Canada is the latest country to introduce a series of data privacy laws making it easier for users to gain control of their data from companies and request their data be deleted.
If passed, the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act would grant Canadians greater control over how their data is used and hold companies liable if they store information on users without their explicit consent.
What’s in the new bill
Introduced into parliament earlier this month, the bill takes a leaf out of the EU’s own data privacy regulations, the GDPR, requiring companies to gain consent from customers through plain language before they can use their data. It also introduces new rights providing Canadians with greater control over their data, including:
- The ability to request the transfer of their information from one organization to another;
- The ability to request their personal information collected by an organization be deleted (better known as “the right to be forgotten”); and
- The ability to ask for an explanation from the organization about the personalized recommendations or decisions made about them when using automated decision systems.
There is also a significant fine of up to 5% of global revenue or 25 million CAD for companies contravening the new data privacy laws, which the Minister of Innovation Navdeep Bains claims are the heaviest among the G7 privacy laws.
[Stay in the know about your privacy risks. Sign up to the Blog Newsletter.]
The law also requires businesses to be transparent about their use of automated decision-making systems like algorithms and artificial intelligence that makes recommendations and decisions for individuals using their platforms.
GDPR-style regulations couldn’t come soon enough
In the past year, Canada has suffered several data breaches and cyberattacks, ranging from Covid-19 phishing scams and ransomware attacks to data breaches, the biggest of which was of 15 million customers at a laboratory testing firm.
Although the bill in its first draft will probably look a little different if and when it passes into law, what can be certain is that businesses will have a higher level of compliance to meet concerning their respect to the privacy of individuals interacting with their business.
Passing this bill would give Canadians meaningful control over their data, reduce the risk of their information getting caught up in another data breach, and hold companies accountable for the data they collect and use from their customers. With Canada following in the footsteps of the EU and certain states in the U.S., this bill is a promising step in the right direction.