Reflections on PIPEDA and the Future of Privacy
- Slides: 24
Reflections on PIPEDA and the Future of Privacy Law in Canada Kate Wilson, Legal Counsel Office of the Privacy Commissioner of Canada Mc. Gill University, Faculty of Law November 27, 2018
Privacy Commissioner of Canada • Mandate covers Privacy Act and PIPEDA • Commissioner’s overarching goal of enhancing Canadians’ control over their personal information
OPC strategic privacy priorities 1. Economics of personal information 2. Government surveillance 3. Reputation and privacy 4. The body as information
PIPEDA, 17 years on… • Constitutional underpinnings: “trade and commerce” (s. 91(2)) • Quasi-constitutional status • Human rights legislation? • Consumer protection?
Parallel evolution of common law • Statutory torts in various provinces (e. g. , British Columbia) • Increasing recognition of torts at common law (e. g. , intrusion upon seclusion post Jones v. Tsige in Ontario) • Increase in class action activity and in certification of class actions, particularly post breach
2001: bricks and mortar • Bilateral relationship: customer + business • Collection of PI at time of purchase of product or service (e. g. , opening a bank account)
2018: virtual ecosystems • Complex data-driven business models • Opaque data flows and processes • Frequently transborder nature of data flows
Pressures on privacy protection • Big data • Artificial intelligence • Internet of things • Algorithmic decision-making • Cloud computing
International developments • General Data Protection Regulation • May 25, 2018 • Broad extra-territorial reach • Significant consequences for non-compliance
GDPR: new elements • In addition to differences already present under the Directive: • Right to data portability • Right to erasure • Privacy by design and default
GDPR: Adequacy • Role of Innovation, Science and Economic Development (ISED) • Adequate but not identical • Impetus for legislative action?
Consent under PIPEDA • Remains a cornerstone of the Act • How to strengthen? • When is it impracticable? Illusory? • Are there alternatives?
Valid consent • s. 6. 1: « …the consent of an individual is only valid if it is reasonable to expect that an individual to whom the organization’s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure to which they are consenting »
Challenges to meaningful consent • Can the individual understand who is making what use of her PI? • Continuous collection, use or disclosure (e. g. , Io. T) • « Take it or leave it » -- contracts of adhesion?
An industry perspective • Consent is impracticable for certain unanticipated uses of data • Increase reliance on implied consent as a means of facilitating innovation • Promote de-identification • Consider a risk-based consent model • Broaden the concept of « publicly available »
Guidelines for obtaining meaningful consent • Guidance takes effect January 1, 2019 • Consent consultation process • Further clarifies how organizations achieve valid/meaningful consent
7 principles for meaningful consent 1. Emphasize key elements (4) 2. Allow individuals to control level of detail and timing 3. Provide clear options for yes or no 4. Be innovative and creative 5. Consider the consumer’s perspective 6. Make consent a dynamic and ongoing process 7. Be accountable: be ready to demonstrate compliance
Exploring other avenues for protection and control • Legitimate interests • Ethical assessment of data processing • Promoting algorithmic transparency • De-identification of personal information
Reputation • Draft position paper on online reputation: to what extent does PIPEDA already speak to these issues? • Identification of inappropriate practice of posting information in order to then charge to take it down (e. g. , Globe 24 h. com) • Federal Court reference re whether Google’s search engine service subject to PIPEDA
Updating the OPC enforcement tool kit • Ombudsmodel, pros and cons • Order-making powers • Administrative monetary penalties • Not new ‘asks’
In the interim at the OPC… • Restructuring : promotion and compliance sectors • Encouraging compliance v. dealing with existing compliance issues • Shift towards pro-active enforcement • Emphasis on guidance in key areas • Development of Business Advisory Services
Learn more at www. priv. gc. ca
- Privacy awareness and hipaa privacy training cvs
- Future perfect and future continuous exercises with answers
- Future perfect simple vs future perfect continuous
- Future of privacy forum
- Future continuous.
- Future continuous and future perfect
- Future plans and finished future actions
- Future perfect future perfect continuous
- Future continuous and future perfect objasnjenje
- Translation vs reflection
- 7.g rotation vs translation
- Translations and reflections
- Translations reflections and rotations
- How to verify a congruence transformation
- Horizontal and vertical reflections
- Translation rotation reflection dilation
- Vertical and horizontal reflections
- Vertical lines of symmetry
- Trig identities from reflections and rotations
- Translations rotations reflections and dilations
- The perfect future tense
- Present and past tense
- Future nurse programme
- Present past future continuous tense
- Present continuous future