Privacy has been on a lot of people’s minds in the past few years, with new or amended legislation being studied and enacted across the globe (on what seems like a monthly basis), creating a quasi-infinite number of changes to write, talk and debate about. In Quebec, recent focus has been on Bill 64: An Act to modernize legislative provisions as regards the protection of personal information (now Law 25), but the Government of Canada has also been looking to review its privacy legislation.
- increasing control and transparency when Canadians’ personal information is handled by organizations;
- giving Canadians the freedom to move their information from one organization to another in a secure manner;
- ensuring that Canadians can request that their information be disposed of when it is no longer needed;
- establishing stronger protections for minors, including by limiting organizations’ right to collect or use information on minors and holding organizations to a higher standard when handling minors’ information;
- providing the Privacy Commissioner of Canada with broad order-making powers, including the ability to order a company to stop collecting data or using personal information; and
- establishing significant fines for non-compliant organizations—with fines of up to 5% of global revenue or $25 million, whichever is greater, for the most serious offences.”5
Interesting are the potential changes to the concept of personal information. Defined under section 2(1) of PIPEDA as “information about an identifiable individual”, it has been examined by Federal Courts and the subject of an Interpretation Bulleting by the Privacy Commissioner of Canada6. The CPPA would keep the definition of personal information under PIPEDA but introduce under its section 2(1) the concepts of de-identified data and anonymized data. While this approach may seem reminiscent of the concepts of personal data, pseudonymized data and anonymized data put forward under the GDPR, the impact of these two additional concepts under the CPPA is still to be determined.
BILL C-27: PERSONAL INFORMATION AND DATA PROTECTION TRIBUNAL ACT
Sections 4 and 5 of the Personal Information and Data Protection Tribunal Act establish a tribunal with a limited jurisdiction to7:
- Hear appeals made by complainants or organizations that are affected by certain findings, orders or decisions identified under sections 101 or 102 of the CPPA; and
- Impose penalties on organizations when the conditions set out in section 95 of the CPPA are met.
Under section 94 of the CPPA, the Privacy Commissioner of Canada could decide to make recommendations to the tribunal about the imposition of penalties on an organization, where the Commissioner has found such organization to have contravened to certain provisions of the CPPA.
- Office of the Privacy Commissioner of Canada, “PIPEDA in brief” (rev. May 2019), online : https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/.
- European Commission, “Data protection: Commission recognises adequacy of Canadian regime“ (January 14, 2002), online: https://ec.europa.eu/commission/presscorner/detail/en/IP_02_46.
- Government of Canada, “The European Union’s General Data Protection Regulation” (rev. April 1, 2021), online: https://www.tradecommissioner.gc.ca/guides/gdpr-eu-rgpd.aspx?lang=eng.
- Parliament of Canada, “LEGISinfo: C-27”, online: https://www.parl.ca/legisinfo/en/bill/44-1/c-27.
- Government of Canada, “Bill C-27 summary: Digital Charter Implementation Act, 2022” (rev. August 18, 2022), online: https://ised-isde.canada.ca/site/innovation-better-canada/en/canadas-digital-charter/bill-summary-digital-charter-implementation-act-2020.
- Office of the Privacy Commissioner of Canada, “Interpretation Bulletin: Personal Information” (rev. October 11, 2013), online: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/pipeda-interpretation-bulletins/interpretations_02/.
- Parliament of Canada, “Legislative Summary of Bill C-27” (July 12, 2022), online: https://lop.parl.ca/sites/PublicWebsite/default/en_CA/ResearchPublications/LegislativeSummaries/441C27E#a2-4.