Week of 2025-03-10
Transparency and Access to Information for the 21st Century: My Commitment
Caroline Maynard | Information Commissioner of Canada
On March 3, 2025, Caroline Maynard began her second term as Canada's Information Commissioner, reaffirming her dedication to enhancing transparency and access to information for Canadians. She emphasized the need to modernize the Access to Information Act, originally enacted in 1983, to align with contemporary standards and technological advancements. Maynard also highlighted the importance of improving information management practices within government institutions to ensure timely responses to information requests. Her commitment reflects a broader effort to uphold Canadians' quasi-constitutional right to access government records, thereby strengthening accountability and public trust.
N.S. information commissioner says government bill threatens right to access records
Michael Tutton | CBC News
Nova Scotia's Information Commissioner, Tricia Ralph, has expressed concerns over proposed amendments to the province's freedom of information legislation, suggesting they could undermine public access to government records. The amendments would permit government departments to reject information requests deemed "trivial, frivolous, or vexatious," a characterization Ralph believes is overly broad and could lead to unjust refusals. Additionally, the requirement for applicants to provide detailed specifics, such as exact times or locations, may impose undue burdens on those seeking information. Ralph has called for the withdrawal of these amendments to allow for comprehensive consultations, emphasizing the potential risks they pose to transparency and government accountability.
European Privacy Regulators Issue Guidance on Age Assurance
Nikolaos Theodorakis | Tom Evans | Laura Brodahl | Matthew Nuding | Wilson Sonsini
On February 11, 2025, the European Data Protection Board (EDPB) issued a statement outlining ten principles for age assurance processes to protect minors online while ensuring compliance with data protection laws. These principles emphasize the necessity and proportionality of age assurance methods, recommending that organizations conduct both Child Rights Impact Assessments and Data Protection Impact Assessments to evaluate potential risks. The EDPB also highlights the importance of purpose limitation, data minimization, and the effectiveness of age assurance techniques. This guidance aims to harmonize age assurance practices across the EU, balancing the protection of children's rights with adherence to data protection standards
Apple launches 'age assurance' tech as US states mull social media laws
Stephen Nellis | Reuters
Apple has introduced an "age assurance" feature enabling parents to share their children's age ranges with app developers without disclosing exact birthdates or sensitive information. This initiative aims to enhance children's online safety while preserving user privacy. The move comes as several U.S. states, including Utah and South Carolina, debate legislation requiring app stores to verify users' ages and obtain parental consent for minors. Apple's approach allows parents to control their children's age information, aligning with its stance against app stores collecting extensive personal data from all users for age verification purposes.
Ontario Law Commission releases background on artificial intelligence human rights impact assessment
Jacqueline So | Law Times
The Law Commission of Ontario (LCO), in collaboration with the Ontario Human Rights Commission (OHRC), has released a background paper on the Human Rights AI Impact Assessment (HRIA) tool introduced in November 2024. This tool, grounded in Canadian human rights law, is designed to assist organizations in evaluating and mitigating potential biases and discrimination in artificial intelligence (AI) systems throughout their development and deployment. The HRIA emphasizes the importance of integrating human rights considerations at every stage of an AI system's lifecycle, encouraging the involvement of human rights experts and diverse communities. The LCO acknowledges that while many Canadian organizations have developed AI governance models addressing data security and privacy, explicit consideration of human rights is often lacking. The HRIA aims to fill this gap, serving as a component of a comprehensive AI governance strategy that includes legislation, regulations, auditing, and oversight mechanisms.
UK probes TikTok, Reddit over children's personal data practices
Mrinmay Dey | Angela Christy M | Reuters
The UK's Information Commissioner's Office (ICO) has initiated investigations into TikTok, Reddit, and Imgur concerning their handling of children's personal data. The probe focuses on how TikTok utilizes data from users aged 13 to 17 to recommend content, aiming to ensure that their algorithms do not expose minors to harmful material. Reddit and Imgur are under scrutiny for their methods of age verification and data protection practices related to younger users. This action follows a previous £12.7 million fine imposed on TikTok in 2023 for mishandling children's data. The ICO emphasizes the importance of robust safeguards to protect children's privacy and prevent potential harm from inappropriate content exposure.
Australian tax agency to implement audit report’s recommendations on AI governance
Jack Aldane | Global Government
The Australian Taxation Office (ATO) has agreed to implement all seven recommendations from a recent audit by the Australian National Audit Office (ANAO) aimed at enhancing its artificial intelligence (AI) governance. The audit identified the need for the ATO to refine its AI governance framework, aligning its automation and AI strategy with broader program and project management requirements. The ATO's commitment to these recommendations underscores its dedication to managing taxpayer data with integrity and ensuring ethical decision-making in its AI applications.
Canada launches federal government strategy for AI
Government of Canada
On March 4, 2025, the Honourable Ginette Petitpas Taylor, President of the Treasury Board, unveiled Canada's inaugural Artificial Intelligence (AI) Strategy for the federal public service at the University of Waterloo. This strategy focuses on four key areas: establishing an AI Centre of Expertise to coordinate government-wide AI initiatives; ensuring the secure and responsible use of AI systems; providing training and talent development pathways; and building trust through openness and transparency in AI usage. Developed through extensive consultations with stakeholders and the public, the strategy aims to enhance government operations and digital services for Canadians, reinforcing ethical and inclusive AI practices. The government plans to update the strategy every two years to ensure its continued relevance and responsiveness.
Ontario’s toothless school cellphone ban isn’t working. It’s time to rethink it
Katherine Martinko | The Globe and Mail
Ontario's recent attempts to enforce a classroom cellphone ban have encountered challenges, with reports indicating inconsistent implementation and enforcement across schools. While some educators observe increased student engagement and focus due to reduced distractions, others highlight difficulties in uniformly applying the ban, leading to varied outcomes. A national survey reveals that nearly 80% of Canadians support such bans, though younger demographics and parents of school-aged children show comparatively less support. Experts suggest that for these bans to be effective, clear guidelines, consistent enforcement, and the involvement of all stakeholders—including teachers, students, and parents—are essential.
Communications Security Establishment Canada releases 2025 update to report on cyber threats to Canada’s democratic process
Government of Canada
The Communications Security Establishment Canada (CSE) has released its 2025 update on cyber threats to Canada's democratic process, highlighting the increasing use of artificial intelligence (AI) by foreign adversaries to target elections globally, including in Canada. The report indicates that AI technologies have become more powerful and accessible over the past two years, enabling foreign actors, particularly those affiliated with Russia and the People's Republic of China (PRC), to create and disseminate disinformation, harass politicians, and enhance cyber espionage activities. These adversaries are leveraging AI to flood information environments with false content, utilizing generative AI to produce viral disinformation, and employing AI-driven social botnets to amplify their reach. Despite these evolving threats, the CSE assesses that it is very unlikely AI-enabled activities will fundamentally undermine the integrity of Canada's next general election. The agency continues to collaborate with federal partners to safeguard democratic processes and provides guidance to Canadians through initiatives like the Get Cyber Safe campaign to promote online safety.
UK revisits proposal to make a ‘vast police database’ from driving licenses
Lu-Hai Liang | Biometric Update
The UK government is advancing the Crime and Policing Bill, which proposes granting police forces access to the Driver and Vehicle Licensing Agency's (DVLA) database, encompassing personal details and photographs of approximately 50 million drivers. This initiative aims to enhance law enforcement capabilities by enabling facial recognition searches to identify individuals involved in criminal activities. However, privacy advocates, such as Big Brother Watch, express concerns that this could lead to a vast facial recognition database, potentially infringing on individual privacy rights and increasing the risk of misidentification. They argue that citizens have not consented to their driver's license photos being repurposed for such surveillance measures.
Supreme Court of Canada moving away from social media platform X
CTV News
The Supreme Court of Canada has announced its decision to discontinue the use of the social media platform X (formerly Twitter). This move aligns with actions taken by other Canadian institutions, such as the City of Ottawa, which has debated similar measures. The decision reflects growing concerns about content moderation and the dissemination of misinformation on social media platforms.
EPIC Signs Coalition Letter Seeking to Preserve Independent Agencies
EPIC
On February 25, 2025, the Electronic Privacy Information Center (EPIC), along with numerous organizations, sent a coalition letter to President Trump expressing alarm over actions perceived to undermine the autonomy of independent agencies. The letter specifically addresses concerns about the dismissal of Democratic-appointed commissioners and an Executive Order that could place independent agencies, such as the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC), under direct presidential control. The coalition emphasizes that Congress established these agencies to function without political interference, ensuring unbiased oversight. EPIC also issued a statement condemning the Executive Order "Ensuring Accountability for All Agencies," highlighting the crucial role these bodies play in safeguarding sensitive data and protecting civil liberties.
How Canada dodged the biggest crypto hack in history
Claire Brownell | The Logic
In February 2025, Bybit, one of the world's largest cryptocurrency exchanges, suffered a significant security breach resulting in the theft of approximately US$1.5 billion in Ethereum, reportedly orchestrated by North Korean hackers. Canadian users were largely unaffected by this incident, as Bybit had exited the Canadian market in 2023 following increased regulatory scrutiny from Canadian securities authorities. This regulatory environment emphasizes the importance of robust cybersecurity measures and compliance protocols to protect investors and maintain market integrity.
Privacy Commissioner announces winners of first Privacy and Human Rights Awards
Office of the Privacy Commissioner of Canada
The Privacy Commissioner of Canada, Philippe Dufresne, has announced the winners of the first-ever Global Privacy and Human Rights Award, recognizing outstanding efforts in protecting digital privacy and fundamental human rights. The 5Rights Foundation and Internet Freedom Foundation were named co-winners at RightsCon in Taipei, Taiwan. 5Rights Foundation was honored for its work in advocating for children’s digital privacy protections, including the UK’s Children’s Code and California’s Age-Appropriate Design Code. The Internet Freedom Foundation, based in India, was recognized for its litigation and advocacy against excessive surveillance, particularly regarding sanitation workers and student ID tracking systems.
Integrity commissioner’s final chapter closes with some loose ends
Colin D’Mello | Global News
Ontario's Integrity Commissioner, J. David Wake, is set to retire after an eight-year tenure marked by significant investigations, including a notable report on the Ford government's handling of the Greenbelt, which led to resignations and policy reversals. As his term concludes, some inquiries remain unresolved, raising concerns about the continuity of oversight and the timely completion of ongoing investigations. The province is actively seeking a successor to uphold the standards of accountability and transparency established during Wake's tenure. This transition period underscores the importance of maintaining robust ethical oversight within Ontario's political landscape.
Swedish authorities seek backdoor to encrypted messaging apps
Suzanne Smalley | The Record
Swedish law enforcement and security agencies are advocating for legislation that would compel encrypted messaging platforms, such as Signal and WhatsApp, to implement technical backdoors, granting authorities access to user communications. In response, Signal Foundation President Meredith Whittaker has stated that the company would withdraw from the Swedish market rather than compromise its encryption standards. The Swedish Armed Forces have also expressed concerns, suggesting that such backdoors could introduce vulnerabilities exploitable by malicious actors. This development mirrors similar debates in other countries, such as the UK's recent demands for backdoor access to encrypted data, highlighting the ongoing tension between national security interests and individual privacy rights.
Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US
Suzanne Smalley | The Record
U.S. Director of National Intelligence Tulsi Gabbard has expressed significant concerns regarding the U.K. government's secret order compelling Apple to create a backdoor into its encrypted iCloud services. In a letter to U.S. lawmakers, Gabbard labeled the demand a "clear and egregious violation of Americans' privacy and civil liberties," highlighting potential vulnerabilities exploitable by adversarial actors. She further noted that such actions could strain intelligence-sharing agreements between the U.S. and the U.K., as they may conflict with the existing CLOUD Act Agreement, which restricts either country from demanding data about the other's citizens. In response, Apple has withdrawn its Advanced Data Protection feature from the U.K. market rather than comply with the order. Gabbard has initiated a review involving multiple U.S. intelligence agencies to assess the implications of the U.K.'s request and plans to engage with British officials to address these concerns.
