December 26, 2024

The Queens County Citizen

Complete Canadian News World

Protection of Personal Data | How the new law affects you

Protection of Personal Data |  How the new law affects you

After years of waiting on a soap opera and a dead first draft, Ottawa finally tabled its legislation protecting personal data in mid-June. Fines of up to 25 million for erring companies, the right of data control for ordinary citizens and the supervision of artificial intelligence are just the spearheads of this complex legislation. Press Two experts were asked to popularize it.

Posted yesterday at 7:00 am

Karim Benessai

Karim Benessai
Press

Briefly

At 147 pages long, Bill C-27’s 46-word title alone is dizzying. “An Act to implement the Consumer Privacy Protection Act”, in essence, takes over the requirements of the first Bill C-11 introduced in November 2020. At that time, we will impose penalties of up to 25 million or 5% of the revenue, whichever is higher. With clear privacy policies, we still find the concept of “valid consent” to be able to transfer one’s data from one organization to another, destroy these when no longer needed, and set up a special tribunal.

Good to hear

But the new law goes beyond November 2020, says Chantal Bernier, who served as assistant and then acting commissioner at the Privacy Commission of Canada from 2008 to 2014. She is now Legal Counsel for Cybersecurity and Privacy at Dentons.

Photo courtesy of Dentons

Chantal Bernier, Attorney for Cyber ​​Security and Privacy at Dentons

“I was immediately struck by the government’s willingness to reconcile competing interests, protecting personal information on the one hand, and promoting a digital economy based on this information on the other. »

She noted from the preamble that protecting citizens’ right to privacy is “essential to their autonomy and dignity and to the full enjoyment of fundamental rights and freedoms in Canada.” “It gives it quasi-constitutional significance. »

The other part, she apologized, “may sound technical, but it’s critical”. In essence, the law distinguishes between “personalised”, protected and “anonymous” data, which is not linked to an individual, but is usable.

“For companies, it makes all the difference in their ability to do research,” she said.

Finally some teeth

“The break is over. “Like M.e Bernier, Eloise Gratton, a lawyer specializing in privacy protection at BLG, uses this expression to describe an important measure that is not in the headlines. Essentially, companies that process personal data are obliged to appoint a controller and develop “codes of practice” and “certification programs” to protect it. The difference is that the Privacy Commissioner now has the power to investigate, recommend and sanction.

Photo courtesy of Eloise Gratton

Eloise Gratton, Privacy Lawyer at BLG

Many small firms have not yet complied with such requirements, Me Gratton. “I think it will motivate companies to invest in information security and protection of personal information. »

Taming AI

Another important aspect of the new law is its desire to prevent the “reckless” use of artificial intelligence (AI), for example, which is not designed with discriminatory bias. The Artificial Intelligence and Data Commissioner has the power to conduct audits in companies on the subject.

“I see it with a very good eye, Me Bernard. We already have examples, especially in the hiring of employees with biased practices. However, many aspects remain to be defined in this area, particularly in defining what constitutes prejudice and how to establish the severity of prejudice.

Powers and Responsibilities

The fact is undeniable, these new requirements increase the administrative burden for businesses. Me But Gratton believes this is inevitable. “This is a burden commensurate with the power of organizations to manage personal information, including risks of intrusion into privacy. “She laughed at the occasion, Spider-Man’s motto:” As this power increases, it increases the responsibilities. »

Eloise Gratton, she recalled, said this federal bill would come after three other provincial laws adopted in Alberta, British Columbia and, most notably, Quebec. “With the federal government, it’s just a continuation. […] It is already clear that there is an evolution among companies in the way privacy policies are written: we prepare them in layers, with summaries, and if the person wants more information, there is access. »