SUMMARY - Privacy and Data in Government Portals

Privacy and Data in Government Portals

To access government services online, you must share personal information—identity details, addresses, income, family composition, health status, employment history. Government portals collect, store, and process some of the most sensitive data in existence. How that data is protected, used, and shared determines whether digital government serves citizens or surveils them.

What Government Knows

Through various programs and interactions, government agencies collect extensive personal information:

CRA knows your income, employment, investments, and financial transactions. Service Canada knows your employment history, benefit claims, and family changes. Health ministries know your medical history, prescriptions, and healthcare utilization. Provincial registries know your identity documents, property ownership, and vehicle registration.

Immigration knows detailed personal histories of newcomers. Police databases contain records of interactions, arrests, and convictions. Social services know about family circumstances, disabilities, and supports received.

Individually, each collection may be justified. Collectively, government holds a comprehensive profile of many aspects of citizens' lives.

Legal Framework

The Privacy Act governs federal government handling of personal information. Provincial privacy laws apply to provincial and municipal governments. These laws establish principles:

Collection limitation: Government should collect only information necessary for identified purposes.

Use limitation: Information should be used only for the purposes for which it was collected.

Disclosure limitation: Information should not be shared without consent or legal authority.

Security: Information must be protected against unauthorized access.

Access: Individuals should be able to see what information government holds about them.

The Privacy Commissioner of Canada and provincial counterparts oversee compliance, investigate complaints, and report on government privacy practices.

Privacy Concerns with Digital Government

Data Aggregation

Digital systems make it easier to combine data across programs and agencies. What were once isolated records can become linked profiles. The risk is that government knows more about individuals than any single program requires—and that comprehensive profiles enable surveillance rather than service.

Function Creep

Data collected for one purpose may be used for others. Information provided for benefit eligibility might be used for fraud investigation, immigration enforcement, or other purposes the individual did not anticipate.

Security Risks

Digital systems face cybersecurity threats. Breaches at government agencies have exposed millions of records. Centralized digital systems create high-value targets for attackers.

Tracking and Analytics

Government websites use cookies, analytics, and tracking technologies. While often used for service improvement, these technologies also create records of citizen interactions with government.

Algorithmic Decision-Making

Increasingly, automated systems analyze government data to make or recommend decisions about eligibility, risk, and priority. These systems may embed biases, operate opaquely, and make consequential decisions without human review.

Trust and Participation

Privacy concerns affect willingness to use digital government services. People who distrust government data handling may avoid digital services, preferring paper or in-person interactions that feel (rightly or wrongly) more private.

Communities with historical reasons to distrust government—Indigenous peoples, racialized communities, immigrants—may be particularly cautious about digital interactions that create records.

Building trust requires not just technical security but also transparency about what is collected, how it is used, and what controls citizens have.

Balancing Considerations

Privacy must be balanced against other values:

Service quality: Sharing information across programs can reduce the burden on citizens to re-provide information and enable better service. But the same sharing creates privacy risks.

Fraud prevention: Data matching can identify benefit fraud. But the same capabilities enable surveillance of legitimate claimants.

Public health: Health data sharing enables disease surveillance and care coordination. But the same sharing creates risks if data is misused.

Where these balances are struck—and who decides—shapes the character of digital government.

The Question

If digital government requires collecting extensive personal information, then the terms of that collection are fundamental to the citizen-government relationship. How should data collection be limited to what is truly necessary? What transparency should citizens have into how their data is used? And how can data sharing for legitimate purposes be enabled without creating surveillance infrastructure that could be misused?