The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/1019765
w w w . c a n a d i a n l a w y e r m a g . c o m S E P T E M B E R 2 0 1 8 29 yers to help with the increased workload — much of it from com- panies that want to ensure they comply with the GDPR. "Last year was extremely busy," says Éloïse Gratton, a partner at Borden Ladner Gervais LLP and co-leader of its privacy and data protection practice. "I hired two full-time associates and this year has been another crazy year so I have hired a partner." Gratton says she has never had to handle as many regulators investigations as she has in the past year — an indication that Can- adians are taking their privacy more seriously. Suzanne Morin, vice president and enterprise chief privacy officer for Sun Life Financial, is chairwoman of the Canadian Bar Association's privacy and access law section. She's also seeing an increase in business for experts in privacy law. "I would say for sure privacy as a practice area is on the rise. We are seeing more university courses. We're actually seeing more positions for lawyers with privacy expertise. Privacy professionals, if we think of that as sort of an area of practice, is definitely on the rise as well." Dozens of class action privacy cases have been launched in Canada with customers suing over data breaches or intrusive business practices. Some companies aren't waiting to see what the courts say and are settling cases for large sums. In June, California adopted a new digital privacy law that could affect Canadian businesses that sell online. Under the law, which takes effect in January 2020, customers have the right to know what information a company has gathered on them, why the data was collected and where it is being shared. They also have the right to block a company from selling or sharing their information or to ask that it be deleted. But while other countries and jurisdictions are beefing up their privacy laws and incorporating concepts developed in Canada like privacy by design, Canada's own federal privacy laws haven't been updated in decades. The Privacy Act, which applies to government institutions, hasn't been substantially updated since it was adopted in 1983 — an era when information was stored in filing cabinets, computers used floppy disks and most Canadians had never heard of the World Wide Web. While Justice Minister Jody Wilson-Raybould has promised MPs that the law will be reviewed and updated, there has been little — if any — progress. Government insiders say it might be addressed after the next federal election, scheduled for 2019, but it's not one of the priority files. The Personal Information Protection and Electronic Docu- ments Act, which governs the private sector, was adopted in 2001, well before the emergence of predictive analytics, data mining and artificial intelligence. Two government attempts to update it, in 2010 and 2011, have died on the order paper. The House of Commons Standing Committee on Access to Information, Privacy and Ethics has recommended both laws be significantly updated and strengthened. A third report, tabled in June, recommends that political parties be subject to privacy laws. The Digital Privacy Act, adopted in June 2015, does make some changes such as mandatory notification of data breaches, which will go into effect on Nov. 1. In June, federal Innovation, Science and Economic Develop- ment Minister Navdeep Bains launched a consultation on "digital and data transformation," which includes the question of privacy. According to federal government figures, 87 per cent of Canadians are connected to the internet and 94 per cent of Canadian business- es are using personal data. In its discussion paper for the consultation, the government acknowledges that Canada's privacy laws need an overhaul. "Framework laws are one element that requires revisiting in light of this new digital and data reality," the paper says. "As the economy moves increasingly online, and is increasingly fuelled by the data provided by the users and purchasers of products, fundamental questions arise about appropriate safeguards and competitiveness, including against deceptive marketing, abuse of dominance, and the processing and use of personal information." Federal Privacy Commissioner Daniel Therrien says it is the government's prerogative to consult but the consultation means that new legislation is unlikely to be introduced until some time after the next federal election, scheduled for 2019. "If I look at the calendar, I would speculate that amendments to the private sector law would probably not be in effect until 2021 or 2022." Meanwhile, Therrien says, he has done what he can do within his existing powers, issuing new guidance that raises the bar on the definition of meaningful consent in the digital world. With decades-old federal laws, a patchwork quilt of provincial privacy laws and new international laws such as the GDPR, navi- gating privacy rules in the 21st century can be a challenge for both lawyers and their clients. But as Canada moves from the industrial to the digital age, Therrien and other experts say trust — trust by Canadians that their privacy is protected — is essential to the digital economy. "People began to realize, 'Oh, I understand what could go very, very wrong with this' and at that point turned not only to Facebook but they turned to regulators to ask what are we doing to protect people." MICHAEL MCEVOY, Information and Privacy Commissioner for British Columbia