Canada's privacy watchdog seeks stronger enforcement powers

Canada's privacy watchdog is transforming the way it has pursued protective measures for more than 15 years, planning to more actively go after companies and other organizations for privacy concerns. And it has renewed calls for an update to the country's privacy laws, saying the current system of enforcement "has no teeth."

Since the enforcement of the Personal Information Protection and Electronic Documents Act (PIPEDA) in 2001, the Office of the Privacy Commissioner of Canada has acted as an ombudsman, opening investigations into privacy concerns primarily when it received complaints from Canadians – although it does occasionally launch investigations on its own.

In his annual report to Parliament on Thursday, Commissioner Daniel Therrien said that the OPC would expand its approach, pursuing "a pro-active enforcement and compliance model … because the OPC may be better placed than individuals to identify privacy problems related to complex new technologies." The office will still look into complaints from individuals, in addition to the new approach. It will ask government for a "modest" increase in its budget to fund that expanded enforcement.

Mr. Therrien also repeated a call for changes to federal law that would give his office the ability to issue binding orders and hand down fines where necessary, saying that the current system is insufficient to ensure compliance. The OPC has been asking for such legislative reform for years.

"The model of laws where you have regulators with order-making authority, and the authority to impose fines, is being adopted more and more across the world," Mr. Therrien said in an interview Thursday.

The report comes as some industry observers have raised concerns that Canada is not keeping up with global peers. Next May, the European Union will enact broad changes to how it pursues privacy protection when the new General Data Protection Regulation (GDPR) comes into force.

Some have suggested that if Canada's laws are not updated, it could lose "adequacy status" with the EU – which allows for the free flow of data with other jurisdictions it feels have adequate privacy protections in place, and which is crucial for cross-border trade – the next time that status is reviewed in the coming years. Mr. Therrien also raised that concern on Thursday.

Government needs to demand that organizations show they are protecting people's privacy, Mr. Therrien said.

"Companies don't have a legally-imposed obligation to demonstrate that they're accountable," he said. "… We would do audits, essentially, of the measures taken by companies to demonstrate that they are truly compliant."

The commissioner's report also noted that the current state of play in the digital sphere – where consumers are asked to agree to arcane privacy policies swamped in legalese that most don't read – is "broken." The OPC is pushing for more understandable privacy agreements: Companies should tell people what personal information about them is being collected, how and why it is shared, and what risk there is to them as a result. Children also need to be better informed, the report stated, recommending that privacy education be introduced into school curricula.

But it also noted that it is not always possible for people to give meaningful consent, particularly in cases of...

Read The Full Article

0 Comments Write your comment

    1. Loading...