Support Centre
PIPEDA
workspace-icon
Back

PIPEDA

Comply with PIPEDA

The Personal Information Protection and Electronic Documents Act 2000, commonly known as PIPEDA, is the subject of on-going debate regarding its potential reform. Already, PIPEDA sets out principles to which organisations must abide, including principles of accountability, consent, accuracy and safeguards, as well as limiting collection, use, disclosure, and retention.

OneTrust DataGuidance's PIPEDA Portal provides you with the ability to track developments regarding PIPEDA and understand its obligations.

Latest developments

Bill C-11 for the Digital Charter Implementation Act, 2020 was introduced, on 17 November 2020, to the House of Commons, which would have reformed Canada's privacy legislation under PIPEDA. In particular, the bill would have enacted the Consumer Privacy Protection Act ('CPPA'), which would have protected the personal information of individuals while regulating organisations' collection, use, or disclosure of personal information in the course of commercial activities, and would have repealed Part 1 of PIPEDA and amend PIPEDA's short title to the Electronic Documents Act. In addition, the bill would have enacted the Personal Information and Data Protection Tribunal Act ('the Tribunal Act') for the establishment of an administrative tribunal to hear appeals of certain decisions made by the Office of the Privacy Commissioner of Canada ('OPC') under the CPPA, and facilitate the imposition of penalties.

Please note that OneTrust DataGuidance confirmed with the House of Commons that the bill died, on 15 August 2021, after failing to pass both the House of Commons and the Senate before the Parliamentary session ended.

You can read the bill and view its history here.

PIPEDA v. GDPR

OneTrust DataGuidance, in collaboration with Edwards, Kenny & Bray LLP, have produced a PIPEDA v. GDPR report which you can download here, and which assists organisations in understanding and comparing key provisions of the PIPEDA comparative to the GDPR. You can also leverage this information through our GDPR. PIPEDA Comparison in the tab above.

Canada Privacy Landscape Overview

Watch our Canada Overview video to understand the state of privacy in Canada today.

See all Canada Federal News
31 May 2023

Canada: OPC finds Government COVID-19 measures generally privacy compliant

On May 30, 2023, the Office of the Privacy Commissioner of Canada (OPC) announced that it had tabled its special report on COVID-19-related investigations before the Parliament of Canada.

Investigations, Health and Pharmaceutical, Public Sector
30 May 2023

Canada: OPC publishes guide on privacy in the workplace, provides practical tips for employers

The Office of the Privacy Commissioner of Canada (OPC) announced, on May 29, 2023, the publication of a guide outlining key privacy considerations for employers subject to federal privacy legislation.

Employment, Surveillance
26 May 2023

Canada: OPC and provincial authorities announce investigation into ChatGPT

The Office of the Privacy Commissioner of Canada (OPC) announced, on May 25, 2023, that the privacy authorities for Canada, Québec, British Columbia, and Alberta will jointly investigate OpenAI, L.L.C. as the operator of ChatGPT.

Consent, Investigations, Artificial Intelligence
19 May 2023

Canada: OPC submits comments on Bill C-27 recommending further improvements

On May 11, 2023, the Office of the Privacy Commissioner of Canada (OPC) announced that it had submitted comments on Bill C-27 for the Digital Charter Implementation Act 2022 (DCIA) to the Standing Committee on Industry and Technology in the House of Commons.

Data Subject Rights, Privacy Law Reform
15 May 2023

Canada: OPC lodges appeal against Federal Court's Facebook decision

The Privacy Commissioner of Canada ('OPC') announced, on 12 May 2023, its intention to appeal the judgment rendered by the Federal Court of Canada, on 13 April 2023, in Canada (Privacy Commissioner) v.

Litigation
25 April 2023

Canada: Bill for the Digital Charter Implementation Act passes second reading

Government Bill C-27, known as the Bill for the Digital Charter Implementation Act 2022 passed, on 24 April 2023, its second reading in the House of Commons of Canada, and was thereafter referred, on the same date, to the Standing

Privacy Law Reform
24 April 2023

Canada: Court decides against OPC ruling regarding Facebook

The Federal Court of Canada issued, on 13 April 2023, its judgment in Canada (Privacy Commissioner) v. Facebook, Inc., 2023 FC 533.

Consent, Enforcement Actions, Vendor Management
24 April 2023

Canada: OSFI and GRI release report on AI in financial services

The Office of the Superintendent of Financial Institutions ('OSFI') announced, on 17 April 2023, the release, jointly with the Global Risk Institute ('GRI'), of a report titled 'Financial Industry Forum on Artificial Intelligence: A Canadian Perspective on Responsible AI'.

Financial Services, Artificial Intelligence
24 April 2023

Canada: OSFI publishes cyber resilience framework for regulated financial institutions

The Office of the Superintendent of Financial Institutions ('OSFI') announced, on 21 April 2023, the release of the Intelligence Led Cyber Resilience Testing ('I-CRT') framework. In particular, the framework aims to aid the financial industry in the identification of areas that may be more vulnerable to cyber attacks.

Financial Services, Cybersecurity
11 April 2023

Canada: OPC publishes blog on algorithmic fairness

The Office of the Privacy Commissioner of Canada ('OPC') released, on 5 April 2023, a two-part blog post on algorithmic fairness. In particular, part one explains algorithmic fairness, detailing three main definitions and how these models interact.

Artificial Intelligence
04 April 2023

Canada: OPC initiates investigation into ChatGPT

The Office of the Privacy Commissioner of Canada ('OPC') announced, on 4 April 2023, the launch of an investigation into OpenAI, L.L.C., as the operator of ChatGPT.

Consent, Investigations, Artificial Intelligence
31 March 2023

Canada: Privacy Commissioner submits recommendations on reforming Competition Act

The Office of the Privacy Commissioner of Canada ('OPC') announced, on 29 March 2023, that the Privacy Commissioner of Canada, Philippe Dufresne, had provided recommendations to the Minister of Innovation, Science, and Industry in regard to reforming the Competition Act 1985.

Antitrust and Competition
30 March 2023

Canada: Cybersecurity bill passes second reading in House of Commons

Government Bill C-26 for an Act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other Acts passed, on 27 March 2023, its second reading in the House of Commons of Canada, and was

Critical Infrastructure, Cybersecurity
15 March 2023

Canada: Government updates overview of AI and AIDA

The Government of Canada updated, on 13 March 2023, its companion document on artificial intelligence ('AI') and the Artificial Intelligence and Data Act ('AIDA').

Artificial Intelligence
08 March 2023

Canada: OPC issues updated guide on faxing personal information

The Office of the Privacy Commissioner of Canada ('OPC') published, on 7 March 2023, updated advice on the risks of faxing personal information. In particular, the OPC explained that, despite digital advancements in many fields, breaches of personal information continue to occur because of the use of traditional fax machines.

Cybersecurity, Encryption
01 March 2023

Canada: IAB Canada releases public consultation for data clean rooms standards and recommendations

The Internet Advertising Bureau ('IAB') of Canada announced, on 16 February 2023, that the IAB Tech Lab had released a public consultation for Data Clean Rooms ('DCRs') Standards and Recommendations.

Direct Marketing, Profiling
See all Canada Federal Insights
Apr 2023

Canada: AI and Data Act - Key takeaways

On 16 June 2022, the Government of Canada introduced in the House of Commons the Artificial Intelligence and Data Act ('AIDA') as part of Bill C-27, for An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related

Employment, Fines, Artificial Intelligence
Jan 2023

Canada: An overview of Bill C-27 and its proposed changes to PIPEDA

Canada has an existing comprehensive federal private-sector privacy legislation, the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA'), which became law in 2000. Recently, changes to PIPEDA have been proposed via the draft language of Bill C-27 for the Digital Charter Implementation Act 20221 ('Bill C-27').

Anonymization and Pseudonymization, Consent, Data Subject Rights, Privacy Law Reform, Supervisory Authority, Artificial Intelligence
Dec 2022

Canada: Organisational accountability under the CPPA and Québec's Law 25

Both the Consumer Privacy Protection Act ('CPPA') and Québec's Act to modernize legislative provisions as regard the protection of personal information, 2021, Chapter 25 ('Law 25') aim to modernise privacy laws and introduce significant penalties and fines for non-compliance.

Privacy Law Principles, Privacy Law Reform
Jun 2022

Canada: Digital Charter Implementation Act 2022 - What you need to know

On 16 June 2022, Bill C-27 for An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts, also known as the Digital Charter Implementation Act 2022 ('DCIA 2022'), was introduced in the H

Consent, Fines, Privacy Law Concepts, Privacy Law Reform, Artificial Intelligence
Apr 2022

Canada: Data Protection in the Automotive Sector

Automotive
Mar 2022

International: Understanding data residency - Part one: Americas perspective

Many jurisdictions are increasingly enacting laws and regulations governing how and where data must be stored either within their respective borders or abroad. What has resulted is a constantly evolving network of rules and restrictions for the location of data.

Retention and Storage, Data Transfers, Data Localisation, Privacy Shield, Third Countries
Mar 2022

Canada: Data Protection in the Financial Sector

Financial Services
Mar 2022

Canada: Cybersecurity

Cybersecurity
Feb 2022

Canada: Understanding bias in AI for marketing – a comprehensive guide to avoiding negative consequences with AI

The Interactive Advertising Bureau of Canada ('IAB Canada') released, on 24 November 2021, a guide on Understanding Bias in AI for Marketing: A Comprehensive Guide to Avoiding Negative Consequences with Artificial Intelligence1.

Cybersecurity, Artificial Intelligence
Feb 2022

Canada: A Canadian perspective on privacy implications of autonomous vehicles

Autonomous vehicles ('AVs') have been described as being capable of gathering and communicating huge swaths of information about the vehicle, its occupants, and non-users (e.g. pedestrians).

Data Subject Rights, Automotive, Cybersecurity, Artificial Intelligence
Aug 2021

Canada: Overview of Vendor Privacy Contracts

Vendor Management

PIPEDA v GDPR

Request a jurisdiction

GDPR Benchmark

This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:

  1. Scope
  2. Definitions and legal basis
  3. Rights
  4. Enforcement

Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.

Request a jurisdiction

Scope Benchmark

    title
  • Personal scope
  • Territorial scope
  • Material scope
  • Argentina

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • Australia

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Request a jurisdiction

Rights Benchmark

    title
  • Right to deletion
  • Right to be informed
  • Right to object
  • Right to access
  • Right not to be subject to discrimination
  • Right to data portability
  • Argentina

    • Inconsistent

    • Fairly consistent

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

    • Inconsistent

  • Australia

    • Inconsistent

    • Fairly consistent

    • Inconsistent

    • Fairly consistent

    • Consistent

    • Inconsistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Request a jurisdiction

Enforcement Benchmark

    title
  • Monetary penalties
  • Supervisory authority
  • Civil remedies
  • Argentina

    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Australia

    • Fairly consistent

    • Fairly consistent

    • Fairly inconsistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Canada - Emarketing

Direct Marketing

Canada - Telemarketing

Direct Marketing

Canada - SMS/MMS Marketing

Direct Marketing

Company

Our Policies

Your Rights

© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.