A Legal Guide to PRIVACY AND DATA SECURITY 2024

CANADA

Personal Information Protection and Electronic Documents Act (PIPEDA)

In 2020, Canada’s federal Minister of Innovation, Science and Industry submitted Bill C-11, An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Act, more simply referred to as the Digital Charter Implementation Act, 2020, (“CPPA”) for consideration in the House of Commons. As of December 31, 2023 the CPPA had not yet become law. Under the CPPA, the federal privacy commissioner would have the power to investigate and prosecute any organization that violates the framework imposed by the CPPA. The penalties would also be more severe than those imposed by PIPEDA. This would be one of the strictest privacy laws in the world, comparable to the GDPR or the California Consumer Privacy Act. Many American businesses have crafted their privacy policies to comply with PIPEDA, knowing that PIPEDA fulfilled the requirements for self- certification under the now invalidated EU-U.S. Safe Harbor and Privacy Shield program administered by the U.S. Department of Commerce. Compliance with PIPEDA will also satisfy most of the requirements for the privacy laws of any of the member states of the EU. Canada moved quickly to adopt legislation that complied with the 1995 EU Data Directive in order to both promote e-commerce and trade with the EU. PIPEDA adopts ten privacy principles: Principle 1 — Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the 153

Made with FlippingBook - Online Brochure Maker