Companies Could Face Hefty Fines Under New Canadian Privacy Law (www.cbc.ca) 35
New submitter dskoll shares a report from CBC.ca: New privacy legislation has been submitted to the Canadian parliament that could fine companies up to 5% of global revenue or $25 million, whichever is greater, for violating Canada's privacy laws. According to Innovation Minister Navdeep Bains, The Digital Charter Implementation Act provides for the heaviest fines among the G7 nations' privacy laws. "The fines are there to provide accountability," Bains said.
The legislation also would give the federal privacy commissioner order-making powers, including the ability to force an organization to comply and to order a company to stop collecting data or using personal information. "Bains said the commissioner also would be able to recommend fines to a new Personal Information and Data Protection Tribunal, which would levy administrative monetary penalties and hear appeals of orders issued under the new law," adds CBC.ca. "According to the wording of a government press release, the legislation also would give Canadians the option of demanding that their personal online information be 'destroyed.'"
The legislation also would give the federal privacy commissioner order-making powers, including the ability to force an organization to comply and to order a company to stop collecting data or using personal information. "Bains said the commissioner also would be able to recommend fines to a new Personal Information and Data Protection Tribunal, which would levy administrative monetary penalties and hear appeals of orders issued under the new law," adds CBC.ca. "According to the wording of a government press release, the legislation also would give Canadians the option of demanding that their personal online information be 'destroyed.'"
First of many (Score:5, Insightful)
Here's hoping this is the first of many.
Tricking people out of their personal information and following their physical/virtual movements shouldn't be a business model. If the information is worth money, pay me for it.
Re: (Score:3, Funny)
They do pay you. With free ads!
Go Canada!
Re: (Score:3)
He's a Sikh. There are quite a few of them in Canada nowadays.
Americans seem to think anyone with a turban must be Muslim. Seems to be a fault of their education system.
Re: (Score:2)
They do pay you. With free ads!
Go Canada!
I would mod that funny but out of points.
To be fair though, they do provide you with other "free" stuff in exchange for all your data. A free OS for your phone, free email client and storage, free mapping software, etc. Absolutely you pay with your privacy for this ostensibly "free" stuff, but as long as that is clear upfront to everyone I'm not sure it is a problem.
Without a way to monetize it, a lot of that "free" stuff would probably not exist. Whether that is a better or worse problem is debatable, b
Re: (Score:2)
And also privacy dies when you are born and are assigned a birth certificate number and a social security number. Complaining long after those facts becomes a moot point. Hell the phone systems have been backdoored since they got put in back in the 1930's I would imagine.
Free shit is good just the way they do it is kinda screwed but I assume they aren't smart enough to use the White Pages to get their needed info. Everyone is listed in it with their phone number and address.
I digress.
Does this apply to the government too? (Score:4, Interesting)
Is government websites or departments violate consumer privacy, do they get to pay to 5% of all global revenue (presumably all taxes)? Where will that fine go?
Re: (Score:3)
Re:Does this apply to the government too? (Score:4, Interesting)
The Canadian government actually takes privacy reasonably seriously. When I obtained my security clearance, a good portion of the paperwork was the privacy release, granting them permission to go through my life. On a much wider, but smaller, scale, registering to vote requires you to check a box on your tax return, granting the taxation authority permission to share your information with the election authority.
Re: (Score:2)
Having worked in both the private and government sectors, I can say that while government can collect more of your personal information, it is extremely restricted in what it can do with this information, how it can be accessed by employees, how it can be aggregated, and where and how it can be stored.
Corporations have it way easier.
Re: (Score:2)
I don't necessarily agree. Private companies with global business need to meet privacy requirements of multiple nations, EU GDPR, Chinese privacy and IP laws, Canadian privacy laws, this person's data cannot be stored in that country, we don't know the user's citizenship to determine what rules apply, etc. etc. Canadian government is simple, one set of rules (only Canadian rules apply), only one data center, etc. Unless you're saying Canada is having independent privacy rules for different provinces and res
Will the DMV stop selling my info? (Score:5, Interesting)
And there's no way for me to opt out. If I want to drive I have to consent to my personal info being sold.
Re: (Score:2)
Just relinquish the privilege to drive.
This is California. If you don't live in SF, not driving makes you a second-class citizen. And actually, even if you do live in SF, not driving is garbage. When I lived there I could drive for 15 minutes including parking, or I could take a bus, a light rail, and another bus in about an hour and a half. Or I could walk for about 45 minutes.
In theory I could have moved closer to work, and just walked. But SF was in full housing crisis mode at the time, so that wasn't realistic.
If you live almost anywhere in
Re: (Score:2)
Back when I lived near Des Moines, new development amazed me ... as in, sidewalks would be built, per regulations ... with no access to the buildings, other than what cars would take.
OK, I can see a house not having a path to the sidewalk. But trying to walk into a lunch place, when cars are zipping in and out, using the same bit of asphalt?
Not only have they chosen cars over public transport, they have, in many cases, chosen cars over people's own feet!
Re: You can opt out. (Score:2)
If there's no sidewalk, everyone should just walk in the middle of the road. Eventually someone will get the message.
Re: (Score:2)
If that is true, then you probably could do it on bicycle in 10-15 minutes. Bicycle is typically quicker in cities.
Also probably true. And that's fine on non-rainy days. I find cycling in the rain to be miserable even when properly attired, because of the water in my eyes. Maybe I should invest in some goggles with wipers :P
Re: (Score:2)
They make sports glasses with rubberized pads over the top that fit to your eyebrows to block sweat from your eyes on a non-rainy day. I've found they work really well in the rain too. I used to cycle all the time in the rain because there were a couple years there where if I didn't I wouldn't have gotten any miles in.
d|i|g|i|t|a|l (Score:5, Insightful)
Re: (Score:2)
Glad I'm not the only one.
Re: (Score:2)
True, but it's clarified a little further down, like right at the top of the summary, if you read that far.
Canadian privacy commission is a joke (Score:3, Interesting)
Re:Canadian privacy commission is a joke (Score:4, Interesting)
Baby teeth legislation for sure-it will likely be weak and watered-down like other consumer protection laws or policies in Canada.
I expect sharing personal information within the corporate umbrella structure for "business purposes" will still be permited, as will sharing info with external companies that they currently have a "business relationship" with.
Regulatory capture (Score:2, Insightful)
As usual, the devil is in the details.
up to 5% of global revenue or $25 million, whichever is greater
Let's look at some companies' revenue for the twelve months ending September 30, 2020 (source [macrotrends.net]):
Facebook - $79B
Microsoft - $147B
Google - $171B
Apple - $274B
Amazon - $348B
For them, it would be the equivalent of fining a person who earns $100K the hefty sum of up to $7 to $31. I even hesitate to call it the cost of doing business, it's just something to hinder any upstart competition. Remove the cap and we're talking.
Re: (Score:3)
No it would be like fining a person that makes $100k $5k (ignoring the $25 minimum). They are charged $25mill or 5% of global revenue if their global revenue is greater than $500mill (notice the "whichever is greater" clause).
So from your example Amazon would be charged $17.4 billion if they were found in breach of the law.
Re: (Score:2)
Ugh! Whichever is greater not less. Brain fart. Ignore my post above.
Re: (Score:2)
I'm pretty sure you've confused "whichever is greater" with "whichever is lesser".
Up to 5% of global revenue still caps out at 5% of global revenue, not 0.031%, no matter what that revenue is: for your 'equivalence example of $100k it would be up to $5k, not "up to $7 to $31".
The 'crossing point', that figure below which the fixed fine of $25 million applies, would be a global revenue of £500 million. Any company, including all those you listed, generating more revenue than that would be liable for th
Re: (Score:2)
I'm pretty sure you've confused "whichever is greater" with "whichever is lesser"
Yes, I have. Apologies extended.
Canada doing it right (Score:2)
I like to see this and the US of good ole A really needs to look at this sort of thing seriously. Very seriously.
Lower layers (Score:2)
It is all good when you make an app maker accountable. However the actual issues are lying at network infrastructure layers.
First, the mobile operators used to sell your data:
"Verizon, T-Mobile, Sprint, and AT&T could be facing big fines for selling your location data"
https://www.vox.com/recode/202... [vox.com]
Well, after the debacle, T-Mobile at least now gives an option to "opt out" (they still share your data by default):
https://www.t-mobile.com/dns [t-mobile.com]
Same with government entities, DMVs would happily share your i