Artificial intelligence regulation in Canada must be grounded in modernized privacy legislation that recognizes privacy as a fundamental right and requires privacy by design for high-impact data uses, the Privacy Commissioner of Canada told Parliament this month. Appearing before the House of Commons Standing Committee on Access to Information, Privacy and Ethics on February 2, 2026, Commissioner Philippe Dufresne delivered opening remarks as part of the Committee’s study on the challenges posed by artificial intelligence and its regulation.
The Commissioner positioned AI oversight as one of his core strategic priorities, emphasizing that personal information is central to the training and operation of AI systems. As AI adoption accelerates across sectors, he warned that data protection concerns will intensify, particularly where systems rely on large-scale data collection, automated decision-making, or sensitive personal information.
He referenced several ongoing and recent investigations to illustrate how existing privacy law is being applied to emerging technologies. These include an expanded investigation into social media platform X and its Grok chatbot concerning the use of AI to generate potentially harmful deepfakes, an ongoing investigation into OpenAI, and prior investigations involving Aylo and Pornhub regarding the non-consensual use of intimate images, a joint investigation with the UK privacy commissioner into the 23andMe breach affecting millions of users, and a joint provincial investigation into TikTok that led to improvements in protections for children’s data.
The Commissioner cited survey findings showing that 83 percent of Canadians are concerned about their privacy when using AI tools, and that most are less willing to share personal information than they were five years ago. He framed responsible AI governance as both a regulatory necessity and a competitive advantage, noting that public trust is essential to unlocking economic and social benefits of innovation.
Among his recommended legislative reforms are amendments to federal privacy law that would explicitly recognize privacy as a fundamental right, mandate privacy by design, and require privacy impact assessments for high-impact data processing activities. As the Commissioner stated, “Personal information is at the heart of artificial intelligence, and therefore privacy legislation should, in my view, be at the heart of AI regulation.” Organizations deploying AI, he said, must be transparent about its use and accountable for AI-generated decisions that affect individuals, including decisions relating to employment or access to services.
For charities and not-for-profits in Ontario that are exploring AI tools for service delivery, fundraising analytics, volunteer management, or program eligibility decisions, AI governance is no longer a technical afterthought but a legal and reputational risk issue. Embedding privacy analysis at the outset of AI deployment, documenting processes, and assessing impacts on vulnerable populations, including children, will be central to aligning with emerging regulatory expectations.