Introducing the Digital Charter Implementation Act, 2020
In November 2020, one of the biggest shakeups in the history of Canada’s privacy law, the Digital Charter Implementation Act (DCIA), was proposed and is currently on the horizon.
The DCIA is composed of two separate Acts: The Consumer Privacy Protection Act (CPPA) and the Personal Information and Data Protection Tribunal Act (PIDPT).
The CPPA would establish a new private sector privacy law, updating and effectively replacing Canada’s current Personal Information Protection and Electronic Documents Act (PIPEDA).
The PIDPT would establish the Personal Information and Data Protection Tribunal to hear recommendations and appeals from the Office of the Privacy Commissioner (OPC) and establish a quicker path to enforcement.
The Digital Charter Implementation Act Prioritizes Privacy
If passed, the DCIA would be a noteworthy shift for both the consumer and the company. The DCIA would significantly increase the protections for Canadians’ personal information by giving citizens more control and greater transparency regarding when and how companies are handling their personal information.
The new privacy law would give the Privacy Commissioner the power to recommend fines, perform audits, issues binding orders, and force an organization to comply and/or order a company to stop collecting data or using personal information.
Additionally, the DCIA would establish higher consequences for non-compliance with the law, including heavy fines for violation – as high as five percent of revenue or $25 million, whichever is greater, for the most serious of infractions.
What Does the Digital Charter Implementation Act Mean If You Live in Canada?
If you are a citizen of Canada, the passing of the DCIA would permit the following:
- Increased data mobility – To improve control, you would now have the right to direct the transfer of your personal information from one organization to another in a secure manner. For example, you could direct your bank to share your personal information with a separate institution.
- Meaningful consent – The modernized consent rules of the DCIA would ensure that you and other citizens would have the plain-language information you need to make meaningful choices about the use of your personal information.
- Algorithmic transparency – The CPPA contains new transparency requirements that apply to automated decision-making systems such as algorithms and artificial intelligence. Because of this, businesses would need to be transparent with you about how they’re using such systems to make predictions, recommendations, or significant decisions about you. Additionally, you would have the right to request an explanation from businesses regarding how a prediction, recommendation, or decision was made by an automated decision-making system and how the information was obtained.
- Disposal of personal information & withdrawal of consent – The legislation would allow you to request that organizations dispose of personal information, and typically, allow you to withdraw consent for the use of your information. Additionally, the CPPA would ensure that you are able to demand your information on social media platforms be permanently deleted. When consent is withdrawn or information is no longer necessary, you can demand that your information be destroyed.
- De-identified information – The practice of removing direct identifiers (like a name) from personal information is becoming increasingly common, yet the rules that govern how this information is then used is a bit of gray area. However, the DCIA legislation states that this information must be protected and can only be used without your consent or knowledge under specific circumstances. Circumstances such as to de-identify information, transfer information to a service provider, or certain business activities like providing or delivering a product or service that an individual requested.
Compliance is Key for the Digital Charter Implementation Act
If the DCIA passes, non-compliance could cost organizations millions of dollars. Fortunately, secure file transfer solution, GoAnywhere Managed File Transfer (MFT) can help you to meet your IT security and compliance regulations, standards, and technologies with ease.
GoAnywhere MFT can help you meet a variety of security standards by providing file transfer encryption technologies, file transfer monitoring, detailed audit logs and reporting, granular user permissions, flexible options for sending files securely, and more.
Related Reading: How to Help Ensure Compliance with Data Privacy Laws
