Read on to see how the proposed changes to PIPEDA could alter the way you do business online.
Proposed Changes Coming to PIPEDA
In November 2020, Bill C-11 — the Digital Charter Implementation Act — was introduced before Parliament, which would give the federal government more punitive powers. As it now stands, the Office of the Privacy Commissioner of Canada (OPC) only renders findings. This proposed legislation will actually give the OPC the power to render decisions and escalate decisions to a newly formed tribunal.
A parallel piece of legislation, the Personal Information, and Data Protection Tribunal Act, would form an official tribunal system. The role of this tribunal would be to process findings, orders, and decisions brought to the body by the OPC. According to the proposed legislation, the Tribunal would also have the power to determine penalties independently or at the recommendation of the OPC. The goal of Bill C-11 is to align Canada’s current data privacy laws with Europe’s GDPR.
Stronger Financial Penalties on the Horizon
The Personal Information and Data Protection Tribunal Act (and the tribunal it would create) would levy higher penalties than has been seen in years past — up to 3% or C$10 million dollars for the most serious infractions.
With all the potential changes to Canada’s personal data privacy framework, Cookie Script is here to help you brush up on PIPEDA in its current form. Read on to learn more about this legislation and how it affects the way you conduct business online in Canada.
Consent: The Most Important Aspect of PIPEDA Compliance
By and large, the most important aspect of PIPEDA to businesses should be obtaining consent from individuals. This means that if you have cookies on your website that collect user data, these cookies should be suspended (paused) until the user gives their explicit consent. (With tools from Cookie Script tools, tracking consent is automatic!)
Who is Subject to PIPEDA?
If you thought that the rules found in PIPEDA only apply to Canadians then you’re mistaken. All commercial interests that do business with Canadian citizens are subject to PIPEDA’s provisions. This means that those who willfully violate the provisions of PIPEDA can be tried in an international criminal or civil court.
PIPEDA: The Essentials
There are several essential things every business should do when transacting with individuals in Canada. These include:
- Ask for consent before personal data is collected.
- Make each user’s stored information accessible to them.
- Safeguard users’ data in a secure manner.
- Ensure any information collected with or without user consent can be erased or altered at any time.
Can You Be Sued Under PIPEDA?
Yes, but it’s not as straightforward as other privacy laws. Unlike the GDPR and other national privacy laws, PIPEDA doesn’t give those injured under the law a direct path to sue those who have violated the law. What PIPEDA does do is create a pathway in which complaints can be handled by Canada’s Privacy Commissioner. When the Privacy Commissioner receives a complaint they will investigate the accusations outlined in the complaint and then generate a report. While it may not have any legal bearing on its own, the report (along with the original complaint) can be brought before the Federal Court of Canada, which does have the authority to award damages.
Cookie Script Makes it Easy
Best of all, Cookie Script has plans for every budget, starting from FREE to plans that cover up to 200 domains. Our Plus plans give you the ability to record visitor consents, integrate Google Analytics, geo-targeting, deliver self-hosting solutions, and much more. Sign up for a plan today!