What is Bill C-27?
Bill C-27, the Digital Charter Implementation Act, proposes to significantly modernize Canadian privacy law. It will accomplish this by repealing parts of the Personal Information Protection and Electronic Documents Act ("PIPEDA") and replacing them with a privacy and data legal framework rooted in three new acts:
- Consumer Privacy Protection Act ("CPPA")
- Personal Information and Data Protection Tribunal Act ("PIDPTA")
- Artificial Intelligence and Data Act ("AIDA")
The CPPA is intended to replace PIPEDA's "Protection of Personal Information in the Private Sector" section, while the PIDPTA would establish an administrative tribunal for appeals of certain Privacy Commissioner of Canada decisions made under the CPPA. The CPPA would also impose penalties on organizations that contravene the CPPA.
The AIDA, on the other hand, contains a distinct new regime regulating the use of, and trade in, artificial intelligence systems.