Following a lengthy and rather convoluted process that saw the launch, delay, suspension and then reframing of its original consultation on transborder data flows, the Office of the Privacy Commissioner of Canada (OPC) announced last week that it has concluded “its guidelines for processing personal data across borders will remain unchanged under the current law.”
The decision is a welcome one for the credit union system and 86 other stakeholders and industry representatives that responded to the consultation and voiced concerns about the proposed shift in the OPC’s long-standing policy that transfers of personal information to service providers for processing purposes do not require an individual’s consent.
In making its announcement, the OPC reminded businesses that the guidelines for obtaining meaningful consent remain in force. They also stressed the legal requirement that businesses be transparent about their information handling processes and “advise customers that their personal information may be sent to another jurisdiction for processing and that while the information is in another jurisdiction it may be accessed by the courts, law enforcement and national security authorities.”
The OPC now intends to “focus its efforts on how a reformed law can best protect Canadians’ privacy rights when their information is transferred between organizations.” Under the mantle of the Digital Charter, Innovation, Science and Economic Development (ISED) Canada has proposed a number of amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) and as a result a materially reformed law is anticipated in the near future.