In February 2025, security guards stood inside the CBSA immigration holding centre in Toronto. The asylum interoperability project, started in 2019, came to an early end last year in what CBSA described as an “unexpected” decision. The Canadian Press
Three federal agencies failed to complete required privacy checks during a $68-million overhaul of Canada’s asylum system. Immigration, Refugees and Citizenship Canada (IRCC), the Canada Border Services Agency (CBSA), and the Immigration and Refugee Board (IRB) worked on the “asylum interoperability project,” which aimed to modernize the refugee process and ease the backlog of more than 290,000 claims.
Documents show the privacy impact assessments (PIAs) never reached completion. The project, launched in 2019, shut down in 2024 at just 64 per cent finished. Lawyers say the absence of safeguards exposed refugee claimants’ personal data to serious risk.
What the Project Did
The plan moved asylum applications from paper to digital. It added automation and allowed departments to exchange information more quickly. It also let the government automatically cancel permits when a removal order was issued. Despite the benefits, experts argue the rush ignored critical privacy duties.
Concerns from Lawyers
Immigration lawyer Andrew Koltun called the failure “a lot of red flags.” He warned that without PIAs, refugee data could fall into the wrong hands. He criticized Ottawa for pushing digital changes “at breakneck speed” without proper protections.
London lawyer Greg Willoughby shared troubling examples. He said IRCC emailed private files to him that belonged to other applicants. In one case, IRCC contacted relatives in Iran of a woman seeking refuge from those same family members. Willoughby described the breach as “traumatizing and damaging.”
Confusion Over Responsibility
Internal records reveal confusion over who should complete the privacy reviews. At first, IRCC planned to lead a single PIA for all partners. Later, it told CBSA and IRB to handle their own. In 2022, IRCC shifted again, expanding its own review. When the project collapsed, assessments remained unfinished.
The CBSA called them “an outstanding matter.” IRCC now says it will finish its assessment by late 2025. CBSA insists it no longer needs to complete one. IRB claims its old privacy review still covers its role. Koltun called those positions inadequate and out of step with federal rules.
Watchdog Warnings
The Office of the Privacy Commissioner calls PIAs an “early warning system.” It argues such checks build public trust and ensure government bodies follow the law. The commissioner has previously urged Ottawa to make PIAs a legal obligation.
Departments Defend Work
IRCC insists the project did not change the type of information collected, only the way it was transmitted. It says strong safeguards remain in agreements between partners. CBSA stresses that IRCC holds the lead role. IRB says it already considered privacy risks within its own framework.
Having an 'Identity Verified' badge or being 'Identity Verified' simply indicates that an individual has submitted information to complete our identity verification process or we have conducted internal verification using various authorized websites. While this process includes safeguards, it does not guarantee that the person is who they claim to be.
If you encounter any issues with this profile, please report them here. While all consultants who are verified have RCIC ID, we may not have the latest data in terms of their renewal/cancellation/discontinuation of their RCIC ID.
The "Verified Consultants" profiles are created using publicly available information, including data from the IRCC website, official consultant sites, other listing platforms, and social media. Immiperts.com is an independent platform, not affiliated with IRCC or any registered immigration consultants. To update, claim, or remove your profile, please contact us at [email protected].
╳