Login

New privacy legislation proposes higher corporate fines, more control of personal information

Digital Charter Implementation Act also includes ‘right to be forgotten,’ plain language requirements

New privacy legislation proposes higher corporate fines, more control of personal information
Legislation is ‘most important privacy reform in 20 years,’ says Chantal Bernier of Dentons Canada LLP.

Federal privacy legislation tabled yesterday will impose heavier fines on businesses for breaching individuals’ digital privacy rights and give individuals greater control over their personal information.

The Liberal government’s Digital Charter Implementation Act proposes the most significant changes to privacy legislation in a decade. The act will, if passed, enact two new acts: the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act, and amend some other acts.

“I would say it’s the most important privacy reform in 20 years,” says Chantal Bernier, head of Dentons Canada LLP’s Canadian Privacy and Cybersecurity practice group, and interim Privacy Commissioner of Canada from 2013 to 2014.

“From my standpoint, the most important change from an ombudsman’s model to an enforcement model, meaning the privacy commissioner will not only have powers of recommendation, it will now have order-making powers,” she says, including to demand a company stop collecting or using personal information. A tribunal would have the power to determine fines to be imposed, and to receive appeals from findings of the Office of the Privacy Commissioner of Canada.

The corporate fines that would be imposed for the most serious infractions of digital privacy are also significant: 5 per cent of an organization’s gross global revenue in its financial year before the one in which the organization is sentenced, or $25 million, whichever figure is higher. In announcing the legislation, Minister of Innovation, Science and Industry Navdeep Bains said these fines would be the highest among G7 countries.

“To me, that is the most important change,” says Bernier. “I think that the penalties will have a significant impact on the respect for privacy rights. Companies will now pay much more attention to that, I believe.”

A private right of action has also been created that will allow individuals to seek relief for violations of their privacy. Section 106 of the act gives affected individuals a cause of action against the organization for damages if the commissioner has made a finding that there was a contravention, the finding is not appealed or the tribunal has dismissed the appeal, Bernier says.

As well, the proposed legislation would require companies to get consent from customers using plain language, for the purposes of collection, use or disclosure of information; how the information will be used; any reasonably foreseeable consequences of such; the specific type of information that will be collected; and names of any third parties to which the organization may disclose the personal information.

Individuals will also have the right to direct the transfer of their personal information from one organization to another — for example, from their bank to another financial institution.

The act supports Canada’s Digital Charter announced by Minister Bains in May 2019; its “10 principles” include control and consent, and strong enforcement and accountability.

The act’s efforts to improve individual control over their personal information has been increased through greater transparency, buttressing consent, and the express right to obtain deletion of information from online sources under certain circumstances, Bernier says, and will facilitate individuals' ability to control their online identity and information available to the public.

Related stories

Free newsletter

The Canadian Legal Newswire is a FREE newsletter that keeps you up to date on news and analysis about the Canadian legal scene. A separate InHouse Edition is delivered on a regular basis, providing targeted news and information of interest to in-house counsel.

Please enter your email address below to subscribe.

Recent articles & video

Can employers require new hires to show proof of vaccination?

Roundup of law firm hires, promotions, departures: May 17, 2021 update

Consent and capacity do not have to be considered separately in sexual assault cases: Supreme Court

IP lawyers using foreign associates need protection from fluctuating currency rates: Western Union

Mars Wrigley trademark lawsuits allege cannabinoid products look like its candies

New integrated court in Kelowna, B.C. aims to reduce recidivism

Most Read Articles

Award more than tripled on appeal for fired articling student at B.C. firm Acumen Law

Time for an end to the bar exams for Canadian lawyers

Consent and capacity do not have to be considered separately in sexual assault cases: Supreme Court

Quebec tables most radical reform to its language laws