Goodmans comments on impact of GDPR fines on Canada

Canadian businesses must be able to adapt to future direction of local privacy laws

Goodmans comments on impact of GDPR fines on Canada
The Information Commissioner’s Office recently imposed fines on British Airways and Marriott International for infringement of GDPR

According to a bulletin by Goodmans, recent fines under the EU’s General Data Protection are of interest to Canadian businesses operate in the EU, especially if Canada revises its privacy laws in a manner resembling GDPR.

The update comes after the Information Commissioner’s Office (ICO), the UK’s independent authority on data privacy, imposed fines on British Airways and Marriott International, worth £183.4 million ($297.2 million) and £99.2 million (US$160.8 million), respectively, for infringement of GDPR.

GDPR, which came into effect in May 2018, governs personal information collected by organizations. The regulations apply to any information relating to an identifiable person, who can be directly or indirectly identified through the information, such as names and IP addresses. The regulations impose significant accountability obligations on both data controllers (the entity determining how data is collected and used by the organization) and processors (third parties engaged in processing personal data for controllers).

Under the regulations, organizations found to have seriously breached GDPR can be fined up to 4 per cent of annual global turnover or €20 million ($29.3 million), whichever is greater. Lesser infringements, such as failing to notify supervising authorities and data subjects about a breach, or failing to conduct an impact assessment, can result in lesser fines.

According to Goodmans, GDPR applies to Canadian businesses that conduct business in the EU. Aside from companies that have physical offices in the EU, it also applies to businesses that offer goods and services to individuals in the EU through websites or mobile apps. In some circumstances, collecting personal information about individuals in the EU can also engage GDPR.

Furthermore, Goodmans believes that Canada’s own privacy regime take a more GDPR-like approach, with the Government of Canada having announced a Digital Charter, which may be a sign of Canadian privacy law adapting a GDPR-like system. In recent months, the Privacy Commissioner of Canada has taken “aggressive actions” based on a potential interpretation of Canadian legislation that incorporates concepts found in the GDPR.

Canadian businesses should ensure not only that they have the safeguards to comply with current law but also the ability to adapt to future requirements, the law firm advised.

Related stories

Free newsletter

Our daily newsletter is FREE and keeps you up to date on all the developments in the Ontario legal community. Please complete the form below and click on subscribe for daily newsletters from Law Times.

Recent articles & video

Amid enactment of sweeping law enforcement Bill C-75, LSO seeks status quo for students, paralegals

LSO must stand up for racialized licensees, says prospective returning bencher

OBA summit to bring together legal sector equality advocates

Federal government names Canadian Accessibility Standards Development Organization officers

Baker McKenzie adds senior tech strength to global M&A team

Alexander Holburn opens Toronto office

Most Read Articles

Appeal court ‘withdraws’ real estate decision after it was signed in error

Challenges continue for legal aid practitioners despite funding boost from Ottawa

Province should be cautious using ADR for domestic violence cases, say lawyers

Canadian law firms spending more on legal tech, says Thomson Reuters