Comparing privacy laws: GDPR v. PIPEDA
OneTrust DataGuidance is pleased to announce the release of the GDPR v. PIPEDA comparison report (updated August 2021), which provides a means of analyzing and comparing data protection requirements and recommendations under the GDPR and Canadian federal legislation.
The Report, produced in collaboration with Edwards, Kenny & Bray LLP, examines the protections afforded to individuals with respect to the protection of their data and privacy, comparing these guarantees to those afforded under the GDPR. More specifically, the Report details PIPEDA's scope of application, main definitions, controller and processor obligations, data subject rights, and enforcement matters, in comparison with those under the GDPR. The Report also highlights guidance issued by the Office of the Privacy Commissioner of Canada ('OPC'), which acts as non-binding legal interpretations to clarify certain nuances and aid in compliance with the law.
Key takeaways:
- PIPEDA applies to organizations' commercial activities, excluding public bodies
- While consent is a core principle, there are notable differences in grounds for processing
- The laws take distinct approaches to data subject rights
- The laws have several variations in regard to controller and processor requirements
- Data security and accountability obligations are bear a high degree of similarity
- Laws generally align on definitions and key concepts
- OPC guidance highlights key areas including:
- Key definitions
- Consent
- PIAs
- Data Transfers
- Children