Bill C-11, the Digital Charter Implementation Act, was introduced today directed to a new privacy regime, including the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act, and replacing parts of PIPEDA. Key features include a tribunal that can impose significant fines, order-making power by the Privacy Commissioner, disclosure of “automated decision systems”, data mobility and de-identification uses.
Implementing regulations for mandatory data breach reporting requirements, the Breach of Security Safeguards Regulations, were published in the Canada Gazette and are to come into force November 1, 2018. The regulations implement amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA).
Proposed federal regulations to implement mandatory data breach reporting requirements, Breach of Security Safeguards Regulations, were published for consultation. The proposed regulations include requirements for providing a data breach report to the Commission and for notifying affected individuals.
Earlier today, the European Court of Justice held that under European law individuals have the right to request that Google remove certain links that appear when someone searches for their name. The Court considered that Google’s activities were ‘processing of personal data” within Europe and that an internet search engine operator is responsible for the processing that it carries out of personal data which appear on web pages published by third parties.