The Consumer Privacy Protection Act (CPPA) is coming! The Canadian government has submitted a bill for the amendment of the Personal Information Protection and Electronic Documents Act (PIPEDA) and the enactment of a new, modern privacy act.

Key provisions include:
Stronger enforcement:
  • Broad order-making powers to the Commissioner, including recommending the issuance of fines.
  • Administrative

Constantine Karbaliotis and Abigail Dubiniecki write on the topic of what Canadian companies should do after Schrems II:

  • If you are processing data as controller, or as a processor for a client with European Union personal data, and relying on onward transfers, first do a risk assessment; and then assuming the risks are addressable, put

Canada’s privacy regulator is admitting the government’s contract tracing app can’t provide a 100% guarantee of anonymity.

“True anonymity, technically speaking, would require the complete and permanent impossibility of reversing the data processes at play, which could reveal sources of personal information and so re-identify individuals,” says Vito Pilieci, spokesman for Canada Privacy Commissioner Daniel

Information and Privacy Ombudspersons and Commissioners from across Canada are urging their governments to modernize access to information and privacy laws some of which have not been updated in 35 years. Their joint resolution calls for:

  • a legislative framework to ensure the responsible development and use of artificial intelligence and machine learning technologies
  • all public

On November 1st of last year, businesses became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).

Since November 1st, 2018, the Canadian government received 680 breach reports. That is six times the volume received during the same period one year

Consent is not needed for the transfer of personal data from Canada to other countries, says the Canadian Office of the Privacy Commissioner.

Following a consultation on transfers of personal information for processing, the Office of the Privacy Commissioner of Canada (OPC) has concluded that its guidelines for processing personal data across borders will remain

Canada has introduced a Digital Charter that will entail considerable changes to its privacy law, PIPEDA.

The principles are:

  1. Universal Access: equal opportunity to participate in the digital world and the tools to do so.
  2. Safety and Security: rely on the integrity, authenticity and security of services and feel safe online.
  3. Control and Consent: control

“Privacy Commissioner of Canada Daniel Therrien believes the question about whether privacy legislation should be amended is in the past. It is no longer should the country’s privacy laws be amended, but what is the best way to do so, and with the announcement of the country’s Digital Charter, the commissioner said the federal government

The Canadian Office of the Privacy Commissioner has issued a “consultation on cross border transfers,” detailing its policy and seeking comments from stakeholders.

Key points on which consultation is sought:

  • Individuals would reasonably expect to be notified if their information was to be disclosed outside of Canada and be subject to the legal regime of