Privacy & Data Management Blog

It looks like Canada’s privacy laws might be getting a face-lift.

In announcing the principles behind the development of a new “Digital Charter”, the federal government has committed to reforming Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Further consultation and the development of legislative language is yet to come, however, the government has indicated a reformation will include the following:

• Re-writing the text of PIPEDA
• Greater control for individuals regarding how personal information is collected and used
• Stronger enforcement powers for the federal Privacy Commissioner
• Rules requiring plain language information about the handling of personal information including when automated decision making is used
• Establishing how and when de-identified information can be used
• Modernizing Canada's anti-spam legislation (CASL) and reviewing enhanced e-protection measures.

Short term impact on OPC consultation regarding disclosures for cross-border processing

In light of the announcement, the federal Privacy Commissioner has suspended his office’s consultation regarding cross-border disclosures for the purposes of processing personal information. The expectation is that the Digital Charter reformation will address cross-border data transfer issues. Therefore, the Privacy Commissioner has said that he expects to re-cast the consultation to deal with both the existing law and proposed Digital Charter.

In the meantime, the OPC does not expect to impose any change in its long-standing approach to treat the provision of personal information to a subcontractor for processing as a use, rather than a disclosure, which requires separate consent. The Privacy Commissioner noted, however, that he could not make any commitments regarding its interpretation and application of the law in the event complaints are received in the meantime. 

What is in the future?

We anticipate the government’s consultations and review will impact the way Canada’s laws define and protect privacy rights, including issues of consent, enforcement, online reputation, transparency, and data mobility. Artificial intelligence and automated decision making will also probably be addressed.

PIPEDA has not been updated in any meaningful way since the early 2000s and amendments are needed to ensure that it reflects current data and privacy issues. 

The Digital Charter will also probably have industry-specific impacts, through changes affecting the Competition Act, Telecommunications Act, Broadcasting Act and Radiocommunication Act.  

Undoubtedly, there will be ramifications for provincial privacy laws, such as the B.C. Personal Information Protection Act, and even health information legislation, which currently are typically founded on the principles underlying the current PIPEDA.

Finally, “in-Canada-only” data localization requirements may be dead. Both the Digital Charter announcement and the draft USMCA (formerly NAFTA) seek to prevent governments from requiring data localization, like we see in BC’s Freedom of Information and Protection of Privacy Act.

Currently, the Digital Charter is only a policy document, and not law. It sets out the principles that the federal government intends to use as a guide in policy making, including the reforming of existing privacy laws. However, as there are only a few weeks remaining in the current parliamentary session before the summer break, and an election scheduled for the fall, it is unlikely that we will see any new legislation proposed earlier than late 2019.