Skip to content
Schedule a Call
Call Now

Canada’s Bill C-27

Article by Tsaaro

7 min read

The Liberal Party of Canada introduced Bill C-27, the Digital Charter Implementation Act 2022, before the nation’s Parliament on June 16, 2022, in an effort to tighten the laws governing data and privacy protection. Three new laws are included in the charter: the Artificial Intelligence and Data Act, the Personal Information and Data Protection Tribunal Act, and the Consumer Privacy Protection Act. 

The new Bill is intended to give Canadians greater control over how firms use their personal data, impose fines on non-compliant businesses, and create new rules for the application of artificial intelligence (AI). 

Bill C-27 is seen as an update of Bill C-11 (43-2), a digital charter that was introduced in 2020 but was shelved by the House of Commons shortly after the announcement of the federal election in late 2020. Notably, a sizable section of Bill C-11 has been transferred to Bill C-27. 

The new Digital Charter has the authority to change other current statutes under the 2020 charter in ways that are consequential and connected. Bill C-27, if passed, would likely replace the Personal Information Protection and Electronic Documents Act, altering the legal framework for privacy and data protection in Canada (PIPEDA). 

Why is it relevant? 

Although the Canadian Constitution recognizes the right to privacy as a basic one, the existing legislation controlling personal data is weak in terms of how Big Tech corporations can utilize customers’ personal data for services like targeted advertising, among others. One of the “most restrictive” legal frameworks for data governance among the G7 nations, Bill C-27 is praised for explicitly stating that safeguarding privacy rights is essential to preserving individual liberty and dignity. Canadian rights organizations see this Bill as a positive development. 

Consumer Privacy Protection Act (CPPA) 
“An Act to Support and Promote Electronic Commerce by Protecting the Personal Information that is Collected, Used or Disclosed in the Course of Commercial Activities,” is how the first law under the 2022 Digital Charter is described. 
 
The Act aims to create regulations for the protection of personal information in a way that strikes a balance between the need for organizations to collect, use, or disclose personal information for purposes that a reasonable person would consider appropriate under the circumstances and the right of individuals to privacy. Regarding the use of personal data by organizations for commercial purposes, it is applicable to all organizations.  
 
The following is a list of all the key elements of the Consumer Privacy Protection Act: 
1. Giving organizations more authority and transparency when handling Canadians’ private information. 

  1. Providing citizens with the freedom to securely transfer their information from one organization to another.
  2. Making sure that Canadians can ask for their data to be deleted when it is no longer needed.
  3. Creating tighter safeguards for children, such as restricting organizations’ access to and use of information on children and holding them to a higher standard for handling such data.
  4. Giving the Privacy Commissioner of Canada wide authority to issue orders, such as the power to direct a business to cease collecting data or utilizing personal information.
  5. Setting up severe penalties for non-compliant organizations, with the most egregious offences subject to fines of up to 5% of global revenue or $25 million, whichever is greater.
     
    Unless one of the aforementioned exceptions to consent applies, the CPPA is built around the necessity that consent be obtained for the collection, use, and disclosure of personal information: 
    – Transfers to providers of services  
    – Utilizing private data for internal research, analysis, and development as long as it is de-identified  
    – Defined commercial activities, if a reasonable person would anticipate the collection or use for such an activity and the personal information isn’t gathered or used to persuade the person to act in a certain way. 
     
    It must be noted that government institutions to which the Privacy Act applies are exempted from this law. Additionally noted are individuals gathering private information about others for domestic use and businesses gathering the same for journalistic or academic objectives are also listed as exceptions from the law. 

 

1.Artificial Intelligence and Data Act 
 
New regulations are expected to be included as part of the planned Artificial Intelligence and Data Act to enhance governmental authorization for the creation and use of AI systems. By setting uniform standards that apply across Canada for the design, development, and use of these systems, it aims to control international and interprovincial trade and commerce in artificial intelligence systems. Additionally, it forbids any behavior involving AI systems that might seriously hurt people or their interests.  
 
The AI and Data Act’s main requirement is that all personal information used to train artificial intelligence programs must be encrypted and permanently de-identified before it can be used to draw any conclusions about its owners. Although the word “high-impact” systems are not defined in the proposed legislation, it is also intended to address the potential of bias in analyses (it is left to regulation). 
 
The following is a list of some of the key components of the AI and Data Act:  
1. Defining, assessing, and mitigating the risks of harm and bias in high-impact AI systems during development and deployment to protect Canadians. 
2. Appointing an AI and Data Commissioner to assist the Minister of Innovation, Science, and Industry in carrying out his or her ministerial duties under the Act, such as overseeing corporate compliance, ordering outside audits, and, when necessary, exchanging data with other regulators and enforcers. 
3. Setting forth unambiguous legal restrictions and sanctions surrounding the use of data obtained illegally for AI development, when AI is used carelessly and causes significant harm, or when there is fraudulent intent to significantly harm the economy. 
4. Build a machine with artificial intelligence a ministry with a data commissioner on staff who would help with enforcement. When there is a “severe risk of imminent harm,” the minister may provide the Commissioner access to information and the authority to issue orders, including those that require organizations to undertake audits, correct problems, and halt the functioning of specific high-impact systems. 
 
The AI Act includes fines for failing to comply with the Act’s obligations as well as administrative financial penalties for breaking the rules. 
 

2.Personal Information and Data Protection Tribunal Act 
 
The Consumer Privacy Protection Act would be enforced in part by the Personal Information and Data Protection Tribunal, which would be established by Bill C-27. The tribunal would specifically consider suggestions made by the Canadian Privacy Commissioner to impose administrative fines for specific Act violations. An “accessible mechanism for organizations and people to seek a review of Privacy Commissioner judgements” is what it’s meant to be.  
 
It should be highlighted that the present PIPED Act already establishes a tribunal to oversee personal information on the internet. The new Act will increase the tribunal’s authority to the level of a superior court of record, nevertheless. Any decision made by the Personal Information Tribunal may be converted into an order of the Federal Court or another superior court, and it has the same legal effect as a court order. 
 
If an inquiry reveals that it is necessary, it may also punish a company, but only after giving both the organization and the Office of the Privacy Commissioner a chance to respond. Additionally, appeals of any findings, orders, and judgements made under the Consumer Privacy Protection Act. 

Conclusion 

If passed, Bill C-27 -27 would bring forth long-overdue changes to Canada’s privacy regulations. With the understanding that data are a source of competitiveness and innovation, this new law tries to strike a balance between an individual’s rights regarding their personal information. This statute establishes Canada as a pioneer in ethical innovation. The enforcement of the law is one of many significant planned reforms. Businesses in Canada and, increasingly, around the world need to be prepared for these legal changes. 

It is just the start of what we may anticipate in terms of future technologies, like artificial intelligence, being used to regulate data. By preparing early, businesses can benefit from more streamlined, compliant, and reliable processes under the new law. 

Stay updated with us. Get a grasp on guidelines for better Privacy management and administration straightforward once you understand them. Once they become ingrained in your behaviour, they will aid in defending you from frequent scam tactics. Take the first step towards a secure your organization’s data by scheduling a call with our privacy expert team at Tsaaro Solutions today. Get in touch with us at info@tsaaro.com 

966 thoughts on “Canada’s Bill C-27”

  2. smortergiremal

    Hey there! This is my first visit to your blog! We are a group of volunteers and starting a new initiative in a community in the same niche. Your blog provided us beneficial information to work on. You have done a marvellous job!

  269. rumywdjdw

    Experience simple personal care with nature’s purest and most potent botanics— now available in our new packaging. This Vitamin C E Ferulic Serum is your superhero skin brightening formula. Packed with powerful antioxidants, Vitamins C & E and Ferulic Acid. These ingredients work collectively to help visibly fight against premature aging, sun damage and hyperpigmentation. Best Serum for Hyperpigmentation and used for all skin types. One of the best natural remedies for hyper pigmentation and Vitamin C has been proven to be a natural wrinkle reducer. 550 SE 6th Ave, Delray Beach, FL 33483 One person advised, “Throw all the other ones away! I have used all the pricey stuff, and they were okay. But this serum works twice as well for less than half as much. My lashes are so long that I was finally able to get a lash lift, and now I don’t even need mascara. Plus my lids are not irritated like they were with Latisse. I can’t say enough good things about this stuff!”
    https://rpgplayground.com/members/mascarasmudge/profile/
    Having won the 2014 Life & Style Best of Beauty Award, the e.l.f Poreless Face Primer is a restorative base and gives your face a baby-soft-finish, filling in large pores and other imperfections. This face primer is infused with tea tree oil and vitamins A and E which are perfect for acne prone or dry skin. This poreless primer product is cruelty-free and 100% vegan. Purchasing a 0.47 oz e.l.f. Cosmetics Soothing Face Primer as a Platinum Ultamate Rewards Member: Made with vitamin E to moisturize, salicylic acid to clear out clogged pores, and the natural antiseptic tea tree oil, this primer offers an elegant matte finish, all-day oil control, and protection from future breakouts all in one fell swoop. I’ve repurchased Hard Candy Sheer Envy primer loads of times. It’s around $8 for 1.6oz. They have a few variations: skin perfecting, shine-free, dark spot correcting, illuminating, etc. I have normal skin and usually get Ultra Light or Perfecting, so I’ve never tried shine-free but perhaps an oilier gal might like it. I think it performs well for me. It’s kind of annoying to squeeze out of the tube, though, but at least you can cut it out for the pesky end!

  549. schumann frequenz aktuell

    Hiya, I’m really glad I have found this info. Today bloggers publish just about gossips and net and this is actually frustrating. A good site with interesting content, that’s what I need. Thanks for keeping this web site, I will be visiting it. Do you do newsletters? Can not find it.

  605. سایت مگاپاری

    Have you ever thought about writing an e-book or guest authoring on other websites? I have a blog centered on the same information you discuss and would love to have you share some stories/information. I know my viewers would appreciate your work. If you are even remotely interested, feel free to shoot me an email.

  761. Legal Support Professionals

    naturally like your web-site but you have to check the spelling on quite a few of your posts. Several of them are rife with spelling problems and I to find it very bothersome to tell the reality however I will certainly come again again.

  933. toronto airport limo

    Thank you for sharing superb informations. Your web site is very cool. I’m impressed by the details that you have on this site. It reveals how nicely you perceive this subject. Bookmarked this website page, will come back for extra articles. You, my friend, ROCK! I found simply the info I already searched all over the place and simply couldn’t come across. What an ideal site.

Leave a Reply

Your email address will not be published. Required fields are marked *

Eu Ai act
First Rules of the EU AI Act Come into Effect: What Does it Mean?
Krishna

First Rules of the EU AI Act Come into Effect: What Does it Mean?

The evolving digital landscape in the 21st century have placed a challenge for governments and organizations as they attempt to …

March 7, 2025
Digital Personal Data Protection (DPDP) Act
Exemptions Under the Digital Personal Data Protection (DPDP) Act, 2023  
Tsaaro Consulting

Exemptions Under the Digital Personal Data Protection (DPDP) Act, 2023  

Introduction  The Digital Personal Data Protection (DPDP) Act, 2023, and the Digital Personal Data Protection Rules, 2025 establish a comprehensive …

February 27, 2025
cybersecurity,
WHAT DRIVES CYBERSECURITY: A COMPREHENSIVE OVERVIEW 
Tsaaro Consulting

WHAT DRIVES CYBERSECURITY: A COMPREHENSIVE OVERVIEW 

In today’s interconnected world, cybersecurity plays a crucial role in protecting our digital lives. From protecting personal data to safeguarding …

February 21, 2025
Transfer Impact Assessments
Understand Transfer Impact Assessments: Insights from CNIL’s Practical Guide 
Tsaaro Consulting

Understand Transfer Impact Assessments: Insights from CNIL’s Practical Guide 

Introduction  A Transfer Impact Assessment (TIA) is a critical evaluation conducted under the General Data Protection Regulation (GDPR) to assess …

February 20, 2025
Draft DPDP Rules
The DPDP Act, 2023 and the Draft DPDP Rules, 2025: What Do They Mean for India’s AI Start-Ups?
Tsaaro Consulting

The DPDP Act, 2023 and the Draft DPDP Rules, 2025: What Do They Mean for India’s AI Start-Ups?

Introduction The Digital Personal Data Protection Act (DPDPA), 2023 and the Draft DPDP Rules, 2025 have ushered in a new …

February 12, 2025
Recent Comments

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them

© 2024 Tsaaro Consulting. All rights reserved.
Linkedin Instagram Youtube

About Tsaaro

Resources

Other Links

Tsaaro Netherlands Office

Regus Schiphol Rijk Beech Avenue 54-62, Het Poortgebouw, Amsterdam, 1119 PW, Netherlands

Tsaaro Pune Office

Tech Centre, Rajiv Gandhi Infotech Park, Hinjewadi, Pune, Maharashtra

Tsaaro Noida Office

302, Tower C, ATS Bouquet, Noida Sector – 132, Uttar Pradesh, India

Tsaaro Bengaluru Office I

Manyata, Embassy Business Park, Outer Ring Road, Bengaluru, Karnataka

Tsaaro Bengaluru Office II

Second State, CMH Road, Indiranagar, Bengaluru, Karnataka

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.