On November 16, 2020, the federal government introduced the Consumer Privacy Protection Act (“CPPA”), which, if enacted, will provide organizations with greater clarity regarding their obligations when engaging third party service providers to process personal information outside Canada. In this blog, we explore how the core concepts of cross-border transfers of personal information for processing are evolving after a brief period of major uncertainty.
Consumer Privacy Protection Act
Federal privacy laws are getting an update. The federal government has introduced a new bill which proposes to tighten and clarify the law around the protection of personal information and personal privacy and also give enforcement more teeth.
On November 17, 2020, Bill C-11, An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts (Bill C-11), received first reading in the House of Commons. Part 1 of Bill C-11 repeals Part 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA) and enacts the Consumer Privacy Protection Act (CPPA) to protect the personal information of individuals while recognizing the need of organizations to collect, use or disclose personal information in the course of commercial activities.