Government of Canada Proposes New Data Privacy Legislation

The federal government has proposed legislation that would overhaul Canada's data privacy laws, bringing them more in line with international standards.
Categories: Business Insurance
Nov 25th, 2020 | By: CapriCMW

The federal government has proposed legislation that would overhaul Canada's data privacy laws, bringing them more in line with international standards.

In addition to providing individuals more control over their data and increasing transparency on how organizations use this data, the proposed reforms broaden the authorities of the Privacy Commissioner and allow for significantly heavier penalties than what is currently available under the Personal Information Protection and Electronic Documents Act (PIPEDA).

If  Bill C-11: the Digital Charter Implementation Act is passed, the Consumer Privacy Protection Act (CPPA) would be enacted to replace PIPEDA.

Highlights of CPPA

  • The federal Privacy Commissioner would have the ability to investigate violations, impose orders against organizations and recommend penalties.
  • Maximum penalties for offences would be 5% of an organization’s global revenues or $25 million (whichever is higher).
  • Organizations must still obtain consent from individuals to collect and use their personal data as per PIPEDA. However, for consent to be valid, certain information must be provided to the individuals in "plain language" which include the type of data being collected; how data is being collected; purposes of data collection; any potential consequences for the data's collection, use or disclosure; as well as any third parties that will have access to the data.
  • Individuals would have the right to request that organizations transfer their personal data to other organizations, delete their data (subject to certain limitations), and withdraw consent for use of their data.
  • Individuals would have the right to request that organizations explain how an automated decision-making system made a prediction, recommendation or decision and how information was collected.
  • Organizations would be allowed to use personal information without consent if it is with the purpose of de-identifying information. Organizations would also be permitted to use de-identified data without consent under certain circumstances. 
  • Where the privacy commissioner finds that an organization has violated an individual's prviacy, the affected individual can sue for compensation.

Bill C-13 also proposes to enact the Personal Information and Data Protection Tribunal Actcreating an administrative tribunal that determines and imposes penalties, and hears appeals of the Privacy Commissioner’s decisions. 

For more information on the proposed legislation, you can see the federal government's official news release here and the bill in it's entirety here.

Recent Blog Posts

Business Insurance / hospitality, COVID-19
BC Introduces a $50 Million Relief Grant for Restaurants and Businesses Affected by Recent COVID-19 Restrictions

Restaurants and other affected businesses can apply to access up to $10,000 in a one-time grant to…

Apr 13th, 2021 | By: CapriCMW
Personal Insurance / auto insurance
Who is at fault for a collision in a parking lot?

Even though the basic rules of the road still apply when you’re driving in a parking lot, it may be…

Apr 8th, 2021 | By: CapriCMW
Personal Insurance / auto insurance
Can I let someone else drive my car?

It's not uncommon to want to lend your vehicle to another driver from time to time. But what happens…

Apr 8th, 2021 | By: CapriCMW
Search the Blog
photo-10.jpg

Confidence and Freedom

At CapriCMW, we provide personalized insurance and custom risk solutions to give you the confidence and freedom to focus on what matters to you. Talk to an Advisor or get a quote today.

Get a Quote    Or call 1-800-670-1877

Can’t find what you are looking for? Ask us!