Leaders in privacy, compliance & information governance solutions

Welcome. Log in or create an account for AccessPrivacy.com

Significant Amendments to PIPEDA Proposed by Parliamentary Committee

March 1, 2018

Significant amendments to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) were proposed yesterday by a parliamentary committee in a report entitled Towards Privacy by Design: Review of the Personal Information Protection and Electronic Documents Act.

The recommendations were prepared by the House of Commons Standing Committee on Access to Information, Privacy and Ethics, and appear heavily influenced by the EU General Data Protection Regulation. If implemented through legislative amendments, the recommendations would have a substantial operational impact on organizations subject to PIPEDA.

The Committee made a total of 19 recommendations to amend PIPEDA, including:

  • to explicitly provide for opt-in consent as the default for any use of personal information for secondary purposes, and with a view to implementing a default opt-in system regardless of purpose;
  • to provide for a right to data portability;
  • to include a framework for a right to erasure based on the model developed by the European Union that would, at a minimum, include a right for young people to have information posted online either by themselves or through an organization taken down;
  • the consideration of measures to improve algorithmic transparency;
  • to modernize the Regulations Specifying Publicly Available Information in order to take into account situations in which individuals post personal information on a public website and in order to make the Regulations technology-neutral;
  • to clarify the terms under which personal information can be used to satisfy legitimate business interests;
  • the examination of the best ways of protecting depersonalized data;
  • to include a framework for the right to de-indexing in PIPEDA and that this right be expressly recognized in the case of personal information posted online by individuals when they were minors;
  • to strengthen and clarify organizations' obligations with respect to the destruction of personal information;
  • to make privacy by design a central principle and to include the seven foundational principles of this concept, where possible;
  • to give the Privacy Commissioner enforcement powers, including the power to make orders and impose fines for non-compliance; and
  • to give the Privacy Commissioner broad audit powers, including the ability to choose which complaints to investigate.

We will comment on this report on our next AccessPrivacy monthly call on March 21, 2018 at 11:30 a.m. EST.

PIPEDA Share This