Tersa Scasa | | July 11, 2022
[Note: This is my third in a series of posts on the new Bill C-27 which will reform private sector data protection law in Canada and which will add a new Artificial Intelligence and Data Act. The previous two posts addressed consent and de-identification/anonymization.]
In 2018, there was a furore media reports that Statistics Canada (StatCan) attempted to collect the financial data of half a million Canadians from Canadian banks to generate statistics. Reports also revealed that there is already collected significant amount of personal financial data from credit agencies. The revelations led to complaints to the Privacy Commissioner, who investigated and issued a writ intermediate and a final report. One result was that StatCan worked with the Office of the Privacy Commissioner of Canada to develop a a new approach to the collection of such data. More recently, there were expressions of public outrage when the media reported that the Public Health Agency of Canada (PHAC) acquired de-identified mobility data of Canadians from Telus to inform their response to the COVID-19 pandemic. This led to hearings before the ETHI Standing Committee of the House of Commons and led to a report with a series of recommendations.
Look: Why data is the lifeblood of the modern regulator
Both cases involve attempts by government institutions or agencies to use existing data from the private sector to improve their analysis or decision-making. Good policy is built on good data; we must support and encourage the responsible use of data by government in decision-making. At the same time, however, there is clearly a deep public distrust of government – especially when it comes to personal data – that cannot be ignored. Addressing this mistrust requires both transparency and strong privacy protections.
Bill C-27tabled in parliament in June 2022, proposes a new Law on the Protection of Personal Data of Users to replace aging Law on Protection of Personal Information and Electronic Documents (PIPED). As part of the reform, this Private Sector Data Protection Bill contains provisions that are tailored to meet the government’s – as well as the commercial data industry’s – need for access to personal data in the hands of the private sector.
I’m listening to: Podcast: Bitcoin Privacy Interview with Matt Odell
Two provisions in C-27 are particularly relevant here: sections 35 and 39. Section 35 deals specifically with the sharing of private sector data for statistical and research purposes. Section 7(3)(f) of PIPEDA contains an exception which is similar to s. 35. Section 39 is entirely new. Section 39 deals with the use of data for “socially useful purposes”. Both s. 35 and Art. 39 were in C-27’s predecessor, Bill C-11. Only section 35 has been changed since C-11 – a small change greatly expands its scope.
Continue to full article –> here
The National Association for Crowdfunding and Fintech (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry management, networking and financing opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to to create a vibrant and innovative fintech and finance industry in Canada. Decentralized and distributed, NCFA engages with global stakeholders and helps incubate projects and investments in fintech, alternative finance, crowdfunding, peer-to-peer financing, payments, digital assets and tokens, blockchain, cryptocurrency, regtech and insurtech sectors. Join the Canadian FinTech and Finance Community today for FREE! Or become a contributing member and receive benefits. For more information, please visit: www.ncfacanada.org