TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Canada Dashboard Digest | Notes from the IAPP Canada Managing Director, June 25, 2021 Related reading: Notes from the IAPP Canada Managing Director, June 18, 2021




As Ontario Commissioner Patricia Kosseim points out in her impressive first annual report, hot off the press this week, the timing for a private sector privacy law in Ontario is no coincidence, with a wave of legislative reforms happening across the country and around the world. 

The Ontario government has now releasedwhite paper asking for feedback on their proposal to move forward with their own private-sector privacy law.

ITWorldCanada wrote about it here, as did my partner, Tim Banks, here. I encourage you to read them both. Here’s my quick take.

First, I think we need some way to deal with the danger of having a bunch of different privacy laws in Canada. When they passed PIPEDA back in 2000, they thought they could alleviate this concern by creating the “substantially similar” standard. As our laws evolve, it is getting to the point where I’m not sure what being substantially similar will mean. I hope the powers-that-be figure out how to ensure privacy in Canada isn’t a tangled web where we have potentially 14 laws to deal with.

If that problem can be solved, there are actually some merits to having our provinces fill the gaps created by the jurisdictional limits imposed on our federal government. For me, probably the biggest gap is PIPEDA only regulates the employment context for federally regulated industries. This means there are a ton of employees out there who do not have a legislated regime to look to for privacy protection. This is a big gap that needs to be filled.

The feds are limited because the constitution says they can only regulate privacy in as much as it is implicated in trade and commerce. So this creates another gap: Charities and other not-for-profits can collect a lot of personal information, but it’s not always processed as part of a commercial activity. In fact, there’s a lot of that going on, and it’s scary how much it is unregulated (except for in Alberta, British Columbia and Quebec, where they have passed their own laws).

There’s more to the Ontario proposal than that. They seem to be moving toward creating a law that recognizes privacy as a human right. So, things like the right to be forgotten and the right to data portability are being contemplated. And, not to be dramatic or anything, but the Ontario proposal (coming from a Conservative government, no less) is proposing some serious monetary penalties for noncompliance.

Feedback on the consultation is due Aug. 3. With an election planned for next year, it is hard to see that this might come to fruition before the government is dissolved. But we have seen motivated politicians move quickly in the past, and, hopefully with the worst of the pandemic behind us, they will need to do other things to score points.

Have a great weekend.

1 Comment

If you want to comment on this post, you need to login.

  • comment Brent Martin • Jun 25, 2021
    Let's hope Ontario does a better job than Manitoba did with PIPITPA. Passed in 2013 but never proclaimed. Not that it matters as there's no complaint or enforcement mechanism in it.