Last review date: 18 December 2024
Yes.
The following are potential legal bases for processing personal data:
☒ appropriate notice has been provided to or made available to the data subject
☒ the data subject has provided consent to the processing for the identified purposes
☒ the personal data is necessary to perform a contract with the data subject
☒ the personal data is necessary to comply with a legal obligation
☒ the personal data is necessary to protect the vital interests of a natural person
☒ the personal data is necessary for a public interest
☒ other
Under PIPEDA, Alberta PIPA, BC PIPA and the Quebec Act, an organization is generally required to obtain consent for any collection, use or disclosure of personal data, subject to limited exceptions that are prescribed (most of which are similar or related to the legal bases listed above).
Last review date: 18 December 2024
☒ Yes
The following are potential legal bases for processing special categories of personal data:
☒ the data subject has given consent to the processing, where consent is measured to a higher standard than for non-sensitive personal data (for example, additional requirement for consent to be "explicit")
☒ processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
☒ processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
☒ other
Under PIPEDA, Alberta PIPA, BC PIPA and the Quebec Act, an organization is generally required to obtain consent for any collection, use or disclosure of personal data, subject to limited exceptions that are prescribed (most of which are similar or related to the legal bases listed above).
On 31 October 2023, the Quebec CAI released the final version of its consent guidelines under the Quebec Act, which elaborate on the criteria for validly obtained consent under the Quebec Act.
In May 2022, the OPC issued an interpretation bulletin summarizing the general principles on the interpretation of sensitive information under PIPEDA from recent OPC decisions and case law.
In August 2021, the OPC updated several guidance documents to inform organizations on the interpretation of sensitive information under PIPEDA as well as to set out the types of information that will be considered sensitive and require a higher degree of protection.
In March 2021, the Minister of Innovation, Science and Industry issued updated Guidelines on the National Security Review of Investments. The updated guidelines outline new and existing factors that the Canadian government will consider in assessing investments for potential national security concerns under the Investment Canada Act. The new factors include state-owned enterprises, sensitive personal data, intangible assets, certain sensitive technologies, and critical minerals.
Last review date: 18 December 2024
Yes.
The OPC takes the position that, in all but exceptional circumstances, a minor within the meaning of data privacy laws is a person below the age of 13. As of 22 September 2023, a minor within the meaning of the Quebec Act is a person below the age of 14. The Alberta OIPC and BC OIPC do not set a specific age threshold, but rather consider whether the individual understands the nature and consequences of the exercise of the right or power in question.