Tag: PIPEDA

PIPEDA by the numbers: lessons for privacy law reform in Canada?PIPEDA by the numbers: lessons for privacy law reform in Canada?



The Federal Privacy Commissioner (OPC) just released the 2019-2020 Annual Report to Parliament on the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA). In the report the OPC repeated the plea for reform of PIPEDA arguing that PIPEDA “is outdated and does not sufficiently deal with the digital environment to ensure appropriate regulation of new technologies.” The report also proposed major new remedial powers for the OPC. Interestingly, however, statistical data in the Annual Report illustrates how well PIPEDA appears to be working despite the lack of these remedial powers.

OPC position on online reputation: search engines must de-index privacy violating personal informationOPC position on online reputation: search engines must de-index privacy violating personal information



Are search engines subject to PIPEDA? Should they be required to de-index web pages such as when information about an individual is inaccurate, incomplete or outdated, ;or when the linked to information is illegal? Should search engines be subject to a notice and de-indexing or demotion regime? And, should search engines be required to geo-fence to ensure that search results containing personal information about Canadians that violates PIPEDA  is not made accessible in Canada regardless of which domain a Canadian searches on?

PIPEDA privacy law given business friendly interpretation by Supreme Court: RBC v TrangPIPEDA privacy law given business friendly interpretation by Supreme Court: RBC v Trang



Canada’s federal privacy law, PIPEDA, was enacted to be one of our framework laws that would underpin our digital economy. It’s goal was to recognize the privacy rights of individuals and at the same time to recognize the legitimate needs of organizations to collect, use, and disclose personal information. That balance between privacy and  uses of personal information for appropriate purposes was underscored by the Supreme Court in a decision released yesterday in Royal Bank of Canada v. Trang 2016 SCC 50.  

Digital Privacy Act: Important work still to be done by the INDU CommitteeDigital Privacy Act: Important work still to be done by the INDU Committee



The Digital Privacy Act (Bill S-4) will make significant changes to Canadian privacy law when it is enacted. The amendments to PIPEDA have been in the making since 2007 following the statutory review of PIPEDA by the Standing Committee on Access to Information, Privacy and Ethics. The Bill has passed the Senate and was referred to the Standing Committee on Industry, Science and Technology. The INDU Committee will begin considering the Bill on November 25, 2014.

The Government of Canada Backgrounder says that “Canada’s Digital Privacy Act provides important improvements to Canada’s private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA)” and that it “will ensure that Canadians are safer and more secure when they surf the web or shop online”.

Canada to amend PIPEDA with the Digital Privacy ActCanada to amend PIPEDA with the Digital Privacy Act



Bill S-4, the Digital Privacy Act (An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act,) was given First Reading in the Senate today.  The summary of the Bill describes the proposed amendments as follows:

This enactment amends the Personal Information Protection and Electronic Documents Act to, among other things,
(a) specify the elements of valid consent for the collection, use or disclosure of personal information;
(b) permit the disclosure of personal information without the knowledge or consent of an individual for the purposes of
(i) identifying an injured, ill or deceased individual and communicating with their next of kin,
(ii) preventing, detecting or suppressing fraud, or
(iii) protecting victims of financial abuse;
(c) permit organizations, for certain purposes, to collect, use and disclose, without the knowledge or consent of an individual, personal information
(i) contained in witness statements related to insurance claims, or
(ii) produced by the individual in the course of their employment, business or profession;
(d) permit organizations, for certain purposes, to use and disclose, without the knowledge or consent of an individual, personal information related to prospective or completed business transactions;
(e) permit federal works, undertakings and businesses to collect, use and disclose personal information, without the knowledge or consent of an individual, to establish, manage or terminate their employment relationships with the individual;
(f) require organizations to notify certain individuals and organizations of certain breaches of security safeguards that create a real risk of significant harm and to report them to the Privacy Commissioner;
(g) require organizations to keep and maintain a record of every breach of security safeguards involving personal information under their control;
(h) create offences in relation to the contravention of certain obligations respecting breaches of security safeguards;
(i) extend the period within which a complainant may apply to the Federal Court for a hearing on matters related to their complaint;
(j) provide that the Privacy Commissioner may, in certain circumstances, enter into a compliance agreement with an organization to ensure compliance with Part 1 of the Act; and
(k) modify the information that the Privacy Commissioner may make public if he or she considers that it is in the public interest to do so

A Government press release describing the Bill can be found here.

Copyright and privacy bills to be introduced in House of CommonsCopyright and privacy bills to be introduced in House of Commons



The Government will likely introduce new Bills to amend the Copyright Act and the Personal Information Protection and Electronic Documents Act (PIPEDA) within the next few days. The Parliament of Canada Notice Paper for Wednesday September 28, 2011 provides notice that the Minister of Industry and Minister of State (Agriculture) will introduce a Bill entitled “An Act to Amend the Copyright Act” and a Bill entitled “An Act to Amend the Personal Information Protection and Electronic Documents Act”.  The actual notices are dated September 27, 2011, which means that the Bills could be introduced as early as this Thursday.

Rethinking CASLRethinking CASL



SPAM is awful.  It wastes our time. It clogs the Internet. It is full of scams, malware and fraudulent, false and misleading messages. Who wouldn’t cheer when Canada finally decided late in 2010 to outlaw SPAM and related afflictions of malware, spyware, address harvesting and sending false and misleading commercial electronic messages?

Indeed, there was much satisfaction when Canada’s anti-SPAM law, also known as FISA[2], was given royal assent on December 15, 2011.  After a lengthy and thorough review process, including consultations and Parliamentary reviews, Canadians could look forward to the toughest anti-SPAM law in the world just as soon as the regulations were finalized, which is expected this summer.

Supreme Court rules on whether access laws apply to records of PMO but not which records are personal informationSupreme Court rules on whether access laws apply to records of PMO but not which records are personal information



The Supreme Court released its reasons Friday in an important appeal in which the Court had to decide whether citizens can demand disclosure of records located in the offices of the Prime Minister, Ministers of the Crown, the RCMP and PCO under the Access to Information Act. In Canada (Information Commissioner) v. Canada (Minister of National Defence), 2011 SCC 25, the Supreme Court ruled that none of the requested documents had to be disclosed.  The ruling, however, by-passed an important opportunity to clarify the meaning of the term “personal information” in Canadian privacy legislation.

The OPC on online tracking, profiling and targeting and cloud computingThe OPC on online tracking, profiling and targeting and cloud computing



The Office of the Privacy Commissioner released a report yesterday on online tracking, profiling and targeting and cloud computing, Report on the 2010 Office of the Privacy Commissioner of Canada’s Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing. These areas are currently very hot and challenging topics for Canadians and Canadian businesses.

The privacy issues raised by online tracking, profiling and targeting and cloud computing raise many questions with important public policy and economic implications. The report, by and large, raises and does a good job of explaining the issues and challenges.

Government introduces bills to fight SPAM and spyware and to amend PIPEDAGovernment introduces bills to fight SPAM and spyware and to amend PIPEDA



Earlier today the Government introduced two important Bills – Bills C-28 and C-29.

Bill C-28, Fighting Internet and Wireless Spam Act, is the re-introduction of the Electronic Commerce Protection Act (ECPA). It is essentially the Bill as passed by the House of Commons just before the olympics with a few changes. Most of the changes are to harmonize the language to drafting conventions or to clarify the legislative intent.

The Bill is a major improvement over the initial version of the ECPA which was significantly improved during the Industry Committee review.