Goodmans comments on impact of GDPR fines on Canada

Canadian businesses must be able to adapt to future direction of local privacy laws

Goodmans comments on impact of GDPR fines on Canada
The Information Commissioner’s Office recently imposed fines on British Airways and Marriott International for infringement of GDPR

According to a bulletin by Goodmans, recent fines under the EU’s General Data Protection are of interest to Canadian businesses operate in the EU, especially if Canada revises its privacy laws in a manner resembling GDPR.

The update comes after the Information Commissioner’s Office (ICO), the UK’s independent authority on data privacy, imposed fines on British Airways and Marriott International, worth £183.4 million ($297.2 million) and £99.2 million (US$160.8 million), respectively, for infringement of GDPR.

GDPR, which came into effect in May 2018, governs personal information collected by organizations. The regulations apply to any information relating to an identifiable person, who can be directly or indirectly identified through the information, such as names and IP addresses. The regulations impose significant accountability obligations on both data controllers (the entity determining how data is collected and used by the organization) and processors (third parties engaged in processing personal data for controllers).

Under the regulations, organizations found to have seriously breached GDPR can be fined up to 4 per cent of annual global turnover or €20 million ($29.3 million), whichever is greater. Lesser infringements, such as failing to notify supervising authorities and data subjects about a breach, or failing to conduct an impact assessment, can result in lesser fines.

According to Goodmans, GDPR applies to Canadian businesses that conduct business in the EU. Aside from companies that have physical offices in the EU, it also applies to businesses that offer goods and services to individuals in the EU through websites or mobile apps. In some circumstances, collecting personal information about individuals in the EU can also engage GDPR.

Furthermore, Goodmans believes that Canada’s own privacy regime take a more GDPR-like approach, with the Government of Canada having announced a Digital Charter, which may be a sign of Canadian privacy law adapting a GDPR-like system. In recent months, the Privacy Commissioner of Canada has taken “aggressive actions” based on a potential interpretation of Canadian legislation that incorporates concepts found in the GDPR.

Canadian businesses should ensure not only that they have the safeguards to comply with current law but also the ability to adapt to future requirements, the law firm advised.

Related stories

Free newsletter

Our newsletter is FREE and keeps you up to date on all the developments in the Ontario legal community. Please enter your email address below to subscribe.

Recent articles & video

Law Society motion would lower annual fees for new lawyers struggling to find work

U of T trial advocacy course preparing students for virtual courtrooms

Legal Aid Ontario begins consultations to modernize Legal Aid Online

Margaret Sims becomes counsel to Law Foundation of Ontario’s Class Proceedings Fund

After removing exemption, LSO votes down motion to reduce annual fees for retired lawyers over 65

Pilot explores how social work students can help fill funding gaps in community legal clinics

Most Read Articles

Law Society passes fee reduction, COVID-19 relief, some Benchers say measures fall short

New differential privacy algorithm allows for secure sharing of machine-learning legal tech: lawyer

Lawyer suspended, allegedly mishandled and misappropriated trust funds, lied to LSO

Ontario Review Board cannot order accused to attend Zoom hearing: Court