SlideShare uma empresa Scribd logo

Special Committee review of the Personal Information Protection Act (PIPA): Input from BC Tech

BC Tech Association
BC Tech Association

Special Committee review of the Personal Information Protection Act (PIPA): Input from BC Tech, 7 July 2021

Tecnologia
1 de 4
Baixar para ler offline
Special Committee review of the Personal Information Protection Act (PIPA): Input from BC Tech, 7 July 2021 Context There is a growing consensus among policy-makers that changes to Canadian privacy laws are required to reflect the exponential growth of digital products and services, and the increased importance of data in the modern economy. At the federal level, the government has published a detailed discussion paper on proposals to modernize the Personal Information Protection and Electronics Documents Act. In the Province of Quebec, Bill 64, An Act to Modernize Legislative Provisions Respecting the Protection of Personal Information, was introduced in the Quebec National Assembly on June 12, 2020. The BC Information and Privacy Commissioner has indicated that “[m]ajor reform is urgently needed” to PIPA, which is largely unchanged from the version that came into effect in January 2004. It is expected that the Special Committee will use the current review process to issue recommendations calling for significant amendments to PIPA. Members of BC Tech have much at stake in the legislative review process. While trust of consumers is often critical to the success of technology businesses, privacy rules can have meaningful, often unintended, consequences, particularly if the rules are not interoperable with rules in other jurisdictions. What’s clear is that a balanced approach is needed – one that recognizes the right of privacy of individuals and the need of organizations to collect, use or disclose personal information for reasonable purposes. If this balance is not achieved, the continued growth of the tech-sector in BC would be jeopardized and, more broadly, BC would become a less attractive jurisdiction in which to carry on business. These risks are not theoretical. Following the adoption of the General Data Protection Regulation (GDPR) in the EU, it has become more difficult for smaller companies in Europe to survive – let alone unseat incumbents. Large companies have the technology, legal and financial resources required to redesign products and operations, and to bear the risk of large fines. Smaller companies often don’t. How effective is the current legislation? What works well? PIPA has proven to be effective and resilient. It can be applied to countless new and unforeseen commercial activities in a rapidly changing data environment, without the need for frequent legislative amendments. PIPA’s effectiveness can be attributed to the following four key features: 1) PIPA is principles-based, allowing organizations to implement privacy protections in a flexible and context-specific manner, taking into account actual risks;
2) PIPA is technology and business sector neutral, making it largely future-proof; 3) PIPA’s privacy principles are both non-prescriptive and generally consistent with common-sense business practices, making it possible for most businesses to understand what the law requires; and 4) PIPA generally balances privacy considerations with business requirements. What does not work well? PIPA is a consent-based statute. This means that the authority to collect, use or disclose personal information requires the consent of the individual, subject to limited exceptions. While the objective of a consent-based model (i.e., putting individuals in control of their data) is laudable, it’s clear that consent has become ineffective in the modern digital world. It is unrealistic to expect the average person to invest the time required to fully understand the details of every privacy policy they may come across on a daily basis. It is equally challenging for industry to comprehensibly communicate the details of every potential use of personal information to individuals. These challenges are exacerbated when new, unanticipated uses of information are identified. Increasingly, data analytics makes it likely that organizations will have the ability to use information for new purposes that benefit individuals, businesses and society in unanticipated ways from when consent was originally obtained. In these instances, it can be very challenging, if not often impossible, to obtain consent. A legislative review of PIPA provides an opportunity to explore how alternatives to consent can be adopted that both enable the responsible use of information, while also making privacy protections more effective. Future Changes General comments It is critical that any amendments to PIPA reinforce the four key features of PIPA described above. Making refinements to the existing regulatory framework is preferable to adopting a wholesale new approach. Additionally, it is critical that PIPA be interoperable with privacy frameworks deployed in other leading jurisdictions, including the European Union. Interoperability does not require that the same exact obligations be adopted (for example, by copying legislative requirements). Rather, it can be achieved through a regulatory framework with compatible outcomes and without requiring that different operational processes or technological systems be adopted than those that meet the global standard. While interoperability is an important consideration for privacy legislation anywhere in the world, it is particularly critical in the case of smaller jurisdictions – like BC. Whereas the EU (with almost half a billion people) may have the economic might to direct how products or services are delivered, the same can’t be said when the applicable market is small. For small markets, it often will be the case that the costs of
compliance cannot be justified economically, making it more likely that impacted businesses will decide to stop selling into the market or even relocate their headquarters to another jurisdiction. What would be an improvement to the current legislation? 1) Adding new grounds for processing personal information. Consent should be only one of multiple-grounds for processing personal information. Under the GDPR, there are six additional grounds: performance of a contract, compliance with a legal obligation, vital interest of the data subject, public interest and legitimate interest. These additional grounds should be added to PIPA. 2) Excluding de-identified data from the definition of personal information. Enabling the use of de- identified data would support the use of data for analytics, artificial intelligence and other productive uses and help to relieve consent-fatigue among individuals. Legal guardrails, including a prohibition on re-identifying the information, would serve to protect the legitimate interests of individuals. What are issues to be avoided in any changes to the current legislation? 1) Prescriptive rules. The current principles-based approach enables flexibility while protecting private information through reasonable measures. Maintaining this flexibility is critical to ensure that businesses in BC are able to effectively compete in the global marketplace, while protecting the privacy of individuals. 2) New “data residency” requirements. The approach under PIPEDA (which generally allows for processing of data outside of Canada when equivalent protections are put in place through contracts with data processors). This contrasts with Bill 64 in Quebec, which requires all organizations to undertake an assessment of, among other things, the legal framework in the destination jurisdiction, including the legal framework’s degree of equivalency with the privacy protection principles in Quebec. The Quebec approach is not viable as it will undermine day-to- day business activities, including the use of online tools and cloud services (including e-commerce platforms, payment systems, customer relationship management tools and human resource management systems) that have become both ubiquitous and critical to the operations of businesses in the modern economy. 3) Enactment of new rules in respect of data portability, take-down and de-indexing. Internationally recognized standards must emerge before any such rules will be viable. As a practical matter, a
BC-based technology company cannot be expected to incur the cost of developing a compliance solution for BC and then a different solution for other markets. 4) Penalties that lack proportionality to the size of the BC market. Bill 64 in Quebec adopts penalties that are generally aligned to the GDPR (i.e., 4% of worldwide revenue) notwithstanding that it has a population that is less than 2% of the population in the EU. If Bill 64 becomes law, Quebec will have created a strong disincentive for businesses to be headquartered or do business in Quebec – as they will face penalties that are grossly disproportionate to the size of the Quebec market. If BC were to follow Quebec’s lead, it would similarly undermine BC’s ambition to be a favourable jurisdiction in which to start and scale businesses, including technology businesses. 5) Penalties that aren’t tied to harm. An assessment of actual harm to individuals is a critical component of a penalty regime that holds non-compliant organizations to account, without creating punitive fines that discourage innovation or conditions that will promote opportunistic class actions. 6) Enforcement powers that do not comply with principles of natural justice and procedural fairness. Any audit, inspection or discovery rights need to be triggered only if there is a reasonable belief that the applicable organization is not in compliance with PIPA. Self-initiated audits, inspections and investigations that do not satisfy this trigger would be viewed as “fishing expeditions” and, therefore, inconsistent with the rule of law. 7) Health sector-specific regulation that interferes with cost-effective delivery of care. Rules that interfere with digital health deliver, especially rules applicable to data residency, will often negatively impact on the health and safety of British Columbians. Theoretical risks about access to personal information by foreign governments should not take precedence over the delivery of medical care.

Recomendados

2020 BC Technology Report Card
2020 BC Technology Report Card2020 BC Technology Report Card
2020 BC Technology Report CardBC Tech Association
 
BC Tech 2020 BC Budget Submission
BC Tech 2020 BC Budget SubmissionBC Tech 2020 BC Budget Submission
BC Tech 2020 BC Budget SubmissionChristopher Malmo
 
BC Tech: Policy Recommendations (Fall 2020)
BC Tech: Policy Recommendations (Fall 2020)BC Tech: Policy Recommendations (Fall 2020)
BC Tech: Policy Recommendations (Fall 2020)BC Tech Association
 
BC-led Canadian Digital Technology Supercluster
BC-led Canadian Digital Technology SuperclusterBC-led Canadian Digital Technology Supercluster
BC-led Canadian Digital Technology SuperclusterBC Tech Association
 
2018 British Columbia Technology Report Card
2018 British Columbia Technology Report Card2018 British Columbia Technology Report Card
2018 British Columbia Technology Report CardBC Tech Association
 
Investment priorities for BC’s tech sector
Investment priorities for BC’s tech sectorInvestment priorities for BC’s tech sector
Investment priorities for BC’s tech sectorBC Tech Association
 
BC’s Tech Sector in 2020
BC’s Tech Sector in 2020BC’s Tech Sector in 2020
BC’s Tech Sector in 2020BC Tech Association
 
BC Tech Policy Recommendations
BC Tech Policy RecommendationsBC Tech Policy Recommendations
BC Tech Policy RecommendationsChristopher Malmo
 

Recomendados

2020 BC Technology Report Card
2020 BC Technology Report Card2020 BC Technology Report Card
2020 BC Technology Report CardBC Tech Association
 
BC Tech 2020 BC Budget Submission
BC Tech 2020 BC Budget SubmissionBC Tech 2020 BC Budget Submission
BC Tech 2020 BC Budget SubmissionChristopher Malmo
 
BC Tech: Policy Recommendations (Fall 2020)
BC Tech: Policy Recommendations (Fall 2020)BC Tech: Policy Recommendations (Fall 2020)
BC Tech: Policy Recommendations (Fall 2020)BC Tech Association
 
BC-led Canadian Digital Technology Supercluster
BC-led Canadian Digital Technology SuperclusterBC-led Canadian Digital Technology Supercluster
BC-led Canadian Digital Technology SuperclusterBC Tech Association
 
2018 British Columbia Technology Report Card
2018 British Columbia Technology Report Card2018 British Columbia Technology Report Card
2018 British Columbia Technology Report CardBC Tech Association
 
Investment priorities for BC’s tech sector
Investment priorities for BC’s tech sectorInvestment priorities for BC’s tech sector
Investment priorities for BC’s tech sectorBC Tech Association
 
BC’s Tech Sector in 2020
BC’s Tech Sector in 2020BC’s Tech Sector in 2020
BC’s Tech Sector in 2020BC Tech Association
 
BC Tech Policy Recommendations
BC Tech Policy RecommendationsBC Tech Policy Recommendations
BC Tech Policy RecommendationsChristopher Malmo
 
BC Tech Year in Review 2019-20 Annual Report
BC Tech Year in Review 2019-20 Annual ReportBC Tech Year in Review 2019-20 Annual Report
BC Tech Year in Review 2019-20 Annual ReportBC Tech Association
 
2014 British Columbia Technology Report Card
2014 British Columbia Technology Report Card2014 British Columbia Technology Report Card
2014 British Columbia Technology Report CardBC Tech Association
 
BC Budget Submission - Appendix (June 2020)
BC Budget Submission - Appendix (June 2020)BC Budget Submission - Appendix (June 2020)
BC Budget Submission - Appendix (June 2020)BC Tech Association
 
BC Tech: Policy Recommendations (August 2020)
BC Tech: Policy Recommendations (August 2020)BC Tech: Policy Recommendations (August 2020)
BC Tech: Policy Recommendations (August 2020)BC Tech Association
 
Vote for BC. Vote for Tech.
Vote for BC. Vote for Tech. Vote for BC. Vote for Tech.
Vote for BC. Vote for Tech. Ruman Kang
 
2016 BC Technology Report Card
2016 BC Technology Report Card2016 BC Technology Report Card
2016 BC Technology Report CardErin Westlake
 
Bc tech annual-report-2018-19-web
Bc tech annual-report-2018-19-webBc tech annual-report-2018-19-web
Bc tech annual-report-2018-19-webBC Tech Association
 
Achieving Economic Impact 2014-2019
Achieving Economic Impact 2014-2019Achieving Economic Impact 2014-2019
Achieving Economic Impact 2014-2019BC Tech Association
 
11-12 Annual Review
11-12 Annual Review11-12 Annual Review
11-12 Annual ReviewBC Tech Association
 
BC Tech Policy Recommendations March 2020
BC Tech Policy Recommendations March 2020BC Tech Policy Recommendations March 2020
BC Tech Policy Recommendations March 2020ChadParent3
 
BC's Tech Sector-March13
BC's Tech Sector-March13BC's Tech Sector-March13
BC's Tech Sector-March13BC Tech Association
 
2019-2020 year in review
2019-2020 year in review2019-2020 year in review
2019-2020 year in reviewBC Tech Association
 
Digitalbusiness
DigitalbusinessDigitalbusiness
DigitalbusinessHiren Selani
 
The Bionic Future - Future Work Summit
The Bionic Future - Future Work SummitThe Bionic Future - Future Work Summit
The Bionic Future - Future Work SummitMiguel Carrasco
 
Digital Economy Outlook 2015
Digital Economy Outlook 2015Digital Economy Outlook 2015
Digital Economy Outlook 2015innovationoecd
 
Indonesian Tech Ecosystem Report - Bits by Bricks
Indonesian Tech Ecosystem Report - Bits by BricksIndonesian Tech Ecosystem Report - Bits by Bricks
Indonesian Tech Ecosystem Report - Bits by BricksRama Manusama
 
Designing Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design DrinksDesigning Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design DrinksService Design Berlin
 
Internet-of-Things_Report
Internet-of-Things_ReportInternet-of-Things_Report
Internet-of-Things_ReportOceane Rime
 
Nic 2012 statereport_tennessee
Nic 2012 statereport_tennesseeNic 2012 statereport_tennessee
Nic 2012 statereport_tennesseeNIC Inc | EGOV
 
Piloting The Cloud: Acting on OMB's Mandate - RightNow Technologies
Piloting The Cloud: Acting on OMB's Mandate - RightNow TechnologiesPiloting The Cloud: Acting on OMB's Mandate - RightNow Technologies
Piloting The Cloud: Acting on OMB's Mandate - RightNow TechnologiesNitin Badjatia
 
Embracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsEmbracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsCognizant
 
Understanding Binding Corporate Rules
Understanding Binding Corporate RulesUnderstanding Binding Corporate Rules
Understanding Binding Corporate RulesJan Dhont
 

Mais conteúdo relacionado

Mais procurados

BC Tech Year in Review 2019-20 Annual Report
BC Tech Year in Review 2019-20 Annual ReportBC Tech Year in Review 2019-20 Annual Report
BC Tech Year in Review 2019-20 Annual ReportBC Tech Association
 
2014 British Columbia Technology Report Card
2014 British Columbia Technology Report Card2014 British Columbia Technology Report Card
2014 British Columbia Technology Report CardBC Tech Association
 
BC Budget Submission - Appendix (June 2020)
BC Budget Submission - Appendix (June 2020)BC Budget Submission - Appendix (June 2020)
BC Budget Submission - Appendix (June 2020)BC Tech Association
 
BC Tech: Policy Recommendations (August 2020)
BC Tech: Policy Recommendations (August 2020)BC Tech: Policy Recommendations (August 2020)
BC Tech: Policy Recommendations (August 2020)BC Tech Association
 
Vote for BC. Vote for Tech.
Vote for BC. Vote for Tech. Vote for BC. Vote for Tech.
Vote for BC. Vote for Tech. Ruman Kang
 
2016 BC Technology Report Card
2016 BC Technology Report Card2016 BC Technology Report Card
2016 BC Technology Report CardErin Westlake
 
Bc tech annual-report-2018-19-web
Bc tech annual-report-2018-19-webBc tech annual-report-2018-19-web
Bc tech annual-report-2018-19-webBC Tech Association
 
Achieving Economic Impact 2014-2019
Achieving Economic Impact 2014-2019Achieving Economic Impact 2014-2019
Achieving Economic Impact 2014-2019BC Tech Association
 
BC Tech Policy Recommendations March 2020
BC Tech Policy Recommendations March 2020BC Tech Policy Recommendations March 2020
BC Tech Policy Recommendations March 2020ChadParent3
 
The Bionic Future - Future Work Summit
The Bionic Future - Future Work SummitThe Bionic Future - Future Work Summit
The Bionic Future - Future Work SummitMiguel Carrasco
 
Digital Economy Outlook 2015
Digital Economy Outlook 2015Digital Economy Outlook 2015
Digital Economy Outlook 2015innovationoecd
 
Indonesian Tech Ecosystem Report - Bits by Bricks
Indonesian Tech Ecosystem Report - Bits by BricksIndonesian Tech Ecosystem Report - Bits by Bricks
Indonesian Tech Ecosystem Report - Bits by BricksRama Manusama
 
Designing Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design DrinksDesigning Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design DrinksService Design Berlin
 
Internet-of-Things_Report
Internet-of-Things_ReportInternet-of-Things_Report
Internet-of-Things_ReportOceane Rime
 
Nic 2012 statereport_tennessee
Nic 2012 statereport_tennesseeNic 2012 statereport_tennessee
Nic 2012 statereport_tennesseeNIC Inc | EGOV
 
Piloting The Cloud: Acting on OMB's Mandate - RightNow Technologies
Piloting The Cloud: Acting on OMB's Mandate - RightNow TechnologiesPiloting The Cloud: Acting on OMB's Mandate - RightNow Technologies
Piloting The Cloud: Acting on OMB's Mandate - RightNow TechnologiesNitin Badjatia
 

Mais procurados (20)

BC Tech Year in Review 2019-20 Annual Report
BC Tech Year in Review 2019-20 Annual ReportBC Tech Year in Review 2019-20 Annual Report
BC Tech Year in Review 2019-20 Annual Report
 
2014 British Columbia Technology Report Card
2014 British Columbia Technology Report Card2014 British Columbia Technology Report Card
2014 British Columbia Technology Report Card
 
BC Budget Submission - Appendix (June 2020)
BC Budget Submission - Appendix (June 2020)BC Budget Submission - Appendix (June 2020)
BC Budget Submission - Appendix (June 2020)
 
BC Tech: Policy Recommendations (August 2020)
BC Tech: Policy Recommendations (August 2020)BC Tech: Policy Recommendations (August 2020)
BC Tech: Policy Recommendations (August 2020)
 
Vote for BC. Vote for Tech.
Vote for BC. Vote for Tech. Vote for BC. Vote for Tech.
Vote for BC. Vote for Tech.
 
2016 BC Technology Report Card
2016 BC Technology Report Card2016 BC Technology Report Card
2016 BC Technology Report Card
 
Bc tech annual-report-2018-19-web
Bc tech annual-report-2018-19-webBc tech annual-report-2018-19-web
Bc tech annual-report-2018-19-web
 
Achieving Economic Impact 2014-2019
Achieving Economic Impact 2014-2019Achieving Economic Impact 2014-2019
Achieving Economic Impact 2014-2019
 
11-12 Annual Review
11-12 Annual Review11-12 Annual Review
11-12 Annual Review
 
BC Tech Policy Recommendations March 2020
BC Tech Policy Recommendations March 2020BC Tech Policy Recommendations March 2020
BC Tech Policy Recommendations March 2020
 
BC's Tech Sector-March13
BC's Tech Sector-March13BC's Tech Sector-March13
BC's Tech Sector-March13
 
2019-2020 year in review
2019-2020 year in review2019-2020 year in review
2019-2020 year in review
 
Digitalbusiness
DigitalbusinessDigitalbusiness
Digitalbusiness
 
The Bionic Future - Future Work Summit
The Bionic Future - Future Work SummitThe Bionic Future - Future Work Summit
The Bionic Future - Future Work Summit
 
Digital Economy Outlook 2015
Digital Economy Outlook 2015Digital Economy Outlook 2015
Digital Economy Outlook 2015
 
Indonesian Tech Ecosystem Report - Bits by Bricks
Indonesian Tech Ecosystem Report - Bits by BricksIndonesian Tech Ecosystem Report - Bits by Bricks
Indonesian Tech Ecosystem Report - Bits by Bricks
 
Designing Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design DrinksDesigning Services for the Public / Service Design Drinks
Designing Services for the Public / Service Design Drinks
 
Internet-of-Things_Report
Internet-of-Things_ReportInternet-of-Things_Report
Internet-of-Things_Report
 
Nic 2012 statereport_tennessee
Nic 2012 statereport_tennesseeNic 2012 statereport_tennessee
Nic 2012 statereport_tennessee
 
Piloting The Cloud: Acting on OMB's Mandate - RightNow Technologies
Piloting The Cloud: Acting on OMB's Mandate - RightNow TechnologiesPiloting The Cloud: Acting on OMB's Mandate - RightNow Technologies
Piloting The Cloud: Acting on OMB's Mandate - RightNow Technologies
 

Semelhante a Special Committee review of the Personal Information Protection Act (PIPA): Input from BC Tech

Embracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsEmbracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsCognizant
 
Understanding Binding Corporate Rules
Understanding Binding Corporate RulesUnderstanding Binding Corporate Rules
Understanding Binding Corporate RulesJan Dhont
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaperJim Wilson
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data PrivacyGigya
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
Top 10 Clauses for CCPA Compliance For Your Vendor Contracts
Top 10 Clauses for CCPA Compliance For Your Vendor ContractsTop 10 Clauses for CCPA Compliance For Your Vendor Contracts
Top 10 Clauses for CCPA Compliance For Your Vendor ContractsAavenir
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
115 By Robert Smallwood with Randy Kahn,Esq. , and .docx
115 By Robert Smallwood with Randy Kahn,Esq. , and .docx115 By Robert Smallwood with Randy Kahn,Esq. , and .docx
115 By Robert Smallwood with Randy Kahn,Esq. , and .docxdrennanmicah
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paperGraeme Cross
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRJenny Ferguson
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands legalandgeneral
 
Web and Social Media Archiving: A Growing Necessity For the Financial Industry
Web and Social Media Archiving: A Growing Necessity For the Financial IndustryWeb and Social Media Archiving: A Growing Necessity For the Financial Industry
Web and Social Media Archiving: A Growing Necessity For the Financial IndustryPageFreezer
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfRiley Claire
 
Impact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesImpact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesEquiGov Institute
 

Semelhante a Special Committee review of the Personal Information Protection Act (PIPA): Input from BC Tech (20)

Embracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven OverhaulsEmbracing Digital Convergence amid Regulatory-Driven Overhauls
Embracing Digital Convergence amid Regulatory-Driven Overhauls
 
Understanding Binding Corporate Rules
Understanding Binding Corporate RulesUnderstanding Binding Corporate Rules
Understanding Binding Corporate Rules
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data Privacy
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
Top 10 Clauses for CCPA Compliance For Your Vendor Contracts
Top 10 Clauses for CCPA Compliance For Your Vendor ContractsTop 10 Clauses for CCPA Compliance For Your Vendor Contracts
Top 10 Clauses for CCPA Compliance For Your Vendor Contracts
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
115 By Robert Smallwood with Randy Kahn,Esq. , and .docx
115 By Robert Smallwood with Randy Kahn,Esq. , and .docx115 By Robert Smallwood with Randy Kahn,Esq. , and .docx
115 By Robert Smallwood with Randy Kahn,Esq. , and .docx
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
Driving change
Driving changeDriving change
Driving change
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPR
 
Consumer Data Rights
Consumer Data RightsConsumer Data Rights
Consumer Data Rights
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
 
Web and Social Media Archiving: A Growing Necessity For the Financial Industry
Web and Social Media Archiving: A Growing Necessity For the Financial IndustryWeb and Social Media Archiving: A Growing Necessity For the Financial Industry
Web and Social Media Archiving: A Growing Necessity For the Financial Industry
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdf
 
Impact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesImpact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economies
 

Mais de BC Tech Association

Publication-BC Tech-Annual-Report-2018-19
Publication-BC Tech-Annual-Report-2018-19Publication-BC Tech-Annual-Report-2018-19
Publication-BC Tech-Annual-Report-2018-19BC Tech Association
 
BC Tech Submission to the Economic Recovery Task Force (June 2020)
BC Tech Submission to the Economic Recovery Task Force (June 2020)BC Tech Submission to the Economic Recovery Task Force (June 2020)
BC Tech Submission to the Economic Recovery Task Force (June 2020)BC Tech Association
 
Bc tech achieving-economicimpact-web
Bc tech achieving-economicimpact-webBc tech achieving-economicimpact-web
Bc tech achieving-economicimpact-webBC Tech Association
 
Executives-in-Residence Program Overview
Executives-in-Residence Program OverviewExecutives-in-Residence Program Overview
Executives-in-Residence Program OverviewBC Tech Association
 
TechBrew - May 4, 2017 | Event Program
TechBrew - May 4, 2017 | Event ProgramTechBrew - May 4, 2017 | Event Program
TechBrew - May 4, 2017 | Event ProgramBC Tech Association
 
TechBrew - Feb 23, 2017 | Event Program
TechBrew - Feb 23, 2017 | Event ProgramTechBrew - Feb 23, 2017 | Event Program
TechBrew - Feb 23, 2017 | Event ProgramBC Tech Association
 
TechBrew - Dec 1, 2016 | Event Program
TechBrew - Dec 1, 2016 | Event ProgramTechBrew - Dec 1, 2016 | Event Program
TechBrew - Dec 1, 2016 | Event ProgramBC Tech Association
 

Mais de BC Tech Association (17)

BC Tech Annual Report 2020-2021
BC Tech Annual Report 2020-2021BC Tech Annual Report 2020-2021
BC Tech Annual Report 2020-2021
 
BC Tech Industry Impact
BC Tech Industry Impact BC Tech Industry Impact
BC Tech Industry Impact
 
British Columbia Techmap
British Columbia TechmapBritish Columbia Techmap
British Columbia Techmap
 
BC TECH’S ECONOMIC IMPACT
BC TECH’S ECONOMIC IMPACT BC TECH’S ECONOMIC IMPACT
BC TECH’S ECONOMIC IMPACT
 
BC Tech Industry Impact
BC Tech Industry ImpactBC Tech Industry Impact
BC Tech Industry Impact
 
BC Tech Industry Impact 2020
BC Tech Industry Impact 2020BC Tech Industry Impact 2020
BC Tech Industry Impact 2020
 
Publication-BC Tech-Annual-Report-2018-19
Publication-BC Tech-Annual-Report-2018-19Publication-BC Tech-Annual-Report-2018-19
Publication-BC Tech-Annual-Report-2018-19
 
BC's Tech Sector in 2020
BC's Tech Sector in 2020BC's Tech Sector in 2020
BC's Tech Sector in 2020
 
BC Tech Submission to the Economic Recovery Task Force (June 2020)
BC Tech Submission to the Economic Recovery Task Force (June 2020)BC Tech Submission to the Economic Recovery Task Force (June 2020)
BC Tech Submission to the Economic Recovery Task Force (June 2020)
 
BC's Tech Industry
BC's Tech IndustryBC's Tech Industry
BC's Tech Industry
 
#WhatWorks Women in Tech
#WhatWorks Women in Tech#WhatWorks Women in Tech
#WhatWorks Women in Tech
 
Bc tech achieving-economicimpact-web
Bc tech achieving-economicimpact-webBc tech achieving-economicimpact-web
Bc tech achieving-economicimpact-web
 
Executives-in-Residence Program Overview
Executives-in-Residence Program OverviewExecutives-in-Residence Program Overview
Executives-in-Residence Program Overview
 
TechBrew - May 4, 2017 | Event Program
TechBrew - May 4, 2017 | Event ProgramTechBrew - May 4, 2017 | Event Program
TechBrew - May 4, 2017 | Event Program
 
TechBrew - Feb 23, 2017 | Event Program
TechBrew - Feb 23, 2017 | Event ProgramTechBrew - Feb 23, 2017 | Event Program
TechBrew - Feb 23, 2017 | Event Program
 
TechBrew - Dec 1, 2016 | Event Program
TechBrew - Dec 1, 2016 | Event ProgramTechBrew - Dec 1, 2016 | Event Program
TechBrew - Dec 1, 2016 | Event Program
 
2016 BC Technology Report Rard
2016 BC Technology Report Rard2016 BC Technology Report Rard
2016 BC Technology Report Rard
 

Último

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Último (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Special Committee review of the Personal Information Protection Act (PIPA): Input from BC Tech

  • 1. Special Committee review of the Personal Information Protection Act (PIPA): Input from BC Tech, 7 July 2021 Context There is a growing consensus among policy-makers that changes to Canadian privacy laws are required to reflect the exponential growth of digital products and services, and the increased importance of data in the modern economy. At the federal level, the government has published a detailed discussion paper on proposals to modernize the Personal Information Protection and Electronics Documents Act. In the Province of Quebec, Bill 64, An Act to Modernize Legislative Provisions Respecting the Protection of Personal Information, was introduced in the Quebec National Assembly on June 12, 2020. The BC Information and Privacy Commissioner has indicated that “[m]ajor reform is urgently needed” to PIPA, which is largely unchanged from the version that came into effect in January 2004. It is expected that the Special Committee will use the current review process to issue recommendations calling for significant amendments to PIPA. Members of BC Tech have much at stake in the legislative review process. While trust of consumers is often critical to the success of technology businesses, privacy rules can have meaningful, often unintended, consequences, particularly if the rules are not interoperable with rules in other jurisdictions. What’s clear is that a balanced approach is needed – one that recognizes the right of privacy of individuals and the need of organizations to collect, use or disclose personal information for reasonable purposes. If this balance is not achieved, the continued growth of the tech-sector in BC would be jeopardized and, more broadly, BC would become a less attractive jurisdiction in which to carry on business. These risks are not theoretical. Following the adoption of the General Data Protection Regulation (GDPR) in the EU, it has become more difficult for smaller companies in Europe to survive – let alone unseat incumbents. Large companies have the technology, legal and financial resources required to redesign products and operations, and to bear the risk of large fines. Smaller companies often don’t. How effective is the current legislation? What works well? PIPA has proven to be effective and resilient. It can be applied to countless new and unforeseen commercial activities in a rapidly changing data environment, without the need for frequent legislative amendments. PIPA’s effectiveness can be attributed to the following four key features: 1) PIPA is principles-based, allowing organizations to implement privacy protections in a flexible and context-specific manner, taking into account actual risks;
  • 2. 2) PIPA is technology and business sector neutral, making it largely future-proof; 3) PIPA’s privacy principles are both non-prescriptive and generally consistent with common-sense business practices, making it possible for most businesses to understand what the law requires; and 4) PIPA generally balances privacy considerations with business requirements. What does not work well? PIPA is a consent-based statute. This means that the authority to collect, use or disclose personal information requires the consent of the individual, subject to limited exceptions. While the objective of a consent-based model (i.e., putting individuals in control of their data) is laudable, it’s clear that consent has become ineffective in the modern digital world. It is unrealistic to expect the average person to invest the time required to fully understand the details of every privacy policy they may come across on a daily basis. It is equally challenging for industry to comprehensibly communicate the details of every potential use of personal information to individuals. These challenges are exacerbated when new, unanticipated uses of information are identified. Increasingly, data analytics makes it likely that organizations will have the ability to use information for new purposes that benefit individuals, businesses and society in unanticipated ways from when consent was originally obtained. In these instances, it can be very challenging, if not often impossible, to obtain consent. A legislative review of PIPA provides an opportunity to explore how alternatives to consent can be adopted that both enable the responsible use of information, while also making privacy protections more effective. Future Changes General comments It is critical that any amendments to PIPA reinforce the four key features of PIPA described above. Making refinements to the existing regulatory framework is preferable to adopting a wholesale new approach. Additionally, it is critical that PIPA be interoperable with privacy frameworks deployed in other leading jurisdictions, including the European Union. Interoperability does not require that the same exact obligations be adopted (for example, by copying legislative requirements). Rather, it can be achieved through a regulatory framework with compatible outcomes and without requiring that different operational processes or technological systems be adopted than those that meet the global standard. While interoperability is an important consideration for privacy legislation anywhere in the world, it is particularly critical in the case of smaller jurisdictions – like BC. Whereas the EU (with almost half a billion people) may have the economic might to direct how products or services are delivered, the same can’t be said when the applicable market is small. For small markets, it often will be the case that the costs of
  • 3. compliance cannot be justified economically, making it more likely that impacted businesses will decide to stop selling into the market or even relocate their headquarters to another jurisdiction. What would be an improvement to the current legislation? 1) Adding new grounds for processing personal information. Consent should be only one of multiple-grounds for processing personal information. Under the GDPR, there are six additional grounds: performance of a contract, compliance with a legal obligation, vital interest of the data subject, public interest and legitimate interest. These additional grounds should be added to PIPA. 2) Excluding de-identified data from the definition of personal information. Enabling the use of de- identified data would support the use of data for analytics, artificial intelligence and other productive uses and help to relieve consent-fatigue among individuals. Legal guardrails, including a prohibition on re-identifying the information, would serve to protect the legitimate interests of individuals. What are issues to be avoided in any changes to the current legislation? 1) Prescriptive rules. The current principles-based approach enables flexibility while protecting private information through reasonable measures. Maintaining this flexibility is critical to ensure that businesses in BC are able to effectively compete in the global marketplace, while protecting the privacy of individuals. 2) New “data residency” requirements. The approach under PIPEDA (which generally allows for processing of data outside of Canada when equivalent protections are put in place through contracts with data processors). This contrasts with Bill 64 in Quebec, which requires all organizations to undertake an assessment of, among other things, the legal framework in the destination jurisdiction, including the legal framework’s degree of equivalency with the privacy protection principles in Quebec. The Quebec approach is not viable as it will undermine day-to- day business activities, including the use of online tools and cloud services (including e-commerce platforms, payment systems, customer relationship management tools and human resource management systems) that have become both ubiquitous and critical to the operations of businesses in the modern economy. 3) Enactment of new rules in respect of data portability, take-down and de-indexing. Internationally recognized standards must emerge before any such rules will be viable. As a practical matter, a
  • 4. BC-based technology company cannot be expected to incur the cost of developing a compliance solution for BC and then a different solution for other markets. 4) Penalties that lack proportionality to the size of the BC market. Bill 64 in Quebec adopts penalties that are generally aligned to the GDPR (i.e., 4% of worldwide revenue) notwithstanding that it has a population that is less than 2% of the population in the EU. If Bill 64 becomes law, Quebec will have created a strong disincentive for businesses to be headquartered or do business in Quebec – as they will face penalties that are grossly disproportionate to the size of the Quebec market. If BC were to follow Quebec’s lead, it would similarly undermine BC’s ambition to be a favourable jurisdiction in which to start and scale businesses, including technology businesses. 5) Penalties that aren’t tied to harm. An assessment of actual harm to individuals is a critical component of a penalty regime that holds non-compliant organizations to account, without creating punitive fines that discourage innovation or conditions that will promote opportunistic class actions. 6) Enforcement powers that do not comply with principles of natural justice and procedural fairness. Any audit, inspection or discovery rights need to be triggered only if there is a reasonable belief that the applicable organization is not in compliance with PIPA. Self-initiated audits, inspections and investigations that do not satisfy this trigger would be viewed as “fishing expeditions” and, therefore, inconsistent with the rule of law. 7) Health sector-specific regulation that interferes with cost-effective delivery of care. Rules that interfere with digital health deliver, especially rules applicable to data residency, will often negatively impact on the health and safety of British Columbians. Theoretical risks about access to personal information by foreign governments should not take precedence over the delivery of medical care.