GDPR and the Privacy Shake-Up
With the due date for implementation of the GDPR fast approaching, it is clear that this new European privacy regulation has been shaking up businesses world-wide, not to mention, putting a spotlight on outdated privacy laws in other jurisdictions. The impetus of the European efforts and the domino effect cascading on to other jurisdictions with outdated privacy laws, creates the need for, and an opportunity to create innovative, effective privacy frameworks that are sustainable and positive sum – win/win!
Here in Canada, numerous discussions have taken place as to the readiness of companies to meet this challenge in time for May 2018. Likewise, questions about the adequacy, or lack thereof, of Canadian privacy regimes to the new European reality are being raised.
This paper is about Privacy by Design as a global privacy framework and the virtues of being proactive, and avoiding either/or, zero-sum models. Adopting the principle of inclusiveness of objectives and interests in a positive-sum manner is essential. This is exactly the approach being taken by the International Council on Global Privacy and Security, by Design. Our work will be carried out with three key words in mind: consultation, co-operation, and collaboration (3 C’s). Entities that succeed in overcoming outdated zero-sum choices will be demonstrating global privacy leadership.
The timing is right for Canada and other jurisdictions starting from scratch or reviewing existing privacy regimes to include Privacy by Design. Canada’s Privacy Commissioner, Daniel Therrien warned that ‘Canada could face European adequacy issues in light of the new regulation’ and indicated that he has been urging the Canadian Federal government to upgrade our privacy laws for any gaps and recommended that Privacy by Design be included. He noted: “Organizations must also be more transparent and accountable for their privacy practices. Because they know their business best, it is only right that we expect them to find effective ways, within their own specific context, to protect the privacy of their clients, notably by integrating approaches such as Privacy by Design.”
Privacy protection and data regulation are not an exercise in duality, but rather a collaboration between business and government. For governments working toward sustainable solutions to regulate dynamic industries without unintended consequences, now is the time to engage those industries. Start with Privacy by Design as a central tenet, taking a positive-sum, win/win approach by bringing small, medium, and mid-sized businesses to the table with policymakers. Let’s have an integrated process welcoming all stakeholders to create a better product that reflects a privacy-designed governance structure.