Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/813681
MAY 2017 30 INHOUSE track the online activity of EU citizens, potentially including those companies doing it for targeted advertising purposes, warns Thompson. "That's going to be challenging for com- panies," she says. "They'll have to go back to their platform and look at who's viewing their website. There's some concern that this may lead to the geo-blocking of websites." PIPEDA and the Privacy Act may be adequate for Canadian companies under the EU's current directive, but things will change with the forthcoming legislation. DISPARITIES IN PRIVACY LAW The GDPR has several clauses that don't align with Canadian law, Thompson warns. One of the most important concerns data portability. While PIPEDA gives Cana- dians the right to know what information companies hold about them, a data portabil- ity clause in the GDPR enables them to ob- tain that information and take it elsewhere. Another gap concerns consent for data use. Canada's consent laws have traditionally been fl exible, says David B. Elder, chairman of the communications group at Stikeman Elliott LLP. "An awful lot of the personal in- formation collected by businesses is done by an implied consent standard," he says. The GDPR is stricter in its consent man- date. "It's more granular. Different consents are required for different uses and can't be buttoned together as a single 'take it or leave it' package," he says. Federal Privacy Commissioner Daniel Therrien has acknowledged the need for a review of consent rules, referring explicitly to the GDPR during a talk at the Privacy Laws and Business International Confer- ence in the U.K. last year, and he has publicly consulted on consent provisions in PIPEDA. Although written to be technology-neutral, the law is showing its age against a backdrop of breakneck technological change. "Binary consent is tough to manage in track the online activity of EU citizens, potentially including those companies doing it for targeted advertising purposes, warns Thompson. "That's going to be challenging for com- Another gap concerns consent for data use. Canada's consent laws have traditionally been fl exible, says David B. Elder, chairman of the communications group at Stikeman Elliott LLP. "An awful lot of the personal in- F Europe's General Data Protection Regulation will have further-reaching implications than many Canadian lawyers think, warn experts. or years, Canada and the Euro- pean Union have enjoyed a safe and comfortable relationship when it comes to data privacy. Next year, that will change. In May 2018, the General Data Protection Act comes into force. This privacy legislation imposes stricter require- ments than its predecessor, the Data Privacy Directive, and unlike that instrument is not open to interpretation by national govern- ments. Its shockwaves will travel beyond the EU's borders. The GDPR will affect Canadian orga- nizations more than many lawyers here are aware, warns Kirsten Thompson, a partner in the national law group at McCarthy Té- trault LLP. "There's a misunderstanding that it doesn't apply to them, and Canadian laws are just fi ne," she says. The GDPR casts a wide net, applying to any company that offers goods or services to EU residents, even if it is based in Canada. It may even apply to companies that BY DANNY BRADBURY