Canada’s new privacy bill is only a couple of weeks old but it is already generating debate in the House of Commons and careful study and commentary from the privacy community. As the biggest overhaul of Canada’s privacy rules in two decades, the bill will undoubtedly be the subject of deep analysis and lengthy committee review, likely to start early in 2021. Last week’s Law Bytes podcast featured Navdeep Bains, the Innovation, Science and Industry Minister, who is responsible for the bill. This week, Professor Emily Laidlaw of the University of Calgary, who holds the Canada Research Chair in Cybersecurity Law, joins the podcast with her take on the good, the bad, and the missed opportunities in Bill C-11.
Post Tagged with: "pipeda"
The Law Bytes Podcast, Episode 72: Emily Laidlaw on the Good, the Bad, and the Missed Opportunities Behind Canada’s Privacy Reform
It has taken many years, but Canada finally appears ready to engage in an overhaul of its outdated private sector privacy law. Earlier this month, the Innovation, Science and Industry Minister Navdeep Bains introduced Bill C-11, which, if enacted, would fundamentally re-write Canada’s privacy rules. The government intends to repeal PIPEDA and replace it with the Consumer Privacy Protection Act, which features a new privacy tribunal, tough penalties for non-compliance, and new provisions on issues such as data portability and data de-identification.
To discuss the thinking behind the bill and the government’s privacy plans for privacy, Minister Bains this week joins the Law Bytes podcast as he identifies some the benefits of the bill, clarifies the reasoning behind some of the more controversial policy decisions, and provides a roadmap for what comes next.
The Canadian government yesterday introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. I quickly posted a summary of the some of the key provisions yesterday, noting the need for careful study. That post focused on six issues: the new privacy law structure, stronger enforcement, new privacy rights on data portability and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. This post raises ten questions that will likely emerge as pressure points with stakeholders on both sides raising concerns about their implications.
Canada’s GDPR Moment: Why the Consumer Privacy Protection Act is Canada’s Biggest Privacy Overhaul in Decades
Canada’s privacy sector privacy law was born in the late 1990s at a time when e-commerce was largely a curiosity and companies such as Facebook did not exist. For years, the privacy community has argued that Canada’s law was no longer fit for purpose and that a major overhaul was needed. The pace of reform has been frustrating slow, but today Innovation, Science and Industry Minister Navdeep Bains introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. The bill repeals the privacy provisions of the current Personal Information Protection and Electronic Documents Act (PIPEDA) and will require considerable study to fully understand the implications of the new rules.
This post covers six of the biggest issues in the bill: the new privacy law structure, stronger enforcement, new privacy rights on data portability, de-identification, and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. These represent significant reforms that attempt to modernize Canadian law, though some issues addressed elsewhere such as the right to be forgotten are left for another day. Given the changes – particularly on new enforcement and rights – there will undoubtedly be considerable lobbying on the bill with efforts to water down some of the provisions. Moreover, some of the new rules require accompanying regulations, which, if the battle over anti-spam laws are a model, could take years to finalize after lengthy consultations and (more) lobbying.
The LawBytes Podcast, Episode 62: Colin Bennett on What the Schrems II Decision Means for Global Data Transfers and Canadian Privacy Law
The Schrems II decision, a recent European Court of Justice ruling that declares the Privacy Shield program that facilitates data transfers between the EU and the United States invalid, has major implications for modern commercial data related activities such as cross-border data transfers. The decision will reverberate in countries around the world, including Canada. For example, Canadian privacy law was found many years ago to meet the EU’s adequacy standard, but the Schrems II may call that into question.
Colin Bennett is a political science professor at the University of Victoria and one of Canada’s leading privacy experts. He has written multiple books on privacy and surveillance and focuses on the development and implementation of privacy protection policies at the domestic and international levels. He joins the podcast to discuss the Schrems II decision and what it means for global data transfers and the future of Canada’s privacy law framework.