I was very pleased to participate together with CBC’s Adrian Harewood in a public event last night sponsored by the Toronto Public Library on the COVID Alert App. Over the course of 90 minutes, we addressed the background that led to the app, answered questions about concerns, and explained why Canadians should feel comfortable downloading it. The full session is embedded below.
Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh
It has taken many years, but Canada finally appears ready to engage in an overhaul of its outdated private sector privacy law. Earlier this month, the Innovation, Science and Industry Minister Navdeep Bains introduced Bill C-11, which, if enacted, would fundamentally re-write Canada’s privacy rules. The government intends to repeal PIPEDA and replace it with the Consumer Privacy Protection Act, which features a new privacy tribunal, tough penalties for non-compliance, and new provisions on issues such as data portability and data de-identification.
To discuss the thinking behind the bill and the government’s privacy plans for privacy, Minister Bains this week joins the Law Bytes podcast as he identifies some the benefits of the bill, clarifies the reasoning behind some of the more controversial policy decisions, and provides a roadmap for what comes next.
The Canadian government yesterday introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. I quickly posted a summary of the some of the key provisions yesterday, noting the need for careful study. That post focused on six issues: the new privacy law structure, stronger enforcement, new privacy rights on data portability and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. This post raises ten questions that will likely emerge as pressure points with stakeholders on both sides raising concerns about their implications.
Canada’s GDPR Moment: Why the Consumer Privacy Protection Act is Canada’s Biggest Privacy Overhaul in Decades
Canada’s privacy sector privacy law was born in the late 1990s at a time when e-commerce was largely a curiosity and companies such as Facebook did not exist. For years, the privacy community has argued that Canada’s law was no longer fit for purpose and that a major overhaul was needed. The pace of reform has been frustrating slow, but today Innovation, Science and Industry Minister Navdeep Bains introduced the Consumer Privacy Protection Act (technically Bill C-11, the Digital Charter Implementation Act), which represents a dramatic change in how Canada will enforce privacy law. The bill repeals the privacy provisions of the current Personal Information Protection and Electronic Documents Act (PIPEDA) and will require considerable study to fully understand the implications of the new rules.
This post covers six of the biggest issues in the bill: the new privacy law structure, stronger enforcement, new privacy rights on data portability, de-identification, and algorithmic transparency, standards of consent, bringing back PIPEDA privacy requirements, and codes of practice. These represent significant reforms that attempt to modernize Canadian law, though some issues addressed elsewhere such as the right to be forgotten are left for another day. Given the changes – particularly on new enforcement and rights – there will undoubtedly be considerable lobbying on the bill with efforts to water down some of the provisions. Moreover, some of the new rules require accompanying regulations, which, if the battle over anti-spam laws are a model, could take years to finalize after lengthy consultations and (more) lobbying.
Facial recognition technologies seem likely to become an increasingly commonplace part of travel with scans for boarding passes, security clearance, customs review, and baggage pickup just some of the spots where your face could become the source of screening. Tamir Israel, staff lawyer at CIPPIC, the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic at the University of Ottawa, recently completed a major study on the use of facial recognition technologies at the border. He joins me on the LawBytes podcast to discuss the current use of the technologies, how they are likely to become even more ubiquitous in the future, and the state of Canadian law to ensure appropriate safeguards and privacy protections.