How does California’s tough new data privacy law affect Canadian businesses?

Recent press around the California Consumer Privacy Act of 2018, passed last week, may have Canadian business leaders wondering how they’re going to comply with another foreign privacy law, but a leading expert says they have little to worry about.

In fact, former Ontario Privacy Commissioner, Privacy By Design architect, and Ryerson University Privacy by Design Centre of Excellence leader Ann Cavoukian says that the updates to Canada’s privacy laws proposed by the Standing Committee on Access to Information, Privacy and Ethics are likely to leave Canada’s privacy laws stronger than California’s.

Ann Cavoukian

“I think we have very strong legislation to begin with,” Cavoukian tells IT World Canada, noting that Canada’s existing Personal Information Protection and Electronic Documents Act (PIPEDA) already requires organizations to identify when they’re collecting user information, and why, and even obtain consent – though as experts such as University of Ottawa law professor Michael Geist have noted, many companies interpret its standards loosely.

In February, the Standing Committee recommended that the federal government take a page from the European Union’s recently-enacted General Data Protection Regulation (GDPR), and adopt Cavoukian’s seven Privacy By Design principles in developing its much-needed update of Canada’s privacy laws.

Those principles include adopting privacy as the default setting by requiring users to explicitly opt in if they want their data shared.

“We know that [federal privacy commissioner] Daniel Therrien is trying to get PIPEDA upgraded,” Cavoukian says. “It’s dated. By adding privacy by design to it, we’ll achieve essential equivalence with the GDPR.”

By contrast, the California act’s principles are similar to PIPEDA: it requires companies that store personal information, such as Google and Facebook, to disclose the type of data they collect and allow users to opt out of having their data sold.

In other words, Cavoukian says, it allows companies to continue collecting user data by default.

“I don’t want to sound negative because I think it’s great that California passed this law, and so quickly,” she says. “It’s better than nothing but it is arguably weaker than GDPR. GDPR is predicated on a positive consent model, California’s is opt out – and Canada is looking to strengthen our law to achieve essential equivalence with the GDPR.”

Cavoukian emphasizes that she is glad California’s legislation is “waking up” companies across the U.S. to the risks of unchecked data gathering.

“The U.S. has many sector specific privacy laws, but California’s is quite broad, and my understanding is it’s alarming many businesses because they will have to take a lot of measures,” she says. “If someone says they don’t want their information sold, the companies have to ensure that customer’s information is not being sold to data brokers and advertising companies. And that’s a real positive.”

It’s also where Canadian companies should already be as our federal government strengthens its own laws.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Eric Emin Wood
Eric Emin Wood
Former IT World Canada associate editor turned consultant with public relations firm Porter Novelli. When not writing for the tech industry enjoys photography, movies, travelling, the Oxford comma, and will talk your ear off about animation if you give him an opening.

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now