Information Protection and Electronic Documents Act to provide for a right to data portability.

Recommendation 11 on the right to erasure:

That the Government of Canada consider including in the Personal Information Protection and Electronic Documents Act a framework for a right to erasure based on the model developed by the European Union that would, at a minimum, include a right for young people to have information posted online either by themselves or through an organization taken down.

Recommendation 12 on the right to de-indexing:

That the Government of Canada consider including a framework for the right to de-indexing in the Personal Information Protection and Electronic Documents Act and that this right be expressly recognized in the case of personal information posted online by individuals when they were minors.

Recommendation 13 on the destruction of personal information:

That the Government of Canada consider amending the Personal Information Protection and Electronic Documents Act to strengthen and clarify organizations’ obligations with respect to the destruction of personal information.

Recommendation 14 on privacy by design:

That the Personal Information Protection and Electronic Documents Act be amended to make privacy by design a central principle and to include the seven foundational principles of this concept, where possible.

Recommendation 15 on the Privacy Commissioner’s enforcement powers:

That the Personal Information Protection and Electronic Documents Act be amended to give the Privacy Commissioner enforcement powers, including the power to make orders and impose fines for non-compliance.

Recommendation 16 on the Privacy Commissioner’s audit powers:

That the Personal Information Protection and Electronic Documents Act be amended to give the Privacy Commissioner broad audit powers, including the ability to choose which complaints to investigate.

Recommendation 17 on the criteria to determine the adequacy status of the Personal Information Protection and Electronic Documents Act under the General Data Protection Regulation:

That the Government of Canada work with its European Union counterparts to determine what would constitute adequacy status for the Personal Information Protection and Electronic Documents Act in the context of the new General Data Protection Regulation.

Recommendation 18 on legislative amendments required to maintain the adequacy status:

a)   That the Government of Canada determine what, if any, changes to the Personal Information Protection and Electronic Documents Act will be required in order to maintain its adequacy status under the General Data Protection Regulation; and

b)   That, if it is determined that the changes required to maintain adequacy status are not in the Canadian interest, the Government of Canada create mechanisms to allow for the seamless transfer of data between Canada and the European Union.

Recommendation 19 on the collaboration with provinces and territories:

That the Government of Canada work with the provinces and territories to make sure that all relevant jurisdictions are aware of what would be required for adequacy status to be granted by the European Union.