Recently, the Government of Canada introduced its Digital Charter and announced plans to reform federal privacy laws.
The Digital Charter consists of 10 principles meant to guide the Canadian government’s approach towards protecting and governing the use of personal data through its policies, programs and legislation.
THE 10 PRINCIPLES OF THE DIGITAL CHARTER
Universal Access:
All Canadians will have equal opportunity to participate in the digital world and the necessary tools to do so, including access, connectivity, literacy and skills.
Safety and Security:
Canadians will be able to rely on the integrity, authenticity and security of the services they use and should feel safe online.
Control and Consent:
Canadians will have control over what data they are sharing, who is using their personal data and for what purposes, and know that their privacy is protected.
Transparency, Portability and Interoperability:
Canadians will have clear and manageable access to their personal data and should be free to share or transfer it without undue burden.
Open and Modern Digital Government:
Canadians will be able to access modern digital services from the Government of Canada, which are secure and simple to use.
A Level Playing Field:
The Government of Canada will ensure fair competition in the online marketplace to facilitate the growth of Canadian businesses and affirm Canada's leadership on digital and data innovation, while protecting Canadian consumers from market abuses.
Data and Digital for Good:
The Government of Canada will ensure the ethical use of data to create value, promote openness and improve the lives of people—at home and around the world.
Strong Democracy:
The Government of Canada will defend freedom of expression and protect against online threats and disinformation designed to undermine the integrity of elections and democratic institutions.
Free from Hate and Violent Extremism:
Canadians can expect that digital platforms will not foster or disseminate hate, violent extremism or criminal content.
Strong Enforcement and Real Accountability:
There will be clear, meaningful penalties for violations of the laws and regulations that support these principles.
PIPEDA CHANGES
In accordance with the Digital Charter, the Government of Canada is pledging to reform the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs how private organizations use personal data. The proposed changes to PIPEDA focus on four primary areas:
Enhancing individuals’ control
- Require organizations to provide individuals with specific information in plain language on the intended use of their personal data and the third parties with which information will be shared.
- Prohibit organizations from bundling consent into a contract.
- Enable individuals to consent to use of personal information by businesses under specific circumstances.
- Introduce the right for individuals to transfer data from one organization to another.
- Require enhanced transparency of business practices by applying the concept of demonstrable accountability as per the European Union's General Data Protection Regulation (GDPR).
- Introduce transparency requirements for algorithms used in automated decision-making.
- Give individuals control over how their de-identified information will be used, and introduce penalties for re-identifying.
- Give individuals the right to request that their personal information be deleted.
- Define expiration periods for retaining personal data.
Enabling Innovation
- Employing data trusts (using trusted third parties to manage access by organizations to sensitive databanks for research and development purposes).
- Create codes of practice, accreditation/certification schemes and standards.
Enhancing Enforcement
- Give the Office of the Privacy Commissioner increased authority to stop the collection, use or disclosure of personal information by a non-compliant organization.
- Expand and increase fines for violations of PIPEDA.
Clarifying PIPEDA
- Update the text of PIPEDA to clarify its application as well as extend its application to non-commercial data collection.
In addition to proposed PIPEDA changes, there are also changes anticipated for Canada's Anti-Spam Legislation, the Privacy Act, the Competition Act, the Telecommunications Act, the Broadcasting Act and the Radiocommunication Act.
For more details about the Digital Charter, please see "Canada's Digital Charter: Trust in a digital world" and "Strengthening Privacy for the Digital Age."
For information and resources on cyber insurance and risk management, please contact a CapriCMW Risk Advisor.
