PIPEDA
Comply with PIPEDA
The Personal Information Protection and Electronic Documents Act 2000, commonly known as PIPEDA, is the subject of on-going debate regarding its potential reform. Already, PIPEDA sets out principles to which organisations must abide, including principles of accountability, consent, accuracy and safeguards, as well as limiting collection, use, disclosure, and retention.
OneTrust DataGuidance's PIPEDA Portal provides you with the ability to track developments regarding PIPEDA and understand its obligations.
Latest developments
Bill C-11 for the Digital Charter Implementation Act, 2020 was introduced, on 17 November 2020, to the House of Commons, which would have reformed Canada's privacy legislation under PIPEDA. In particular, the bill would have enacted the Consumer Privacy Protection Act ('CPPA'), which would have protected the personal information of individuals while regulating organisations' collection, use, or disclosure of personal information in the course of commercial activities, and would have repealed Part 1 of PIPEDA and amend PIPEDA's short title to the Electronic Documents Act. In addition, the bill would have enacted the Personal Information and Data Protection Tribunal Act ('the Tribunal Act') for the establishment of an administrative tribunal to hear appeals of certain decisions made by the Office of the Privacy Commissioner of Canada ('OPC') under the CPPA, and facilitate the imposition of penalties.
Please note that OneTrust DataGuidance confirmed with the House of Commons that the bill died, on 15 August 2021, after failing to pass both the House of Commons and the Senate before the Parliamentary session ended.
You can read the bill and view its history here.
PIPEDA v. GDPR
OneTrust DataGuidance, in collaboration with Edwards, Kenny & Bray LLP, have produced a PIPEDA v. GDPR report which you can download here, and which assists organisations in understanding and comparing key provisions of the PIPEDA comparative to the GDPR. You can also leverage this information through our GDPR. PIPEDA Comparison in the tab above.
Canada Privacy Landscape Overview
Watch our Canada Overview video to understand the state of privacy in Canada today.
On May 30, 2023, the Office of the Privacy Commissioner of Canada (OPC) announced that it had tabled its special report on COVID-19-related investigations before the Parliament of Canada.
The Office of the Privacy Commissioner of Canada (OPC) announced, on May 29, 2023, the publication of a guide outlining key privacy considerations for employers subject to federal privacy legislation.
The Office of the Privacy Commissioner of Canada (OPC) announced, on May 25, 2023, that the privacy authorities for Canada, Québec, British Columbia, and Alberta will jointly investigate OpenAI, L.L.C. as the operator of ChatGPT.
On May 11, 2023, the Office of the Privacy Commissioner of Canada (OPC) announced that it had submitted comments on Bill C-27 for the Digital Charter Implementation Act 2022 (DCIA) to the Standing Committee on Industry and Technology in the House of Commons.
The Privacy Commissioner of Canada ('OPC') announced, on 12 May 2023, its intention to appeal the judgment rendered by the Federal Court of Canada, on 13 April 2023, in Canada (Privacy Commissioner) v.
Government Bill C-27, known as the Bill for the Digital Charter Implementation Act 2022 passed, on 24 April 2023, its second reading in the House of Commons of Canada, and was thereafter referred, on the same date, to the Standing
The Federal Court of Canada issued, on 13 April 2023, its judgment in Canada (Privacy Commissioner) v. Facebook, Inc., 2023 FC 533.
The Office of the Superintendent of Financial Institutions ('OSFI') announced, on 17 April 2023, the release, jointly with the Global Risk Institute ('GRI'), of a report titled 'Financial Industry Forum on Artificial Intelligence: A Canadian Perspective on Responsible AI'.
The Office of the Superintendent of Financial Institutions ('OSFI') announced, on 21 April 2023, the release of the Intelligence Led Cyber Resilience Testing ('I-CRT') framework. In particular, the framework aims to aid the financial industry in the identification of areas that may be more vulnerable to cyber attacks.
The Office of the Privacy Commissioner of Canada ('OPC') released, on 5 April 2023, a two-part blog post on algorithmic fairness. In particular, part one explains algorithmic fairness, detailing three main definitions and how these models interact.
The Office of the Privacy Commissioner of Canada ('OPC') announced, on 4 April 2023, the launch of an investigation into OpenAI, L.L.C., as the operator of ChatGPT.
The Office of the Privacy Commissioner of Canada ('OPC') announced, on 29 March 2023, that the Privacy Commissioner of Canada, Philippe Dufresne, had provided recommendations to the Minister of Innovation, Science, and Industry in regard to reforming the Competition Act 1985.
Government Bill C-26 for an Act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other Acts passed, on 27 March 2023, its second reading in the House of Commons of Canada, and was
The Government of Canada updated, on 13 March 2023, its companion document on artificial intelligence ('AI') and the Artificial Intelligence and Data Act ('AIDA').
The Office of the Privacy Commissioner of Canada ('OPC') published, on 7 March 2023, updated advice on the risks of faxing personal information. In particular, the OPC explained that, despite digital advancements in many fields, breaches of personal information continue to occur because of the use of traditional fax machines.
The Internet Advertising Bureau ('IAB') of Canada announced, on 16 February 2023, that the IAB Tech Lab had released a public consultation for Data Clean Rooms ('DCRs') Standards and Recommendations.
On 16 June 2022, the Government of Canada introduced in the House of Commons the Artificial Intelligence and Data Act ('AIDA') as part of Bill C-27, for An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related
Canada has an existing comprehensive federal private-sector privacy legislation, the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA'), which became law in 2000. Recently, changes to PIPEDA have been proposed via the draft language of Bill C-27 for the Digital Charter Implementation Act 20221 ('Bill C-27').
Both the Consumer Privacy Protection Act ('CPPA') and Québec's Act to modernize legislative provisions as regard the protection of personal information, 2021, Chapter 25 ('Law 25') aim to modernise privacy laws and introduce significant penalties and fines for non-compliance.
On 16 June 2022, Bill C-27 for An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts, also known as the Digital Charter Implementation Act 2022 ('DCIA 2022'), was introduced in the H
Many jurisdictions are increasingly enacting laws and regulations governing how and where data must be stored either within their respective borders or abroad. What has resulted is a constantly evolving network of rules and restrictions for the location of data.
The Interactive Advertising Bureau of Canada ('IAB Canada') released, on 24 November 2021, a guide on Understanding Bias in AI for Marketing: A Comprehensive Guide to Avoiding Negative Consequences with Artificial Intelligence1.
Autonomous vehicles ('AVs') have been described as being capable of gathering and communicating huge swaths of information about the vehicle, its occupants, and non-users (e.g. pedestrians).
PIPEDA v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
Scope Benchmark
- title
- Personal scope
- Territorial scope
- Material scope
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Enforcement Benchmark
- title
- Monetary penalties
- Supervisory authority
- Civil remedies
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in