Digital Charter Implementation Act (DCIA)

What is the DCIA?

The Digital Charter Implementation act or DCIA is a proposed Canadian privacy law introduced by the Government of Canada in 2020. It is intended to provide individuals:

  • Meaningful consent requests from organizations for data collection
  • Data mobility between organizations
  • The ability to dispose of personal information and withdraw the consent for its use
  • Transparency of how algorithms and artificial intelligence are used
  • Governs the use of their de-identified information

The DCIA replaces Canada’s existing Personal Information Protection and Electronic Documents Act (PIPEDA) retaining much of it while borrowing from the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA).

Canadian organisations should begin planning for compliance with the Digital Charter Implementation Act, 2020 as soon as possible.

The maximum penalty for all the contraventions in a recommendation taken together is the higher of $10,000,000 and 3% of the organization’s gross global revenue in its financial year before the one in which the penalty is imposed.

https://parl.ca/DocumentViewer/en/43-2/bill/C-11/first-reading#ID0EFBA

Our team can help develop your DCIA-compliance strategy to help with:

  • assessing the appropriateness of the data that you collect
  • limiting its collection, use and disclosure
  • ensuring that consent is obtained
  • retention and disposal of personal information

Connect with us to explore how we can help your team prepare for the DCIA in Canada.


Accept cookies? Does the DCIA mean nagging for Canadians?

The proposed Digital Charter Implementation Act (DCIA) in Canada borrows some key elements of the European Union’s General Data Protection Regulation (GDPR).

As such you may wonder if Canadians are soon about to see it everywhere. That “Accept Cookies” banner you see when you happen upon a European or British website.

Moreover if you manage a website, are you going to have to implement the consent request as well?