Protecting privacy in a pandemic
This Special Report to Parliament details the OPC's investigations into federal government privacy practices during the COVID-19 pandemic. It examined vaccine mandates for travel and employment, the ArriveCAN app, and the use of mobility data. While most government measures complied with the Privacy Act, the OPC identified areas for improvement, including the need for clearer objectives in mandates and better documentation of less privacy-intrusive alternatives. An error in the ArriveCAN app led to incorrect quarantine notifications, and a PIPEDA investigation found a private company misused a traveller's contact information for marketing.
- Compliance of COVID-19 measures with the Privacy Act
- Necessity and proportionality of personal information collection
- Accuracy of personal information used in administrative decisions (ArriveCAN)
- Use of de-identified mobility data and PIPEDA compliance
Investigations generally found compliance with the Privacy Act, with some exceptions and recommendations for improvement.
The report indicates that while most government measures complied with the Privacy Act, several investigations identified weaknesses in the assessment and documentation of privacy impacts, or specific instances of non-compliance, such as the ArriveCAN error. Recommendations were made, and while some institutions have agreed, others have not fully committed, leading to a conditionally resolved status for some findings.
AI-generated summary for reference only. Always verify against the official decision ↗
Recommendations were made to federal institutions regarding clearer objectives, better documentation of privacy assessments, and addressing specific compliance issues, such as the ArriveCAN data correction.
- s. 39(1) Privacy Act
- Privacy Act
- s. 6 Privacy Act
- s. 7 Privacy Act
- s. 8 Privacy Act
- s. 10 Privacy Act
- s. 11 Privacy Act
- PIPEDA
- Quarantine Act
- Emergencies Act
This summary is informational only and not legal advice.