Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
In June 2022, Bill C-27, or "An Act to enact the Consumer Privacy Protection Act (the Act) and, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts" (Bill C-27) was introduced by the Minister of Innovation, Science and Industry, and underwent First Reading, as a replacement to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). (This is in fact the second effort by the federal government to enact this replacement to PIPEDA. In 2021, Bill C-11 (An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts) — the mooted replacement for PIPEDA — passed Third Reading of the legislative process, but Canada then had a federal election, and as a result Bill C-11 died prior to being enacted.) Prior to the introduction of the Act, there were concerns that it would effectively be a "'Made in Canada' GDPR". However, while the Act has taken the lead from the EU General Data Protection Regulation in introducing financially enormous penalties, as well as the right of data portability and the right to be forgotten, enough of the original PIPEDA remains such that the Act is now effectively a PIPEDA/GDPR hybrid.
This article, which reviews the Act (other than the Artificial Intelligence and Data Act, which — as it is completely new to the Canadian legislative landscape — will require its own future article) first seeks to identify the delta between the Act and PIPEDA in order to allow privacy officers of organizations that are already PIPEDA compliant to identify the net new compliance requirements under the Act and second, to highlight the provisions of the Act which, if breached, could lead to the imposition of significant fines, and use those as a guide as to which "hot button" features of an organization's privacy compliance program will likely be the focus of enforcement, and as such should therefore be revisited by privacy officers.
The Act both introduces new GDPR concepts of the right of data portability, the right to be forgotten and codes of practice (as well as more discrete concepts such the "legitimate interests" consent exemption, but also largely copies certain pre-existing rights in PIPEDA. (The Act is also known as the Digital Charter Implementation Act, 2022. However, as we review herein, the core of the Act is the Consumer Privacy Protection Act, rather than the Personal Information and Data Protection Tribunal Act which effects the creation of the Data Tribunal, the Artificial Intelligence and Data Act, and the various ancillary amendments. As a result, references to "the Act" in this article are references to the Consumer Privacy Protection Act.) In many cases these pre-existing rights have simply been lifted from their previous position in the "Principles Set Out in the National Standard of Canada Entitled Model Code for the Protection of Personal Information, CAN/CSA-Q830-96": a set of principles in a voluntary model code, that the original drafters of PIPEDA somewhat awkwardly attached as a schedule to PIPEDA such the principles were then binding. Under the Act, this Schedule has now been eliminated. (This was never an entirely satisfactory legislative structure, and organizations are well shut of it.) In effect, while the Act introduces a few new individual rights of significance based on GDPR with which Canadian organizations will need to become familiar, many of the individual rights are simply PIPEDA redux — i.e., restatements, clarification and expansions on existing PIPEDA provisions. This will assist organizations seeking to comply with the Act, if and when it comes into force.
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Defining commercial real estate asset class is essentially a property explaining how it identifies — not necessarily what its original intention was or what others think it ought to be. This article discusses, from a general issue-spot and contextual analysis perspective, how lawyers ought to think about specialized leasing formats and the regulatory backdrops that may inform what the documentation needs to contain for compliance purposes.
As courts and discovery experts debate whether hyperlinked content should be treated the same as traditional attachments, legal practitioners are grappling with the technical and legal complexities of collecting, analyzing and reviewing these documents in real-world cases.
How to Convey Your Merits In a Way That Earns Trust, Clients and Distinctions Just as no two individuals have the exact same face, no two lawyers practice in their respective fields or serve clients in the exact same way. Think of this as a "Unique Value Proposition." Internal consideration about what you uniquely bring to your clients, colleagues, firm and industry can provide untold benefits for your law practice.
The ever-evolving digital marketing landscape, coupled with the industry-wide adoption of programmatic advertising, poses a significant threat to the effectiveness and integrity of digital advertising campaigns. This article explores various risks to digital advertising from pixel stuffing and ad stacking to domain spoofing and bots. It will also explore what should be done to ensure ad fraud protection and improve effectiveness.
This article offers practical insights and best practices to navigate the path from roadmap to rainmaking, ensuring your business development efforts are not just sporadic bursts of activity, but an integrated part of your daily success.