Ottawa should consider squeezing the provinces to enact similar federal, provincial and territorial privacy laws across Canada, says a new paper from the C.D. Howe Institute, which argues commonality will benefit businesses and consumers.
“The federal government should contemplate leveraging its trade and commerce power further to seek harmonized privacy laws in Canada,” Daniel Schwanen, the institute’s vice-president of research, said in a paper released this week. It comes as a parliamentary committee continues discussing a proposed overhaul of federal legislation known as Bill C-27.
“The federal government should get ahead of the game in this respect, with ideas and mechanisms for harmonization around reasonably robust standards, or for mutual recognition of these standards, and not wait until a costly fragmentation occurs in this still-expanding regulatory field,” the report says.
Such a patchwork would mean businesses having to decide whether they can afford to maintain distinct privacy policies for individual jurisdictions or pick one policy for their business that would meet the highest provincial/federal (or perhaps international) standard in each facet of the policy, the report argues.
British Columbia, Alberta and Quebec have their own privacy laws covering the private sector, and Ontario is thinking of passing its own. The other provinces and territories accept the current Personal Information Protection and Electronic Documents Act (PIPEDA) for regulating the private sector.
Schwanen’s suggestion is one of four his paper makes for easier implementation of Bill C-27, which includes an overhaul of PIPEDA called the Consumer Privacy Protection Act (CPPA), new legislation creating a Digital Protection Tribunal to hear requests from the federal Privacy Commissioner to fine companies, and a new Artificial Intelligence and Data Act.
The legislation is of vital interest to IT security and privacy leaders because it will govern how personal data can be collected and should be protected.
The C.D. Howe Institute is a business-focused think tank that seeks the liberalization of trade and investment in Canada.
Schwanen’s paper analyzes pros and cons of the CPPA. It says the new disclosure, data protection, and reporting requirements under the CPPA “will undoubtedly increase the cost of doing business.” On the other hand, he says the bill strikes a good balance between the needs of business and individuals. Rather than advocate changes to particular sections, he says “legislators should be wary of proposed amendments that could increase the inevitable costs and uncertainty around the implementation of the new law.”
The other ways the paper suggests governments and businesses could help ease the implementation of the CPPA include:
— helping Canadians understand the benefits and risks of sharing (or not sharing) their personal data. One way could be creating a joint federal government-business body dedicated to a privacy awareness education campaign;
— encouraging the use of streamlined privacy requirements and procedures, and a longer phase-in for small businesses that don’t collect sensitive information. These might include supporting the introduction of accepted plain language templates for internal company policies concerning the collection, storage, use, and sharing of non-anonymized data;
— creating an advisory Privacy Council comprising federal and provincial privacy regulators, consumers, businesses, and researchers to review the effectiveness of privacy legislation.