Canadian companies risk missing global opportunities as “anxiety is rising” around data privacy and protection policies, according to a former cabinet minister tasked with building a consensus among the country’s senior business executives.
In its unveiling of the “digital charter” in May, Ottawa alluded to stricter enforcement measures against companies that fail to comply with privacy regulations. The framework proposal focuses on protecting consumer data in an era of ubiquitous technology companies, with plans to introduce legislation after the election in October.
In response to the federal government’s proposed framework, the Business Council of Canada – a group of more than 150 senior business executives from various sectors – is gathering recommendations from the business community on how increased privacy protection affects competitiveness and innovation.
The council has appointed James Moore, former minister of industry under the previous Progressive Conservative government, to lead the initiative and compile the final report, which will be presented to the federal government after the election.
“If Canada is seen as out of line with the way the rest of the world is moving forward with privacy protection and data security, then we’re going to lose investment opportunities and we will not be seen as a trusted platform in the global economy for the use of data and investment capital to grow firms," Moore said.
Data commercialization has drawn increased scrutiny in recent years as Silicon Valley giants monetize the information that they collect from consumers. Accusations of data misuse have thrown large tech companies onto the centre stage of global debates of consumer control over personal data, such as the Cambridge Analytica scandal that harvested Facebook user information for political profiling.
This incident prompted a turning point in Canada that re-enforced the need for stronger data protection measures and forced businesses to recognize the importance of rebuilding lost trust with customers, according to Moore. The market is signalling to companies that securing customer privacy is now essential to their bottom lines.
“When people surrender some of their personal information and their privacy in exchange for some retail opportunities or academic opportunities or restaurant opportunities, [they need to know that] that information is going to be safeguarded with teeth and with meaningful penalties for those who would abuse it,” he said.
In the next few weeks, Moore will put together a panel of industry insiders to advise on policies aimed at managing consumer data safely without restricting a company’s ability to innovate.
Members will include chief executive officers from some of Canada’s largest companies across sectors such as banking, insurance and health care.
The advisory panel will soon hear from key Canadian companies that “have been observing the trials and errors of the European experiment and to see whether or not that’s something that we can learn from and move forward on,” Moore said.
The federal government’s “digital charter” touched on stricter fines for Canadian companies that breach privacy. Currently under the Personal Information Protection and Electronic Documents Act (PIPEDA), companies could face anything from $10,000 to $100,000 in fines – a pale comparison to Europe’s General Data Protection Regulation (GDPR) fine of 4 per cent of worldwide annual revenue, which reaches into the billions for large businesses.
Considering domestic companies already need to comply with the GDPR, it would not be a big departure to do the same in Canada, according to Michael Geist, the Canada Research Chair in internet and e-commerce law at the University of Ottawa.
He added that a Canadian national digital strategy that sets out clear penalties is long overdue.
“I’m always perplexed by businesses that are concerned about the prospect of fines for violating privacy rules,” he said. “There’s an easy solution. And that’s to abide by the law.”