Canada Introduces New Federal Privacy Bill
On November 17, the Canadian government drafted new privacy legislation that would make significant changes to their existing federal privacy laws. If passed, Bill C-11, the Digital Charter Implementation Act (DCIA), would replace Part 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA) with the Consumer Privacy Protection Act (CPPA).
As a reference PIPEDA was Canada’s first privacy law and the anchor for what is now referred to as CASL (Canadian Anti-Spam Legislation).
The DCIA is aligned closely with the EU’s GDPR and remains focused on PIPEDA and its 10 privacy principles. DCIA provides individuals with more control over how their personal information is collected, used and disclosed by businesses for commercial/marketing purposes.
CPPA has suggested several important changes to Canada’s existing privacy laws. Here are a few highlights of the proposed law:
- A privacy management program provided to the Office of the Privacy
- Commissioner on demand
- Fines of up to 5% or $25 million
- Private right of action
- A comprehensive standard for appropriate processing of personal information
- Defines activities for processing personal information without consent
- Defines when transfers to service providers does not require knowledge and consent
- Defines circumstances in which de-identified information can be processed
- Requires an explanation of the logic behind automated decision-making about a person
- Requires disclosure of how the personal information used to make predictions, recommendations or decision was obtained
- Expands consumer rights to include portability and deletion
- Creates codes of practice and certification programs to facilitate compliance
We’ll continue to keep you updated on how this proposed law evolves over the coming months.
Suggested Blog Posts
Today… and into the futureWritten by Rick Buck, Chief Privacy Officer, WireWheelTo comply with California...
Congressional testimony from a former Facebook employee has sparked outrage over the governance of the company’s...
Introduction ‘Personal Data’ has different legal definitions in the GDPR, CCPA in California, CDPA in Virginia, LGPD...
Last Updated: October 5, 2021What is a DSAR? Data Subject Access Requests (DSARs) give individuals (also known as data...
Written by Rick Buck, Chief Privacy Officer, WireWheelLast Updated: October 5, 2021Introduction to Data Privacy in...