PIPEDA
Comply with PIPEDA
The Personal Information Protection and Electronic Documents Act 2000, commonly known as PIPEDA, is the subject of on-going debate regarding potential its potential reform. Already, PIPEDA sets out principles to which organisations must abide, including principles of accountability, consent, accuracy and safeguards, as well as limiting collection, use, disclosure, and retention.
OneTrust DataGuidance's PIPEDA Portal provides you with the ability to track developments regarding PIPEDA and understand its obligations.
PIPEDA v. GDPR
OneTrust DataGuidance, in collaboration with Edwards, Kenny & Bray LLP, have produced a PIPEDA v. GDPR report which you can download here, and which assists organisations in understanding and comparing key provisions of the PIPEDA comparative to the GDPR. You can also leverage this information through our GDPR. PIPEDA Comparison in the tab above.
Canada Privacy Landscape Overview
Watch our Canada Overview video to understand the state of privacy in Canada today.
The Office of the Superintendent of Financial Institutions ('OSFI') announced, on 15 September 2020, the launch of a consultation, with the publication of a discussion paper, on technology risks in the financial sector.
The Office of the Privacy Commissioner of Canada ('OPC') announced, on 15 September 2020, the launch of new resources to assist businesses in protecting personal information and addressing data breaches.
The Office of the Privacy Commissioner of Canada ('OPC') released, on 15 September 2020, its 2019 breach record inspections report.
The Canadian Chamber of Commerce issued, on 11 September 2020, along with other Canadian business associations, a joint statement on the importance of a coherent privacy framework. In particular, the statement notes the inherent benefit of customer trust for businesses, as well as the increased cybersecurity risks consumers are facing.
The Interactive Advertising Bureau Canada ('IAB Canada') released, on 1 September 2020, its guide to mobile app and in-app advertising.
The Office of the Privacy Commissioner of Canada ('OPC') released, on 8 September 2020, the Privacy Commissioner's, Daniel Therrien, op-ed on the value of data, privacy, and the protection of privacy as digitisation accelerates in the wake of the COVID-19 ('Coronavirus') pandemic.
The U.S.Cybersecurity and Infrastructure Security Agency, the Australian Cyber Security Centre, the New Zealand National Cyber Security Centre and the New Zealand Computer Emergency Response Team, Canada's Communications Security Establishment, and the United Kingdom's National Cyber Security Centre released, on 1 September 2020, a joint cyberse
The Office of the Privacy Commissioner of Canada ('OPC') announced, on 28 August 2020, that the Privacy Commissioner had shared with members of two parliamentary committees, a response ('the Response') to an information request on the privacy implications of the Government's COVID-19 ('Coronavirus') application and the adequacy of current privac
The Office of the Privacy Commissioner of Canada published, on 20 August 2020, guidance for manufacturers of Internet of Things ('IoT') devices ('the Manufacturer Guidance') to help comply with federal privacy law, and guidance for Canadians on how to use smart devices while protecting their personal information ('the Consumer Guidance').
The Office of the Privacy Commissioner of Canada ('OPC') released, on 13 August 2020, an updated Privacy Guide for Businesses ('the Guide').
The Information Technology Industry Council ('ITI') released, on 13 August 2020, its Policy Agenda for the Americas ('the Policy Agenda').
The Office of the Privacy Commissioner of Canada ('OPC') issued, on 4 August 2020, its report of findings ('the Findings') following its investigation into a complaint of TD Canada Trusts' decision to outsource the processing of fraud claims to a third-party service provider.
The Office of the Privacy Commissioner of Canada ('OPC') issued, on 31 July 2020, a statement along with the Office of the Information and Privacy Commissioner of Ontario ('IPC') following their review of the COVID Alert exposure notification application ('the App'), and issued a review and recommendations on the same.
The Office of the Privacy Commissioner of Canada, the Federal Data Protection and Information Commissioner, Switzerland, the Information Commissioner's Office, UK, the Privacy Commissioner for Personal Data, Hong Kong, the Gibraltar Regulatory Authority Information Commissioner, and the Office of the Australian Information Commissioner issued, o
The Supreme Court of Canada ('the Supreme Court') issued, on 13 July 2020, its decision in a 5-4 ruling that the Genetic Non-Discrimination Act (S.C. 2017, c. 3) ('the Act') falls within the federal jurisdiction and is constitutional.
The Office of the Privacy Commissioner of Canada ('OPC') announced, on 6 July 2020, that Clearview AI, Inc.
The Office of the Privacy Commissioner of Canada ('OPC') released, on 15 September 2020, its 2019 breach record inspections report ('the Report')1. In particular, the Report is a result of the OPC's inspection of seven telecommunications ('telecos') companies as an assessment of the state of compliance with breach record-keeping oblig
The EU's General Data Protection Regulation (EU) 2016/679) ('GDPR') entered into effect on 25 May 2018 and substantially impacted Canada's privacy landscape, regulated Federally by the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').
The Information Technology Industry Council ('ITI') released, on 1 September 2020, its guide on Policy Principles for Cybersecurity Certification ('the Guide'), which details the limits of certification approaches and cautions policymakers to avoid viewing cybersecurity certification as a comprehensive solution.
The Supreme Court of Canada ('the Supreme Court') issued, on 13 July 2020, its decision in Reference re Genetic Non‑Discrimination Act, 2020 SCC 171 ruling by 5-4 votes that the Genetic Non-Discrimination Act (S.C. 2017, c. 3) ('the Act') falls within the federal jurisdiction and is constitutional.
The provisions of the United States-Mexico-Canada Agreement ('USMCA') cover the novel subject of the exchange of personal information between its signatories, arguably introducing a new element of uncertainty for the status of Canada's adequacy decision from the European Commission.
As technology which utilises the collection and processing of personal data evolves, so too must the regulations which govern it adapt in order to provide adequate protections to privacy.
The ability for machine learning systems to reach their full potential and benefit consumers depends on these technologies being able to utilise large and varied data sets. As such, legal restrictions on the access to public data for such purposes present a significant obstacle in this regard.
'Deepfakes' is an infamous buzzword initially made popular through somewhat benign manipulation of celebrities' pictures and videos. However, it is a lot more than that. Artificial intelligence ('AI') applications, such as machine learning, work to create deepfakes, which the creation of have led to certain privacy implications.
The Office of the Privacy Commissioner of Canada ('OPC') announced, on 10 December 2019, that it had released, and tabled in Parliament, its 2018-2019 annual report ('the Report') on the modernisation of Canada's privacy legislation.
This webinar discusses, compares, and contrasts the Personal Information Protection and Electronic Documents Act 2000 (‘PIPEDA’) with the General Data Pro
With the multitude of enhanced protections and rights being introduced to individuals with regard to the protection of their personal data, a cautionary approach has become commonplace for organisations who carry out data processing and consider ownership of data.
On 21 May 2019, the Canadian federal Government ('the Government') launched Canada's new Digital Charter ('the Charter')1, as well as a discussion paper entitled 'Strengthening Privacy for the Digital Age' ('the Paper')2, which contains a set of proposals that aim to modernise privacy laws based on the principles set out in
PIPEDA v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
EU-California: GDPR v. CCPA
This analysis has been carried out in collaboration with Future of Privacy Forum. The information in the Chart is also available in a free Report, which you can download here.
EU-Japan: GDPR v. APPI
This analysis has been conducted on the basis of an English unofficial translation of the APPI (as amended) available on the PIPC website. The information in the Chart is also available in a free Report, which you can download here.
EU-Brazil: GDPR v. LGPD
This analysis has been conducted in collaboration with Baptista Luz Advogados. DataGuidance and Baptista Luz Advogados would also like to thank Pereira Neto | Macedo Advogados for their efforts and making a translation of the LGPD available for use. The information in the Chart is also available in a free Report, which you can download here.
EU-Russia: GDPR v. Law on Personal Data
This analysis has been conducted in collaboration with Gorodissky & Partners. This analysis has been conducted on the basis of an English unofficial translation of the Law on Personal Data. The information in the Chart is also available in a free Report, which you can download here.
EU-Thailand: GDPR v. PDPA
This analysis has been conducted in collaboration with Blumenthal Richter & Sumet. The information in the Chart is also available in a free Report, which you can download here.
EU-Australia: GDPR v. Privacy Act
This analysis has been conducted in collaboration with Mills Oakley. The information in the Chart is also available in a free Report, which you can download here.
EU-Nigeria: GDPR v. Nigeria Data Protection Regulation
This analysis has been conducted based on the Nigeria Data Protection Regulation 2019 ('NDPR'). The information in the Chart is also available in a free Report, which you can download here.
EU-Turkey: GDPR v. LPPD
This analysis has been conducted in collaboration with Esin Attorney Partnership. The information in the Chart is also available in a free Report, which you can download here.
EU-Singapore: GDPR v. PDPA
This analysis has been conducted in collaboration with Rajah & Tann Singapore LLP. The information in the Chart is also available in a free Report, which you can download here.
EU-Canada: GDPR v. PIPEDA
This analysis has been conducted in collaboration with Edwards, Kenny & Bray LLP. The information in the Chart is also available in a free Report, which you can download here.
Scope Benchmark
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform
Enforcement Benchmark
