Fair Dealing by Giulia Forsythe (CC BY-NC-SA 2.0) https://flic.kr/p/dRkXwP
The Law Bytes Podcast, Episode 72: Emily Laidlaw on the Good, the Bad, and the Missed Opportunities Behind Canada’s Privacy Reform
Canada’s new privacy bill is only a couple of weeks old but it is already generating debate in the House of Commons and careful study and commentary from the privacy community. As the biggest overhaul of Canada’s privacy rules in two decades, the bill will undoubtedly be the subject of deep analysis and lengthy committee review, likely to start early in 2021. Last week’s Law Bytes podcast featured Navdeep Bains, the Innovation, Science and Industry Minister, who is responsible for the bill. This week, Professor Emily Laidlaw of the University of Calgary, who holds the Canada Research Chair in Cybersecurity Law, joins the podcast with her take on the good, the bad, and the missed opportunities in Bill C-11.
It has taken many years, but Canada finally appears ready to engage in an overhaul of its outdated private sector privacy law. Earlier this month, the Innovation, Science and Industry Minister Navdeep Bains introduced Bill C-11, which, if enacted, would fundamentally re-write Canada’s privacy rules. The government intends to repeal PIPEDA and replace it with the Consumer Privacy Protection Act, which features a new privacy tribunal, tough penalties for non-compliance, and new provisions on issues such as data portability and data de-identification.
To discuss the thinking behind the bill and the government’s privacy plans for privacy, Minister Bains this week joins the Law Bytes podcast as he identifies some the benefits of the bill, clarifies the reasoning behind some of the more controversial policy decisions, and provides a roadmap for what comes next.
The Canadian government yesterday introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. I quickly posted a summary of the some of the key provisions yesterday, noting the need for careful study. That post focused on six issues: the new privacy law structure, stronger enforcement, new privacy rights on data portability and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. This post raises ten questions that will likely emerge as pressure points with stakeholders on both sides raising concerns about their implications.
Canada’s GDPR Moment: Why the Consumer Privacy Protection Act is Canada’s Biggest Privacy Overhaul in Decades
Canada’s privacy sector privacy law was born in the late 1990s at a time when e-commerce was largely a curiosity and companies such as Facebook did not exist. For years, the privacy community has argued that Canada’s law was no longer fit for purpose and that a major overhaul was needed. The pace of reform has been frustrating slow, but today Innovation, Science and Industry Minister Navdeep Bains introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. The bill repeals the privacy provisions of the current Personal Information Protection and Electronic Documents Act (PIPEDA) and will require considerable study to fully understand the implications of the new rules.
This post covers six of the biggest issues in the bill: the new privacy law structure, stronger enforcement, new privacy rights on data portability, de-identification, and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. These represent significant reforms that attempt to modernize Canadian law, though some issues addressed elsewhere such as the right to be forgotten are left for another day. Given the changes – particularly on new enforcement and rights – there will undoubtedly be considerable lobbying on the bill with efforts to water down some of the provisions. Moreover, some of the new rules require accompanying regulations, which, if the battle over anti-spam laws are a model, could take years to finalize after lengthy consultations and (more) lobbying.
News Media Canada (NMC), the lobby group representing the major newspaper publishers in Canada, released a new report yesterday calling for the creation of a government digital media regulatory agency that would have the power to establish mandated payments for linking to news articles, establish what content is prioritized on social media sites, require companies to disclose algorithmic changes, hand over moderation control of content on news stories to the publishers, and potentially issue fines in the hundreds of millions of dollars. Canadian Heritage Minister Steven Guilbeault has made “get money from web giants” his top legislative priority and has expressed support for mandated licensing for links.
The report, which inaccurately describes the ill-advised Australian approach to licensing links to news articles, is notable for many of the things it does not say. For example, one could easily read the 41 page report and not realize that companies such as Google and Facebook do not publish full versions of news articles without a licence. Indeed, rather than “taking” content, links to news articles are posted by their users, which then send interested readers back to the original source. In fact, the media companies themselves are typically responsible for posting their own articles and granting a licence for their use.