In November 2020, the Canadian government introduced Bill C-11, the Digital Charter Implementation Act, 2020(DCIA). This long-awaited bill follows years of consultation and calls for reform and, if passed, would significantly overhaul Canada’s federal privacy laws.
The current federal privacy statute, the Personal Information Protection and Electronic Documents Act (PIPEDA), has been in force since the early 2000s and has only seen one significant amendment since that time. As a result, Canada has lagged behind the standards set by European countries, who have been the global leaders in privacy protection. Specifically, Europe’s General Data Protection Regulation (GDPR) sets out a stringent regime for data protection and imposes steep penalties for non-compliance. It has generally been viewed as a role model for other countries.
Bill C-11 seeks to modernize the existing framework for protection of personal information in the digital age, sets out more stringent requirements for private sector companies, and aims to bring Canada more in line with the GDPR.
Key components of the DCIA include as follows:
- modernize the consent rules for the use of personal information and require that certain disclosures be provided in plain language for consent to be valid;
- expand privacy rights which would provide individuals with greater control over their personal information, including with respect to data mobility, disposal of personal information, and the withdrawal of consent;
- implement new transparency requirements regarding businesses’ use of automated decision-making systems (e.g., algorithms, artificial intelligence, etc.) to make significant predictions, recommendations or decisions about individuals;
- provide a private right of action against organizations for damages for loss or injury; and
- grant new powers to the federal Privacy Commissioner to mandate compliance with the legislation.
Additionally the bill provides significant consequences for non-compliance. For the most serious offences, companies could face fines of up to 5% of global revenue or CAD $25 million, whichever is greater.
As of the date of posting, Bill C-11 is still making its way through the House of Commons and will be subject to further debate and revision.
Businesses operating in Canada, including direct sellers, should closely monitor the progress of Bill C-11 and ensure that they are prepared to meet these anticipated new privacy law requirements.
Do you require assistance in this area? If so, please click here.