Author(s):
Adam Kardash
Dec 15, 2021
For the final AccessPrivacy call of 2021, Osler’s Adam Kardash, Partner, Privacy and Data Management, spoke with Teresa Scassa, Canada Research Chair in Information Law and Policy and Professor at the University of Ottawa Faculty of Law, about the many exciting developments in Canada’s privacy sector over the past year.
Legislative reform in several jurisdictions dominated the privacy arena in 2021. Québec’s Bill 64, passed in September, significantly modernizes data protection law, taking some cues from Europe’s General Data Protection Regulation (GDPR). The ambitious legislation also covers what Teresa calls “the next generation of privacy rights”, touching on issues like data portability, automated decision making and the right to be forgotten, among others. Bill 64 could signal a sea change in policy across Canada, as the federal government and other provinces work on revamping their privacy regimes amid general consensus that privacy legislation should have more teeth. How the various governments coordinate their efforts (and concurrent jurisdiction issues) remains to be seen and could be influenced by the federal replacement for Bill C-11, anticipated in 2022.
Concerns around data governance, especially concerning the use of artificial intelligence, also evolved in 2021. Some guidance touches on the use of automated decision-making systems in the public sector, but how that will play out for the private sector is unclear. While some infrastructure barriers remain, governments are also contemplating frameworks for sharing public-sector data that could benefit health and other forms of research and help to stimulate innovation. In April, Ontario published a set of standards regarding data integration across ministries and other public institutions, designed to promote responsible stewardship of personal information.
The type and severity of cyber threats facing organizations have also shifted. Data breaches remain a concern, but incidents of sophisticated, targeted and multi-faceted cyber and ransomware attacks that threaten critical infrastructure are on the rise. Surveillance issues, notably in the workplace context, are also emerging as technologies continue their rapid evolution.
An expansion of privacy torts, especially in class actions, is playing out in courts across the country. Showing evidence of actual compensable harm has been a challenge for many plaintiffs, but the tort of intrusion upon seclusion remains an important tool. As statutory regimes are modernized and enacted, litigators expect to see more action in the data and privacy spheres.
Watch the Webinar on Demand