In a keynote address delivered on March 5, 2026 at the Victoria International Privacy and Security Summit, Privacy Commissioner of Canada Philippe Dufresne emphasized the growing importance of trust, transparency, and privacy protections in the governance of artificial intelligence (AI) and digital technologies. For charities and not-for-profits (“NFPs”), the remarks are particularly relevant in light of the rapid adoption of AI tools in the absence of clear and comprehensive legal frameworks governing their use. As we have noted in previous publications, until more defined guidance emerges through legislation, regulation, or court decisions, organizations are increasingly expected to adopt a “best practices” approach to AI governance, drawing on established principles from related areas of law, including privacy. Against this backdrop, the Commissioner’s remarks reinforce that existing privacy concepts – such as transparency, accountability, and privacy by design – are already functioning as foundational guardrails for AI use.
The Commissioner highlighted that AI technologies are advancing quickly, with increasingly accessible tools lowering the barrier to generating synthetic content, including deepfakes and voice clones. Of particular concern is the use of personal information without consent to create such content, including explicit or misleading materials, which presents both privacy risks for individuals and reputational risks for organizations. The Commissioner emphasized that organizations developing or using AI systems should implement robust safeguards to prevent misuse of personal information, ensure transparency regarding AI capabilities and limitations, and adopt additional protections for vulnerable groups, particularly children.
A central theme of the address was that “adoption moves at the speed of trust.” Canadians are highly concerned about the protection of their personal information, with many taking active steps to limit how it is used. For charities and NFPs, this underscores that strong privacy practices are not only a responsible approach, but also a key factor in maintaining donor, member, and public trust.
The Commissioner further stressed that transparency is essential to meaningful consent under Canadian privacy law. Organizations are encouraged to provide clear and accessible privacy communications and ensure that users can easily understand and control how their personal information is collected and used.
While the Commissioner emphasized the importance of law reform, his remarks also reflect the current reality facing organizations: AI governance expectations are evolving more quickly than formal legal requirements. In this context, a best practices approach to AI governance includes aligning AI use with established legal principles in related areas – particularly privacy – by implementing privacy by design, ensuring transparency in AI-assisted decision-making, conducting risk and impact assessments for higher-risk uses, and adopting internal policies and safeguards to prevent misuse of personal information.
For charities and NFPs, waiting for definitive legal rules may create unnecessary risk. Organizations that proactively adopt best practices in AI governance will be better positioned to maintain stakeholder trust, mitigate legal and reputational risks, and adapt to future regulatory developments. The Commissioner’s remarks ultimately reinforce that responsible innovation depends on building trust, and that privacy must remain central to the development and deployment of AI technologies.