The Supreme Court of Canada is hearing oral arguments on March 19th in Facebook Inc. v. Privacy Commissioner of Canada on privacy consent and personal information safeguards (appeal from 2024 FCA 140). The hearing will be webcast.
Tag Archives: Privacy
Privacy and AI
Bill C-27, “Digital Charter Implementation Act, 2022”, was introduced yesterday that would
- enact the “Consumer Privacy Protection Act” directed to the use of personal information, replacing portions of PIPEDA.
- establish a tribunal for hearing appeals of decision made by the Privacy Commissioner and impose penalties.
- enact the “Artificial Intelligence and Data Act” regulating the use of artificial intelligent systems, particularly those with a ‘high-impact’.
Privacy
Bill C-11, the Digital Charter Implementation Act, was introduced today directed to a new privacy regime, including the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act, and replacing parts of PIPEDA. Key features include a tribunal that can impose significant fines, order-making power by the Privacy Commissioner, disclosure of “automated decision systems”, data mobility and de-identification uses.
Breach Notifications
Implementing regulations for mandatory data breach reporting requirements, the Breach of Security Safeguards Regulations, were published in the Canada Gazette and are to come into force November 1, 2018. The regulations implement amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA).
Cyberbreach
Proposed federal regulations to implement mandatory data breach reporting requirements, Breach of Security Safeguards Regulations, were published for consultation. The proposed regulations include requirements for providing a data breach report to the Commission and for notifying affected individuals.
Forgotten?
Earlier today, the European Court of Justice held that under European law individuals have the right to request that Google remove certain links that appear when someone searches for their name. The Court considered that Google’s activities were ‘processing of personal data” within Europe and that an internet search engine operator is responsible for the processing that it carries out of personal data which appear on web pages published by third parties.