I — and many other privacy lawyers, I’m sure — have been asked countless times this past week for clarity on the Office of the Privacy Commissioner’s consultation process regarding trans-border data flows and the transfer of personal information for processing purposes. I’m humbled that people think I somehow know what to do or what to say; however, all I can do is provide my best interpretation of what’s going on and why.

For background, in case you missed it, the OPC issued its Equifax Report of Findings a few weeks ago and, at the same time, proposed a new interpretation of PIPEDA that changed the office’s position on trans-border data flows. A transfer to a third party outside of the country for processing purposes was now going to be considered a disclosure — one requiring some sort of consent mechanism.

Before finalizing their position, Commissioner Daniel Therrien, as he has been known to do since taking up the mantle of privacy commissioner, wanted to consult more broadly with stakeholders about their proposed change in position. This resulted in a number of organizations, advocacy groups, businesses and individuals mobilizing efforts with a view of eventually providing submissions that might have influenced the final outcome.

Then, last week, ISED (the government ministry responsible for PIPEDA), issued some sort of commitment to modernize and amend PIPEDA in a number of significant ways. The IAPP Canada Dashboard Digest included an article about it last week if you missed it. This somewhat of a commitment to change the law could very well have an impact on how Canada deals with the issue of trans-border data flows and the issue of whether consent is required for processing information in this way.

Recognizing that this entire issue was, therefore, subject to legislative reform, Therrien announced at last week’s Symposium during his annual address to the privacy profession that he was suspending his consultation process so that he could restructure it in light of some of ISED’s proposals. The IAPP’s Ryan Chiavetta covered Therrien’s keynote for The Privacy Advisor.

As of today, we are waiting to see from the OPC what its revised consultation process is going to look like. I personally think it might get subsumed with the larger consultation process ISED has begun on PIPEDA reform. What we know for sure, however, is that if you already have a submission, the OPC has said that you can provide it to them and that they will consider it going forward.

So, all that to say, there’s a bit of uncertainty surrounding this issue. That being said, I think it’s fair to say that there’s a bit of uncertainty when it comes to all of privacy regulation in Canada more broadly. Apart from the trans-border data flow issue, ISED’s proposals to amend PIPEDA might result in a completely different regulatory landscape that doesn’t look anything like the one we’ve got now. So, in my mind, everything seems to be a moving target. Nineteen years ago, my colleagues and I published "The Law of Privacy in Canada." It was born of the idea that privacy regulation in Canada was about to dramatically change and that people would want to learn about it. At this point, my sense is that we’re at a similar tipping point today. I certainly foresee a lot of updates to my book in the near future!