Today, the Honourable Navdeep Bains, Minister of Innovation, Science and Economic Development (ISED), announced Canada's new Digital Charter that is intended to lay the foundation for increasing consumer trust in the digital economy and sets the groundwork for reforming Canada's privacy laws. The Charter is comprised of the following 10 principles:
|1) Universal Access||(6) A Level Playing Field|
|(2) Safety and Security||(7) Data and Digital for Good|
|(3) Control and Consent||(8) Strong Democracy|
|(4) Transparency, Portability & Interoperability||(9) Free from Hate and Violent Extremism|
|(5) Open and Modern Digital Government||(10) Strong Enforcement and Real Accountability|
The Minister also unveiled proposals for modernizing the Personal Information Protection and Electronic Documents Act (PIPEDA) as part of an initial set of actions aimed at implementing the Digital Charter. The consultation paper proposes the following 4 broad areas, each with related policy options and questions for stakeholders, for further consideration and consultation:
Part 1: Enhancing individuals' control - As possible options for enhancing individuals' control, the government is proposing to re-examine what information is needed as a basis for meaningful consent; identify purposes for which consent may not be necessary or appropriate; focus on the concepts of de-identified and pseudonymized data; revisit publicly available information; and enhance the transparency of automated decision-making. The proposals also include introducing new data mobility requirements and addressing some aspects of online reputation that would be within the reach of PIPEDA.
Part 2: Enabling responsible innovation - To enable responsible innovation by organizations and clarify the concept of accountability in the context of new business models and emerging technologies, the proposals include exploring data trusts as a potential solution for enhancing access to data for research and innovation; and incentivizing the use of codes of practice, accreditation/certification schemes and standards.
Part 3: Enhancing enforcement and oversight - The consultation paper envisages enhancing the Privacy Commissioner's powers as part of a broader and more effective enforcement regime comprised of four key components: (1) education/outreach; (2) investigation and audit; (3) tools to address non-compliance or offences; and (4) advance/proactive advice and dialogue.
Part 4: Areas of ongoing assessment - Finally, the consultation paper addresses a perceived need to clarify PIPEDA, including by redrafting the law so as to integrate the principles into the body of the Act itself in order to alleviate the many interpretation challenges that have arisen from Schedule 1 over the years. It also proposes adapting the law's scope of application in order to clarify the accountability of the various organizations in the ecosystem, including in the context of transborder dataflows.
ISED is inviting consultations or written submissions.
Interestingly, the government also today posted information on its website about its ongoing work to modernize the Privacy Act, as part of an overarching strategy to update Canada's privacy regime in light of global developments (such as the GDPR). The Government plans to consult expert stakeholders and seek their input on technical and legal considerations to further refine their proposals for changes to the Privacy Act. It then intends to eventually engage the broader Canadian public on more concrete proposals for amendments.