The Office of the Privacy Commissioner of Canada will begin applying more robust guidelines for obtaining meaningful consent for collecting, using and sharing personal information starting January 1, 2019.
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), businesses are obliged to clearly explain why they are asking for personal information, how they’re going to use it, who they will be sharing it with, and any potential harms that may arise from sharing their information, among other things. The office’s public consultations on consent over the past few years highlighted how technological innovation is posing challenges for privacy protection and consent, eroding consumers’ trust in the digital economy.
In fact, according to a recent KPMG survey, Canadians are among the least trusting in the world when it comes to sharing their personal information. That means that companies must earn their trust.
The new guidelines clarify requirements for obtaining meaningful consent under PIPEDA by setting out more specific expectations on how the law should be interpreted and applied.
This practical and actionable advice will assist organizations to comply with their privacy obligations. It will also help Canadians to understand their privacy rights under the law, and what they can expect from businesses that request their personal information.
The guidelines were issuedjointly with the offices of the Alberta and British Columbia Information and Privacy Commissioners in May 2018 to give businesses time to adjust their practices.