Privacy & Cybersecurity in Canada and the US

This is a monthly bulletin published by the National Privacy and Cybersecurity team at Fasken. The information contained herein includes noteworthy news, topics, discussions and cases in the privacy & cybersecurity landscape. If you have any questions about any of the topics herein, please reach out to our friendly Fasken Privacy and Cybersecurity team.

This Month's Noteworthy News

Bill C-27 Discussions reignited

The Standing Committee on Industry, Science and Technology launched its review of Bill C-27 in late September 2023. There has been commentary regarding the C-27, including a letter from Minister Francois-Philippe Champagne to the Standing Committee outlining a number of proposals regarding the content of the Bill.

Input on draft Biometrics Guidance Documents

The Canadian Federal Privacy Commissioner has announced that is preparing guidance for organizations related to the handling of biometric information. As part of drafting the guidance, the Commissioner is seeking stakeholder feedback. Any interested parties should provide their feedback prior to January 12, 2024.

Artificial Intelligence still in forefront

The Government of Canada released its Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems in September 2023. A number of signatories have committed to adopting the identified measures in the code, and the Canadian Government generally noted that these measures should be adopted in advance of the proposed Artificial Intelligence and Data Act coming into effect.

In New York, discussion still swirls around the prohibition on businesses using AI to make employment decisions. This discussion stems from a law that came into effect earlier in 2023.

Data Scraping Gets Renewed Attention from Regulators

The Canadian Federal Privacy Commissioner issued a joint statement on August 24, 2023 about the privacy risks associated with data scraping. Generally, the Commissioner considers website owners to be responsible for protecting user's personal information from unlawful data scraping.

New US States with Consumer Privacy Laws

There have been another two states that have passed consumer privacy laws in the United States recently. In Oregon, the Oregon Consumer Privacy Act was passed, and it will be effective July 1, 2024. In Delaware, the Delaware Personal Data Privacy Act was passed, and it will be effective Jan. 1, 2025.

Notable Cases

A judgement was delivered in Google LLC v Canada (Privacy Commissioner) on September 29, 2023. The question posed to the court was whether operation of the Google search engine should be excluded from the application of the Personal Information Protection and Electronic Documents Act (PIPEDA). The Federal Court determined that it was not excluded, and Google's appeal was now dismissed by the Federal Court of Appeals.

In Case You Missed it:

The Fasken Privacy and Cybersecurity group published the following articles that might be of interest.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.