Privacy Commissioner Retains Original Policy on Cross-Border Transfers of Personal Information
The Office of the Privacy Commissioner of Canada (OPC) announced yesterday that it concluded its “Consultation on transborder dataflows” (the “Consultation”) and determined that its 2009 Guidelines for processing personal data across borders (the “2009 Guidelines”) will remain unchanged under the current law. This means that a cross-border transfer of personal information for the purpose of processing will continue to be regarded as a “use” and not a “disclosure” of personal information. Transferring organizations can continue to provide notice to affected individuals of cross-border transfers of personal information, rather than seek their consent to the transfer.
As we noted in our April 15, 2019 Update, Privacy Commissioner Reverses its Position on Cross-Border Transfers of Personal Information, the position taken by the OPC in its Consultation, that consent may be required for transfers of personal information for processing, represented a total reversal of its 2009 Guidelines. The proposal was met with much opposition from stakeholders, with the vast majority taking the position that there is no requirement under the Personal Information Protection and Electronic Documents Act (PIPEDA) to seek consent for transfers for processing and that doing so would create enormous challenges for their business processes.
As such, the OPC stated it is “applying a pragmatic approach in determining that it will maintain the status quo until the law is changed”. The OPC will instead focus its efforts on developing recommendations, in response to the federal government’s proposed modernization of PIPEDA1, on how a future law could address transfers for processing and transborder data flows to effectively protect privacy.
The OPC has taken the opportunity to remind businesses of the legal requirement to be transparent about personal information handling practices. Organizations should advise customers that their personal information may be sent to another jurisdiction for processing and that, while the information is in another jurisdiction, it may be accessed by the courts, law enforcement and national security authorities.
The OPC also expects organizations to continue to apply its Guidelines for obtaining meaningful consent to allow individuals to make informed decisions by emphasizing key elements in their privacy notices: what personal information is being collected; with whom personal information is being shared; for what purposes personal information is collected, used or disclosed; and any residual meaningful risk of harm or other consequences.
1 On May 21, 2019, the federal government announced its Digital Charter and published a related white paper entitled Strengthening Privacy for the Digital Age, which includes considerations for amending PIPEDA.
Expertise
Authors
Insights
-
Entertainment
Canada launches public consultation on Generative AI and Copyright Law
On October 12, 2023, Canada’s Minister of Innovation, Science and Industry and its Minister of Canadian Heritage launched a public consultation on the implications of generative artificial… -
Privacy and Data Protection
B.C. Court Rules Facebook Liable for Privacy Violations in Class Action
Another chapter in the now decade-long saga of Douez v. Facebook was penned earlier this month as a British Columbia Court found Facebook liable for providing advertisers access to users… -
Technology
Technology Sourcing 2021 - Canada Chapter
Jessica Bishop and Peter Ruby co-authored the 1st edition of the International Comparative Legal Guide - Technology Sourcing 2021, Canada chapter. The Canada chapter covers common issues in technology… -
Banking and Financial Services
Federal Government Releases Draft Retail Payments Activities Act
On April 30, as part of the 2021 federal budget, Canada’s Deputy Prime Minister and Minister of Finance (the “Minister”) introduced Bill C-30, An Act to implement certain provisions of the budget… -
Litigation and Dispute Resolution
Federal Privacy Regulation 2.0: Now with Bite and Bark
This week, the Canadian Federal Minister of Innovation, Science and Industry introduced for first reading in Parliament Bill C-11, An Act to enact the Consumer Privacy Protection Act and the Personal… -
Class Actions
Clarity Emerging in Data Breach Class Actions and the Risks Are High
A recent decision of the Ontario Superior Court suggests that judges are increasingly willing to certify class actions brought in respect of data breaches. That willingness, when combined with the…
Featured Work
-
Sports
GTCR-backed Ascent Sports Group acquires LiveBarn
Goodmans LLP acted as Canadian counsel to Ascent Sports Group, a company backed by GTCR LLC, in connection with its acquisition of LiveBarn, a Montreal-based provider of live and on-demand video and… -
Private Equity and Venture Capital
Dayforce taken private by Thoma Bravo for US$12.3 billion
Goodmans LLP advised Dayforce, Inc. as Canadian counsel in connection with its acquisition by Thoma Bravo in an all-cash transaction with an enterprise value of US$12.3 billion… -
Mergers and Acquisitions
Andlauer Healthcare Group acquired by UPS
Goodmans LLP acted for Andlauer Healthcare Group (“AHG”) in connection with its acquisition by UPS via an all-cash transaction that values AHG at an equity value of approximately C$2.2 billion… -
Mergers and Acquisitions
RF Capital Group acquired by iA Financial Corporation in C$597 million all-cash transaction
Goodmans LLP advised RF Capital Group in connection with its acquisition by iA Financial Corporation, a Quebec City-based insurance and wealth management company, in an all-cash transaction valued at… -
Entertainment
Cineplex sells its digital place-based media division to Creative Realities for $70 million
Goodmans LLP acted for Cineplex Inc., Canada's leading entertainment and media company, in connection with the sale of its digital place-based media division, Cineplex Digital Media (“CDM”) to… -
REITS and Income Securities
InterRent REIT to be acquired by consortium that includes CLV Group in partnership with GIC in $4 billion all-cash transaction
Goodmans LLP is acting for a consortium that includes CLV Group Inc. in partnership with GIC in connection with the acquisition of InterRent REIT, whereby pursuant to a plan of arrangement a newly…
News & Events
-
Banking and Financial Services
The Canadian Legal Lexpert Directory 2026 Recognizes Goodmans
We are proud to announce Goodmans continues to be recognized in the 2026 edition of The Canadian Legal Lexpert Directory.Congratulations to the 90 Goodmans lawyers recognized as leaders across… -
Banking and Financial Services
Goodmans Recognized in the Best Law Firms - Canada 2026
Goodmans is pleased to share we are once again featured in the Best Law Firms - Canada 2026, recognizing us as one of Canada’s most exceptional law firms across 42 industries and practices.We are also… -
Communications and Media
Goodmans Once Again Recognized in the Lexpert Special Edition: Technology 2025
We are pleased to announce the Lexpert Special Edition: Technology 2025 once again names Goodmans lawyers among Canada's top-ranked experts.Congratulations to our 15 featured lawyers:Amalia…