Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh
Privacy
Privacy Pressure Points: A Closer Look at Ten Consumer Privacy Protection Act Concerns
The Canadian government yesterday introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. I quickly posted a summary of the some of the key provisions yesterday, noting the need for careful study. That post focused on six issues: the new privacy law structure, stronger enforcement, new privacy rights on data portability and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. This post raises ten questions that will likely emerge as pressure points with stakeholders on both sides raising concerns about their implications.
Canada’s GDPR Moment: Why the Consumer Privacy Protection Act is Canada’s Biggest Privacy Overhaul in Decades
Canada’s privacy sector privacy law was born in the late 1990s at a time when e-commerce was largely a curiosity and companies such as Facebook did not exist. For years, the privacy community has argued that Canada’s law was no longer fit for purpose and that a major overhaul was needed. The pace of reform has been frustrating slow, but today Innovation, Science and Industry Minister Navdeep Bains introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. The bill repeals the privacy provisions of the current Personal Information Protection and Electronic Documents Act (PIPEDA) and will require considerable study to fully understand the implications of the new rules.
This post covers six of the biggest issues in the bill: the new privacy law structure, stronger enforcement, new privacy rights on data portability, de-identification, and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. These represent significant reforms that attempt to modernize Canadian law, though some issues addressed elsewhere such as the right to be forgotten are left for another day. Given the changes – particularly on new enforcement and rights – there will undoubtedly be considerable lobbying on the bill with efforts to water down some of the provisions. Moreover, some of the new rules require accompanying regulations, which, if the battle over anti-spam laws are a model, could take years to finalize after lengthy consultations and (more) lobbying.
The LawBytes Podcast, Episode 67: Tamir Israel on Facial Recognition Technologies at the Border
Facial recognition technologies seem likely to become an increasingly commonplace part of travel with scans for boarding passes, security clearance, customs review, and baggage pickup just some of the spots where your face could become the source of screening. Tamir Israel, staff lawyer at CIPPIC, the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic at the University of Ottawa, recently completed a major study on the use of facial recognition technologies at the border. He joins me on the LawBytes podcast to discuss the current use of the technologies, how they are likely to become even more ubiquitous in the future, and the state of Canadian law to ensure appropriate safeguards and privacy protections.
The LawBytes Podcast, Episode 66: Ann Cavoukian on Why Canadians Can Trust the COVID Alert App
As the second wave of COVID-19 seems to have arrived in many countries, the importance of measures such as social distancing, masks, testing, and tracing takes on increased importance. In Canada, the COVID Alert App is another important part of that toolkit. The app has been downloaded more than 4.5 million times and has been used to alert users to a potential exposure to the virus nearly 1,700 times. Despite the potential benefits, there remain many skeptics. Ann Cavoukian, a three-time Ontario privacy commissioner and one of Canada’s best known privacy experts, joins the LawBytes podcast this week to talk about the exposure notification and how it addresses potential privacy concerns.
Four Million Downloads and Counting: Everyone Should Install the COVID Alert App
Earlier this summer, I posted on why I installed the COVID Alert App, the national exposure notification app designed to provide Canadians with an alert if they may have been exposed to COVID-19. The post discusses the privacy safeguards that have been built into the app, the reviews from both the federal and Ontario provincial privacy commissioners, and points to previous Lawbytes podcasts (Edwards, Clayton, Kosseim) that discuss the use of technology to help counter the spread of the virus. While there were some concerns (notably the ongoing concerns with social inequities), I concluded that the safeguards combined with the public health benefits were enough to justify installation (Apple, Android).
Recent Posts
The Broadcasting Act Blunder, Day Six: The Beginning of the End of Canadian Broadcast Ownership and Control Requirements 
The Broadcasting Act Blunder, Day Five: The Narrow Exclusion of User Generated Content Services 
The Broadcasting Act Blunder, Day Four: Why Many News Sites Are Captured by Bill C-10 
The Broadcasting Act Blunder, Day Three: Minister Guilbeault Says Bill C-10 Contains Economic Thresholds That Limit Internet Regulation. It Doesn’t. 
The Broadcasting Act Blunder, Day Two: What the Government Doesn’t Say About Creating a “Level Playing Field”
