On June 13, 2024, the Office of the Information and Privacy Commissioner of Alberta (OIPC) made a series of key recommendations to update and strengthen the Personal Information Protection Act (PIPA). The OIPC has provided a comprehensive submission to the Alberta legislature's Standing Committee on Resource Stewardship as part of the committee's review of the PIPA.

The OIPC submission describes the impact of generative artificial intelligence (AI) and quantum computing, noting that these technological changes have immense potential benefits for societies, but also great potential for harm.

The OIPC's key recommendations are that PIPA should include:

• recognition of the protection of personal information as a fundamental human right;
• application to political parties and not-for-profit organizations;
• the right of Albertans to access their own personal information;
• the 'right to be forgotten;'
• the right to data portability and mobility;
• rules about automated decision-making, including that individuals be granted the right to contest automated decision-making;
• specific protection for children's personal information;
• specific requirements for privacy management programs and Privacy Impact Assessments, and modifications regarding mandatory breach notification;
• requirements for compliance by service providers and downstream service providers;
• enhanced requirements for organizations to use security safeguards to protect personal information commensurate with its sensitivity;
• requirements for communication in plain language;
• requirements for de-identification and anonymization of personal information;
• provisions for the creation and use of a regulatory sandbox operated by the OIPC; and
• enhanced provisions for enforcement of PIPA.

You can read the press release here and the OIPC submission here.