Canada

Introduction Canada’s federal private sector privacy reform has returned, and it is not merely Bill C-27 in revised form. On June 15, 2026, the federal government introduced Bill C-36, An Act to enact the Protecting Privacy and Consumer Data Act, to amend the Personal Information Protection and Electronic Documents Act and…

Based on the first-reading texts of Bill C-34 (June 10, 2026) and Bill C-36 (June 15, 2026), and analysis by law professor Michael Geist. These bills are early drafts and will change. A Brief Summary Most Canadians assume the Privacy Commissioner of Canada protects their privacy when a bank, an airline, an insurer, or a…

Year-End Evaluation for Business Owners By Derek Lackey, Managing Director, Newport Thomson Introduction The state of privacy law in Canada in 2026 is like a crucial infrastructure project always “under construction.” Although the promise of complete reform is always in the public forums, large business has a complex system of…

Several significant regulator rulings dominated privacy developments over the past year – focussing on youth privacy and breach response.  However, the year also saw important issues of lawful access, freedom of speech and digital sovereignty come into play.  On the reform front, a revised federal bill containing selected adjustments to…

November 2025, A Major Shift in Privacy Compliance If your organization is a provincial government body in Ontario, the rules just changed. As of July 1, 2025, conducting Privacy Impact Assessments (PIAs) isn’t just a best practice anymore, it’s the law. Who Does This Affect? This applies to all provincial institutions subject to…

It hasn’t received much attention, but the government and official opposition – ie. the Liberals and Conservatives – have been quietly working to pass legislation that undermine the privacy rights of Canadians, effectively exempting themselves from the privacy rules imposed on everyone else. As I highlighted in June, Bill C-4 was…

British Columbia is implementing sweeping changes to its Business Practices and Consumer Protection Act through Bill 4-2025, representing the most significant consumer protection reform in years. These amendments fundamentally shift the balance of power between businesses and consumers. Key Changes: 1. Class Action Waivers Banned Class action waivers and mandatory arbitration…

Key takeaways What’s happened? The Carney government has revived expansive cyber security rules under Bill C-8, which aims to strengthen the compliance requirements for federally regulated critical infrastructure sectors, including banking, transportation, energy, and telecommunications. Why does it matter? The cyber protection obligations for “designated operators” that carry out vital…

The past year saw a few court decisions of note as well as halting progress toward privacy reform.  Other areas of focus included children’s privacy and online harms as well as regulation of artificial intelligence.  On the reform front, legislation to modernize the federal private sector privacy law, PIPEDA,[1] is stalled…

In a Report issued two weeks ago,[1] the European Commission advised that its 2001 decision granting the federal privacy law, PIPEDA,[2] “adequacy” status under relevant EU privacy law is continued and confirmed.  The 2001 decision determined that PIPEDA provided an adequate level of protection for personal data transferred from the EU to Canada, as…