Bill C-27: Federal Government Introduces Legislation Overhauling Canada’s Federal Privacy Laws

On June 16, 2022 the Minister of Innovation, Science and Industry François-Philippe Champagne and the Minister of Justice and Attorney General of Canada David Lametti introduced Bill C-27, the Digital Charter Implementation Act (the “Act”). Bill C-27 is an update to Bill C-11, the Digital Charter Implementation Act, introduced in 2020. As it currently stands, the Act proposes to enact three new pieces of federal legislation. Each are described briefly below.

Consumer Privacy Protection Act (the “CPPA”)

The Consumer Privacy Protection Act (“CPPA”) repeals Part 1 of the Personal Information Protection and Electronic Documents Act (“PIPEDA”), with the remainder of PIPEDA staying in force as the Electronic Documents Act.

The CPPA seeks to provide consumers with more control over the collection and use of their personal information. Among other strategies, the legislation will require data collectors to obtain consent from consumers using plain language that can be reasonably understood by the target audience. Consumers can also require companies to delete their information when it is no longer needed. Notably, the CPPA imposes higher standards for the collection and use of the information of minors.

In addition to these changes, the CPPA introduces broader powers for the privacy commissioner of Canada. This includes the ability to make orders against companies and recommend monetary penalties to the newly established tribunal.

Personal Information and Data Protection Tribunal Act

The Personal Information and Data Protection Tribunal Act establishes a tribunal to enforce the CPPA, review decisions by the privacy commissioner, and impose fines. In the most serious of cases, these fines can reach $25 million or 5% of the company’s total revenues, whichever is greater.

Artificial Intelligence and Data Act

The Artificial Intelligence and Data Act establishes constraints on the development and usage of artificial intelligence systems, creating criminal offences for improper use. In addition, the legislation establishes an AI and Data Commissioner responsible for ensuring compliance with the Act.

Conclusion

If enacted, the legislation will impact federally regulated employers as well as private sector companies in respect of their cross border activities. Bill C-27 includes exemptions to the consent requirements for handling of employee personal information, however, employee training would be required to address the legislative overhaul.

Bill C-27 is currently in its second reading before the House of Commons and debates and committee will follow. The full text of the bill is available here.

At Roper Greyell, we are closely monitoring the response to these proposed changes and their expected impact on employers in Canada.

 

While every effort has been made to ensure accuracy in this update, you are urged to seek specific advice on matters of concern and not to rely solely on what is contained herein. The document is for general information purposes only and does not constitute legal advice.