Three government agencies collaborated on a $68 million initiative to modernize Canada’s asylum system but neglected to conduct necessary privacy assessments during the project’s implementation, according to findings by CBC News. The absence of privacy safeguards has raised concerns among legal professionals, potentially jeopardizing the security of refugee applicants’ data and submissions.
The partnership between Immigration, Refugees and Citizenship Canada (IRCC), the Canada Border Services Agency (CBSA), and the Immigration and Refugee Board (IRB) aimed to enhance the asylum process through the “asylum interoperability project.” This project sought to digitalize and streamline the asylum system, addressing the substantial backlog of over 290,000 pending applications.
Earlier this year, the project, which commenced in 2019, was abruptly terminated in 2024, as reported by CBC. Recent access-to-information documents revealed that essential privacy impact assessments (PIA) for the project were left incomplete, leading to the project’s premature cancellation at a 64% completion rate.
Despite the discontinuation of the interoperability project, significant digital data collection and usage modifications were introduced, underscoring the criticality of completing PIAs for risk identification. Andrew Koltun, an immigration and privacy law practitioner, highlighted the importance of finalizing these assessments to mitigate potential data security risks.
While the departments have acknowledged the incomplete privacy assessments, stating ongoing efforts to finalize them, concerns persist. The failure to complete these assessments has drawn criticism, with stakeholders emphasizing the necessity of adhering to privacy protocols before deploying new initiatives.
The project’s advancements included the establishment of an online refugee application platform, incorporating automation, enabling real-time data exchange, and enhancing government actions like automatic permit cancellations upon removal orders. These changes aimed to streamline processes and improve operational efficiencies within the asylum system.
The Office of the Privacy Commissioner of Canada views privacy assessments as crucial for ensuring legal compliance and building public trust by safeguarding individuals’ privacy rights. However, internal documents indicated a lack of clarity among the agencies regarding PIA responsibilities, showcasing the need for better coordination and adherence to privacy protocols.
Legal experts have expressed concerns over potential privacy breaches and the mishandling of sensitive information, emphasizing the importance of upholding privacy standards to protect vulnerable individuals seeking refuge. The failure to prioritize privacy safeguards could have detrimental consequences, necessitating a more robust approach to data security within the asylum system.