The Canadian government yesterday introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. I quickly posted a summary of the some of the key provisions yesterday, noting the need for careful study. That post focused on six issues: the new privacy law structure, stronger enforcement, new privacy rights on data portability and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. This post raises ten questions that will likely emerge as pressure points with stakeholders on both sides raising concerns about their implications.
Post Tagged with: "pipeda"
Canada’s GDPR Moment: Why the Consumer Privacy Protection Act is Canada’s Biggest Privacy Overhaul in Decades
Canada’s privacy sector privacy law was born in the late 1990s at a time when e-commerce was largely a curiosity and companies such as Facebook did not exist. For years, the privacy community has argued that Canada’s law was no longer fit for purpose and that a major overhaul was needed. The pace of reform has been frustrating slow, but today Innovation, Science and Industry Minister Navdeep Bains introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. The bill repeals the privacy provisions of the current Personal Information Protection and Electronic Documents Act (PIPEDA) and will require considerable study to fully understand the implications of the new rules.
This post covers six of the biggest issues in the bill: the new privacy law structure, stronger enforcement, new privacy rights on data portability, de-identification, and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. These represent significant reforms that attempt to modernize Canadian law, though some issues addressed elsewhere such as the right to be forgotten are left for another day. Given the changes – particularly on new enforcement and rights – there will undoubtedly be considerable lobbying on the bill with efforts to water down some of the provisions. Moreover, some of the new rules require accompanying regulations, which, if the battle over anti-spam laws are a model, could take years to finalize after lengthy consultations and (more) lobbying.
The LawBytes Podcast, Episode 62: Colin Bennett on What the Schrems II Decision Means for Global Data Transfers and Canadian Privacy Law
The Schrems II decision, a recent European Court of Justice ruling that declares the Privacy Shield program that facilitates data transfers between the EU and the United States invalid, has major implications for modern commercial data related activities such as cross-border data transfers. The decision will reverberate in countries around the world, including Canada. For example, Canadian privacy law was found many years ago to meet the EU’s adequacy standard, but the Schrems II may call that into question.
Colin Bennett is a political science professor at the University of Victoria and one of Canada’s leading privacy experts. He has written multiple books on privacy and surveillance and focuses on the development and implementation of privacy protection policies at the domestic and international levels. He joins the podcast to discuss the Schrems II decision and what it means for global data transfers and the future of Canada’s privacy law framework.
Canadian privacy law is now widely regarded as outdated and ill-equipped to address the emerging challenges that arise from the massive collection and use of personal information. Canada’s private sector privacy law was drafted in the 1990s, well before the advent of a data-driven economy and the need for reform has grown increasingly urgent as Canadian law falls behind comparable rules around the world.
Guided by Canada’s Digital Charter, a roadmap for reform released last spring, Minister of Innovation, Science and Industry Navdeep Bains has promised to lead on privacy reform. While many may expect opposition to tougher privacy rules to come from large Internet companies such as Facebook, my Globe and Mail op-ed notes that a recent report from the Business Council of Canada suggests that a bigger barrier may come from some of Canada’s largest companies, including big banks, airlines, retailers, insurance providers, and telecom giants.
The LawBytes Podcast, Episode 37: The Future of Privacy in Canada – A Conversation with Privacy Commissioner of Canada Daniel Therrien
The Lawbytes podcast resumes for another season with a special episode on privacy as I’m joined on the podcast by Daniel Therrien, the Privacy Commissioner of Canada. Commissioner Therrien recently used Data Privacy Day to deliver a speech at the University of Ottawa focused on privacy reforms and a new consultation on AI and privacy. He joined me on the podcast to talk about his term as commissioner, the major challenges he’s faced, the state of Canadian privacy law, and the prospect for reform. Following our conversation, the podcast features audio of the Commissioner’s bilingual speech at the law school.