Canada

Year-End Evaluation for Business Owners By Derek Lackey, Managing Director, Newport Thomson Introduction The state of privacy law in Canada in 2026 is like a crucial infrastructure project always “under construction.” Although the promise of complete reform is always in the public forums, large business has a complex system of…

Several significant regulator rulings dominated privacy developments over the past year – focussing on youth privacy and breach response.  However, the year also saw important issues of lawful access, freedom of speech and digital sovereignty come into play.  On the reform front, a revised federal bill containing selected adjustments to…

November 2025, A Major Shift in Privacy Compliance If your organization is a provincial government body in Ontario, the rules just changed. As of July 1, 2025, conducting Privacy Impact Assessments (PIAs) isn’t just a best practice anymore, it’s the law. Who Does This Affect? This applies to all provincial institutions subject to…

It hasn’t received much attention, but the government and official opposition – ie. the Liberals and Conservatives – have been quietly working to pass legislation that undermine the privacy rights of Canadians, effectively exempting themselves from the privacy rules imposed on everyone else. As I highlighted in June, Bill C-4 was…

British Columbia is implementing sweeping changes to its Business Practices and Consumer Protection Act through Bill 4-2025, representing the most significant consumer protection reform in years. These amendments fundamentally shift the balance of power between businesses and consumers. Key Changes: 1. Class Action Waivers Banned Class action waivers and mandatory arbitration…

Key takeaways What’s happened? The Carney government has revived expansive cyber security rules under Bill C-8, which aims to strengthen the compliance requirements for federally regulated critical infrastructure sectors, including banking, transportation, energy, and telecommunications. Why does it matter? The cyber protection obligations for “designated operators” that carry out vital…

The past year saw a few court decisions of note as well as halting progress toward privacy reform.  Other areas of focus included children’s privacy and online harms as well as regulation of artificial intelligence.  On the reform front, legislation to modernize the federal private sector privacy law, PIPEDA,[1] is stalled…

In a Report issued two weeks ago,[1] the European Commission advised that its 2001 decision granting the federal privacy law, PIPEDA,[2] “adequacy” status under relevant EU privacy law is continued and confirmed.  The 2001 decision determined that PIPEDA provided an adequate level of protection for personal data transferred from the EU to Canada, as…

Eighteen countries, including Canada, the U.S. and the U.K., today agreed on recommended guidelines to developers in their nations for the secure design, development, deployment, and operation of artificial intelligent systems. It’s the latest in a series of voluntary guardrails that nations are urging their public and private sectors to…

Note: This is the first in a series of posts that will look at the proposed amendments to Canada’s Artificial Intelligence and Data Act, which is Part III of Bill C-27, currently before Parliament. The amendments are extensive and have only just been introduced. Please consider these assessments to be…