On 17 November, the Canadian government tabled a new proposed data protection law, Bill C-11, which would among other things, enact the new Consumer Privacy Protection Act (CPPA). The CPPA would replace the data protection component(s) of the existing data protection law – the Personal Information Protection and Electronic Documents Act. The proposed legislation incorporates protections for personal information similar in nature to the GDPR - specifically the acknowledgement that artificial intelligence and the concept of automated decision-making and consumer profiling has to have appropriate boundaries placed around it. In this article we will compare and contrast Bill C-11’s and the GDPR’s provisions as they relate to automated decision-making, and explore some of the challenges companies face complying with the regulatory requirement when attempting to develop and deploy these complex systems.