Daniel Therrien, the Privacy Commissioner in Canada, is in the courts battling Google over a right to de-index. He’s calling for order making after Facebook declined to abide by his recommendations. And he’s embarked on a dramatic re-interpretation of the law premised on incorporating new consent requirements into cross-border data transfers. David Fraser, one of Canada’s leading privacy experts, joins the podcast to provide an update on the recent Canadian privacy law developments and their implications.
Post Tagged with: "privacy"
![Mark_Zuckerberg_F8_2018_Keynote, Anthony Quintano from Honolulu, HI, United States [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)] https://commons.wikimedia.org/wiki/File:Mark_Zuckerberg_F8_2018_Keynote_(41118883004).jpg](https://www.michaelgeist.ca/wp-content/uploads/2019/05/2048px-Mark_Zuckerberg_F8_2018_Keynote_41118883004-200x150.jpg)
Does Canadian Privacy Law Matter if it Can’t be Enforced?
It has long been an article of faith among privacy watchers that Canada features better privacy protection than the United States. While the U.S. relies on binding enforcement of privacy policies alongside limited sector-specific rules for children and video rentals, Canada’s private sector privacy law (PIPEDA or the Personal Information Protection and Electronic Documents Act), which applies broadly to all commercial activities, has received the European Union’s stamp of approval, and has a privacy commissioner charged with investigating complaints.
Despite its strength on paper, my Globe and Mail op-ed notes the Canadian approach emphasizes rules over enforcement, which runs the risk of leaving the public woefully unprotected. PIPEDA establishes requirements to obtain consent for the collection, use and disclosure of personal information, but leaves the Privacy Commissioner of Canada with limited tools to actually enforce the law. In fact, the not-so-secret shortcoming of Canadian law is that the federal commissioner cannot order anyone to do much of anything. Instead, the office is limited to issuing non-binding findings and racing to the federal court if an organization refuses to comply with its recommendations.
Rewriting Canadian Privacy Law: Commissioner Signals Major Change on Cross-Border Data Transfers
Faced with a decades-old private-sector privacy law that is no longer fit for the purpose in the digital age, the Office of the Privacy Commissioner of Canada (OPC) has embarked on a dramatic reinterpretation of the law premised on incorporating new consent requirements. My Globe and Mail op-ed notes the strained interpretation arose last Tuesday when the OPC released a consultation paper signalling a major shift in its position on cross-border data transfers.
Open Banking Is Already Here: My Appearance Before the Senate Standing Committee on Banking, Trade and Commerce
The Senate Standing Committee on Banking, Trade and Commerce has spent the past month and a half actively engaged in a detailed study of the regulatory framework for open banking. The study has included government officials, representatives from Australia and the UK, and Canadian banking stakeholders. I appeared before the committee yesterday as a single person panel, spending a full hour discussing a wide range of policy concerns. My core message was that the committee debate over whether Canada should have open banking missed the bigger issue that millions of Canadians already use open banking type services despite the friction in making their data easily portable to third party providers. I recommended several reforms in response, including stronger privacy laws, mandated data portability with informed consumer consent, and consumer protection safeguards that recognizing the likely blurring between incumbent banks and third party providers.
Canadian Privacy Commissioner Signals Major Shift in Approach on Cross-Border Data Transfers
The Office of the Privacy Commissioner of Canada has released a consultation paper that signals a major shift in its position on data transfers, indicating that it now believes that cross-border disclosures of personal information require prior consent. The approach is a significant reversal of longstanding policy that relied upon the accountability principle to ensure that organizations transferring personal information to third parties are ultimately responsible for safeguarding that information. In fact, OPC guidelines from January 2009 explicitly stated that “assuming the information is being used for the purpose it was originally collected, additional consent for the transfer is not required.”
Recent Posts
The Law Bytes Podcast, Episode 231: Sara Bannerman on How Canadian Political Parties Maximize Voter Data Collection and Minimize Privacy Safeguards 
The Law Bytes Podcast, Episode 230: Aengus Bridgman on the 2025 Federal Election, Social Media Platforms, and Misinformation 
The Law Bytes Podcast, Episode 229: My Digital Access Day Keynote – Assessing the Canadian Digital Policy Record 
Queen’s University Trustees Reject Divestment Efforts Emphasizing the Importance of Institutional Neutrality 
The Law Bytes Podcast, Episode 228: Kumanan Wilson on Why Canadian Health Data Requires Stronger Privacy Protection in the Trump Era
