The month of June has been an interesting one for privacy law. We saw Europe up its
compliance with the adoption of the new Article 60 within the GDPR. So, keeping in sync with
the evolving tech and digitalization of the legal and regulatory industry, Canada decided to give
its own data privacy law, the Personal Information Protection and Electronic Documents Act or
PIPEDA a facelift. Some of those changes include:
- On June 16, Bill C-27 was introduced by the Parliament of Canada. It repeals Part 1 of
the PIPEDA and replaces it with Consumer Privacy Protection Act (CPPA). The CPPA is
concerned with how commercial businesses handle personal information and outlines
their responsibilities associated with it. CPPA distinguishes between anonymous and de-
identified information. The former protects an individual’s anonymity and the latter
removes personal information within the identifiers present. This includes “direct
identifiers” that can uniquely identify an individual, such as a SIN number that can be
removed or obscured. Additionally, “indirect identifiers” such as one’s age, date of birth,
occupation, education level or zip code can also be removed or obscured. Other areas
covered under CPPA include automated decision systems, individuals’ right to request
their data to be deleted, data mobility, and consent. - The second aspect of Bill C-27 is the enactment of the Personal Information and Data
Protection Tribunal Act (PIDPTA). This legislation creates a new administrative tribunal
where the Privacy Commissioner’s decisions under the CPPA can be appealed. However,
this does not absolve the Electronic Documents Act from being enforced. The EDA
remains in force as a separate act. - Lastly, the Bill falls into step with the evolving dependency and interaction between legal
structure and AI. The new Artificial Intelligence and Data Act (AIDA) provides a
regulatory framework for international trade and trade conducted within different
provinces involving artificial intelligence or AI. AIDA mandates the more sophisticated
AI software to mitigate risks associated with harm and bias. The risk management aspect
of this act is perhaps its most important feature. The penalties for violating this act are
monetary in nature.
So, now you know that there are certain changes you will need to make. Why are we telling you
these things? Because we, at Lumose Marketplace, promise to guide you in choosing the best
software for your business. In fact, “it’s more than a promise. It’s a pinky promise”, to quote
Leslie Knope. At Lumose, we cut through the hype surrounding innovative legal tech products
and services and provide boutique law firms, solo lawyers, and paralegals a direct platform to
compare all types of legal software, whether it is client portal, case management, or compliance
and data protection. Our marketplace breaks down each software’s functionality and provides
you with a clear picture of how it would impact your business. And if you are not a “tech
person”, fear not, our reviews are broken down in a manner far removed from the patois of the
tech industry. We provide succinct, to-the-point advice and help you enhance your business in
the process. We aim to equip small law firms and paralegals with the knowledge and
understanding they need to upskill and grow in their business.
