Canada should expect to see a bill amending PIPEDA as early as mid-November. In the meantime, we continue our dialogue with Ottawa, and just this morning sat down for another conversation between industry and federal Privacy Commissioner Therrien.
There were several major issues on the table this morning and many sounded GDPR-like. Topics included the concept of privacy as a human right, consent and alternatives to consent and the principle of accountability. The Business Privacy group was given the opportunity to again express industry’s concerns with some of the proposed amendments and we reiterated our positions on the following two core fronts:
- While we agree that citizens’ rights need to be protected with respect to privacy, a rights-based approach legislation could significantly and inappropriately tilt the balance between individual and business interests, such that individual rights would have primacy by default. This could result in stifled innovation and a negative impact on the Canadian economy.
- When discussing the idea around the adoption of an “opt-in” regime for Canada, we suggested that instead of moving to an “all-in model”, perhaps we could explore a model where purposes could be added so that if there were insufficiencies, extra safe guards or privacy “bells and whistles” could be added.
Our consistent position remains that the industry needs to have some flexibility persevered in order to ensure Canadians are able to continue to innovate using data responsibly but acknowledge that we need to allow for added accountability.
Therrien ended the conversation reiterating his desire to grant his office with oversight authority and the ability to “check under the hood when they see smoke” which ironically, in other meetings today about developing a global technical privacy framework, saw the industry using the very same term in a self-regulatory context.
Not surprisingly, industry representatives and the OPC do not see eye-to-eye on all areas of privacy but we are encouraged by the continued engagement and the conversation is set to continue in the coming weeks. We promise to keep you updated on all developments as they become available to us.
Meanwhile, IAB Canada continues to work on the development of a privacy framework that will help with compliance with both current and future state PIPEDA. Our Canadian compliance requirements are being cracked on by the Tech Lab’s Global Privacy working group who are tasked with the critical endeavour of developing a technical privacy framework that can work across multiple jurisdictions. Canada looks like one of the first jurisdictions to implement a string using this global standard.
If you would like to join our privacy committee, please send us an email to firstname.lastname@example.org