Exploring Canada’s “No-Go Zones” for AI and Data Use: Privacy Regulator Issues New Guidance

https://www.privacyrules.com/wp-content/uploads/2025/06/pexels-tara-winstead-8386440-scaled.jpg

As organizations across sectors increase their reliance on data and automated systems, the Office of the Privacy Commissioner of Canada (OPC) has issued crucial guidance identifying specific activities deemed “no-go zones”—uses of personal information that are considered categorically inappropriate or unlawful.

In a recent publication, McMillan LLP breaks down the OPC’s guidance and provides essential legal interpretation for businesses and developers navigating these restrictions.

🚫 What Are the “No-Go Zones”?

According to the OPC, the following activities are not permitted under Canada’s privacy framework:

  • Surveillance-Based Profiling for Harmful Purposes
    Includes using personal data to exploit vulnerabilities or manipulate behavior (e.g., children, marginalized communities).

  • Biometric Tracking Without Justification
    Using facial recognition or other biometric tools without demonstrable necessity or consent poses high legal risks.

  • Data Practices That Undermine Consent
    Systems designed to obscure how personal information is collected or used (e.g., dark patterns) fall into prohibited territory.

  • Behavioral Influence Beyond Reasonable Expectations
    AI used to nudge decisions in ways individuals wouldn’t expect or understand is seen as overstepping.

This guidance is a clear signal that regulators are drawing firm boundaries on how personal information—and AI systems—can be used.

👉 Read the full article here

For legal advice on ensuring your data practices and AI tools remain compliant, reach out directly to McMillan LLP—or contact us via PrivacyRules to be connected with the appropriate experts.