In this edition of the Round-Up:
-
The Government of Canada has tabled long-awaited privacy legislation that, if passed, would overhaul the federal private sector privacy regime. Bill C-27, the Digital Charter Implementation Act, 2022 introduces three new statutes: the Consumer Privacy Protection Act (the CPPA, which would repeal and replace PIPEDA’s framework for the governance of personal information practices in the private sector), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act (AIDA).
- AccessPrivacy has published e-news updates regarding the CPPA and the AIDA, and the June Monthly Privacy Webinar featuring initial insights on the CPPA is available on-demand. AccessPrivacy also has a suite of tools available to Knowledge Portal subscribers, including a comparison of Bill C-27 to its earlier iteration, Bill C-11 (2020), and the annotated CPPA with commentary and comparisons to PIPEDA. Other resources will be developed by the AccessPrivacy team and made available to subscribers in the coming weeks;
-
Philippe Dufresne has been appointed as the next Privacy Commissioner of Canada, following a resolution of the Senate and the House of Commons. Commissioner Dufresne previously served as the Law Clerk and Parliamentary Counsel of the House of Commons, and, prior to that, as Senior General Counsel for the Canadian Human Rights Commission. The appointment was effective Monday, June 27;
-
Former Privacy Commissioner of Canada Daniel Therrien made final remarks on the state of privacy law in Canada as his term came to a close, both at the International Association of Privacy Professionals (IAPP) Canada Privacy Symposium 2022 and before the House of Commons Standing Committee on Access to Information, Privacy and Ethics;
-
The federal government has tabled legislation that would introduce cyber security requirements for federal critical infrastructure organizations. Bill C-26, the Critical Cyber Systems Protection Act (CCSPA), would establish obligations for operators of designated "vital" services (a) to create cyber security programs, and (b) to immediately report cyber security incidents to the Communications Security Establishment and other applicable regulatory authorities. Monetary penalties of up to $15 million could follow each violation of the CCSPA, with a due diligence defence open to operators. See the AccessPrivacy e-news update for further details;
-
Representatives of the Office of the Privacy Commissioner of Canada (OPC) commented, before the Standing Senate Committee on National Security and Defence, on a bill aiming to strengthen traveler privacy rights in personal digital devices. Bill S-7, An Act to Amend the Customs and Preclearance Act, 2016, addresses circumstances in which Canadian border service officers can examine information stored on personal digital devices. Case law developments that preceded this proposed law were discussed in volume 14 of the Round-Up;
-
British Columbia’s Special Committee to Review the Freedom of Information and Protection of Privacy Act has released its final report recommending changes to the province’s public sector privacy law. Information and Privacy Commissioner Michael McEvoy issued a statement outlining key ways in which the recommendations would, if implemented, support a "culture of transparency" in the province;
-
A decision of the Office of the Information and Privacy Commissioner of Ontario (OIPC Ontario) ordering the provincial government to publicly disclose Cabinet mandate letters has made its way to the Supreme Court of Canada. On judicial review, the Divisional Court had found the OIPC's decision that the Cabinet privilege exception in Ontario's Freedom of Information and Protection of Privacy Act did not apply to the mandate letters to be reasonable, and the Court of Appeal dismissed the subsequent appeal. In response to the Supreme Court's order granting the Government of Ontario's request for leave to appeal, Information and Privacy Commissioner Patricia Kosseim noted that the Supreme Court may “set a significant precedent for deciding future cases involving access to key records…that can help the public understand the plans and approaches of governments”;
-
Privacy management programs of private liquor and cannabis retailers were again examined by the OIPC BC in a follow-up review. The OIPC BC’s report indicates improvements to the programs since its initial review and notes that it will continue to work with the retailers as required until full compliance has been achieved;
-
The OIPC Ontario has released its 2021 Annual Report, which includes a restatement of Commissioner Kosseim’s recommendations for a provincial private sector privacy law and for updates to the province’s public sector privacy and access laws;
-
The Office of the Privacy Commissioner of Nunavut has also released its 2021 Annual Report, which emphasizes the need for the territory’s Commissioner to have order-making power in order to ensure transparency in government. The report also recommends that health-specific privacy legislation be enacted in Nunavut;
-
A Memorandum of Understanding (MOU) has been signed between the OPC and the Commissioner of Data Protection of the Abu Dhabi Global Market. Similar MOUs, which are meant to facilitate information sharing between signatories were reported in volumes 15, 13, and 9 of the Round-Up.
* * *
Sign up for AccessPrivacy's complimentary e-news updates to receive each edition of the Round-Up by email. The archive of past editions of the Privacy Round-Up is available to AccessPrivacy Knowledge Portal subscribers.
Please note: some of the embedded links direct to resources available only to AccessPrivacy Knowledge Portal subscribers. However, if you are having issues opening links to publicly available materials, please try clearing your browser cache (including cookies and files) before clicking the link again.