Written By Sébastien Gittens, Matthew Flynn, HC Lee and Alicia Yowart
On April 19, 2021, the Government of Canada released the 2021 Federal Budget, which, among other things, proposes to allocate $17.6 million over the next five years (and $3.5 million per year afterwards) to the establishment of a new federal Data Commissioner.
Based on the budget, the role of the Data Commissioner will be to: (i) "… promote positive uses and outcomes associated with data, while identifying and mitigating harmful and negative consequences"; and (ii) "… inform government and business approaches to data-driven issues to help protect people’s personal data and to encourage innovation in the digital marketplace."
The proposed creation of the Data Commissioner raises many key questions that are not addressed in the budget, including the scope of this commissioner's specific responsibilities and powers, and how this commissioner will interact and work with the existing Office of the Privacy Commissioner of Canada.
We note that the creation of a federal Data Commissioner had previously been raised. For example, the federal government's mandate letter to the Minister of Innovation, Science and Industry dated December 13, 2019, which had called for the advancement of Canada's Digital Charter, asked the Minister to "create new regulations for large digital companies to better protect people’s personal data and encourage greater competition in the digital marketplace" and that "… a newly created Data Commissioner will oversee those regulations."
The establishment of a new Data Commissioner represents another step in the federal government's ongoing efforts to implement Canada's Digital Charter, which aims to "better protect the privacy, security, and personal data of Canadians, building trust and confidence in the digital economy." An earlier and significant step had been taken late last year when the Minister of Innovation, Science and Industry announced substantial reforms to Canada's private-sector privacy laws through the Digital Charter Implementation Act. This Act seeks to enact the Consumer Privacy Protection Act (CPPA) to effectively replace the privacy-related provisions under the Personal Information Protection and Electronic Documents Act (PIPEDA). Our preliminary analysis of the CPPA can be found in Understanding the Draft Consumer Privacy Protection Act: A Summary of the Key Changes Proposed.
Further steps by the federal government may be forthcoming. For instance, the aforementioned mandate letter calls for "continu[ing] work on the ethical use of data and digital tools like artificial intelligence for better government," potentially signaling specific regulations applicable to "digital tools" and artificial intelligence. We also note that the budget proposes to provide $8.4 million over the next five years (and $2.3 million ongoing afterwards) to the Standards Council of Canada for advancing industry-wide data governance standards. More information about these and other advancements will likely become available in the coming months.
As substantial shifts in the privacy landscape in Canada appear to be on the horizon, organizations should actively monitor movements in this area to ensure their respective compliance efforts are aligned with upcoming changes to the law. The Bennett Jones Privacy & Data Protection group is available to assist organizations in doing so and to discuss how these advancements may affect an organization's practices, policies and procedures.