On May 11, the Office of the Privacy Commissioner (OPC) announced it has submitted its written submission on Bill C-27, the government’s proposed new private sector privacy law, the Consumer Privacy Protection Act (CPPA).
While acknowledging that the proposed new CPPA is an “improvement” of the privacy regulatory framework, the OPC is of the view that more can be done to protect the privacy of Canadians and submitted 15 recommendations for consideration, namely:
Recognize privacy as a fundamental right.
Protect children’s privacy and the best interests of the child.
Limit organizations’ collection, use and disclosure of personal information to specific and explicit purposes that take into account the relevant context.
Expand the list of violations qualifying for financial penalties to include, at a minimum, appropriate purposes violations.
Provide a right to disposal of personal information even when a retention policy is in place.
Create a culture of privacy by requiring organizations to build privacy into the design of products and services and to conduct privacy impact assessments for high-risk initiatives.
Strengthen the framework for de-identified and anonymized information.
Require organizations to explain, on request, all predictions, recommendations, decisions and profiling made using automated decision systems.
Limit the government’s ability to make exceptions to the law by way of regulations.
Provide that the exception for disclosure of personal information without consent for research purposes only applies to scholarly research.
Allow individuals to use authorized representatives to help advance their privacy rights.
Provide greater flexibility in the use of voluntary compliance agreements to help resolve matters without the need for more adversarial processes.
Make the complaints process more expeditious and economical by streamlining the review of the Commissioner’s decisions.
Amend timelines to ensure that the privacy protection regime is accessible and effective.
Expand the Commissioner’s ability to collaborate with domestic organizations in order to ensure greater coordination and efficiencies in dealing with matters raising privacy issues.
The written submissions were published on May 10 by the House of Commons Standing Committee on Industry and Technology.