In May 2017, IAB Canada testified in front of The Standing Committee on Access to Information, Privacy and Ethics regarding proposed changes to the existing PIPEDA legislation.
This week, while Canadian organizations have privacy legislation top-of-mind and are preoccupied with getting themselves up to speed on compliance requirements for the fast approaching GDPR, the committee released their report entitled “Towards Privacy by Design: Review of PIPEDA”.
The report has several recommendations that are of severe concern to our industry. IAB Canada will be reviewing these in greater detail over the next few days and will hold an information session on how these recommendations will impact our industry and proposed courses of action.
We would strongly encourage our members to review the report as it contains recommendations on the following 19 issues:
- The Principle of Consent – enhancements
- Opt-in Consent by Default – regardless of purpose
- Algorithmic Transparency – improvements
- Revocation of Consent
- Publicly available information – posted personal information
- Legitimate business interests – clarifications
- De-personalization of Data
- Financial Crimes – “fraud” to “financial crime” and its definitions
- Consent for minors – collection, use and disclosure of personal information
- Data portability
- Right to Erasure based on the model developed by the EU
- The right to de-indexing
- Destruction of Personal Data
- Privacy by Design – as a central principle
- The Privacy Commissioner’s enforcement powers – imposing fines for non-compliance
- The Privacy Commissioner’s broader audit powers
- Right to determine adequacy status of PIPEDA under GDPR Regulation
- The government of Canada will determine what changes need to be made to PIPEDA to maintain adequacy with the GDPR
- The government of Canada will work with all provinces and territories to ensure all jurisdictions are aware of requirements for adequacy to the GDPR
IAB Canada is following this closely and will provide updates as they come.