Canadian privacy laws: New rules for a new era

Skip to Overview content

More than 20 years after PIPEDA, Canadian privacy laws are beginning a bold new chapter. Will your organization be ready?

Following in the uncompromising spirit of Europe's General Data Protection Regulation (GDPR), Canadian jurisdictions are looking to modernize - and give real teeth to - the way consumer data and personal information are protected in the digital era. Indeed, a slate of new and proposed legislation is shaping public discourse around privacy in Canada, while promising to change the playing field for private organizations from coast to coast.

Digital Charter Implementation Act (Bill C-27)

In June 2022, the Government of Canada introduced Bill C-27, the Digital Charter Implementation Act 2022. Targeting the private sector, the Bill proposes to expand the powers of the Privacy Commissioner of Canada, increase monetary penalties for serious violations, establish a new administrative tribunal, and introduce new rules regulating artificial intelligence (AI) systems.

Bill C-27 is currently at second reading in the House of Commons, and is likely to be debated and amended further in the coming months.

Read Bill C-27 in full here

Quebec's Law 25

A forerunner to the type of reform being contemplated at the federal level, Quebec's Law 25 (a.k.a. Bill 64), An Act to modernize legislative provisions as regards the protection of personal information, represents the most significant privacy legislation development in Canada in many years. It puts into force sweeping changes regulating the collection, use, and communication of personal information, and significantly increases penalties for non-compliance.

The first phase of Law 25 came into effect on September 22, 2022.

Learn more about Law 25

Modernizing privacy in Ontario

In June 2021, Ontario's Ministry of Government and Consumer Services published a white paper titled Modernizing Privacy in Ontario and invited feedback from public and private stakeholders. Part of Ontario's Digital and Data Strategy, the white paper proposes a provincial privacy framework designed to remedy what it alleges are fundamental flaws in Federal Bill C-11 (a precursor to C-27 that died on the order paper in 2021).

It remains to be seen whether Ontario will still elect to pursue its own legislative path, or if Bill C-27 can go further in satisfying the province's privacy agenda.

Read the full white paper, Modernizing Privacy in Ontario

British Columbia' Personal Information Protection Act

On April 13, 2021, the Legislative Assembly of British Columbia agreed that a Special Committee be appointed to review the Personal Information Protection Act (S.B.C. 2003, c. 63) pursuant to section 59 of that Act.

The Special Committee presented its Report to the Legislative Assembly on December 6, 2021. The Report made 34 recommendations for significant changes to PIPA, concluding that: "PIPA must be modernized to safeguard rights for individuals and provide up-to-date provisions to ensure competitiveness for British Columbia's businesses."

Read the Report of the Special Committee to Review the Personal Information Protection Act

Get prepared

Do your organization's privacy policies and protocols comply with existing laws? Will they satisfy the requirements of future legislation?

Let us help you stay one step ahead in this evolving landscape. Explore our resources below, or contact a member of our team below to begin a conversation.