The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/1130923
28 J U N E / J U LY 2 0 1 9 w w w . c a n a d i a n l a w y e r m a g . c o m s in-house counsel for Shopify, Vivek Narayanadas has to navigate a constantly changing landscape when it comes to privacy and data protection laws around the world. The secret, he says, is to look to the future. "Being a privacy professional, especially right now, is part fortune teller, part crystal ball teller," says Narayanadas, associate general counsel privacy and data protection officer for one of Canada's fastest-growing e-commerce companies. "You just have to have a finger on the pulse — not only of what the law says now. You really have to have a sense of where it's going because your product teams don't really appreciate having to revisit decisions that you made six months ago just because a new law just came into effect." In the wake of the Cambridge Analytica scandal and Europe's adoption of the General Data Protection Regulation, privacy and data protection laws around the world have been multiplying at a dizzying rate — many of them with extraterritorial applications and all with somewhat different provisions. South of the border, the California Consumer Privacy Act is scheduled to go into effect on Jan. 1, 2020. Meanwhile, several other states are in the process of adopting their own privacy laws and there are initiatives at the U.S. federal level as well. Brazil has adopted a General Data Protection Law that goes into effect in early 2020. Overall, according to the United Nations Conference on Trade and Development, 107 countries now have online data protection and privacy laws while others have introduced draft legislation. "It is a particularly challenging time in the world of data protection and privacy laws," says Michael Scherman, an associate at McCarthy Tétrault LLP's technology law group. But with change and challenge comes opportunity for lawyers across Canada who specialize in privacy law. Elisa Henry, a partner with Borden Ladner Gervais LLP, says privacy and cybersecurity law are the fastest-growing areas for her firm. Building that practice is one of its strategic priorities. "I think lawyers who are able to advise on GDPR because they're qualified to advise on the GDPR have seen a big increase in the demand for their services and, as a result, sometimes, by raising GDPR type questions to your clients, you end up realizing that they were not really in compliance with Canadian standards. "The awareness triggered by the GDPR also triggered more consultation and more advisory work on our end on Canadian law, too." One place where there has been little change in privacy legislation has been Canada. Federal Privacy Commissioner Daniel Therrien has called for amendments to modernize the Personal Information Protection and Electronic Documents Act. The law, which governs private-sector privacy, hasn't been substantially updated since it was adopted in 2000. In late May, Navdeep Bains, the minister responsible for innovation, science and economic development, unveiled the government's Digital Charter — a series of principles to guide changes to Canada's federal privacy laws. However, Prime Minister Justin Trudeau's government is not expected to table concrete More and more, you see vendor due diligence performed by large companies who, before they contract with you, make sure that your privacy infrastructure is robust enough not to put them at risk." Melanie McNaught, Filion Wakely Thorup Angeletti