Keywords
Administrative Monetary Penalties, personal data sharing, PIPEDA, interprovincial data flow, international data flow
Abstract
Imagine a not-too-distant scenario in which a private sector organization in Canada is investigated by the Privacy Commissioner of Canada jointly with the Commissioners of Quebec, British Columbia (‘‘BC”), and Alberta in relation to complaints that it shared massive quantities of personal data with third parties contrary to its stated practices in its privacy policies. Imagine also that each of the commissioners is empowered under newly amended data protection legislation to issue substantial Administrative Monetary Penalties (‘‘AMPs”). If each of the commissioners finds that its respective laws were breached, should the organization be subject to four different AMPs, or just one? This is a central question that this article seeks to answer.
Recommended Citation
Guilda Rostama and Teresa Scassa, "The Future of Data Protection Enforcement in Canada: Lessons from the GDPR" (2023) 21:1 CJLT 1.
Included in
Computer Law Commons, Intellectual Property Law Commons, Internet Law Commons, Privacy Law Commons, Science and Technology Law Commons