Notes on Privacy in Canada

Identifiable Individual: Personal information refers to details that can be used to identify an individual.
Examples of Personal Information:
- Race, national or ethnic origin
- Religion
- Age, marital status
- Medical, education, or employment history
- Financial information
- DNA
- Identifying numbers (e.g., Social Insurance Number, driver's license)
- Views or opinions about the individual (e.g., as an employee)

Rights Granted:
- Individuals have the right to access and correct their personal information held by the federal government.
Scope of the Act:
- Governs the collection, use, and disclosure of personal information by the government when providing services like:
- Old Age Security pensions
- Employment insurance
- Border security
- Federal policing and public safety
- Tax collection and refunds
Obligations of the Government:
1. Right of Access: Individuals can access their personal information, subject to certain limitations.
2. Fair Information Practices: The government must follow fair practices in handling personal information.
3. Privacy Commissioner: Responsible for oversight and resolving complaints, ensuring compliance.

Discussions are ongoing regarding potential amendments and updates to the Privacy Act to reflect modern privacy concerns.

Regulation: Rules for civil and private-sector organizations on how they handle personal information.
Key Aspects:
- Applies to personal information of employees in federally regulated sectors (e.g., banks, telecommunications).
- Organizations must obtain consent to collect, use, or disclose personal information.
- Individuals have the right to access their information and challenge its accuracy.

Scope: Applies to organizations across Canada involved in commercial activities that handle personal information.
Individuals' Rights Under PIPEDA:
- Right to consent for the use of their personal information.
- Accuracy challenges for personal data held by organizations.
- Information can only be used for the purpose collected unless new consent is obtained.

Overview: Each province has its own set of privacy laws for governmental agencies and private sector entities.
- Examples: Alberta, British Columbia, and Quebec have specific privacy regulations.
PIPEDA and Provinces: PIPEDA applies in provinces where no specific provincial laws exist.

Under PIPEDA, personal information includes:
- Any factual or subjective data about an identifiable individual (e.g., age, name, financial information).
- Also covers opinions, evaluations, comments, and employee files.

Grants limited rights for Canadian citizens to access information held in federal government records.
Facilitates transparency and accountability in government.

Definition: Metadata is data providing information about other data (e.g., internet browsing, call details).
Legal Context: Current Canadian privacy laws do not adequately protect metadata, raising concerns about user privacy.

Comparing Privacy Laws: Differences between Canadian laws (PIPEDA) and international frameworks like GDPR and CCPA include:
- Rights to Access and Erasure: GDPR ensures rights that PIPEDA lacks.
- Financial Penalties: GDPR imposes heavy fines which differ from PIPEDA's enforcement mechanisms.
- Consent Frameworks: Variations in consent requirements, particularly related to opt-out functionalities.

Google: Allegations of constant surveillance and deceptive methods.
Tim Hortons: Illegal collection of location data, resulting in legal actions and proposed settlements.
Amazon: Faced heavy fines for GDPR violations, emphasizing the global implications of privacy regulations.

The landscape of privacy laws in Canada is evolving, with calls for more robust frameworks to better protect individual privacy in the digital age.