Canada’s new Consumer Privacy Protection Act: Will it be ‘adequate’?
Colin Bennett from the University of Victoria discusses aspects of the Bill that may be significant for an EU adequacy assessment.
On 17 November 2020, Canada’s then Industry Minister (Navdeep Bains) introduced a new Consumer Privacy Protection Act (CPPA), and a Personal Information and Data Protection Tribunal Act (Bill C-11) to replace the Personal Information Protection and Electronic Documents Act (PIPEDA).(1) The bill is part of an ambitious plan to implement a Digital Charter, a broad policy framework designed to guide Canada’s overall policy on digital issues.
The Constitution grants the Government of Canada some defined and delimited powers. The CPPA, therefore, only covers those organizations to which PIPEDA applies – federally regulated companies in transportation, communications, banking and any organization that transfers data across international and inter-provincial boundaries “for a commercial purpose” as well as intra-provincial commerce that do not have “substantially similar legislation.” Only Quebec, Alberta and British Columbia have passed such laws; Ontario is currently conducting a consultation exercise.
International Report subscribers please login to access the full article.
If you wish to subscribe please see our subscription information.