Lawyers have been chatting around the water cooler about “Bill C-11”. But what is that and how does it affect you?
As explained in our previous article about whether the Prime Minister could ban TikTok, the data privacy of Canadians is governed by PIPEDA. This Act sets Canada’s current standards on privacy protection between businesses and its customers. The law provides for a Privacy Commissioner whose job is to investigate violations of the law. Importantly, the Commissioner is not the enforcer—that job is for the Federal Courts.
If this is confusing, think of the following analogy: the Privacy Commissioner is Commissioner James Gordon from the Batman universe. First, usually some citizen complains about the conduct of an accused. Then, the Commissioner investigates whether there has been a violation of PIPEDA. If he senses some wrongdoing, he turns on the bat-signal and refers the matter to the Federal Courts, who then enforces the law.
Bill C-11 proposes a new dynamic (as in, it isn’t the law yet). The Privacy Commissioner is no longer just Commissioner Gordon. The Privacy Commissioner is now “Commissioner Batman”, as in, he does both the investigating and the enforcing.
Importantly, Commissioner Batman would have an extended array of enforcement tools. He would be able to issue “compliance orders” against people who breach the law. However, this is not all—he also gets his own court, an administrative tribunal. Commissioner Batman may also ask the tribunal to issue big fines. Specifically, a fine not exceeding $25,000,000 or 5% of the business’ gross global revenue in its financial year, whichever is greater.
In other words, a new Privacy Commissioner may be coming to town, and all businesses should ensure they will be compliant with the proposed law. Please check out our very own Stefani Cuberovic and her blog post found here for the specifics regarding the proposed law.
With this new upgraded utility belt, one thing is certain: you do not want to run afoul of the new sheriff. Should you have any questions regarding the safeguarding and management of data, please do not hesitate to contact us, [email protected] or [email protected].
This article was written in collaboration with lead co-author Savvas Daginis, student-at-law.