Canadian privacy law

[5] Throughout the late 1990s and 2000s, privacy legislation placed restrictions on the collection, use and disclosure of information by provincial and territorial governments and by companies and institutions in the private sector.

The Privacy Act, passed in 1983[6] by the Parliament of Canada, regulates how federal government institutions collect, use and disclose personal information.

The Act and its equivalent legislation in most provinces are the expression of internationally accepted principles known as "fair information practices."

The main purposes of the Act were to provide citizens with the right of access to information under the control of governmental institutions.

It also specifies limits to the rights of access given to individuals, prevents the unauthorized collection, use or disclosure of personal information by public bodies, and redefines the role of the Privacy Commissioner of Canada.

In recent years, there have been numerous calls for reform as PIPEDA is considered outdated and unable to address AI effectively.

[10] PIPEDA includes and creates provisions of the Canadian Standards Association's Model Code for the Protection of Personal Information, developed in 1995.

In January 2012, the Ontario Court of Appeal declared that the common law in Canada recognizes a right to personal privacy, more specifically identified as a "tort of intrusion upon seclusion",[17] as well as considering that appropriation of personality is already recognized as a tort in Ontario law.