The Consumer Privacy Protection Act (CPPA) will make substantial changes to Canada’s privacy law. In this post I examine the significant proposed changes to the law as they relate to personal information that has been “de-identified”.
On February 3, 2021, the conclusions of a joint investigation conducted by the Office of the Privacy Commissioner of Canada (OPC), the Commission d'accès à l'information du Québec (QC Commission), the Office of the Information and Privacy Commissioner of British Columbia (BC OIPC) and the Office of the Information and Privacy Commissioner of Alberta (AB OIPC), collectively referred to as the Offices, were released—finding that Clearview AI violated the privacy rights of Canadians.
On November 16, 2020, the federal government introduced the Consumer Privacy Protection Act (“CPPA”), which, if enacted, will provide organizations with greater clarity regarding their obligations when engaging third party service providers to process personal information outside Canada. In this blog, we explore how the core concepts of cross-border transfers of personal information for processing are evolving after a brief period of major uncertainty.