New Canadian Privacy Law Compliance: Hefty Fines Ahead!

By Kajal Jain


More than two and a half years after Europe’s GDPR and California’s Consumer Privacy Act of 2018 (CCPA) came into effect, Canada introduced its own legislation to provide new stricter privacy laws. The advent of modern technology and the pandemic has had a great impact on the way Canadians access digital mediums. The Canadian government has recently prioritized safeguarding the personal information and privacy of its citizens. Here, we discuss what the New Canadian Privacy Laws will entail and how businesses need to be mindful of them.

New Canadian Privacy Laws (Bill C-11)

The Digital Charter Implementation Act, 2020 modernizes the framework for the protection of personal information in the private sector. It is a comprehensive reform of Canada's privacy framework which aims at the balancing of technological innovation and economic advancement with Canadians' trust and confidence regarding the collection, use and disclosure of their personal information in this digital age. The legislation proposes to increase control and transparency when companies handle citizens' personal information. Consequently, it would give Canadians the freedom to move their information in a secure manner as well as the freedom to demand that their information be destroyed if need be. The legislation also endows the Privacy Commissioner with powers to force compliance and the authority to order a business to stop collecting data or using personal information. To ensure compliance, there are stringent penalties with fines of up to 5% of revenue or $25 million, whichever is heftier, for the most serious offences.


It is important for businesses to realize the urgency of the situation and adapt to the changes in the way consumer data is accessed and shared. Businesses need to follow the ten fair information principles laid down to protect personal information. To ensure this, there is a need to appoint someone within an organization to keep a check on compliance. Businesses need to begin by assessing the privacy impact they currently have and do a thorough threat analysis of personal information handling practices they follow.

There is also a need to take steps to actively protect Canadian's personal information, especially the kind that is transferred to any third party for processing. Having a Privacy management program and incident management protocols in place can ensure complete compliance. For example, it is important to define the purpose of data collection, get valid consent and limit use and disclosure of this data. Businesses must also develop procedures to revert to complaints, queries, and access requests. Read our report to help understand why New Privacy laws will be important as the need for first-party consumer data will drive forth digital marketing campaigns in 2021 and beyond.

Once enacted, the Consumer Privacy Protection Act (CPPA) will effectively replace the Personal Information Protection and Electronic Documents Act (PIPEDA) as Canada’s main privacy law. Even provincial governments intend to revamp their private sector privacy laws. British Columbia has formed a Special Committee that aims to make recommendations to the Legislative Assembly in a report that would be released by February 2021. Quebec introduced Bill 64 that respects the protection of personal information in the private sector. Bill 64 is likely to be adopted by the spring of 2021. Ontario launched a consultation to create the province’s first-ever private sector privacy law too.


According to Baker McKenzie's Global Antitrust & Competition Practice Group, “To become law, Bill C-11 will need to advance through several legislative stages, including committee review and consultation, before it receives formal approval through Royal Assent. It is also common practice to hold public consultations and obtain input from various stakeholders during the process, in which case it may not be until well into 2021 before the Bill is passed”.

The New Canadian Privacy Laws are designed to ensure that both businesses and customers benefit from them. Peloton Media will be watching how the Government of Canada will implement the New Privacy Laws and we are available to advise on how marketers can ensure optimum ROI while remaining compliant. The timing is not far off and the fines are too hefty to ignore.