Enforcement
Bill C-36 and the Future of Canada’s Federal Private Sector Privacy Law: What Has Changed, What It Means, and What to Do Now
Canada Compliance Consumer Protection Data Breaches Data Transfers Digital Sovereignty Enforcement Privacy
Introduction Canada’s federal private sector privacy reform has returned, and it is not merely Bill C-27 in revised form. On June 15, 2026, the federal government introduced Bill C-36, An Act to enact the Protecting Privacy and Consumer Data Act, to amend the Personal Information Protection and Electronic Documents Act and…
Read More »Who Actually Enforces Your Privacy? Why Bills C-34 and C-36 Should Worry Canadians
Based on the first-reading texts of Bill C-34 (June 10, 2026) and Bill C-36 (June 15, 2026), and analysis by law professor Michael Geist. These bills are early drafts and will change. A Brief Summary Most Canadians assume the Privacy Commissioner of Canada protects their privacy when a bank, an airline, an insurer, or a…
Read More »Understanding the Dutch Approach to GDPR Fines: Why Canadian Companies Need to Pay Attention
⚠️ IMPORTANT UPDATE This article accurately describes the Dutch AP’s pioneering 2019 fining structure, which was the first of its kind in the EU. However, Canadian businesses should note that as of June 2023, the Dutch AP now applies the EDPB’s harmonized Fining Guidelines for calculating fines for undertakings (businesses). The four-category system…
Read More »Pay or ok? Why Europe’s data watchdogs must reject “forced consent”
Europe’s data watchdogs already have all the evidence they need to reject Pay or OK In July 2025, ICCL Enforce submitted a submission to each of Europe’s data protection authorities and the European Data Protection Board that summarises relevant case law and enforcement decisions, which show that consent to RTB can not…
Read More »An Individual fined $50,000 Under CASL – Section 7
The CRTC has published an enforcement decision known as VT250813-Jimmy Genesse under Canada’s Anti-Spam Legislation (CASL). In this case, the CRTC determined that a party (Jimmy Genesse) violated the law by installing or causing to be installed computer programs in connection with commercial activity, without meeting the legal requirements under CASL. As a result,…
Read More »California Breaks New Ground With Record $1.35M Fine for Job Applicant Mistakes: 6-Step Action Plan for Employers
The California Privacy Protection Agency, the state’s main data privacy regulator, just announced its largest fine yet – a record-setting $1.35 million – against an employer that it found to have violated job applicant and consumer privacy rights. Today’s announcement marks the first-ever enforcement action involving job applicants, kicking off…
Read More »Google, Flo Health, Flurry to Pay $59.5M in Privacy Lawsuit
Three companies – Flo Health, Google and Flurry – have each agreed to shell out millions of dollars to fund a nearly $60 million settlement of a proposed class action lawsuit that accused Flo of using tracking codes in its fertility app that shared women’s sensitive information with Google and…
Read More »Nation’s Largest Rural Lifestyle Retailer to Pay $1.35M Over CCPA Violations
News: September 30, 2025 SACRAMENTO – The California Privacy Protection Agency (CPPA) Board has issued a decision requiring Tractor Supply Company, the nation’s largest rural lifestyle retailer with more than 2,500 stores in 49 states, to change its business practices and pay a $1,350,000 fine to resolve claims that the company violated the…
Read More »EU court lowers requirements for imposing fines for data protection breaches
The European Court of Justice issued a landmark ruling on Tuesday (5 December) that is set to facilitate the imposition of fines for infringements of the General Data Protection Regulation (GDPR). The European Court of Justice (ECJ) put out a verdict that will make it easier for data protection authorities…
Read More »Major Privacy Law Enforcement Announcements by CPPA and California and Colorado Attorneys General
California Superior Court Stays Some Areas of Enforcement By now, you have likely heard about the California Superior Court decision delaying enforcement until March 29, 2024, of the California Privacy Protection Agency regulations issued on March 29, 2023. The CPPA’s regulations supplement the California Consumer Privacy Act, and the CPRA…
Read More »











