Data Protection in Canada

Data protection has been at the heart of regulatory news in recent years, particularly in Canada with the introduction of Bill C27: Digital Charter Implementation Act, 2022, in June 2022. 

This legislation is intended to strengthen the existing regulatory framework in order to bring it closer to international standards (GDPR in particular). Indeed, the Personal Information Protection and Electronic Documents Act (PIPEDA) is currently the one that governs the collection, use and disclosure of personal information. It is important to note that when there are data transfers outside Canada (US, EU, etc.), specific procedures must be followed. Companies face many challenges in complying with the regulations and protecting the personal information of their customers and avoiding violations that could lead to significant criminal and administrative penalties. 

Aurexia has conducted a study on Canadian obligations regarding international data transfers, which identifies the major current and future issues related to data protection (confidentiality, security, consent, transparency, accountability and compliance). The following teaser presents the key points of this study.