On 14th April, 2016 the European Union adopted GDPR (General Data Protection Regulation) with effect from 25th May 2018 and the adoption created a topsy-turvy atmosphere in the entire European Union consisting of 27 member countries. The commercial giants started recruitments of Data Protection Officers, several institutes offered GDPR courses seeing the GDPR compliance as a future need. The organizations were acting and preparing themselves as if the new war was going to start which would have the potential to burden them with all damages, if found guilty.
Any guesses why GDPR was hyped so much? Well, obviously, due to its stringent penalties. We humans have a tendency to not behave at our best until we are imposed sanctions or burdened with monetary fine. So the GDPR knew exactly what can stop the breach of data privacy and hence the GDPR was drafted and adopted seeing the need and demand of this growth era.
In today’s writing we will see the difference between PIPEDA and GDPR so that we aren’t confused and know that they not only differ in its existence but also in its operation but the only similar thing they both have is protection of private data from the intruders.
Now in our upcoming few posts we will discuss the various differences between these two pieces of regulations and study the same in brief.
A) Enactment–
The birth of GDPR is derived from the European Union Parliament and Council; however, PIPEDA is the product of Canadian Parliament.
B) Adoption:
GDPR was adopted on14th April 2016 and came into effect from 25th May 2018. PIPEDA received royal assent on 13th April, 2000 and enforcement came into parts, beginning from 1st January 2000 to 1st January 2004.
C) Abbreviation stands for:
GDPR- General Data Protection Regulations. PIPEDA- Personal Information Protection and Electronic Documents Act.
D) Authorities:
Under GDPR, the Data Protection Authority (DPA) is the agency of each European Union member, which means a total 27 DPAs across the EU to look after the responsibility under GDPR for assistance and enforcement.
PIPEDA is federal privacy law for private sector organisations and have Office of Privacy Commissioner of Canada (OPC) although some provinces in Canada have their own privacy laws and Health Information Act, which we have dealt in our earlier posts (you may find the link here- https://worldprivacylaw.com/?p=61)
E) Scope:
In my opinion GDPR is wider in nature than PIPEDA, GDPR applies to all private or public sectors. PIPEDA applies only to private sector organisations and public sector bodies are subject to another law that is Privacy Act (this is also a federal piece of legislation).
However, PIPEDA can be applicable to partly government organisations, the daycare centre a non-profit organization subsidized by city funding would come under the ambit of commercial activity involved as they charge for child care services hence, such nature of services comes under the purview of PIEPDA (please refer to the finding of OPC here- https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-businesses/2005/pipeda-2005-309/)
……………… to be continued……….