Canada

In a Report issued two weeks ago,[1] the European Commission advised that its 2001 decision granting the federal privacy law, PIPEDA,[2] “adequacy” status under relevant EU privacy law is continued and confirmed.  The 2001 decision determined that PIPEDA provided an adequate level of protection for personal data transferred from the EU to Canada, as…

Eighteen countries, including Canada, the U.S. and the U.K., today agreed on recommended guidelines to developers in their nations for the secure design, development, deployment, and operation of artificial intelligent systems. It’s the latest in a series of voluntary guardrails that nations are urging their public and private sectors to…

Note: This is the first in a series of posts that will look at the proposed amendments to Canada’s Artificial Intelligence and Data Act, which is Part III of Bill C-27, currently before Parliament. The amendments are extensive and have only just been introduced. Please consider these assessments to be…

On November 9, I appeared before the parliamentary Standing Committee on Industry and Technology (INDU Committee) to provide comments in connection with the Committee’s review of Bill C-27, the Digital Charter Implementation Act, 2022.  The following are the speaking notes for my introductory comments, with certain additions. Thank you for the…

Since September 22, 2022, organizations doing business in Québec have to report any confidentiality incidents (i.e., privacy breaches) that cause a risk of serious injury, due to the partial entry into force of An Act to modernize legislative provisions as regards the protection of personal information (formerly known as “Bill 64”). An…

As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to report privacy breaches and have privacy management programs. The two provisions are the last to come into force from amendments made to B.C.’s Freedom of Information and Protection of Privacy Act in November 2021. Mandatory breach reporting…

November 16, 2022 Ian Scott, Chairperson and Chief Executive Officer Canadian Radio-television and Telecommunications Commission (CRTC) Check against delivery   Thank you for inviting us to appear before your Committee today. With me today are Scott Shortliffe, Executive Director of Broadcasting, and Rachelle Frenette, General Deputy Counsel and Executive Director…

Privacy compliance and cyber risks are hot issues for the c-suite and board of directors, and for good reason. Under Canadian law, corporate directors are responsible for their corporation’s business, including risk identification and management activities, and are required to demonstrate a duty of care. And regulators aren’t the only…

Bill C-27, the Digital Charter Implementation Act, 2022, was raised for debate at second reading in the House of Commons on Friday, November 4. The bill would enact the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act (PIDPTA), and the Artificial Intelligence and Data Act (AIDA). Read our complete summary of the most significant…

Law and the regulatory authority Legislative framework Summarise the legislative framework for the protection of personal information (PI). Does your jurisdiction have a dedicated data protection law? Is the data protection law in your jurisdiction based on any international instruments or laws of other jurisdictions on privacy or data protection?…