On November 17th 2020, Canada’s long-rumored data privacy upgrade arrived in the form of Bill C-11, otherwise known as the Digital Charter Implementation Act, 2020. While still in its proposal phase, the government proposed bill aims to improve visibility and consumer control over how businesses in the private sector collect and handle consumer personally identifiable information. To do so, the bill aims to enact the following statutes:
Consumer Privacy Protection Act (CPPA): A modern approach to data privacy that combines the principles found within Canada’s Digital Charter, as well as long-proposed changes to Canada’s decades-old Personal Information Protection and Electronic Documents Act (PIPEDA).
Personal Information Data Protection Tribunal Act: Establishes a Personal Information and Data Protection Tribunal, a group of three to six government-appointed officials (at least one of whom must have a formal background in information and privacy law) who have the power to impose stiff monetary penalties upon privacy infringing organizations.
While PIPEDA is not going away (its name being shortened to the Electronic Documents Act, as per Bill C-11), the CPPA will become the new legal go-to for ensuring that your personal information is collected, protected, and used appropriately by private businesses.
The CPPA aims to ensure that:
Businesses receive consumer consent prior to collection and use of personal information
Collection of personal information is restricted to its intended use
Consumers maintain ownership of personal information collected by businesses
Consumers may request access to collected personal information
Consumers may modify/update collected personal information
Consumers may request the destruction of collected personal information