IIAC RESPONDS TO THE ONTARIO GOVERNMENT CONSULTATION TO STRENGTHEN PRIVACY PROTECTIONS OF PERSONAL DATA
Currently, private sector organizations operating in Ontario must follow the rules set out in the federal Personal Information Protection and Electronic Documents Act (PIPEDA), which governs traditional commercial activities. The Ontario government has proposed to develop a new privacy regime separate from PIPEDA. The IIAC believes the best way to protect personal information is for Canadian jurisdictions to adhere to the existing federal legislation. PIPEDA has proven to be a practical, established, and well-understood framework for companies and individuals.
The IIAC is concerned that adding to the existing provincial patchwork of privacy rules may introduce additional regulatory inconsistencies which, in turn, will increase uncertainty, create inefficiencies, and increase the cost of compliance for Canadian entities operating within and outside Canada, and foreign entities seeking to do business in Canada. In addition, a patchwork of privacy rules may negative affect or complicate Canada’s EU adequacy status which ensures that data processed in accordance with the EU’s General Data Protection Regulation (GDPR) can be subsequently transferred to and from the EU without requiring additional data protection safeguards or authorization to transfer the data. Casting doubt over Canada’s adequacy status would negative affect the ability of Canadian entities to conduct business with European and other international jurisdictions.
If Ontario elects to create its own separate privacy regime, we urge the Ontario government to work with the department of Innovation, Science and Economic Development Canada (ISED) and the relevant provincial regulators in British Columbia, Alberta and Quebec to develop a harmonized privacy regulatory framework that is uniformly applied across Canada.
If you have any questions, please contact Susan Copland.