The Privacy Commissioners of Canada, Alberta and British Columbia have jointly issued guidelines aimed at assisting organizations to obtain meaningful consent from individuals for the collection, use and disclosure of their personal information.
The Guidelines came into effect in January 2019 and are now applied by the Commissioners when evaluating organizational conduct. They set out seven guiding principles for meaningful consent:
- Emphasize key elements (i.e. what personal information is being collected, how it will be used and for what purpose)
- Allow individuals to control the level of detail they get and when
- Provide individuals with clear options to say “yes” or “no”
- Be innovative and creative (best practice recommendations to keep up with digital platforms)
- Consider the consumer’s perspective
- Make consent a dynamic and ongoing process
- Be accountable – stand ready to demonstrate compliance
The impetus for these Guidelines likely arises in large part from the European Union’s General Data Protection Regulation (“GDPR”), which requires much greater transparency from organizations in order for consent provided by data subjects to be legally valid.
Canada clearly wishes to maintain its “adequacy status” with the European Union. In making clear that the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), the Alberta Personal Information Protection Act (“Alberta PIPA”), and the British Columbia Personal Information Protection Act (“BC PIPA”) will be interpreted by the respective Commissioners in such a way that GDPR-like consent standards will be applied, the Commissioners have taken a step toward maintaining Canada’s adequacy status with the EU.
Further information on the Guidelines can be found here.