Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Not Just Your Same Old Privacy Legislation: A Compliance Briefing for Privacy Officers on the New Canadian Consumer Privacy Protection Act
In June 2022, Bill C-27, or "An Act to enact the Consumer Privacy Protection Act (the Act) and, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts" (Bill C-27) was introduced by the Minister of Innovation, Science and Industry, and underwent First Reading, as a replacement to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). (This is in fact the second effort by the federal government to enact this replacement to PIPEDA. In 2021, Bill C-11 (An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts) — the mooted replacement for PIPEDA — passed Third Reading of the legislative process, but Canada then had a federal election, and as a result Bill C-11 died prior to being enacted.) Prior to the introduction of the Act, there were concerns that it would effectively be a "'Made in Canada' GDPR". However, while the Act has taken the lead from the EU General Data Protection Regulation in introducing financially enormous penalties, as well as the right of data portability and the right to be forgotten, enough of the original PIPEDA remains such that the Act is now effectively a PIPEDA/GDPR hybrid.
This article, which reviews the Act (other than the Artificial Intelligence and Data Act, which — as it is completely new to the Canadian legislative landscape — will require its own future article) first seeks to identify the delta between the Act and PIPEDA in order to allow privacy officers of organizations that are already PIPEDA compliant to identify the net new compliance requirements under the Act and second, to highlight the provisions of the Act which, if breached, could lead to the imposition of significant fines, and use those as a guide as to which "hot button" features of an organization's privacy compliance program will likely be the focus of enforcement, and as such should therefore be revisited by privacy officers.
|Introduction
The Act both introduces new GDPR concepts of the right of data portability, the right to be forgotten and codes of practice (as well as more discrete concepts such the "legitimate interests" consent exemption, but also largely copies certain pre-existing rights in PIPEDA. (The Act is also known as the Digital Charter Implementation Act, 2022. However, as we review herein, the core of the Act is the Consumer Privacy Protection Act, rather than the Personal Information and Data Protection Tribunal Act which effects the creation of the Data Tribunal, the Artificial Intelligence and Data Act, and the various ancillary amendments. As a result, references to "the Act" in this article are references to the Consumer Privacy Protection Act.) In many cases these pre-existing rights have simply been lifted from their previous position in the "Principles Set Out in the National Standard of Canada Entitled Model Code for the Protection of Personal Information, CAN/CSA-Q830-96": a set of principles in a voluntary model code, that the original drafters of PIPEDA somewhat awkwardly attached as a schedule to PIPEDA such the principles were then binding. Under the Act, this Schedule has now been eliminated. (This was never an entirely satisfactory legislative structure, and organizations are well shut of it.) In effect, while the Act introduces a few new individual rights of significance based on GDPR with which Canadian organizations will need to become familiar, many of the individual rights are simply PIPEDA redux — i.e., restatements, clarification and expansions on existing PIPEDA provisions. This will assist organizations seeking to comply with the Act, if and when it comes into force.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
How Secure Is the AI System Your Law Firm Is Using?
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
COVID-19 and Lease Negotiations: Early Termination Provisions
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
Authentic Communications Today Increase Success for Value-Driven Clients
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.