Information and Privacy Commissioner of Ontario

The Office of the Information and Privacy Commissioner of Ontario (IPC) is an independent oversight body established to uphold and promote open government and the protection of personal privacy within the province of Ontario, Canada. Headquartered in Toronto, Ontario, the IPC operates autonomously from the government, reporting directly to the Legislative Assembly of Ontario.

The IPC's core mandate involves overseeing compliance with Ontario's access and privacy laws, specifically the Freedom of Information and Protection of Privacy Act (FIPPA), the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), and the Personal Health Information Protection Act (PHIPA). Its services include resolving access to information appeals and complaints, investigating privacy complaints, ensuring compliance with these acts by public institutions and healthcare providers, educating the public on their rights, conducting research on access and privacy issues, and providing expert advice on proposed government legislation and programs.

Patricia Kosseim has served as the Commissioner since July 1, 2020. In recent developments, the IPC has actively addressed the responsible use of artificial intelligence, releasing joint principles with the Ontario Human Rights Commission for AI in the public sector and new guidance on AI scribes to protect patient privacy in early 2026. The Commissioner has also voiced strong concerns regarding recent legislative changes by the Ontario government to FIPPA, warning that these amendments, passed in April 2026, would significantly weaken privacy protections, transparency, and independent oversight by retroactively limiting public access to records of the premier, cabinet ministers, and their staff. The IPC continues to advocate for the modernization of Ontario's access and privacy legislation.

Latest updates

Ontario and British Columbia Privacy Commissioners Issue Joint Statement on FIFA World Cup Surveillance

Event summary

  • The Information and Privacy Commissioner of Ontario and British Columbia issued a joint statement on May 4, 2026, outlining privacy principles for the FIFA World Cup 2026.
  • The statement emphasizes the need for legally authorized, necessary, and proportionate use of surveillance technologies during the event.
  • Surveillance installations must be time-limited and video footage securely destroyed post-event to prevent misuse.
  • Clear roles and responsibilities must be delineated among municipalities, police services, and other agencies involved in the event.

The big picture

The joint statement underscores the growing scrutiny on privacy and surveillance practices during major global events. It reflects broader industry trends towards stricter governance and accountability in data handling, particularly in the context of international sporting events. The principles outlined aim to balance security needs with the protection of individual privacy rights, setting a precedent for future mega-events.

What we're watching

Compliance Adherence
Whether municipalities and police services will fully adhere to the outlined privacy principles during the FIFA World Cup 2026.
Surveillance Legacy
The pace at which surveillance technologies deployed for the event will be dismantled post-event to prevent permanent installations.
Data Security
How effectively video footage and personal information will be secured and destroyed to prevent misuse or unauthorized access.

Ontario IPC Challenge Signals Growing AI Transparency Scrutiny

Event summary

  • The Information and Privacy Commissioner of Ontario (IPC) has launched Transparency Challenge 3.0, inviting public institutions to submit projects advancing open data, access to information, and transparency.
  • The challenge deadline is June 8, 2026, with selected projects to be showcased later in the fall.
  • This year's challenge specifically encourages submissions related to AI transparency disclosures.
  • The initiative is part of a broader IPC strategy to enhance public trust and respect for access to information rights.

The big picture

The Transparency Challenge highlights a growing trend of increased scrutiny on government transparency and data governance, particularly in the context of emerging technologies like AI. This initiative, coupled with international collaborations like the ICIC’s work on environmental information, reflects a broader movement towards greater accountability and public oversight of public sector operations. The challenge's focus on AI transparency is particularly noteworthy given the rapid adoption of AI across various public services and the associated privacy and ethical concerns.

What we're watching

AI Governance
The explicit focus on AI transparency disclosures signals increasing regulatory pressure on public sector AI deployments, potentially impacting adoption timelines and project costs.
Public Trust
The IPC's continued emphasis on transparency suggests a broader effort to rebuild public trust in government institutions, which could influence future policy decisions and resource allocation.
Implementation Lag
The success of the challenge will depend on the willingness of public institutions to actively participate and implement the showcased practices, potentially revealing gaps in organizational capacity and political will.

Ontario Moves to Shield Premier's Records from FOI Scrutiny

Event summary

  • Ontario's government is proposing changes to the Freedom of Information and Protection of Privacy Act (FIPPA) to exclude records held by the premier, cabinet ministers, and their staff.
  • The proposed changes would apply retroactively, impacting records already held.
  • The Information and Privacy Commissioner of Ontario (IPC) argues this move diminishes public access rights and is not a genuine modernization effort.
  • In 2024, Ontario processed 27,344 FOI requests, with only 4% originating from media outlets.
  • The move follows scrutiny related to the Greenbelt matter, highlighting concerns about record management practices.

The big picture

This proposed change represents a significant rollback of transparency and accountability in Ontario's government, potentially setting a precedent for other jurisdictions. The move is likely a response to intense scrutiny following the Greenbelt controversy, but it risks further eroding public trust and creating a climate of secrecy. The retroactive application of the changes is particularly concerning, as it suggests an attempt to shield past actions from public review.

What we're watching

Political Backlash
The extent of public and opposition party pushback will determine whether the government proceeds with the changes or modifies the proposal.
Legal Challenges
The IPC or advocacy groups may initiate legal challenges arguing the changes violate constitutional principles or existing legal precedent.
Cybersecurity Risk
The absence of FIPPA's safeguards will likely increase the risk of data breaches and unauthorized access to sensitive government information held on personal devices.

Ontario Government Seeks to Shield Records Amidst Privacy Oversight Dispute

Event summary

  • The Ontario government is proposing amendments to the Freedom of Information and Protection of Privacy Act (FIPPA).
  • Key changes would prevent public access to records held by the Premier, cabinet ministers, and political staff.
  • The government is appealing a court ruling that upheld the Information and Privacy Commissioner's order to release the Premier's cellphone call logs.
  • Proposed amendments would also weaken privacy protections and diminish the oversight role of the Information and Privacy Commissioner regarding data integration.
  • Further changes would allow government employees to retain email accounts containing sensitive data upon job changes, increasing privacy breach risk.

The big picture

The proposed changes represent a significant shift towards reduced government transparency and accountability, potentially setting a precedent for other jurisdictions. This move, coupled with the appeal of the court ruling, signals a broader trend of governments attempting to limit independent oversight and control the flow of information. The weakening of privacy protections raises concerns about the potential for misuse of personal data and erodes public trust in government institutions.

What we're watching

Legislative Response
The extent to which opposition parties and public advocacy groups can influence the government’s decision to withdraw or modify the proposed FIPPA amendments will indicate the strength of public sentiment regarding government transparency.
Judicial Scrutiny
The outcome of the government’s appeal regarding the Premier’s cellphone records will establish a precedent for the scope of FIPPA’s application to personal communications used for government business.
Data Governance
How the Information and Privacy Commissioner navigates the diminished oversight role regarding data integration will shape the future of data privacy and security within Ontario's public sector.

Ontario AI Scribe Guidance Signals Regulatory Scrutiny of Healthcare AI

Event summary

  • The Office of the Information and Privacy Commissioner of Ontario (IPC) released new guidance on January 28, 2026, for the responsible adoption of AI scribes in the healthcare sector.
  • The guidance, titled 'AI Scribes: Key Considerations for the Health Sector,' focuses on privacy, governance, and accountability measures.
  • This release coincides with similar guidance from British Columbia’s privacy commissioner, indicating a broader regulatory focus.
  • The guidance aligns with recently released joint principles on responsible AI use, developed by the IPC and the Ontario Human Rights Commission.

The big picture

The IPC’s guidance represents a proactive effort to manage the risks associated with rapidly expanding AI adoption in healthcare. This move reflects a broader global trend of regulators seeking to balance innovation with ethical considerations and patient privacy. The alignment with the Ontario Human Rights Commission signals a focus on fairness and bias mitigation, which could influence the design and deployment of AI systems across the sector.

What we're watching

Regulatory Headwinds
The coordinated release of guidance between Ontario and British Columbia suggests a trend towards stricter AI regulation in Canadian healthcare, potentially impacting deployment timelines and increasing compliance costs for vendors.
Governance Dynamics
The emphasis on patient trust and ‘social license’ indicates that healthcare providers will face increasing pressure to demonstrate responsible AI adoption, potentially requiring significant investment in governance frameworks and transparency initiatives.
Execution Risk
The checklist format of the guidance suggests a granular level of scrutiny, and the success of AI scribe implementation will depend on the ability of healthcare professionals to translate these principles into practical, sustainable workflows.

Ontario AI Principles Signal Growing Regulatory Scrutiny

Event summary

  • The Information and Privacy Commissioner of Ontario (IPC) and the Ontario Human Rights Commission (OHRC) jointly released principles for responsible AI adoption.
  • The principles build upon a May 2023 joint statement and align with existing AI governance frameworks.
  • Organizations using AI must ensure systems are valid, reliable, safe, privacy-protective, human-rights affirming, transparent, and accountable.
  • The principles aim to maintain public trust and minimize harm associated with AI deployment.

The big picture

This joint announcement signals a growing trend of regulatory intervention in the AI space, particularly concerning privacy and human rights. While AI adoption is accelerating across various sectors, public concerns about bias, fairness, and data security are creating pressure for stricter oversight. The Ontario government's commitment to responsible AI deployment could influence the development and adoption of AI systems across the province and potentially set a precedent for other jurisdictions.

What we're watching

Regulatory Headwinds
The adoption of these principles will likely accelerate similar regulatory actions in other Canadian provinces and potentially at the federal level, increasing compliance burdens for AI developers and deployers.
Governance Dynamics
The degree to which organizations proactively integrate these principles into their AI development lifecycle will be a key indicator of their commitment to responsible AI and potential mitigation of legal and reputational risk.
Execution Risk
The effectiveness of these principles will depend on the IPC and OHRC’s ability to enforce them and provide clear guidance, which could be hampered by limited resources and evolving AI technologies.
CID: 2814