Released on May 5, 2022 by the Office of the Privacy Commissioner of Canada (OPC) the Recommendations aim to support the introduction of a new federal private sector privacy law in lieu and in place of the current Personal Information Protection and Electronic Documents Act (PIPEDA).
Key highlights of the 51 recommendations are as follows:
Enable responsible innovation (e.g. introducing a legitimate commercial interest exception to consent…)
Adopt a rights-based framework (e.g. the level of protection guaranteed under Canadian law should not be undermined when it comes to personal information that moves outside Canada…).
Increase corporate accountability (e.g. obligation to implement a privacy management program, obligation to undertake privacy impact assessments for high-risk activities…)
Ensure interoperability of laws, internationally and domestically (e.g. adoption of high privacy standards, enhance OPC enforcement powers…)
Adopt quick and effective remedies (e.g. subject all violations of the law to administrative penalties, adopt the UK enforcement notice scheme for organizations to understand the nature of a violation to be remedied before a penalty may be imposed).
Give the OPC tools to adopt a risk-based approach while being transparent (e.g. expand the private right of action)