Goodmans comments on impact of GDPR fines on Canada

Canadian businesses must be able to adapt to future direction of local privacy laws

Goodmans comments on impact of GDPR fines on Canada
The Information Commissioner’s Office recently imposed fines on British Airways and Marriott International for infringement of GDPR

According to a bulletin by Goodmans, recent fines under the EU’s General Data Protection are of interest to Canadian businesses operate in the EU, especially if Canada revises its privacy laws in a manner resembling GDPR.

The update comes after the Information Commissioner’s Office (ICO), the UK’s independent authority on data privacy, imposed fines on British Airways and Marriott International, worth £183.4 million ($297.2 million) and £99.2 million (US$160.8 million), respectively, for infringement of GDPR.

GDPR, which came into effect in May 2018, governs personal information collected by organizations. The regulations apply to any information relating to an identifiable person, who can be directly or indirectly identified through the information, such as names and IP addresses. The regulations impose significant accountability obligations on both data controllers (the entity determining how data is collected and used by the organization) and processors (third parties engaged in processing personal data for controllers).

Under the regulations, organizations found to have seriously breached GDPR can be fined up to 4 per cent of annual global turnover or €20 million ($29.3 million), whichever is greater. Lesser infringements, such as failing to notify supervising authorities and data subjects about a breach, or failing to conduct an impact assessment, can result in lesser fines.

According to Goodmans, GDPR applies to Canadian businesses that conduct business in the EU. Aside from companies that have physical offices in the EU, it also applies to businesses that offer goods and services to individuals in the EU through websites or mobile apps. In some circumstances, collecting personal information about individuals in the EU can also engage GDPR.

Furthermore, Goodmans believes that Canada’s own privacy regime take a more GDPR-like approach, with the Government of Canada having announced a Digital Charter, which may be a sign of Canadian privacy law adapting a GDPR-like system. In recent months, the Privacy Commissioner of Canada has taken “aggressive actions” based on a potential interpretation of Canadian legislation that incorporates concepts found in the GDPR.

Canadian businesses should ensure not only that they have the safeguards to comply with current law but also the ability to adapt to future requirements, the law firm advised.

Related stories

Free newsletter

Our newsletter is FREE and keeps you up to date on all the developments in the Ontario legal community. Please enter your email address below to subscribe.

Recent articles & video

Benchers bring motion to call on Beverley McLachlin to resign from Hong Kong Court of Final Appeal

'There's still a ton to go, we're not stopping': Attorney General Doug Downey on justice reforms

Ruling shows certification ‘meaningful screening device’ in privacy class actions, says lawyer

HIV Legal Network urges feds to decriminalize simple drug possession

OBA to offer training to help lawyers work with CaseLines in Superior Court of Justice

Independence of judicial appointment process is 'under attack,' says Criminal Lawyers' Association

Most Read Articles

Independence of judicial appointment process is 'under attack,' says Criminal Lawyers' Association

Proposed estates law changes will create convenience and more litigation, say lawyers

'There's still a ton to go, we're not stopping': Attorney General Doug Downey on justice reforms

Ontario Government's justice reform legislation aimed at modernization