CMA is supporting Bill C-27, with amendments

The Canadian Marketing Association (CMA) announced its support of Bill C-27 at a meeting in Ottawa this week with the House of Commons Standing Committee on Industry and Technology.

Bill C-27 (the Digital Charter Implementation Act) includes new privacy regulations and was first introduced by Innovation Minister Francois-Philippe Champagne in the House last summer. The bill is intended to regulate business’ use of personal data, and includes the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act.

The CMA urged the House standing committee to adopt the proposed Consumer Privacy Protection Act (CPPA) – with targeted amendments – to “modernize” consumer privacy protections and ensure Canada maintains a competitive economic position in the global digital economy.

The CMA’s proposed amendments to help achieve the core objectives of the bill include:

  • A more targeted and effective approach to protect the personal information of minors.
  • A meaningful consent model that better combats consent fatigue.
  • A framework for de-identified and anonymized data that doesn’t overly restrict its benefits.
  • Adequate time for Canadian organizations to implement the law, including required changes to compliance plans, IT systems, business processes and staff training.

Sara Clodman, the CMA’s VP, public affairs and thought leadership, tells strategy that generally speaking, the areas that MPs seem most concerned about so far are exceptions to consent and the protection of children’s data.

The CMA is concerned about the unintended consequences of CPPA’s “blanket approach to the personal information of minors,” which, Clodman says, would result in an overcollection of data and that a targeted approach would be more fruitful.

“Organizations who have no need to know whether their customers are minors should not be required to collect and retain people’s birthdays, which is highly sensitive information, for the sole purpose of complying with the Act,” Clodman says. “We have proposed that the provision for children be targeted to organizations whose business is directed to minors, and to organizations who know, or should know, that they are processing the personal information of minors.”

According to Clodman, the CMA also recommends that, like comparable laws in the U.S. and EU, this bill should allow for a different treatment of mature minors, who bear many of the responsibilities and enjoy many of the privileges of adulthood.

When it comes to a timeframe for adoption by CMA membership, the association is proposing that it be phased in over three years – and has outlined which sections should come into effect each year. The suggested timing is because of the required “significant operational changes, updating or redesigning IT systems, and the need to train staff” in order to comply with the law.