PIPEDA
Comply with PIPEDA
The Personal Information Protection and Electronic Documents Act 2000, commonly known as PIPEDA, is the subject of on-going debate regarding its potential reform. Already, PIPEDA sets out principles to which organisations must abide, including principles of accountability, consent, accuracy and safeguards, as well as limiting collection, use, disclosure, and retention.
OneTrust DataGuidance's PIPEDA Portal provides you with the ability to track developments regarding PIPEDA and understand its obligations.
Latest developments
Bill C-11 for the Digital Charter Implementation Act, 2020 was introduced, on 17 November 2020, to the House of Commons, which would reform Canada's privacy legislation under PIPEDA. In particular, the bill would enact the Consumer Privacy Protection Act ('CPPA'), which would protect the personal information of individuals while regulating organisations' collection, use, or disclosure of personal information in the course of commercial activities, and would repeal Part 1 of PIPEDA and amend PIPEDA's short title to the Electronic Documents Act. In addition, the bill would enact the Personal Information and Data Protection Tribunal Act ('the Tribunal Act') for the establishment of an administrative tribunal to hear appeals of certain decisions made by the Office of the Privacy Commissioner of Canada ('OPC') under the CPPA, and facilitate the imposition of penalties.
You can read the bill and track its progress here.
PIPEDA v. GDPR
OneTrust DataGuidance, in collaboration with Edwards, Kenny & Bray LLP, have produced a PIPEDA v. GDPR report which you can download here, and which assists organisations in understanding and comparing key provisions of the PIPEDA comparative to the GDPR. You can also leverage this information through our GDPR. PIPEDA Comparison in the tab above.
Canada Privacy Landscape Overview
Watch our Canada Overview video to understand the state of privacy in Canada today.
The Office of the Privacy Commissioner of Canada ('OPC') published, on 12 April 2021, a blog post on privacy enhancing technologies ('PETs') for businesses, which the OPC defines as cloud or internet-enabled technologies such as Internet of Things devices that deliver services, analyse data, and inform business decisions.
The Canadian Securities Administrators ('CSA') and the Investment Industry Regulatory Organization of Canada ('IIROC') published, on 29 March 2021, a notice on a regulatory framework for compliance for crypto asset trading platforms ('CTPs').
The Canadian Radio-television and Telecommunications Commission ('CRTC') announced, on 29 March 2021, that it had fined an individual CAD 75,000 (approx. €50,710) for the sending of commercial emails without prior consent, in violation of Canada's Anti-Spam Legislation 2010 ('CASL').
Financial Transactions and Reports Analysis Centre of Canada ('FINTRAC') announced, on 23 March 2021, that it had imposed an administrative monetary penalty of CAD 66,742 (approx. € 44,640) on Park Georgia Realty Ltd.
The Financial Transactions and Report Analysis Centre of Canada ('FINTRAC') announced, on 4 March 2021, that it had imposed and administrative monetary penalty of $101,969 against C&Z Holdings Ltd., operating as Golden Apple, for non-compliance with Part 1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act ('the AML/CFT
The Interactive Advertising Bureau Canada ('IAB Canada') released on 18 February 2021, the draft policies for the Canadian Transparency and Consent Framework ('the TCF Framework') for public comment.
The Office of the Privacy Commissioner of Canada ('OPC') announced, on 3 February 2021, the conclusion of its joint investigation with privacy commissioners of Alberta, British Columbia, and Quebec into Clearview AI, Inc..
The Department of Justice ('DoJ') announced on Twitter, on 5 January 2021, that the public consultation period for modernising Canada's Privacy Act 1985 has been extended until 14 February 2021. In particular, the consultation welcomes feedback on issues including:
The Canadian Radio-television and Telecommunications Commission ('CRTC') announced, on 13 January 2021, that it had launched a consultation on its proposed framework to address the use of botnets.
The Office of the Privacy Commissioner of Canada ('OPC') issued, on 14 December 2020, a statement and a speech by the Privacy Commissioner following an investigation into a data breach at Fédération des Caisses Popula
The Canadian Radio-television and Telecommunciations Commission ('CRTC') jointly with the Office of the Privacy Commissioner of Canada ('OPC') and the Competition Bureau issued, on 26 November 2020, letters to 36 companies involved in the mobile application industry, advising that they review their practices and take preventative or corrective m
The Privacy Commissioner of Canada, Daniel Therrien, issued, on 19 November 2020, a statement on Bill C-11 for the Digital Charter Implementation Act, 2020 which would reform Canada's private sector privacy legislation.
The Canadian Centre for Cyber Security ('CCCS') released, on 16 November 2020, its National Cyber Threat Assessment 2020.
The Financial Transactions and Reports Analysis Centre of Canada ('FINTRAC') published, on 17 November 2020, its 2019–20 Annual Report. In particular, the report outlines the work accomplished by FINTRAC, as well as their role in areas such as financial intelligence, compliance, and protecting personal information, among others.
Bill C-11 for the Digital Charter Implementation Act, 2020 was introduced, on 17 November 2020, to the House of Commons, which would reform Canada's privacy legislation under the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').
The Financial Transactions and Reports Analysis Centre of Canada ('FINTRAC') announced, on 13 November 2020, that it had imposed an administrative monetary penalty of CAD 206,250 (approx. €131,870) on 9197-9195 Québec Inc. for violations of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its associated regulations.
On 17 November 2020, Canada's Minister of Innovation, Science and Industry, Navdeep Bains, introduced Bill C-11 for the Digital Charter Implementation Act, 2020 ('DCIA'). Bill C-11 aims to modernise the framework for the protection of personal information in the private sector and provide individuals with greater control over their information.
Bill C-11 for the Digital Charter Implementation Act, 2020 ('the Bill') was introduced, on 17 November 2020, in the House of Commons, which would seek to reform Canada's privacy legislation under the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').
The Office of the Privacy Commissioner of Canada ('OPC') released, on 15 September 2020, its 2019 breach record inspections report ('the Report')1. In particular, the Report is a result of the OPC's inspection of seven telecommunications ('telecos') companies as an assessment of the state of compliance with breach record-keeping oblig
The EU's General Data Protection Regulation (EU) 2016/679) ('GDPR') entered into effect on 25 May 2018 and substantially impacted Canada's privacy landscape, regulated Federally by the Personal Information Protection and Electronic Documents Act 2000 ('PIPEDA').
The Information Technology Industry Council ('ITI') released, on 1 September 2020, its guide on Policy Principles for Cybersecurity Certification ('the Guide'), which details the limits of certification approaches and cautions policymakers to avoid viewing cybersecurity certification as a comprehensive solution.
The Supreme Court of Canada ('the Supreme Court') issued, on 13 July 2020, its decision in Reference re Genetic Non‑Discrimination Act, 2020 SCC 171 ruling by 5-4 votes that the Genetic Non-Discrimination Act (S.C. 2017, c. 3) ('the Act') falls within the federal jurisdiction and is constitutional.
The provisions of the United States-Mexico-Canada Agreement ('USMCA') cover the novel subject of the exchange of personal information between its signatories, arguably introducing a new element of uncertainty for the status of Canada's adequacy decision from the European Commission.
As technology which utilises the collection and processing of personal data evolves, so too must the regulations which govern it adapt in order to provide adequate protections to privacy.
The ability for machine learning systems to reach their full potential and benefit consumers depends on these technologies being able to utilise large and varied data sets. As such, legal restrictions on the access to public data for such purposes present a significant obstacle in this regard.
'Deepfakes' is an infamous buzzword initially made popular through somewhat benign manipulation of celebrities' pictures and videos. However, it is a lot more than that. Artificial intelligence ('AI') applications, such as machine learning, work to create deepfakes, which the creation of have led to certain privacy implications.
The Office of the Privacy Commissioner of Canada ('OPC') announced, on 10 December 2019, that it had released, and tabled in Parliament, its 2018-2019 annual report ('the Report') on the modernisation of Canada's privacy legislation.
This webinar discusses, compares, and contrasts the Personal Information Protection and Electronic Documents Act 2000 (‘PIPEDA’) with the General Data Pro
PIPEDA v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
Scope Benchmark
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform