The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/1455045
www.canadianlawyermag.com 45 Transformative Technologies and Data Strategy Group at Dentons Canada LLP in Toronto. She does not doubt that the federal govern- ment will reintroduce its privacy legislation, though not likely until mid-2022. "I expect there'll be some adjustments to it, but I would also expect it to look substan- tially similar … to bill C-11," says Thompson, who is also a member of Dentons' privacy and cybersecurity group. New private-sector privacy legislation is of necessity aligning with the European Union's General Data Protection Regulation (GDPR) so that Canada maintains its "adequacy" status. As a "third country," Canada must offer levels of data protection that are essen- tially equivalent to those within the E.U. Committee on Access to Information, Privacy and Ethics, highlighting some of his concerns. "Although seeking to address most of the privacy issues relevant in a modern digital economy," Therrien wrote, it "does so in ways that are frequently misaligned and less protective than laws of other jurisdictions." The "increased flexibility given to organi- zations to use personal information without consent do not come with the additional accountability one would expect," he added, "because administrative penalties will not apply to the most frequent and important violations, those relevant to consent and exceptions to consent." With data collection so pervasive — and sometimes even unknown to the consumer — the role of consent in the legislation is a challenge, says Scassa. "If you continue to put meaningful consent to data collection practices at the heart of the legislation, then you're doing so in a context where you have to realistically admit that this is not an easy thing to do." In many cases, she says, data collection is not even negotiable, such as when people use a videoconferencing platform, open a bank account, or simply use the internet. Many companies have also collected data under terms-and-conditions and privacy policies and now want to use that data for purposes other than those for which they "There's a lot of discussion about how the rules can be adapted … to give organizations more freedom to use data that they've already collected in new and innovative ways" Teresa Scassa, University of Ottawa And what is "highly motivating" to busi- nesses to comply with the new legislation are the tremendously high fines it intro- duces for non-compliance. "This is a mate- rial change in the risk environment for most organizations," Thompson says. "They need to take a look at what their processes and programs are." Bill C-11 The federal bill C-11 was meant to reform the Personal Information Protection and Electronic Documents Act (PIPEDA), which came into force in April 2000. PIPEDA governs how private-sector organizations collect, use and disclose personal informa- tion in commercial business. Bill C-11 "generated a lot of criticism, in part because it was such a major change [from PIPEDA] because it was having to adapt to a very fundamentally transformed data environment," says Teresa Scassa, professor and Canada research chair in information law and policy at the University of Ottawa. She adds that the "big changes" in the bill that attempted to come to terms with the new digital and data economy were more controversial. Canada's privacy commissioner, Daniel Therrien, was a chief critic of the proposed legislation. He penned an open letter to the chairman of the House of Commons' Standing