Where trade goes, so does data
Michael McEvoy, the Information and Privacy Commissioner for British Columbia, Canada, has a unique regulatory perspective relating to the other provinces and the federal Privacy Commissioner, but also facing Asia. Stewart and Merrill Dresner report from Victoria.
Canada gained EU adequacy status in 2001 which was confirmed in 2006. Canada’s Federal government reports every two years to the European Commission on developments, most recently in June 2019. The European Commission will assess Canada again in 2020 and the European Data Protection Board will give its Opinion.
As the standard Canada needs to reach is “essential equivalence” rather than an identical law, Canada’s current law is evolving rather than copying the GDPR, Michael McEvoy, the Information and Privacy Commissioner for British Columbia, Canada, told PL&B in an interview. Canada’s private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA) applies in all the provinces except those which have their own “substantially similar” laws, Alberta, British Columbia (BC) and Quebec. These provinces together make up around 50% of Canada’s population. There are some differences between the provinces. For example, BC’s law is more wide-ranging than those in the other provinces, as its Personal Information Protection Act (PIPA), applies to over 500,000 private sector organizations including businesses, charities, associations, trade unions, trusts and political parties.