Canada’s Digital Trust and Identity Crossroads
A Call to Collaborative Action
May 21, 2026
#PrivacyInPracticeCA
Introduction: Choosing Leadership Together
Canada has shown that privacy-respecting digital trust and identity is technically achievable, commercially viable, and publicly beneficial. Provincial wallet implementations are working at scale. Private sector innovations are gaining market acceptance. Standards frameworks are maturing. International partnerships are forming.
Over the past twelve weeks, this series has examined the principles that privacy commissioners established and assessed how well Canada is meeting them. We have acknowledged genuine achievements alongside the work still ahead. We have identified where Canada leads and where opportunities for collaboration remain.
Now the question is what comes next.
Canada stands at a crossroads. The choices made in the next few years will shape Canadian digital trust and identity for decades. Building on these achievements positions Canada to contribute meaningfully to privacy-respecting digital trust and identity globally. Sustaining the momentum will require continued collaboration across governments, industry, civil society, and the privacy commissioners.
This final article synthesizes the series, sets out recommendations framed as collaborative invitations to all stakeholders, and outlines how DIACC will continue to contribute.
Where We Stand: A Foundation to Build On
Canada enters this moment with genuine strengths. Honest assessment begins by acknowledging these achievements.
Provincial Wallet Leadership
British Columbia and Alberta have demonstrated privacy-protective architecture at production scale.[1][2] These are working systems serving real users with meaningful privacy protection.
BC Wallet supports selective disclosure, allowing holders to share only what a relying party needs and limiting the ability to track credential use across services. Alberta Wallet supports strong encryption and user control. Both show that privacy-by-design is practical, not aspirational.
These implementations offer architectural patterns that others can build on, contributing to Canada’s credibility on the global stage.
Quebec’s Legislative Achievement
Quebec’s Bill 82, assented October 28, 2025, is among Canada’s most comprehensive digital identity legislation to date.[3] The Act enables holders to disclose only the information necessary, prohibits the use of national digital identity data for profiling or surreptitious surveillance, and commits the government to a public consultation on the use of biometric characteristics. Quebec has translated privacy principles into binding legal requirements while preserving the option of voluntary adoption.
The legislation demonstrates that strong privacy protection and digital innovation can be designed to reinforce each other.
Private Sector Innovation
Private sector organizations have invested in privacy-protective digital trust and identity capabilities. Identity verification providers have developed solutions for selective disclosure. Financial institutions have modernized client identity processes while strengthening privacy. Technology companies have deployed on-device biometrics and privacy-preserving approaches.
These investments suggest that privacy protection is increasingly viewed as a market differentiator, not only a compliance obligation.
Standards Framework Maturation
DIACC’s Pan-Canadian Trust Framework has matured through collaborative development between government and industry participants. Certified services are processing meaningful volumes of verification activity. The framework provides operational criteria that help translate principles into practice.
Industry data indicates hundreds of thousands of identity verification transactions annually in sectors such as legal services, with continued opportunity to expand certified, privacy-respecting capacity.
International Positioning
The December 8, 2025 Canada-EU memorandum of understanding on digital credentials and trust services positions Canada for international interoperability.[4] The collaboration signals shared interest in technical interoperability, joint testing, standards alignment, and a path toward future mutual recognition.
Canada can help shape international standards rather than only adopt them, and Canadian organizations stand to benefit from expanding cross-border opportunities.
Regulatory Engagement
Privacy Commissioner Dufresne has prioritized technological change including artificial intelligence and children’s privacy, and the OPC’s August 2025 biometrics guidance provides clear expectations for both public and private sector organizations.[5] Engagement from the privacy commissioner community has been substantive.
This engagement supports responsible development by clarifying expectations and reinforcing accountability.
Opportunities to Address Together
Honest assessment also requires recognizing where the ecosystem has more work to do. These opportunities are shared, and progress will depend on collaboration.
Federal Legislative Modernization
Bill C-27’s progress halted when Parliament prorogued in January 2025, leaving Canada’s federal private-sector privacy framework largely unchanged for many years. PIPEDA’s foundation remains important, and modernization presents an opportunity to address contemporary realities, including selective disclosure, verifiable credentials, and AI-supported verification.
We encourage federal policymakers to restart privacy reform with a framework that is clear, robust, and flexible enough to support continued innovation while safeguarding strong rights protections. DIACC is committed to contributing constructively to that process, drawing on our members’ operational experience.
Sustaining Effective Oversight
The OPC has indicated that it must be adequately resourced on an ongoing basis to address the full volume and complexity of today’s privacy landscape.[6] Sustained, predictable resourcing for oversight supports both compliant organizations and the public by helping the system function well.
We support continued attention to ensuring that oversight bodies have the resources and tools they need.
Closing the Implementation Gap
As we explored in Article 12, the gap between stated commitments and implemented practice exists across sectors and organizations. Maturity varies, and that variability is something the whole ecosystem can work to address through shared resources, clearer guidance, and accessible verification mechanisms.
Coordination Across Jurisdictions
Federal-provincial coordination on digital trust and identity continues to evolve. Different provinces are at different stages with different approaches. Sustained coordination mechanisms, developed collaboratively, will help citizens experience consistency across jurisdictions where that matters and preserve appropriate flexibility where it does not.
Recommendations Framed as Invitations
Progress will require contributions from every stakeholder group. The recommendations below are offered as collaborative invitations.
For Policymakers
We encourage federal policymakers to restart privacy reform, building on the work that informed Bill C-27 and reflecting current technological realities. Clear, modern rules support innovation and protect rights at the same time.
We support adequate, predictable resourcing for privacy commissioner offices to fulfill their evolving responsibilities effectively.
We recommend continued investment in privacy-protective infrastructure for public sector systems, where leadership sets expectations for the wider ecosystem.
We encourage strengthened federal-provincial coordination on interoperability standards and implementation, recognizing that ongoing coordination is essential as systems mature.
We support maintaining meaningful non-digital alternatives so that voluntary adoption remains genuinely voluntary for those who prefer or require them.
For Industry
We recommend treating privacy as a design requirement from project inception, supported by appropriate engineering time, privacy expertise, and validation.
We encourage organizations to resource implementation with the same discipline as other product priorities. Policy statements gain credibility when backed by sustained investment.
We support external validation through certification, audit, or regulatory examination, which complements internal processes and helps build wider trust.
We recommend ongoing attention to accessibility so that digital trust and identity capabilities work for all the people they are intended to serve.
For Privacy Commissioners
We support continued advocacy for modernized privacy legislation.
We encourage continued development of sector-specific guidance for digital trust and identity, which helps organizations meet expectations more consistently.
We support proactive engagement on emerging technologies, including ongoing dialogue with industry and civil society.
For Civil Society
We value the critical analysis that civil society contributes to the development of digital trust and identity. Constructive scrutiny strengthens the ecosystem.
We encourage civil society engagement in standards development through DIACC and other multi-stakeholder forums, where diverse perspectives improve outcomes.
DIACC’s Continuing Contribution
DIACC is working to advance privacy-respecting digital trust and identity through specific, ongoing activities.
Privacy Scorecard
We invite organizations to use the Privacy Scorecard to assess their services against the principles articulated by the federal, provincial, and territorial privacy commissioners in 2022, track progress over time, and identify areas for attention.
Working Groups
Our working groups continue to focus on practical questions, including selective disclosure implementation, anti-tracking architecture, and the responsible application of AI in digital trust and identity. We are working to develop guidance, share resources, and advance practical implementation alongside our members.
Independent Oversight
We support independent oversight of digital trust and identity. Voluntary standards and regulatory oversight serve different functions and reinforce each other.
International Collaboration
We are working to deepen learning exchanges with EU digital identity initiatives, facilitate technical conversations, and share information about international developments with Canadian stakeholders. The Canada-EU memorandum of understanding offers a meaningful framework for that collaboration.
A Vision for 2031
We share a vision for a Canada where digital trust and identity verification support people while preserving choice and dignity.
In that future, every Canadian can access digital trust and identity capabilities, and those who prefer non-digital pathways experience no penalty or service degradation. Choice is meaningful because the alternatives are genuinely comparable.
Identity transactions reveal only what is necessary for a specific purpose, with selective disclosure as the default rather than the exception. Organizations ask only for what they need. Systems are designed to minimize collection. Data not collected cannot be breached.
No entity tracks individuals across services without explicit, informed consent, and architectural protections support this limitation rather than relying on policy alone.
Independent oversight has the resources, authority, and reach it needs, applied consistently across sectors.
Privacy by design is the norm. Organizations build privacy into systems from inception, allocate resources for implementation, and welcome external validation that commitments are met.
With human values at the center of system design, digital trust and identity serve human flourishing alongside institutional needs.
This vision is achievable. The technology is operational: our provincial wallets and credentials show it. The expertise is present: our private sector demonstrates it. The standards exist: our frameworks provide them. The regulatory foundation is engaged: our commissioners articulate it. International partnerships are open: our EU collaboration enables them.
What remains is sustained collaboration from all stakeholders to build the digital trust and identity ecosystem Canadians deserve.
Conclusion: Choosing to Collaborate
Canada has the opportunity to contribute meaningfully to privacy-respecting digital trust and identity globally. We have demonstrated technical capability through provincial implementations, institutional capacity through standards development, public expectations that prioritize privacy, and international positioning that enables collaboration.
That opportunity is not automatic. Other jurisdictions are advancing. The EU is rolling out the European Digital Identity Wallet across member states.[7] The UK and Asia-Pacific economies are developing their own frameworks. Continued Canadian engagement, in standards work, in pilots, in policy dialogue, helps shape global outcomes in ways that reflect Canadian values.
The window for influence is real, and it rewards organizations and jurisdictions that engage now.
How we approach digital trust and identity shapes Canada’s approach to privacy more broadly. Privacy-respecting digital trust and identity demonstrates that innovation and rights protection reinforce each other.
DIACC is committed to continuing the work. We are working to live the principles in this series, to acknowledge where we have room to grow, and to collaborate with everyone whose contribution matters: members, governments, commissioners, civil society, and the public.
Canada can be a meaningful contributor to privacy-respecting digital trust and identity globally. We can show that innovation and privacy reinforce each other. We can build systems that serve people. We can earn the trust that digital trust and identity depend on.
The choice is collective. The time to choose is now.
Footnotes
[1] Government of British Columbia, Digital Trust, “BC Wallet.” BC Wallet supports verifiable credentials with selective disclosure, allowing holders to share only what is necessary for a transaction. Available at: https://digital.gov.bc.ca/digital-trust/
[2] Government of Alberta, “Alberta Wallet.” Available at: https://www.alberta.ca/alberta-wallet
[3] National Assembly of Québec, Bill 82, An Act respecting the national digital identity and amending other provisions, assented October 28, 2025, c. 26. Available at: https://www.assnat.qc.ca/en/travaux-parlementaires/projets-loi/projet-loi-82-43-1.html
[4] Government of Canada, “Canada and the European Union to deepen their collaboration on artificial intelligence and digital credentials and trust services,” December 8, 2025. Available at: https://www.canada.ca/en/innovation-science-economic-development/news/2025/12/canada-and-the-european-union-to-deepen-their-collaboration-on-artificial-intelligence-and-digital-credentials-and-trust-services.html
[5] Office of the Privacy Commissioner of Canada, “Privacy Commissioner of Canada publishes guidance on biometrics,” August 11, 2025. Available at: https://www.priv.gc.ca/en/opc-news/news-and-announcements/2025/nr-c_250811/
[6] Office of the Privacy Commissioner of Canada, 2024-25 Departmental Plan. The Commissioner has stated that the OPC “must be adequately resourced on an ongoing basis to deal with the full volume and complexity of today’s privacy landscape.” Available at: https://www.priv.gc.ca/en/about-the-opc/opc-operational-reports/planned-opc-spending/dp-index/2024-2025/dp_2024-25/
[7] Regulation (EU) 2024/1183 of the European Parliament and of the Council establishing the European Digital Identity Framework. Available at: https://eur-lex.europa.eu/eli/reg/2024/1183/oj
This concludes DIACC’s 13-week Privacy in Practice series, which examined Canadian digital trust and identity against the principles in the FPT Privacy Commissioners’ 2022 Joint Resolution. Explore the complete series, including the Privacy Scorecard, at diacc.ca/privacy-in-practice. Sincere thanks to every contributor, member, partner, and reader who made this conversation possible.
The Privacy Scorecard
A practical tool for measuring digital identity services against the FPT privacy principles. Assess your organization’s implementation across architecture, policy, user experience, and ecosystem coverage. It is not a compliance checklist or legal advice. Use it to spark conversation, explore unfamiliar concepts, and identify areas worth digging into further.