On November 17, 2020, the Minister of Innovation, Science and Industry, Navdeep Bains, tabled proposed legislation in Parliament that aims to overhaul Canada’s data privacy law. Bill C-11, entitled An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Act, will create new data privacy obligations and new enforcement mechanisms for these obligations if it becomes law.… Continue Reading
As the second wave of COVID-19 spreads across Canada, the use of COVID-19 tracing apps is on the rise. For example, the Government of Canada released COVID Alert–an app using Bluetooth technology to help people report positive diagnoses, and control the spread of the virus. The success of the app depends on a high quantity of users, but concerns over privacy and the use of artificial intelligence (AI) in analyzing the data may hinder that objective.
COVID tracing apps
Starting on November 1, organizations across Canada subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) will be required to provide notice of certain privacy breaches.
The breach reporting requirements relate to a “breach of security safeguards,” which is defined in PIPEDA as: the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards, or from a failure to establish those safeguards.
If it is reasonable to believe the breach of security safeguards creates a real risk of significant harm to the individual:
- Organizations will be required to
On September 2, 2017, the Government of Canada published proposed new data breach regulations in the Canada Gazette.
These regulations set out specifics regarding the mandatory data breach reporting requirements under the Personal Information Protection and Electronic Documents Act.
The PIPEDA Amendments were passed in June, 2015 but are not yet in force.
The Regulations set out the proposed requirements for the reporting of data breaches of security safeguards (each, a Breach). Under the PIPEDA Amendments, a report to the Privacy Commissioner of Canada is required if it is reasonable in the circumstances to believe that the … Continue Reading
The Canadian Parliament recently passed Bill S-201, the Genetic Non-Discrimination Act, which protects individuals from having to disclose information related to genetic testing and test results. Specifically, the Act prohibits any person from requiring an individual to undergo a genetic test or disclose the results of a genetic test as a condition of providing goods or services to, entering into or continuing a contract or agreement with, or offering specific conditions in a contract or agreement with, the individual. Contravention of the Act is punishable by significant fines and even potential imprisonment. There are express exceptions for health care … Continue Reading
Earlier this year, a Canadian trial court ruled that Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) has extra-territorial application and restricts the dissemination of personal information of Canadians, even where the information is already public, and even though it is made available from outside Canada.… Continue Reading
The October 19, 2016 judgment of the European Court of Justice in the matter brought by Patrick Breyer against the Federal Republic of Germany (the “EU Decision”) raises the issue of whether an IP address is personal information under the EU Directive 95/46/EC and provides an interesting comparison with the Canadian perspective.… Continue Reading
The Office of the Privacy Commissioner of Canada recently announced it will investigate the Royal Canadian Mounted Police (RCMP) over their refusal to admit whether or not they use the mobile phone surveillance device called “Stingray.”… Continue Reading
On September 25, 2015, Jennifer Stoddard will visit Norton Rose Fulbright in Montreal to discuss the proposed sweeping reforms to Quebec’s legislation governing access to information and protection of personal information in the public sector. These reforms include proactive publication of government information at all levels, including studies and statistics in health and education and statistics on members of professional orders. They also include proposals to publish anonymized personal information provided that re-identification risk is contained. The proposed reforms of the Quebec legislation align with calls for reform to federal legislation on the same topic. While Quebec is moving to … Continue Reading
On June 18, 2015, Canada’s Senate and House of Commons passed the Digital Privacy Act to amend the country’s federal Personal Information Protection and Electronic Documents Act (PIPEDA). Many of the amendments are scheduled to come into force on a date to be determined by the government. The revised requirements (highlighted below) will have a significant impact on the treatment of personal information by organizations that are subject to PIPEDA. These are organizations that either are federally regulated and fall under the legislative authority of the Parliament of Canada, or operate within a province that does not have in place … Continue Reading