Since February 2017, the House of Commons Standing Committee on Access to Information, Privacy and Ethics has been reviewing Canada’s federal privacy statute – Personal Information Protection and Electronic Documents Act (PIPEDA) – including public meetings and submissions from stakeholders. A year later, the Committee issued its report outlining its recommendations that would see a significant overhaul of PIPEDA.
In the report titled Towards Privacy by Design: Review of the Personal Information Protection and Electronic Documents Act, 19 recommendations are proposed to the Government of Canada that would see significant changes to the operation of, and individual rights, around personal information. It’s clear in the report and the recommendations themselves that Europe’s General Data Protection Regulations were an influence.
Some of the Committee’s recommendations include:
- to explicitly provide for opt-in consent as the default for any use of personal information for secondary purposes, and with a view to implementing a default opt-in system regardless of purpose
- providing measures to improve algorithmic transparency
- an examination of the best ways of protecting depersonalized data
- providing for a right to data portability
- a framework for a right to erasure based on the model developed by the E.U. The model would, at minimum, include a right for young people to have information posted online either by themselves or through an organization taken down
- modernizing the Regulations Specifying Publicly Available Information in order to take into account situations in which individuals post personal information on a public website and in order to make the Regulations technology-neutral
- clarification of the terms under which personal information can be used to satisfy legitimate business interests
- a framework for the right to de-indexing
- to give the Federal Privacy Commissioner enforcement powers, including the power to make orders and impose fines for non-compliance
- to give the Federal Privacy Commissioner broad audit powers, including the ability to choose which complaints to investigate
During his September 2017 annual report to Parliament, Daniel Therien, Canada’s Federal Privacy Commissioner, emphasized the urgency to revisit PIPEDA in order to meet the realities of today’s world, including requesting the new enforcement powers. Organizations have been equally considering how Canada’s status as an adequate country will be affected as a result of the GDPR.
Click to read the report in full Towards Privacy by Design: Review of the Personal Information Protection and Electronic Documents Act.