Happy holidays! This is the last Canada Digest for 2019, so let me wish you a happy new year, as well.
This past year saw some pretty seismic privacy stories. A $5 billion fine USD was handed down to Facebook for privacy violations. I think that says it all, but, of course, there were myriad other noteworthy stories as we reflect on the year.
Locally, we saw a pretty big push for the modernization of our privacy laws. And, if you follow me on LinkedIn, you know the mandate letter to the Minister of Innovation, Science and Economic Development Navdeep Bains contained a strong statement to get moving on this issue.
We also saw a frustrated federal privacy commissioner issue several scathing investigation reports. Notably, the Facebook case highlighted the need to modernize our laws — particularly when juxtaposed against the aforementioned $5 billion USD fine. Equifax also didn’t escape the year without a bit of reputational harm.
Speaking of Equifax, that case also sparked a mini-revolt of sorts when the Office of the Privacy Commissioner suggested they redo — or undo, rather — their guidance on transborder data flows. Of course, the consultation led to the status quo, at least for now.
Globally, we saw massive fines being levied under the EU General Data Protection Regulation. The U.S. Federal Trade Commission was also busy fining organizations for not doing privacy properly. And, with the California Consumer Privacy Act set to become law Jan. 1, it has resulted in huge changes in the American legislative landscape.
I could go on, and I’m mindful that it seems like I say that each passing year has had its own share of massive privacy stories. In fact, the stories just keep on getting bigger and more numerous. Our challenges become greater. Our privacy profession becomes all the more relevant. Growth of the sector, timely.
So, with that, do you have any predictions for 2020?
Will we see Canada’s adequacy revoked by the European Union? Or will our government buy some time with the promise to modernize our laws? Or, to be even more bold, will we see new laws prior to the end of 2020 and, if so, what will those laws look like? Will they highlight accountability, transparency and legitimate purposes? Will they ensure some real limits on government’s collection of data?
I’m heading into 2020 thinking it’s absolutely impossible to predict with certainty what’s going to happen in the privacy industry. That being said, I will make one prediction: Next year, when writing the year-in-review digest, I’ll be talking about the sheer volume of huge privacy stories that are surely going to keep privacy at the forefront of people’s minds. Buckle up, it’s going to be even busier. I guess that’s good for us, right?