Commissioner: Privacy Reform Bill ‘a Step in the Right Direction but Can and Must Go Further’ (5/11/2023)

UK Version of GDPR

The government’s proposals to modernize Canada’s federal private sector privacy law are “a step in the right direction” but can and must go further to protect fundamental privacy rights, says Privacy Commissioner of Canada Philippe Dufresne.

The Commissioner’s written submission on Bill C-27, the government’s proposed new private sector privacy law, the Consumer Privacy Protection Act, was published yesterday by the House of Commons Standing Committee on Industry and Technology.

Commissioner Dufresne called the government’s privacy reform bill an improvement over both the existing law, the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as an earlier version of the reform bill which died on the Order Paper when the last election was called.

“I welcome and am encouraged by the Committee’s upcoming study of Bill C-27,” said Commissioner Dufresne. “This Bill is a step in the right direction, but it can and must go further to protect the fundamental privacy rights of Canadians while supporting the public interest and innovation.”

In its written submission to INDU, the Office of the Privacy Commissioner of Canada (OPC) highlighted 15 key recommendations to improve and strengthen the proposed law. The recommendations align with the three elements of Commissioner Dufresne’s vision for privacy: (1) privacy as a fundamental right; (2) privacy in support of the public interest; and (3) privacy as an accelerator of Canadians’ trust in their institutions and their participation as digital citizens.

The OPC’s 15 key recommendations are:

Recognize privacy as a fundamental right.
Protect children’s privacy and the best interests of the child.
Limit organizations’ collection, use and disclosure of personal information to specific and explicit purposes that take into account the relevant context.
Expand the list of violations qualifying for financial penalties to include, at a minimum, appropriate purposes violations.
Provide a right to disposal of personal information even when a retention policy is in place.
Create a culture of privacy by requiring organizations to build privacy into the design of products and services and to conduct privacy impact assessments for high-risk initiatives.
Strengthen the framework for de-identified and anonymized information.
Require organizations to explain, on request, all predictions, recommendations, decisions and profiling made using automated decision systems.
Limit the government’s ability to make exceptions to the law by way of regulations.
Provide that the exception for disclosure of personal information without consent for research purposes only applies to scholarly research.
Allow individuals to use authorized representatives to help advance their privacy rights.
Provide greater flexibility in the use of voluntary compliance agreements to help resolve matters without the need for more adversarial processes.
Make the complaints process more expeditious and economical by streamlining the review of the Commissioner’s decisions.
Amend timelines to ensure that the privacy protection regime is accessible and effective.
Expand the Commissioner’s ability to collaborate with domestic organizations to ensure greater coordination and efficiencies in dealing with matters raising privacy issues.

“Privacy law reform is overdue and must be achieved,” said Commissioner Dufresne. “Our recommendations aim to ensure that Canadians have privacy laws that recognize their fundamental right to privacy while allowing them to participate fully in the digital economy, support innovation, and position Canada as a leader in this important and evolving area.”

Source; https://www.priv.gc.ca/en/opc-news/news-and-announcements/2023/nr-c_230511/

Picture of Dposphere

Dposphere

Recent Post

A new regulation adopted on Thursday, February 29th, allows EU citizens to identify and authenticate themselves

Privacy is getting more and more critical in the modern world. Even giant enterprises face challenges

The UK Competition and Markets Authority’s (CMA) latest report on Google’s Privacy Sandbox raises concerns about