The Digital Charter Implementation Act

Federal privacy laws are getting an update. The federal government has introduced a new bill which proposes to tighten and clarify the law around the protection of personal information and personal privacy and also give enforcement more teeth. The Bill, Bill C-11 The Digital Charter Implementation Act, 2020, passed first reading on November 17, 2020.

New laws and a new tribunal

The Bill would introduce a new law, the Consumer Privacy Protection Act, as well as change the existing Personal Information Protection and Electronic Documents Act. It further proposes the creation of a new tribunal via the Personal Information and Data Protection Tribunal Act. This tribunal would hear appeals of decisions of the Privacy Commission under the Consumer Privacy Protection Act and impose penalties for contraventions of the Consumer Privacy Protection Act. 

New powers and big fines

The Bill would also empower the Privacy Commissioner to make orders to organizations regarding compliance and recommend penalties where breaches occur. The newly created Personal Information and Data Protection Tribunal would be empowered to impose penalties based on the decision of the Privacy Commissioner, as well as hear appeals from Orders made by the Privacy Commissioner. 

Proposed penalties would be up to the greater of up to $10 million or 3% of an organization’s gross global revenue. Criminal penalties would also be available for certain of the most serious breaches. For example, a breach that creates a real risk of significant harm to an individual, or where an organization is obstructing the Privacy Commissioner’s investigations. These criminal penalties could carry fines of up to $25 million or up to 5% of an organization’s gross global revenue. 

New rights

The Bill also proposed new privacy rights for individuals, for example, the right to “mobility of personal information.” This right is the right of an individual to request that an organization disclose the personal information that it has collected from the individual to an organization designated by the individual. So an individual could ask that one organization share their personal information with another — giving individuals the right to “mobilize” their personal information. 

The Bill would also legislate standards for how information is de-identified. 

Takeaways

The pandemic has only increased our reliance on virtual data, highlighting the importance of modernizing our privacy laws with respect to our digital footprints. We will keep you posted as this Bill moves through the legislative process. 

• About
• Latest Posts

Follow me

Spring Law

Employment and Labour Law Firm at SpringLaw

SpringLaw is a virtual Canadian boutique law firm, practicing exclusively in the areas of employment, labour and human rights law. We work with a wide range of employers - from global companies with operations in Canada to local owner-operators and start-ups - advising on the wide range of legal issues that arise out of the workplace, particularly workplaces in the tech and creative space. We also provide legal and strategic advice to employees throughout their employment journey. Blog posts are written by Lisa Stam, Hilary Page, Emily Siu, Danielle Murray, Lindsay Koruna, Jessyca Greenwood and Marnie Baizley.

Follow me

Latest posts by Spring Law (see all)

• Termination clauses going into 2023 – What employers need to know - November 9, 2022
• Alcohol in the workplace - October 12, 2022
• Employer discretion to schedule employee vacation time - September 14, 2022