skip to main content
Back to all blog posts

Posted in: GDPR | Data Security/Privacy | Data Protection

Jun 19, 2018

GDPR Now in Force Has Worldwide Reach

By Paige Backman and Ara Dungca

The General Data Protection Regulation (GDPR) was implemented on May 25, 2018. While it officially only affects European citizens, it has worldwide effects. As discussed previously on The Spotlight, any organization offering goods or services to residents of the European Union (EU) are expected to comply with the GDPR, even without a physical presence in the EU. Therefore, Canadian businesses which collect or process personal data on individuals resident in the EU have been (or should have been) preparing for these changes.

An interesting development is the public announcement of large technology companies, such as Microsoft and Facebook, to have GDPR-compliant services for all users worldwide. Microsoft’s Corporate Vice President and Deputy General Counsel, Julia Brill, announced that the company has always supported GDPR and believes privacy is a fundamental human right. Microsoft will extend GDPR rights worldwide through tools and services backed by contractual commitments. While Facebook’s commitment is not as strong, it is rolling out the option of GDPR-compliant privacy settings to non-EU citizens. GDPR provisions mean more control and protection for users to know where and why their data is being used. With the obvious size of Facebook’s and Microsoft’s user base, the exposure to such options may alter the expectations of the public for any business they deal with. Naturally, businesses have to adapt with changing privacy threshold expectations for managing public relations and legal risk. From a practical standpoint, maintaining two privacy policies for EU and non-EU clients can also be more costly for businesses. It would seem that trends point to stricter privacy policies worldwide. In Canada, Parliament’s intentions mirror these trends independent of societal pushes.

In an attempt to maintain the adequacy of the Personal Information Protection and Electronic Documents Act (PIPEDA) with the varying and often stricter requirements of GDPR, the Standing Committee on Access to Information Privacy and Ethics released 19 recommendations to the federal government on February 28, 2018. Many recommendations signal the Canadian regulator’s attempt to bolster existing laws to offer similar controls over personal information to those afforded under the GDPR, such as the controversial position of interpreting PIPEDA as already incorporating a right to erasure.

As the privacy landscape continues to change worldwide and in Canada, it is more important than ever for all businesses to keep abreast of their policies on an ongoing basis.

Areas of Expertise

Related Blogs

Posted in: Data Security/Privacy | CASL | GDPR | Data Protection

Insights TheSpotlight
With All Eyes Turned to CASL, is Anyone Paying Attention to GDPR? With Less Than One Year Before GDPR Takes Effect, Make Sure Your Organization is Ready By Paige Backman and Aaron Baer Jul 21, 2017 In early June, the Government of Canada came to its senses by suspending the provision of Canada’s Anti-Spam Legislation (“CASL”) that would have enabled a private right of action to be brought as of July 1, 2017. While this decision provided temporary relief to businesses who f...
How the European Union Uses Data to Prevent Crime By Donald B. Johnston Jun 01, 2016 It seems to me - although I have no evidence of this - that the European view on privacy differs somewhat from the view in Canada, which in turn differs from the view in the U.S. I have the impression that people in Europe, especially in the U.K., are quite comfortable with the idea of CCTV camer...

Posted in: Data Security/Privacy | Data Protection

Insights TheSpotlight
Notifying Consumers of Data Breaches: New Regulations By Stephen Crawford Apr 24, 2018 The federal government has introduced new regulations setting out what information must be disclosed to consumers and to the Privacy Commissioner after a data breach. These regulations will take effect on November 1, 2018.