Reflections on PIPEDA and the Future of Privacy

  • Slides: 24
Download presentation
Reflections on PIPEDA and the Future of Privacy Law in Canada Kate Wilson, Legal

Reflections on PIPEDA and the Future of Privacy Law in Canada Kate Wilson, Legal Counsel Office of the Privacy Commissioner of Canada Mc. Gill University, Faculty of Law November 27, 2018

Privacy Commissioner of Canada • Mandate covers Privacy Act and PIPEDA • Commissioner’s overarching

Privacy Commissioner of Canada • Mandate covers Privacy Act and PIPEDA • Commissioner’s overarching goal of enhancing Canadians’ control over their personal information

OPC strategic privacy priorities 1. Economics of personal information 2. Government surveillance 3. Reputation

OPC strategic privacy priorities 1. Economics of personal information 2. Government surveillance 3. Reputation and privacy 4. The body as information

PIPEDA, 17 years on… • Constitutional underpinnings: “trade and commerce” (s. 91(2)) • Quasi-constitutional

PIPEDA, 17 years on… • Constitutional underpinnings: “trade and commerce” (s. 91(2)) • Quasi-constitutional status • Human rights legislation? • Consumer protection?

Parallel evolution of common law • Statutory torts in various provinces (e. g. ,

Parallel evolution of common law • Statutory torts in various provinces (e. g. , British Columbia) • Increasing recognition of torts at common law (e. g. , intrusion upon seclusion post Jones v. Tsige in Ontario) • Increase in class action activity and in certification of class actions, particularly post breach

2001: bricks and mortar • Bilateral relationship: customer + business • Collection of PI

2001: bricks and mortar • Bilateral relationship: customer + business • Collection of PI at time of purchase of product or service (e. g. , opening a bank account)

2018: virtual ecosystems • Complex data-driven business models • Opaque data flows and processes

2018: virtual ecosystems • Complex data-driven business models • Opaque data flows and processes • Frequently transborder nature of data flows

Pressures on privacy protection • Big data • Artificial intelligence • Internet of things

Pressures on privacy protection • Big data • Artificial intelligence • Internet of things • Algorithmic decision-making • Cloud computing

International developments • General Data Protection Regulation • May 25, 2018 • Broad extra-territorial

International developments • General Data Protection Regulation • May 25, 2018 • Broad extra-territorial reach • Significant consequences for non-compliance

GDPR: new elements • In addition to differences already present under the Directive: •

GDPR: new elements • In addition to differences already present under the Directive: • Right to data portability • Right to erasure • Privacy by design and default

GDPR: Adequacy • Role of Innovation, Science and Economic Development (ISED) • Adequate but

GDPR: Adequacy • Role of Innovation, Science and Economic Development (ISED) • Adequate but not identical • Impetus for legislative action?

Consent under PIPEDA • Remains a cornerstone of the Act • How to strengthen?

Consent under PIPEDA • Remains a cornerstone of the Act • How to strengthen? • When is it impracticable? Illusory? • Are there alternatives?

Valid consent • s. 6. 1: « …the consent of an individual is only

Valid consent • s. 6. 1: « …the consent of an individual is only valid if it is reasonable to expect that an individual to whom the organization’s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure to which they are consenting »

Challenges to meaningful consent • Can the individual understand who is making what use

Challenges to meaningful consent • Can the individual understand who is making what use of her PI? • Continuous collection, use or disclosure (e. g. , Io. T) • « Take it or leave it » -- contracts of adhesion?

An industry perspective • Consent is impracticable for certain unanticipated uses of data •

An industry perspective • Consent is impracticable for certain unanticipated uses of data • Increase reliance on implied consent as a means of facilitating innovation • Promote de-identification • Consider a risk-based consent model • Broaden the concept of « publicly available »

Guidelines for obtaining meaningful consent • Guidance takes effect January 1, 2019 • Consent

Guidelines for obtaining meaningful consent • Guidance takes effect January 1, 2019 • Consent consultation process • Further clarifies how organizations achieve valid/meaningful consent

7 principles for meaningful consent 1. Emphasize key elements (4) 2. Allow individuals to

7 principles for meaningful consent 1. Emphasize key elements (4) 2. Allow individuals to control level of detail and timing 3. Provide clear options for yes or no 4. Be innovative and creative 5. Consider the consumer’s perspective 6. Make consent a dynamic and ongoing process 7. Be accountable: be ready to demonstrate compliance

Exploring other avenues for protection and control • Legitimate interests • Ethical assessment of

Exploring other avenues for protection and control • Legitimate interests • Ethical assessment of data processing • Promoting algorithmic transparency • De-identification of personal information

Reputation • Draft position paper on online reputation: to what extent does PIPEDA already

Reputation • Draft position paper on online reputation: to what extent does PIPEDA already speak to these issues? • Identification of inappropriate practice of posting information in order to then charge to take it down (e. g. , Globe 24 h. com) • Federal Court reference re whether Google’s search engine service subject to PIPEDA

Updating the OPC enforcement tool kit • Ombudsmodel, pros and cons • Order-making powers

Updating the OPC enforcement tool kit • Ombudsmodel, pros and cons • Order-making powers • Administrative monetary penalties • Not new ‘asks’

In the interim at the OPC… • Restructuring : promotion and compliance sectors •

In the interim at the OPC… • Restructuring : promotion and compliance sectors • Encouraging compliance v. dealing with existing compliance issues • Shift towards pro-active enforcement • Emphasis on guidance in key areas • Development of Business Advisory Services

Learn more at www. priv. gc. ca

Learn more at www. priv. gc. ca

PTA REFLECTIONS PROGRAM WHAT IS REFLECTIONS The ReflectionsPTA REFLECTIONS PROGRAM WHAT IS REFLECTIONS The Reflections
PTA Reflections Program What is Reflections The ReflectionsPTA Reflections Program What is Reflections The Reflections
Combining PIPEDA PETs and market forces through socialCombining PIPEDA PETs and market forces through social
PIPEDA and Receivables Management Robin GouldSoil Receivables ManagementPIPEDA and Receivables Management Robin GouldSoil Receivables Management
Fallbeispiel Privacy Was ist Privacy Wie wird PrivacyFallbeispiel Privacy Was ist Privacy Wie wird Privacy
How Privacy Relates to Security Privacy Symposium PrivacyHow Privacy Relates to Security Privacy Symposium Privacy
Case studies Privacy Privacy Privacy Is an EUCase studies Privacy Privacy Privacy Is an EU
Reflections and Superposition Contents Reflections Why they occurReflections and Superposition Contents Reflections Why they occur
REFLECTIONS ROTATIONS AND TRANSLATIONS Reflections Reflect the triangleREFLECTIONS ROTATIONS AND TRANSLATIONS Reflections Reflect the triangle
Reflections and Superposition Contents Reflections Why they occurReflections and Superposition Contents Reflections Why they occur
Future perfect X Future continuous Future continuous FutureFuture perfect X Future continuous Future continuous Future
Reflections on the Coordinate Plane Reflections on theReflections on the Coordinate Plane Reflections on the
Jeopardy Translations Reflections Vocabulary Solve It Reflections OverJeopardy Translations Reflections Vocabulary Solve It Reflections Over
Reflections 1 Reallife reflections Animation Architecture Graphic DesignReflections 1 Reallife reflections Animation Architecture Graphic Design
Reflections What are reflections Sue Beck What areReflections What are reflections Sue Beck What are
Berea PTA Council REFLECTIONS PROGRAM What is ReflectionsBerea PTA Council REFLECTIONS PROGRAM What is Reflections
SECTION 2 3 TRANSFORMATIONS WITH REFLECTIONS I REFLECTIONSSECTION 2 3 TRANSFORMATIONS WITH REFLECTIONS I REFLECTIONS
9 1 Reflections I can draw reflections in9 1 Reflections I can draw reflections in
12 1 Reflections Lesson 34 Reflections Do Now12 1 Reflections Lesson 34 Reflections Do Now
7 2 Reflections Using Reflections in a Plane7 2 Reflections Using Reflections in a Plane
7 5 Glide Reflections Compositions Using Glide Reflections7 5 Glide Reflections Compositions Using Glide Reflections
4 2 Reflections Goals Perform Reflections Perform Glide4 2 Reflections Goals Perform Reflections Perform Glide
Socratic Seminar Reflections Your Reflections I didnt talkSocratic Seminar Reflections Your Reflections I didnt talk