CBSA’s use of commercial genetic genealogy in a deportation case contravenes the Privacy Act
The Office of the Privacy Commissioner of Canada (OPC) investigated a complaint that the Canada Border Services Agency (CBSA) contravened the Privacy Act by collecting and using DNA from a complainant for genetic genealogy analysis to determine his nationality for deportation purposes. The OPC found that the CBSA contravened the Act by failing to obtain valid authorization for the indirect collection of the complainant's genetic information from FamilyTreeDNA (FTDNA), by improperly disclosing his personal information to other FTDNA users, and by failing to adequately describe the collection of relatives' genetic information in its public notices (PIBs).
- Was the CBSA's collection of genetic genealogy information directly related to its operations?
- Was the authorization for indirect collection from FTDNA valid?
- Did incidental disclosures of personal information contravene the Act?
- Were the transparency obligations under Section 11 met?
Complaint well-founded in part and conditionally resolved in part.
The OPC found contraventions of the collection, disclosure, and transparency provisions of the Privacy Act, specifically related to the indirect collection of DNA data from a third-party company and subsequent disclosures. The complaint was conditionally resolved as the CBSA committed to implementing corrective actions.
AI-generated summary for reference only. Always verify against the official decision ↗
The OPC recommended that the CBSA close any active genetic genealogy accounts it controls or inform the individuals to take control, and institute robust structures to assess and control novel collection and disclosure of high-risk biometric personal information. The CBSA committed to implementing these recommendations.
- s. 4 Privacy Act
- s. 5 Privacy Act
- s. 8 Privacy Act
- s. 11 Privacy Act
This summary is informational only and not legal advice.