The objective of this paper is to identify the key assets and limitations for effective data protection enforcement through the Canadian experience, as a case study. The question arises as Canada embarks on the projected modernisation of its privacy legislative framework addressing, as a pivotal issue, enforcement powers.
Technological developments put pressure on all privacy frameworks. Canada, however, faces specific challenges: (i) its adequacy status with Europe comes under review no later than 2020, according to Article 45.3 of the GDPR forcing the question as to whether it meets a higher standard of enforcement measures; (ii) its choice in 2000 of an ombuds model for its Data Protection Authority (DPA), the Office of the Privacy Commissioner of Canada (OPC), is now called “toothless” in the face of fining powers granted to its counterparts; and (iii) significant data breaches have shaken Canadians’ trust in the ability of the current enforcement process in Canada to keep organizations compliant.
Please see full Paper below for more information.