Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Canada Digital Government Privacy

Companies Could Face Hefty Fines Under New Canadian Privacy Law (www.cbc.ca) 35

New submitter dskoll shares a report from CBC.ca: New privacy legislation has been submitted to the Canadian parliament that could fine companies up to 5% of global revenue or $25 million, whichever is greater, for violating Canada's privacy laws. According to Innovation Minister Navdeep Bains, The Digital Charter Implementation Act provides for the heaviest fines among the G7 nations' privacy laws. "The fines are there to provide accountability," Bains said.

The legislation also would give the federal privacy commissioner order-making powers, including the ability to force an organization to comply and to order a company to stop collecting data or using personal information. "Bains said the commissioner also would be able to recommend fines to a new Personal Information and Data Protection Tribunal, which would levy administrative monetary penalties and hear appeals of orders issued under the new law," adds CBC.ca. "According to the wording of a government press release, the legislation also would give Canadians the option of demanding that their personal online information be 'destroyed.'"
This discussion has been archived. No new comments can be posted.

Companies Could Face Hefty Fines Under New Canadian Privacy Law

Comments Filter:
  • First of many (Score:5, Insightful)

    by Joce640k ( 829181 ) on Wednesday November 18, 2020 @06:00AM (#60737584) Homepage

    Here's hoping this is the first of many.

    Tricking people out of their personal information and following their physical/virtual movements shouldn't be a business model. If the information is worth money, pay me for it.

    • Re: (Score:3, Funny)

      by zenlessyank ( 748553 )

      They do pay you. With free ads!

      Go Canada!

      • They do pay you. With free ads!

        Go Canada!

        I would mod that funny but out of points.

        To be fair though, they do provide you with other "free" stuff in exchange for all your data. A free OS for your phone, free email client and storage, free mapping software, etc. Absolutely you pay with your privacy for this ostensibly "free" stuff, but as long as that is clear upfront to everyone I'm not sure it is a problem.

        Without a way to monetize it, a lot of that "free" stuff would probably not exist. Whether that is a better or worse problem is debatable, b

        • And also privacy dies when you are born and are assigned a birth certificate number and a social security number. Complaining long after those facts becomes a moot point. Hell the phone systems have been backdoored since they got put in back in the 1930's I would imagine.

          Free shit is good just the way they do it is kinda screwed but I assume they aren't smart enough to use the White Pages to get their needed info. Everyone is listed in it with their phone number and address.

          I digress.

  • by misnohmer ( 1636461 ) on Wednesday November 18, 2020 @06:04AM (#60737592)

    Is government websites or departments violate consumer privacy, do they get to pay to 5% of all global revenue (presumably all taxes)? Where will that fine go?

    • by davecb ( 6526 )
      Yup! Under the constitutional convention of "ministerial responsibility", it arguably comes out of the head of the ministry's paycheck (;-))
    • by Strider- ( 39683 ) on Wednesday November 18, 2020 @10:37AM (#60738454)

      The Canadian government actually takes privacy reasonably seriously. When I obtained my security clearance, a good portion of the paperwork was the privacy release, granting them permission to go through my life. On a much wider, but smaller, scale, registering to vote requires you to check a box on your tax return, granting the taxation authority permission to share your information with the election authority.

    • by OnceWas ( 187243 )

      Having worked in both the private and government sectors, I can say that while government can collect more of your personal information, it is extremely restricted in what it can do with this information, how it can be accessed by employees, how it can be aggregated, and where and how it can be stored.

      Corporations have it way easier.

      • I don't necessarily agree. Private companies with global business need to meet privacy requirements of multiple nations, EU GDPR, Chinese privacy and IP laws, Canadian privacy laws, this person's data cannot be stored in that country, we don't know the user's citizenship to determine what rules apply, etc. etc. Canadian government is simple, one set of rules (only Canadian rules apply), only one data center, etc. Unless you're saying Canada is having independent privacy rules for different provinces and res

  • by Snotnose ( 212196 ) on Wednesday November 18, 2020 @06:13AM (#60737604)
    I realize California isn't in Canada, but it pisses me off that the DMV sells all my info to anyone with the $$$ to buy it.

    And there's no way for me to opt out. If I want to drive I have to consent to my personal info being sold.
  • d|i|g|i|t|a|l (Score:5, Insightful)

    by jeromef ( 2726837 ) on Wednesday November 18, 2020 @07:12AM (#60737686)
    @Slashdot: could someone please fix the aspect ratio of the Digital logo? As a former employee, it hurts! ;-)
  • by dilly58 ( 541366 ) on Wednesday November 18, 2020 @08:48AM (#60737898)
    PIPEDA is a joke as well. Always have been, both of them. Complaints filed with the federal privacy commissioner go through a process that is laughable. The first step is to send the matter back to the complainant with a letter suggesting the first course of action is to try and settle the matter with the infringing party. Are you kidding me? Do we ask bank managers to head out and try to negotiate with the bank robbers to not take their money? Seriously. Our tenant association was told this when we filed a complaint about the security camera [with live real time staff access] in the laundry room, something the feds acknowledged was a serious breach. And the federal privacy commission isn't the only federal department stocked with bureaucrats who are incensed that taxpayers actually want them to look up from their window view, get off their asses, and actually do their job. It doesn't matter that a political party has chosen to give the federal privacy statutes some baby teeth when those trusted to enforce them are quite content giving gummers to their masters. Yeah. I'll try not to laugh.
    • by oogoliegoogolie ( 635356 ) on Wednesday November 18, 2020 @12:20PM (#60739156)

      Baby teeth legislation for sure-it will likely be weak and watered-down like other consumer protection laws or policies in Canada.

      I expect sharing personal information within the corporate umbrella structure for "business purposes" will still be permited, as will sharing info with external companies that they currently have a "business relationship" with.

  • Regulatory capture (Score:2, Insightful)

    by alexo ( 9335 )

    As usual, the devil is in the details.

    up to 5% of global revenue or $25 million, whichever is greater

    Let's look at some companies' revenue for the twelve months ending September 30, 2020 (source [macrotrends.net]):
    Facebook - $79B
    Microsoft - $147B
    Google - $171B
    Apple - $274B
    Amazon - $348B

    For them, it would be the equivalent of fining a person who earns $100K the hefty sum of up to $7 to $31. I even hesitate to call it the cost of doing business, it's just something to hinder any upstart competition. Remove the cap and we're talking.

    • by Rhipf ( 525263 )

      No it would be like fining a person that makes $100k $5k (ignoring the $25 minimum). They are charged $25mill or 5% of global revenue if their global revenue is greater than $500mill (notice the "whichever is greater" clause).
      So from your example Amazon would be charged $17.4 billion if they were found in breach of the law.

    • by alexo ( 9335 )

      Ugh! Whichever is greater not less. Brain fart. Ignore my post above.

    • by Whibla ( 210729 )

      I'm pretty sure you've confused "whichever is greater" with "whichever is lesser".

      Up to 5% of global revenue still caps out at 5% of global revenue, not 0.031%, no matter what that revenue is: for your 'equivalence example of $100k it would be up to $5k, not "up to $7 to $31".

      The 'crossing point', that figure below which the fixed fine of $25 million applies, would be a global revenue of £500 million. Any company, including all those you listed, generating more revenue than that would be liable for th

      • by alexo ( 9335 )

        I'm pretty sure you've confused "whichever is greater" with "whichever is lesser"

        Yes, I have. Apologies extended.

  • I like to see this and the US of good ole A really needs to look at this sort of thing seriously. Very seriously.

  • It is all good when you make an app maker accountable. However the actual issues are lying at network infrastructure layers.

    First, the mobile operators used to sell your data:
    "Verizon, T-Mobile, Sprint, and AT&T could be facing big fines for selling your location data"
    https://www.vox.com/recode/202... [vox.com]

    Well, after the debacle, T-Mobile at least now gives an option to "opt out" (they still share your data by default):
    https://www.t-mobile.com/dns [t-mobile.com]

    Same with government entities, DMVs would happily share your i

"I'm a mean green mother from outer space" -- Audrey II, The Little Shop of Horrors

Working...