June 28, 2022 - Health Sector, Private Sector, Public Sector

Privacy Round-Up (Volume 16)

In this edition of the Round-Up:

  • The Government of Canada has tabled long-awaited privacy legislation that, if passed, would overhaul the federal private sector privacy regime. Bill C-27, the Digital Charter Implementation Act, 2022 introduces three new statutes: the Consumer Privacy Protection Act (the CPPA, which would repeal and replace PIPEDA’s framework for the governance of personal information practices in the private sector), the Personal Information and Data Protection Tribunal Act, and the Artificial Intelligence and Data Act (AIDA).

    • AccessPrivacy has published e-news updates regarding the CPPA and the AIDA, and the June Monthly Privacy Webinar featuring initial insights on the CPPA is available on-demand. AccessPrivacy also has a suite of tools available to Knowledge Portal subscribers, including a comparison of Bill C-27 to its earlier iteration, Bill C-11 (2020), and the annotated CPPA with commentary and comparisons to PIPEDA. Other resources will be developed by the AccessPrivacy team and made available to subscribers in the coming weeks;


  • Philippe Dufresne has been appointed as the next Privacy Commissioner of Canada, following a resolution of the Senate and the House of Commons. Commissioner Dufresne previously served as the Law Clerk and Parliamentary Counsel of the House of Commons, and, prior to that, as Senior General Counsel for the Canadian Human Rights Commission. The appointment was effective Monday, June 27;



  • The federal government has tabled legislation that would introduce cyber security requirements for federal critical infrastructure organizations. Bill C-26, the Critical Cyber Systems Protection Act (CCSPA), would establish obligations for operators of designated "vital" services (a) to create cyber security programs, and (b) to immediately report cyber security incidents to the Communications Security Establishment and other applicable regulatory authorities. Monetary penalties of up to $15 million could follow each violation of the CCSPA, with a due diligence defence open to operators. See the AccessPrivacy e-news update for further details;


  • Representatives of the Office of the Privacy Commissioner of Canada (OPC) commented, before the Standing Senate Committee on National Security and Defence, on a bill aiming to strengthen traveler privacy rights in personal digital devices. Bill S-7, An Act to Amend the Customs and Preclearance Act, 2016, addresses circumstances in which Canadian border service officers can examine information stored on personal digital devices. Case law developments that preceded this proposed law were discussed in volume 14 of the Round-Up;


  • British Columbia’s Special Committee to Review the Freedom of Information and Protection of Privacy Act has released its final report recommending changes to the province’s public sector privacy law. Information and Privacy Commissioner Michael McEvoy issued a statement outlining key ways in which the recommendations would, if implemented, support a "culture of transparency" in the province;



  • Privacy management programs of private liquor and cannabis retailers were again examined by the OIPC BC in a follow-up review. The OIPC BC’s report indicates improvements to the programs since its initial review and notes that it will continue to work with the retailers as required until full compliance has been achieved;


  • The OIPC Ontario has released its 2021 Annual Report, which includes a restatement of Commissioner Kosseim’s recommendations for a provincial private sector privacy law and for updates to the province’s public sector privacy and access laws;


  • The Office of the Privacy Commissioner of Nunavut has also released its 2021 Annual Report, which emphasizes the need for the territory’s Commissioner to have order-making power in order to ensure transparency in government. The report also recommends that health-specific privacy legislation be enacted in Nunavut;


  • A Memorandum of Understanding (MOU) has been signed between the OPC and the Commissioner of Data Protection of the Abu Dhabi Global Market. Similar MOUs, which are meant to facilitate information sharing between signatories were reported in volumes 15, 13, and 9 of the Round-Up.

* * *

Sign up for AccessPrivacy's complimentary e-news updates to receive each edition of the Round-Up by email. The archive of past editions of the Privacy Round-Up is available to AccessPrivacy Knowledge Portal subscribers. 

Please note: some of the embedded links direct to resources available only to AccessPrivacy Knowledge Portal subscribers. However, if you are having issues opening links to publicly available materials, please try clearing your browser cache (including cookies and files) before clicking the link again.