This webinar compares and contrasts the Personal Information Protection and Electronic Documents Act 2000 (‘PIPEDA’) with the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). In addition, the webinar outlines the scope and key definitions of the GDPR and PIPEDA, their main challenges, and how organisations can ensure compliance with both pieces of legislation. Moreover, it considers recent developments in Canadian privacy law, including the launch of the Digital Charter, and the proposed amendments to PIPEDA.
Impact of the GDPR in Canada
The webinar highlights how the GDPR has significantly impacted the landscape of privacy in Canada. In particular, the Office of the Privacy Commissioner of Canada (‘OPC’) has recently discussed the need to modernise PIPEDA and bring it in line with the GDPR, and additional international standards and frameworks. The OPC has outlined that the improvements to PIPEDA that are needed include more effective consent requirements, stronger enforcement powers, de-personalisation of data, data portability, algorithmic transparency, as well as ensuring Privacy by Design. Such improvements will ensure greater coherency with the GDPR.
GDPR v. PIPEDA
The main differences highlighted between the provisions under the GDPR and PIPEDA include legal bases for processing, data portability, the right to erasure and data breach notification. In addition, the speakers highlight the prescriptive nature of the GDPR as well as its level of detail terms of obligations comparative to PIPEDA. Regarding enforcement, the importance of amending the enforcement provisions under PIPEDA is noted, in light of the of the powers granted to supervisory authorities under the GDPR and the fact that the OPC does not currently have the power to issue fines or penalties.
Canada is one of the very few countries that have been issued a ‘partial’ adequacy status by the EU, demonstrating that the EU deems Canada a ‘safe jurisdiction’ to which data can be transferred. The speakers further discussed the steps that Canada should follow in order to maintain this status during its review in 2021 – 2022. In particular, it was noted that PIPEDA would have to include a right to erasure, a right to de-indexing, Privacy by Design, as well as enforcement powers for supervisory and regulatory authorities.
HOW ONETRUST DATAGUIDANCE HELPS
OneTrust DataGuidance provides a suite of privacy solutions designed to help you monitor regulatory developments, mitigate risk, and achieve global compliance. With focused guidance around core topics, comparative Cross-Border Charts, a daily customised news service, and expert analysis, OneTrust DataGuidance provides industry leading solutions to design and support your entire privacy programme.
OneTrust DataGuidance offers Cross-Border Charts which can be used by organisations to understand and compare key requirements across jurisdictions, and assist compliance with global data protection requirements, including in Canada.
Understand core compliance topics under Canadian law through Guidance Notes, which provide an in-depth analysis of applicable privacy requirements, including with respect to Direct Marketing, Breach Notification, Employee Monitoring, Cybersecurity, Data Transfers, and more.