Jennifer Stoddart says the "soft approach" to privacy regulation is not working, and her office needs sharper teeth to better enforce rulings against large companies.
"We have seen large corporations, in the name of consultation with my office, pay lip service to our concerns and then ignore our advice," Stoddart told the House of Commons privacy committee Tuesday.
Earlier this year, officials from Google and Facebook told the committee they have good relations with Stoddart's office and are following her recommendations.
But those have been hard-won, "arduous" victories, said Stoddart, who said she feels increasingly powerless against major multinational corporations.
"There has to be a system of penalties and fines, something that will serve as an incentive to invest in the protection of data, and will also serve as a deterrent as well if there is a data breach," she said.
Last month, Rob Sherman, Facebook's privacy and public policy manager, said his company's relationship with the privacy commissioner is working well because of its conciliatory, co-operative nature.
"We are able to have consultations with her office in a way that's productive, enables us to get to good results, and allows us to make decisions that are best for Canadians," Sherman said at the time.
"That is not adversarial in the way that you might see if the regime were different."
Stoddart dismissed the suggestion that enforcement powers would change that. Self-regulation, on the other hand, "hasn't worked," she said.
"There has to be legislation to back it up."
In October, Google Canada public policy manager Colin McKay warned the spirit of collaboration would vanish if Stoddart's office was given the ability to levy financial penalties.
"In a system that was more heavily focused on enforcement, we would have to consider the possible repercussions of having that open a discussion of how our products roll out and how the privacy commissioner interprets our actions."