The Data Economy Has Changed. B.C.’s Privacy Law Needs to Change Too.
By Tessa Seager, CCI’s B.C. Director of Government Affairs
It’s 2004. Mark Zuckerberg launches The Facebook in his dorm room, Stephen Harper becomes leader of the Conservative Party of Canada, and British Columbia’s Personal Information Protection Act comes into effect.
It’s 2022. The Facebook (now Meta) is one of the largest companies in the world. The Conservative Party of Canada is in the process of electing its 5th leader since Stephen Harper. And British Columbia’s Personal Information Protection Act remains largely unchanged.
The Personal Information Protection Act — or PIPA — is the province’s private sector privacy legislation. Its mandate is to govern the collection, use and disclosure of personal information by organizations, ostensibly in a way that recognizes both the individual’s right to protect their information and an organization’s need to collect, use, and disclose that information.
Unfortunately for British Columbian individuals and organizations alike, because PIPA hasn’t been updated in almost twenty years, it is failing at its purpose. Indeed, the Special Committee tasked with reviewing the Act concluded this past December that “the Act requires substantial amendments to situate it as an effective piece of legislation in the current privacy landscape.”
That is because personal data is no longer just a transaction between a customer and a business. Instead, it is a commodity in its own right: in 2022, personal data is mined, processed, analyzed, shared, sold, and exploited in a myriad of new ways, giving rise to spillovers or externalities — both good and bad. To protect the good and counteract the bad, we need a reformed PIPA that acknowledges privacy as a human right, that recognizes collective rights in privacy frameworks, and that establishes a fiduciary responsibility that imposes duties of loyalty and care on organizations that collect and use personal information from individuals in circumstances of significant power and information imbalances or where individuals lack the ability to ensure compliance.
At the Council of Canadian Innovators, we know that innovation and privacy are not at odds. Our members want to compete globally on the strength of their innovations, not surveillance. We welcome government efforts to design a new and updated framework that would allow it to responsibly govern the economic and non-economic effects of the data-driven world where the collection, use and monetizing of personal data is at the centre of new business models.
For far too long, those efforts have been minimal, ensnarled by regulatory inertia due to both the global nature of the issue and the constitutional federation we find ourselves in. But as Michael McEvoy, B.C.’s Information and Privacy Commissioner, said earlier this month while addressing the Vancouver International Privacy and Security Summit, “we don’t have, and we will never have, a single global privacy cop.”
British Columbia can’t wait around for such a cop; it needs to act now. Mr. McEvoy is widely regarded are an influential leader in global privacy forums. Data governance is the most important public policy issue of our time. Getting it right starts with B.C. authorities modernizing our privacy legislation — legislation that was written before the iPhone existed.
If you’re interested in learning more about CCI’s advocacy work in British Columbia, contact Tessa Seager directly.