Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
A move by the Canadian privacy regulator to enforcement that focuses on systemic issues, such as cross-device tracking of consumers, would expose companies to greater scrutiny even if there aren’t public complaints, privacy attorneys told Bloomberg BNA.
Privacy Commissioner of Canada Daniel Therrien recently announced plans to move away from an enforcement agenda based primarily on consumer complaints to a more proactive approach. The Office of the Privacy Commissioner (OPC) will continue to be a complaint-driven ombudsman as specified in the Personal Information Protection and Electronic Documents Act, but intends to move resources to identifying and investigating systemic privacy issues of its own initiative, Therrien said at a news conference to release the agency’s annual report to the Canadian Parliament.
“Conducting involuntary audits will change the relationship between the agency and organizations and we may begin to see more resistance to its recommendations,” Timothy Banks, Canadian leader of global privacy and cyberscurity practice in the Toronto office of Dentons Canada LLP. “This may be a good thing in the development of privacy law in Canada.”
Systemic privacy issues include uses of data by companies that aren’t transparent to consumers and by companies in new and unusual business models, Therrien said. It would be “naive” to leave responsibility for addressing privacy to the companies, particularly as surveys show that more than 90 percent of Canadian consumers have “nagging doubts” about the safety of their information, he said.
But the focus on systemic issues may largely focus on big online players, such as Facebook Inc., Alphabet Inc.'s Google, and Microsoft Corp., David Fraser, a privacy partner with McInnes Cooper in Halifax, told Bloomberg BNA. Those are the most privacy-conscious entities, with many more privacy lawyers and security engineers than any privacy body, he said. “If there’s a zone of non-compliance in Canada, it’s the small and medium-sized businesses,” Fraser said.
It is unclear whether the OPC has the resources necessary to carry out the new agenda envisioned by Therrien.
Therrien said that a “relatively modest” increase in the OPC budget would allow the agency to meet the expanded mandate. If an increased budget isn’t forthcoming, the OPC will have to make a “difficult choice” on whether to launch proactive investigations or continue with individual, fact-specific cases, he said.
Smaller businesses, and the consumers they serve, might receive less attention under an OPC enforcement plan that focuses on systemic privacy issues.
The proposed policy change would likely only affect large businesses in the short term due to the OPC’s limited resources, Paige Backman, a privacy partner in the Toronto office of Aird & Berlis LLP, told Bloomberg BNA. “You may see long-term impacts on businesses as the privacy commissioner’s office increases its profile and lobbies for more resources,” Backman said. “The impact you may see on smaller businesses or smaller issues is less attention given to complaints regarding their information handling practices.”
“Canadians do not feel protected by a law that has no teeth,” Therrien said. The OPC wants “greater authority to choose the systemic approach,” he said, but “won’t wait for legislative changes” to move the proactive systemic approach forward.
The federal privacy agency has long advocated for Parliament to boost its enforcement mandate, including the ability to undertake more self-initiated investigations, clearer order-making powers, and the ability to levy administrative fines.
Nathaniel Erskine-Smith, vice-chairman of the House of Commons Access to Information, Privacy, and Ethics Committee, told Bloomberg BNA that Therrien’s proposed policy change is consistent with arguments he and his predecessors at the OPC have made to the committee. PIPEDA already gives the OPC the authority to initiate its own investigations if they are based on “reasonable grounds,” he said.
The OPC can already ask the Federal Court of Canada to enforce its orders if companies don’t accept its recommendations to fix their privacy policies, The court can issue binding orders and mete out penalties, including forcing companies to turn over profits from unlawful privacy-impinging activities.
The OPC is seeking enforcement powers similar to privacy regulators in the U.S. and Europe, but that isn’t necessarily a better option compared to Canada’s less confrontational approach, Fraser said.
To contact the reporter on this story: Peter Menyasz in Ottawa at email@example.com
To contact the editor responsible for this story: Donald Aplin at DAplin@bna.com
The Office of the Privacy Commissioner's annual report is available at http://src.bna.com/sPH.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)