Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reflections on PIPEDA and the Future of Privacy Law in Canada

Published byNathan Hines Modified over 5 years ago

Similar presentations

Presentation on theme: "Reflections on PIPEDA and the Future of Privacy Law in Canada"— Presentation transcript:

1 Reflections on PIPEDA and the Future of Privacy Law in Canada
Kate Wilson, Legal Counsel Office of the Privacy Commissioner of Canada McGill University, Faculty of Law November 27, 2018

2 Privacy Commissioner of Canada
Mandate covers Privacy Act and PIPEDA Commissioner’s overarching goal of enhancing Canadians’ control over their personal information

3 OPC strategic privacy priorities
Economics of personal information Government surveillance Reputation and privacy The body as information

4 PIPEDA, 17 years on… Constitutional underpinnings: “trade and commerce” (s.91(2)) Quasi-constitutional status Human rights legislation? Consumer protection?

5 Parallel evolution of common law
Statutory torts in various provinces (e.g., British Columbia) Increasing recognition of torts at common law (e.g., intrusion upon seclusion post Jones v. Tsige in Ontario) Increase in class action activity and in certification of class actions, particularly post breach

6

7 2001: bricks and mortar Bilateral relationship: customer + business
Collection of PI at time of purchase of product or service (e.g., opening a bank account)

8 2018: virtual ecosystems Complex data-driven business models
Opaque data flows and processes Frequently transborder nature of data flows

9

10 Pressures on privacy protection
Big data Artificial intelligence Internet of things Algorithmic decision-making Cloud computing

11 International developments
General Data Protection Regulation May 25, 2018 Broad extra-territorial reach Significant consequences for non-compliance

12 GDPR: new elements In addition to differences already present under the Directive: Right to data portability Right to erasure Privacy by design and default

13 GDPR: Adequacy Role of Innovation, Science and Economic Development (ISED) Adequate but not identical Impetus for legislative action?

14 Consent under PIPEDA Remains a cornerstone of the Act
How to strengthen? When is it impracticable? Illusory? Are there alternatives?

15 Valid consent s. 6.1: « …the consent of an individual is only valid if it is reasonable to expect that an individual to whom the organization’s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure to which they are consenting »

16 Challenges to meaningful consent
Can the individual understand who is making what use of her PI? Continuous collection, use or disclosure (e.g., IoT) « Take it or leave it » -- contracts of adhesion?

17 An industry perspective
Consent is impracticable for certain unanticipated uses of data Increase reliance on implied consent as a means of facilitating innovation Promote de-identification Consider a risk-based consent model Broaden the concept of « publicly available »

18 Guidelines for obtaining meaningful consent
Guidance takes effect January 1, 2019 Consent consultation process Further clarifies how organizations achieve valid/meaningful consent

19 7 principles for meaningful consent
Emphasize key elements (4) Allow individuals to control level of detail and timing Provide clear options for yes or no Be innovative and creative Consider the consumer’s perspective Make consent a dynamic and ongoing process Be accountable: be ready to demonstrate compliance

20 Exploring other avenues for protection and control
Legitimate interests Ethical assessment of data processing Promoting algorithmic transparency De-identification of personal information

21 Reputation Draft position paper on online reputation: to what extent does PIPEDA already speak to these issues? Identification of inappropriate practice of posting information in order to then charge to take it down (e.g., Globe24h.com) Federal Court reference re whether Google’s search engine service subject to PIPEDA

22 Updating the OPC enforcement tool kit
Ombudsmodel, pros and cons Order-making powers Administrative monetary penalties Not new ‘asks’

23 In the interim at the OPC…
Restructuring : promotion and compliance sectors Encouraging compliance v. dealing with existing compliance issues Shift towards pro-active enforcement Emphasis on guidance in key areas Development of Business Advisory Services

24 Learn more at www.priv.gc.ca

Download ppt "Reflections on PIPEDA and the Future of Privacy Law in Canada"

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Could mandatory Privacy Impact Assessment be a solution to enhance Personal Privacy and Data Protection? Chester Soong.

Could mandatory Privacy Impact Assessment be a solution to enhance Personal Privacy and Data Protection? Chester Soong.
Sept. 2012 Topics of interest & risk in our industry today Christine Scaini Compliance Consultant Market Conduct Compliance.

Sept Topics of interest & risk in our industry today Christine Scaini Compliance Consultant Market Conduct Compliance.
CHAPTER 4 E-ENVIRONMENT

CHAPTER 4 E-ENVIRONMENT
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
1 Office of theCommissariat Privacy Commissionerà la protection de of Canadala vie privée du Canada Personal Information Protection and Electronic Documents.

1 Office of theCommissariat Privacy Commissionerà la protection de of Canadala vie privée du Canada Personal Information Protection and Electronic Documents.
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.
Introduction to Health Law B. Barrowman September 2002.

Introduction to Health Law B. Barrowman September 2002.
MALCOLM CROMPTON FEDERAL PRIVACY COMMISSIONER Building Trust in the Online Environment: Business to Consumer Dispute Resolution The Hague 11-12 December.

MALCOLM CROMPTON FEDERAL PRIVACY COMMISSIONER Building Trust in the Online Environment: Business to Consumer Dispute Resolution The Hague December.
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.

13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Financial Services Privacy - the interaction of the privacy and financial services regulatory systems Chris Connolly Financial Services Consumer Policy.

Financial Services Privacy - the interaction of the privacy and financial services regulatory systems Chris Connolly Financial Services Consumer Policy.
PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.

PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.
IoT Trust Framework leading to self regulation code of conduct and certification models Craig Spiezle Executive Director & President Online.

IoT Trust Framework leading to self regulation code of conduct and certification models Craig Spiezle Executive Director & President Online.
Privacy Issues - Watch Out! John D.R. Craig ORIMS Professional Development Day March 19, 2013.

Privacy Issues - Watch Out! John D.R. Craig ORIMS Professional Development Day March 19, 2013.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.

Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.

Similar presentations

Ads by Google