Canada’s Bill C-27 May Make Important Changes to PIPEDA

Why This Privacy Law is Important:

Canada’s federal government has introduced Bill C-27 to the House of Commons on June 17, to introduce the most important changes to Canada’s federal privacy regime in 20 years.

Overview:

PIPEDA, the Personal Information Protection and Electronic Documents Act, was introduced in 2001, and at the time was regarded as providing a principles-based approach to privacy protection that was balanced and innovative. However, it was developed prior to the advent of the internet and social media and many of the innovations that have subsequently impacted personal information use and collection. Except for inclusion of mandatory breach notification in 2018, there has been no substantive update. 

Last year the federal government introduced a proposed change, but this did not advance due to a federal election; it was subject to considerable criticism. Now, the Digital Charter Act (Bill C-27) has been introduced to create a Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act.

Who it Applies to:

Canada’s federal privacy law currently applies to ‘federal works, undertakings and businesses’ as will CPPA. This includes areas under the federal jurisdiction, such as banks, aeronautics, and telecommunications. The federal law applies within provincial jurisdiction if the province has not passed its own privacy law, which is substantially similar; currently this includes Quebec, Alberta, and British Columbia. The federal privacy law does not address privacy of employees of companies, however, unless under directly under the federal jurisdiction. CPPA will however expressly apply to interprovincial or international data flows, so may have concurrent application with provincial privacy laws.

Download the Privacy Alert to the right to get the full text and expert analysis!