This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

Canada and India: The Next Privacy Frontiers

Both Canada and India are working on proposed national privacy law upgrades that would bring their country-wide frameworks closer to that of the EU. In addition, a regional law (in Quebec) will begin to take effect this year in Canada, which may spur heightened compliance measures across the country in the same way that California's privacy law has motivated US companies to address privacy.  For Canada, the new and proposed laws are an upgrade to already-stringent national privacy rules.  

The laws would address the security of personal data as well as consumer rights of access, deletion, and more.  They would require that companies deliver notice of their practices and could impose other duties as well.  Finally, the EU notoriously added potentially huge fines to its privacy framework when it enacted the 2018 GDPR, and both Canada and India are debating doing the same.   

Why It Matters

Maintaining the privacy and security of "personal" data is no longer an optional part of online/electronic business.  Furthermore, data about people is no longer an unfettered corporate asset. Regulators across the globe are increasingly favorable to the ideas that (1) companies should be constrained by some rules as to what they can and cannot do with data about individuals and (2) those individuals have some control over corporate use of personal data about them, and certain rights in and to such data. Given the global nature of supply chains, electronic business, online communications, and more, these rules are extremely likely to affect almost all companies at some time in the near future. Taking time now to understand how new comprehensive privacy laws work and designing compliant workflow is well worth the investment.  

Like the Quebec law, the federal proposal would strengthen companies' accountability in several ways, including by expanding the scope of security safeguards and giving a new independent data protection tribunal the ability to impose fines of up to 5% of global revenue or CA$25 million, whichever is greater. The law would also establish new rules for handling children's data and artificial intelligence, as well as create a new exception that would allow companies to collect, use and disclose personal information without consent if they have a legitimate reason for doing so.

Tags

data security and privacy, hill_mitzi, insights