Region: Canada

Canadian privacy commissioner casts doubt on standard business practices

In renewing his call for a new national data protection framework, Canada’s federal privacy commissioner Daniel Therrien has warned against including an overly broad standard business practices provision – a concept similar to the GDPR’s legitimate interest basis for non-consent-based data processing.

11 December 2019

Statistics Canada puts hold on data collection

Canada’s national statistics office has agreed to put two bulk data collection projects on hold after the country’s federal privacy commissioner raised “significant” concerns.

11 December 2019

Canadian regulators sanction AIQ for role in Cambridge Analytica fiasco

Canadian federal and provincial regulators have found that political consultancy AggregateIQ illegally used and disclosed the personal information of millions of voters in British Columbia, the US and the UK.

27 November 2019

Canadian data regulators call for privacy overhaul

Canada’s federal and provincial data regulators have jointly called on the country’s government to modernise its data protection laws, as a review of its EU adequacy decision looms.

08 November 2019

Data breach notifications skyrocket in Canada

The number of data breach notifications received by the Privacy Commissioner of Canada has increased roughly six-fold since mandatory data breach reporting rules went into effect.

05 November 2019

OPC: supermarket collected excessive personal data

17 October 2019

Judge certifies Nissan Canada data breach class action

A Quebec judge has refused to dismiss a data breach follow-on lawsuit against Nissan, certifying a class of individuals the company notified about the incident.

03 October 2019

Watchdog criticises Google’s “problematic” data plans for Toronto smart city project

Ontario’s privacy commissioner has said governments, rather than private companies, should take the lead in developing governance frameworks for smart city projects.

01 October 2019

NAFTA panel says GDPR doesn’t apply

A Permanent Court of Arbitration tribunal has ruled that GDPR doesn’t apply to investor-state arbitrations under the North American Free Trade Agreement – even when one of the arbitrators is based in the UK.

22 August 2019

Canadian regulator and state AGs set sights on Capital One

The Canadian federal data regulator and several US state attorneys general are investigating Capital One following its recent major data breach.

01 August 2019

Get unlimited access to all Global Data Review content