Canada’s Digital Charter: The Problem of Trust in a Growing Digital World
Canada’s privacy legislation may be headed for significant renovation.
On May 21, 2019, the Minister of Innovation, Science, and Economic Development, The Honourable Navdeep Bains, introduced Canada’s Digital Charter. This Charter sets out 10 principles intended to guide the government’s decisions about the digital and data economy:
- Universal access – Equal opportunity for Canadians to participate in the digital world
- Safety and security – Canadians’ ability to rely on the integrity and authenticity of online services
- Control and consent – More control for Canadians over the data they are sharing and how that data is being used
- Transparency / portability / interoperability – Ability for Canadians to clearly and manageably access and share their own personal data
- Open and modern digital government – Straightforward and secure digital services from the federal government
- Level playing field – Fair competition online
- Data and digital for good – Ethical use of data
- Strong democracy – transparency of political discourse and protection against online threats to freedom of speech and disinformation
- Free from hate and violent extremism – accountability for digital expression of hate and violent extremism
- Strong enforcement and real accountability – meaningful penalties for violations of laws based on these principles
The government has also committed to revising and modernizing Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and has begun to examine that legislation to ensure it is consistent with the Digital Charter. PIPEDA has not been substantially updated since its enactment in the early 2000s, and the Digital Charter suggests we can look forward to significant changes targeting data mobility, online reputation, consent, oversight and enforcement.
The Government has issued a discussion paper regarding possible amendments to PIPEDA, which emphasizes a need for greater individual control over personal information. The discussion paper includes proposals to:
- Allow individuals greater ability to control their date by directing that their information be moved from one organization to another in a standard digital format;
- Impose specific, standardized, plain language information requirements for obtaining consent, and prohibiting the bundling of consent into a contract;
- Specifically define de-identified information;
- Expand the scope of consent requirements;
- Require enhanced transparency about the use of automated decision-making;
- Create defined retention periods.
The Digital Charter and changes to PIPEDA will likely also have a ripple effect in provincial privacy legislation like British Columbia’s Personal Information Protection Act, as that legislation is drafted to reflect many of the same principles. We also anticipate a broader effect on Canada’s Anti-Spam Legislation, and legislation governing data-transmission industries.
As a policy document, the Digital Charter does not create immediate change, but it is a signal of intent from the government. Employers in every industry should be mindful of these potential changes, and prepared to adapt as necessary to ensure compliance.
Additional information about Canada’s Digital Charter can be found at https://www.ic.gc.ca/eic/site/062.nsf/eng/h_00109.html.
The proposal to reform PIPEDA is available at https://www.ic.gc.ca/eic/site/062.nsf/eng/h_00107.html.
Special thanks to Kate Jones, a summer student with Roper Greyell LLP, for her assistance in writing this article.