Support Centre
PIPEDA
Back

PIPEDA

Comply with PIPEDA

The Personal Information Protection and Electronic Documents Act 2000, commonly known as PIPEDA, is the subject of on-going debate regarding its potential reform. Already, PIPEDA sets out principles to which organisations must abide, including principles of accountability, consent, accuracy and safeguards, as well as limiting collection, use, disclosure, and retention.

OneTrust DataGuidance's PIPEDA Portal provides you with the ability to track developments regarding PIPEDA and understand its obligations.

Latest developments

Bill C-11 for the Digital Charter Implementation Act, 2020 was introduced, on 17 November 2020, to the House of Commons, which would reform Canada's privacy legislation under PIPEDA. In particular, the bill would enact the Consumer Privacy Protection Act ('CPPA'), which would protect the personal information of individuals while regulating organisations' collection, use, or disclosure of personal information in the course of commercial activities, and would repeal Part 1 of PIPEDA and amend PIPEDA's short title to the Electronic Documents Act. In addition, the bill would enact the Personal Information and Data Protection Tribunal Act ('the Tribunal Act') for the establishment of an administrative tribunal to hear appeals of certain decisions made by the Office of the Privacy Commissioner of Canada ('OPC') under the CPPA, and facilitate the imposition of penalties.

You can read the bill and track its progress here.

PIPEDA v. GDPR

OneTrust DataGuidance, in collaboration with Edwards, Kenny & Bray LLP, have produced a PIPEDA v. GDPR report which you can download here, and which assists organisations in understanding and comparing key provisions of the PIPEDA comparative to the GDPR. You can also leverage this information through our GDPR. PIPEDA Comparison in the tab above.

Canada Privacy Landscape Overview

Watch our Canada Overview video to understand the state of privacy in Canada today.

See all Canada Federal News
13 April 2021

Canada: OPC publishes blog post on PETs for businesses

The Office of the Privacy Commissioner of Canada ('OPC') published, on 12 April 2021, a blog post on privacy enhancing technologies ('PETs') for businesses, which the OPC defines as cloud or internet-enabled technologies such as Internet of Things devices that deliver services, analyse data, and inform business decisions.

Behavioural Advertising, Anonymisation and Pseudonymisation, Artificial Intelligence, Internet of Things,
30 March 2021

Canada: CSA and IIROC publish notice on regulatory framework for CTPs compliance

The Canadian Securities Administrators ('CSA') and the Investment Industry Regulatory Organization of Canada ('IIROC') published, on 29 March 2021, a notice on a regulatory framework for compliance for crypto asset trading platforms ('CTPs').

Cryptography,
30 March 2021

Canada: CRTC fines individual CAD 75,000 for unsolicited email marketing to consumers

The Canadian Radio-television and Telecommunications Commission ('CRTC') announced, on 29 March 2021, that it had fined an individual CAD 75,000 (approx. €50,710) for the sending of commercial emails without prior consent, in violation of Canada's Anti-Spam Legislation 2010 ('CASL').

Email Marketing, Spam, Consent, Enforcement - Penalties,
23 March 2021

Canada: FINTRAC fines Park Georgia Realty CAD 66,743 for AML violations

Financial Transactions and Reports Analysis Centre of Canada ('FINTRAC') announced, on 23 March 2021, that it had imposed an administrative monetary penalty of CAD 66,742 (approx. € 44,640) on Park Georgia Realty Ltd.

Accountability, Enforcement - Penalties, Anti-money Laundering & Countering the Financing of Terrorism, Financial Data, Real Estate,
05 March 2021

Canada: FINTRAC imposes $101,969 penalty against C&Z Holdings for AML/CFT violations

The Financial Transactions and Report Analysis Centre of Canada ('FINTRAC') announced, on 4 March 2021, that it had imposed and administrative monetary penalty of $101,969 against C&Z Holdings Ltd., operating as Golden Apple, for non-compliance with Part 1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act ('the AML/CFT

Awareness and Training, Documented Procedures, Monitoring, Measurement, Analysis and Evaluation, Anti-money Laundering & Countering the Financing of Terrorism, Financial Services,
19 February 2021

Canada: IAB Canada releases draft policies for TCF Framework for public comment

The Interactive Advertising Bureau Canada ('IAB Canada') released on 18 February 2021, the draft policies for the Canadian Transparency and Consent Framework ('the TCF Framework') for public comment.

Consent, Transparency, Legal Reform,
04 February 2021

Canada: OPC requests Clearview AI to cease facial recognition activities

The Office of the Privacy Commissioner of Canada ('OPC') announced, on 3 February 2021, the conclusion of its joint investigation with privacy commissioners of Alberta, British Columbia, and Quebec into Clearview AI, Inc..

Consent, Enforcement - Other, Investigations, Biometric Data, Sensitive Personal Data,
18 January 2021

Canada: DoJ extends public consultation for modernising Canada's public sector privacy law

The Department of Justice ('DoJ') announced on Twitter, on 5 January 2021, that the public consultation period for modernising Canada's Privacy Act 1985 has been extended until 14 February 2021. In particular, the consultation welcomes feedback on issues including:

Legal Reform, Public Sector,
14 January 2021

Canada: CRTC launches consultation on botnet blocking for telcos

The Canadian Radio-television and Telecommunications Commission ('CRTC') announced, on 13 January 2021, that it had launched a consultation on its proposed framework to address the use of botnets.

Cyber Risks and Threats, Cybersecurity, Telecommunications and Electronic Communications,
14 December 2020

Canada: OPC issues report of findings on Desjardins data breach

The Office of the Privacy Commissioner of Canada ('OPC') issued, on 14 December 2020, a statement and a speech by the Privacy Commissioner following an investigation into a data breach at Fédération des Caisses Popula

Incident and Breach, Cybersecurity, Financial Services, Investigations, Sensitive Personal Data,
27 November 2020

Canada: Regulatory authorities send letters to companies on anti spam legislation and PIPEDA compliance

The Canadian Radio-television and Telecommunciations Commission ('CRTC') jointly with the Office of the Privacy Commissioner of Canada ('OPC') and the Competition Bureau issued, on 26 November 2020, letters to 36 companies involved in the mobile application industry, advising that they review their practices and take preventative or corrective m

Apps, Personal Data, Direct Marketing, Vendor Management,
20 November 2020

Canada: Privacy Commissioner issues statement on privacy law reform bill

The Privacy Commissioner of Canada, Daniel Therrien, issued, on 19 November 2020, a statement on Bill C-11 for the Digital Charter Implementation Act, 2020 which would reform Canada's private sector privacy legislation.

Consent, Legal Reform, Transparency,
19 November 2020

Canada: Cybersecurity centre releases National Cyber Threat Assessment 2020

The Canadian Centre for Cyber Security ('CCCS') released, on 16 November 2020, its National Cyber Threat Assessment 2020.

Cyber Risks and Threats, Cybersecurity, Management System Scope,
19 November 2020

Canada: FINTRAC publish 2019–20 Annual Report

The Financial Transactions and Reports Analysis Centre of Canada ('FINTRAC') published, on 17 November 2020, its 2019–20 Annual Report. In particular, the report outlines the work accomplished by FINTRAC, as well as their role in areas such as financial intelligence, compliance, and protecting personal information, among others.

Accountability, Anti-money Laundering & Countering the Financing of Terrorism, Financial Data, Financial Services,
17 November 2020

Canada: Bill to reform Canada's privacy law introduced, provides for enactment of Consumer Privacy Protection Act

Bill C-11 for the Digital Charter Implementation Act, 2020 was introduced, on 17 November 2020, to the House of Commons, which would reform Canada's privacy legislation under the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').

Consent, Facilitation of Data Subject Rights, Enforcement - Other, Legal Reform, Enforcement - Penalties, Supervisory Authority, Transparency,
17 November 2020

Canada: FINTRAC fines 9197-9195 Québec Inc. for AML/CFT violations

The Financial Transactions and Reports Analysis Centre of Canada ('FINTRAC') announced, on 13 November 2020, that it had imposed an administrative monetary penalty of CAD 206,250 (approx. €131,870) on 9197-9195 Québec Inc. for violations of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its associated regulations.

Anti-money Laundering & Countering the Financing of Terrorism, Enforcement - Other, Enforcement - Penalties,
See all Canada Federal Insights
Dec 2020

Canada: Bill C-11 and Canada's federal privacy modernisation

On 17 November 2020, Canada's Minister of Innovation, Science and Industry, Navdeep Bains, introduced Bill C-11 for the Digital Charter Implementation Act, 2020 ('DCIA'). Bill C-11 aims to modernise the framework for the protection of personal information in the private sector and provide individuals with greater control over their information.

Anonymisation and Pseudonymisation, Incident and Breach, Consent, Retention and Storage, Legal Reform, Supervisory Authority,
Nov 2020

Canada: Bill to reform PIPEDA "introduces interesting flexibility in certain areas"

Bill C-11 for the Digital Charter Implementation Act, 2020 ('the Bill') was introduced, on 17 November 2020, in the House of Commons, which would seek to reform Canada's privacy legislation under the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').

Consent, Data Subject, Enforcement - Other, Legal Reform, Enforcement - Penalties, Supervisory Authority,
Sep 2020

Canada: OPC 2019 breach record inspections report highlights overall compliance but outlines need for improvements

The Office of the Privacy Commissioner of Canada ('OPC') released, on 15 September 2020, its 2019 breach record inspections report ('the Report')1. In particular, the Report is a result of the OPC's inspection of seven telecommunications ('telecos') companies as an assessment of the state of compliance with breach record-keeping oblig

Supervisory Authority Report, Incident and Breach,
Sep 2020

Key takeaways: Comparing privacy laws - GDPR v. PIPEDA and proposed reforms

The EU's General Data Protection Regulation (EU) 2016/679) ('GDPR') entered into effect on 25 May 2018 and substantially impacted Canada's privacy landscape, regulated Federally by the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').

Mechanisms - Adequate Protection, Accountability, Consent, Cross-Border Data Transfer, Enforcement - Other, Legal Reform,
Sep 2020

International: ITI Cybersecurity Certification Guide provides recommendations and step-by-step guidance while cautioning policymakers

The Information Technology Industry Council ('ITI') released, on 1 September 2020, its guide on Policy Principles for Cybersecurity Certification ('the Guide'), which details the limits of certification approaches and cautions policymakers to avoid viewing cybersecurity certification as a comprehensive solution.

Certification, Cybersecurity,
Jul 2020

Canada: Supreme Court upholds Genetic Non-Discrimination Act

The Supreme Court of Canada ('the Supreme Court') issued, on 13 July 2020, its decision in Reference re Genetic Non‑Discrimination Act, 2020 SCC 171 ruling by 5-4 votes that the Genetic Non-Discrimination Act (S.C. 2017, c. 3) ('the Act') falls within the federal jurisdiction and is constitutional.

Record of Third Party Disclosures, Employment, Legal Reform, Genetic Data, Health and Pharmaceutical, Technical and Organisational Measures,
Jun 2020

Canada: Cross-border transfers and data localisation after the USMCA

The provisions of the United States-Mexico-Canada Agreement ('USMCA') cover the novel subject of the exchange of personal information between its signatories, arguably introducing a new element of uncertainty for the status of Canada's adequacy decision from the European Commission.

Mechanisms - Adequate Protection, Legal Reform, Data Localisation, Cross-Border Data Transfer, Third Countries,
Apr 2020

Canada: OPC and federal suggestions to modernise privacy law

As technology which utilises the collection and processing of personal data evolves, so too must the regulations which govern it adapt in order to provide adequate protections to privacy.

Accountability, Consent, Privacy Impact Assessments, Enforcement - Other, Legal Reform, Right To Erasure, Social Networking, Supervisory Authority,
Mar 2020

Canada: The benefits of commercialising publicly available information for machine learning

The ability for machine learning systems to reach their full potential and benefit consumers depends on these technologies being able to utilise large and varied data sets. As such, legal restrictions on the access to public data for such purposes present a significant obstacle in this regard.

Artificial Intelligence, Big Data, Personal Data, Facial Recognition, Legal Reform,
Dec 2019

International: Deepfakes and their risks to society

'Deepfakes' is an infamous buzzword initially made popular through somewhat benign manipulation of celebrities' pictures and videos. However, it is a lot more than that. Artificial intelligence ('AI') applications, such as machine learning, work to create deepfakes, which the creation of have led to certain privacy implications.

Artificial Intelligence, Multi-Factor Authentication, Biometric Data, Consent, Cyber Risks and Threats, Legal Reform, Photographs, Accountability,
Dec 2019

Canada: Modernisation of Canadian federal privacy laws leads to "increased expectation of transparency from companies"

The Office of the Privacy Commissioner of Canada ('OPC') announced, on 10 December 2019, that it had released, and tabled in Parliament, its 2018-2019 annual report ('the Report') on the modernisation of Canada's privacy legislation.

Accountability, Consent, Facilitation of Data Subject Rights, Enforcement - Other, Human Rights, Investigations, Legal Reform,
Sep 2019

Key takeaways: Comparing privacy laws: PIPEDA v. GDPR

This webinar discusses, compares, and contrasts the Personal Information Protection and Electronic Documents Act 2000 (‘PIPEDA’) with the General Data Pro

Mechanisms - Adequate Protection, Accountability, Right To Data Portability, Legal Basis, Enforcement - Other, GDPR, Privacy by Design, Supervisory Authority,

PIPEDA v GDPR

GDPR Benchmark

Request a jurisdiction

This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:

  1. Scope
  2. Definitions and legal basis
  3. Rights
  4. Enforcement

Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.

Scope Benchmark

Request a jurisdiction
    title
  • Personal scope
  • Territorial scope
  • Material scope
  • Argentina

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • Australia

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free

Definitions and Legal Basis Benchmark

Request a jurisdiction
    title
  • Personal data
  • Pseudonymisation
  • Controller and processor
  • Children
  • Research
  • Legal Basis
  • Argentina

    • Fairly consistent

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • Australia

    • Fairly consistent

    • Fairly inconsistent

    • Fairly inconsistent

    • Inconsistent

    • Fairly consistent

    • Fairly inconsistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free

Rights Benchmark

Request a jurisdiction
    title
  • Right to deletion
  • Right to be informed
  • Right to object
  • Right to access
  • Right not to be subject to discrimination
  • Right to data portability
  • Argentina

    • Inconsistent

    • Fairly consistent

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Australia

    • Inconsistent

    • Fairly consistent

    • Inconsistent

    • Fairly consistent

    • Consistent

    • Inconsistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free

Enforcement Benchmark

Request a jurisdiction
    title
  • Monetary penalties
  • Supervisory authority
  • Civil remedies
  • Argentina

    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Australia

    • Fairly consistent

    • Fairly consistent

    • Fairly inconsistent

To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform

Try Free

EU - Canada: GDPR v. PIPEDA

GDPR

Canada - APEC CBPR Overview

Mechanisms - APEC CBPRs

Canada - Cookies & Similar Technologies

Cookies

Canada - Cybersecurity

Cybersecurity

Canada - Data Processing Notification

Registration

Canada - Data Subject Rights

Facilitation of Data Subject Rights

Canada - Enforcement and Breach

Enforcement - Other

Canada - Health & Pharma Overview

Health and Pharmaceutical

International - AICPA and CICA GAPP

Standards and Frameworks

Canada - Vendor Privacy Contracts

Vendor Contracts
Vendor Management

Canada - Employment

Employment

Canada - Data Breach

Breach Notification - To Affected Individuals
Breach Notification - To Authorities
Breach Notification - To Data Controllers
Incident Response

Canada - Whistleblowing

Whistleblowing

Canada - Emarketing

Direct Marketing
Email Marketing

Canada - Telemarketing

Direct Marketing
Telemarketing

Canada - Postal Marketing

Direct Marketing
Postal Marketing

Canada - SMS/MMS Marketing

Direct Marketing
SMS | MMS Marketing

Canada - Employee Monitoring

Employee Monitoring

Canada - Third Country Assessment

Schrems II
Cross-Border Data Transfer
Third Countries

Canada - Data Protection in the Financial Sector

Financial Services

Canada - Data Protection Overview

Personal Data

Canada - Data Protection Officer Appointment

Data Protection Officer Appointment
Data Protection Officer Tasks

Canada - Privacy Impact Assessment

Privacy Impact Assessments

Canada - Data Transfers

Cross-Border Data Transfer

Company

Our Policies

Your Rights

© 2020 OneTrust Technology Limited. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.