Barry Sookman
  • Bio & expertise
    • Bio
    • Technology & Internet Lawyer
    • Copyright and Intellectual Property Lawyer and Litigator
    • Privacy & CASL
    • Government Relations
    • Rankings
  • Books & Articles
  • Speeches & Media
  • Terms
    • Privacy Policy
This site is about technology, copyright, and privacy Law
Barry Sookman
Barry Sookman
  • Bio & expertise
    • Bio
    • Technology & Internet Lawyer
    • Copyright and Intellectual Property Lawyer and Litigator
    • Privacy & CASL
    • Government Relations
    • Rankings
  • Books & Articles
  • Speeches & Media
  • Terms
    • Privacy Policy
Subscribe
  • CPPA
  • Privacy

CPPA: summary and criticisms

  • April 25, 2021
  • Barry Sookman
AIDA - Regulation of AI systems in Canada
Total
0
Shares
0
0
0

Canada’s new proposed privacy law, the CPPA, would be a major overhaul of PIPEDA. The draft law is designed to deal with new challenges of protecting personal information arising from major increases in the collection, use and disclosure of personal information and it uses in AI systems, IOT, big data analytics, and as part of many other technologies and processes. While the law is intended to balance the interests of individuals in their reasonable expectations of privacy and the legitimate interests of organizations, it falls short in many ways. A summary of the CPPA and criticisms that have been leveled against it by organizations are set out in the slides below. The Privacy Commissioner and others believe that the CPPA is flawed and needs to be further strengthened.

The slides highlight the major differences between the CPPA and PIPEDA and between the CPPA and the GDPR and in particular the ways the CPPA is more onerous than the GDPR. Many highlights are depicted in yellow redlines against PIPEDA in the slides.

A summary of criticisms of the CPPA I believe hit the mark are listed below.

  • PIPEDA is principle based and flexible; CPPA is more prescriptive and rule based  e.g. consents
  • CPPA creates ambiguous new standards that are complex and too difficult to apply e.g. the appropriate purposes limitation, standards and exceptions for consent, explainability of decisions and predictions using automated decisions, what is a commercial activity
  • CPPA is more onerous than international standards including even aspects of the GDPR  e.g. consent and exceptions to consent such as for R&D, de-identified information, automated decisions, the disposal/erasure of data, service provider obligations
  • CPPA creates obligations that eschew/challenge technological means of compliance e.g. disposal of information
  • CPPA has unbalanced enforcement provisions with some harsher monetary penalties than the GDPR, new order making powers of the OPC, weak procedural protections before the OPC with no division of responsibilities between investigators and adjudicators, weak oversight by the new Tribunal, new private rights of action and class action risks
  • CPPA could impede risk taking and innovation with its new enforcement regime, especially because it is combined with ambiguous and prescriptive standards that in important instances are more onerous than under the GDPR and remedial order making powers of the OPC that can shut down businesses based on its own view of these ambiguous standards and these orders will be virtually unappealable to the Tribunal because of the palpable and overriding error standard of review
  • CPPA is not interoperable with GDPR, provincial or other international standards
  • Overall balance in CPPA requires recalibration to promote privacy and not impede innovation or prejudice Canadian based businesses
CPPA_Canadas_purposed_new_privacy_law_summary_and_criticisms

 

Related

Total
0
Shares
0
0
0
0
Related Topics
  • CPPA criticisms
  • CPPA summary
Previous Article
  • intellectual property

Budget 2021 data and intellectual property

  • April 19, 2021
  • Barry Sookman
View Post
Next Article
automated decision making
  • artificial inteliigence
  • CPPA
  • Privacy

Using privacy laws to regulate automated decision making

  • April 30, 2021
  • Barry Sookman Charles Morgan Adam Goldenberg
View Post

Subscribe

Subscribe now to our newsletter

You May Also Like
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • Privacy

CPPA: problems and criticisms – automated decision making

  • Barry Sookman
  • December 18, 2022
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • PIPEDA
  • Privacy

CPPA: problems and criticisms – anonymization and pseudonymization of personal information

  • Barry Sookman
  • December 5, 2022
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • PIPEDA
  • Privacy

CPPA: problems and criticisms – service provider obligations

  • Barry Sookman
  • November 13, 2022
Digital Charter Implementation Act and CPPA
View Post
  • CPPA
  • Privacy

CPPA: problems and criticisms – appropriate purposes

  • Barry Sookman
  • October 31, 2022

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe

Subscribe now to our newsletter

Barry Sookman
This site is about technology, copyright, and privacy Law

Input your search keywords and press Enter.

We may be using cookies to give you the best experience on our website.

 

Barry Sookman
Powered by  GDPR Cookie Compliance
Privacy Overview

This website may use cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.