<\/strong>Scan your website for free to detect and control them all<\/a><\/p>\n\n\n\n
![\"Person](\"\/media\/4045\/lewis-parsons-gk-net0_iju-unsplash.jpg?width=236&&mode=max\")
PIPEDA<\/strong> took effect in 2000 and has been amended several times to meet the changes that have swept our digital landscapes in the past two decades.<\/p>\n\n\n\n Most notably, PIPEDA<\/strong> is scheduled to receive a major overhaul sometime in 2021<\/a> and be turned into the Consumer Privacy Protection Act (CPPA)<\/strong>, expanding rights for Canadian residents and updating the current consent regime, as part of the implementation of Canada\u2019s Digital Charter<\/a>.<\/p>\n\n\n\n Canada\u2019s PIPEDA has received an adequacy decision from the EU Commission<\/a>, ensuring the free flow of personal data back and forth between Canada and the EU (note: only PIPEDA has been deemed adequate, and it is therefore only data transfers to and from the commercial, private sector of Canada that is secured with the EU.<\/p>\n\n\n\n In short, Canada\u2019s PIPEDA<\/strong> regulates all gathering, use and disclosure of personal information in the private sector through its 10 PIPEDA Principles<\/strong>; chief among them the requirements that you inform users in detail about your website\u2019s data collection, and obtain their prior, meaningful consent<\/strong>.<\/p>\n\n\n\n PIPEDA is enforced by the Canadian Privacy Commissioner (OPC)<\/a> and applies to all websites and companies in the world that process personal information from Canadian residents for commercial use.<\/p>\n\n\n\n Scan your website for free to see if you have users from Canada<\/a><\/p>\n\n\n\n Canada\u2019s PIPEDA quick breakdown<\/strong> \u2013<\/p>\n\n\n\n Try Cookiebot consent management platform (CMP)<\/a><\/p>\n\n\n\n Scan your website to see what cookies and trackers are in operation<\/a><\/p>\n\n\n\n Cookiebot CMP<\/a>\u00a0by\u00a0Usercentrics<\/a>\u00a0is the world\u2019s leading solution for controlling cookies and trackers on your website to ensure compliance with all major data privacy laws on the planet, including Canada\u2019s PIPEDA,\u00a0EU\u2019s GDPR<\/a>,\u00a0UK\u2019s GDPR<\/a>,\u00a0California\u2019s CCPA<\/a>,\u00a0Brazil\u2019s LGPD<\/a>,\u00a0South Africa\u2019s POPIA<\/a>\u00a0and many others.<\/p>\n\n\n\n As Canada\u2019s PIPEDA require you to inform users<\/strong> and obtain their consent<\/strong>, PIPEDA compliance means knowing and controlling all cookies and tracking technologies in use on your website, plus having a solution for collecting the valid consents of users to all of those cookies that you use.<\/p>\n\n\n\n This is a time-consuming and difficult task for any website, regardless of size and shape.<\/p>\n\n\n\n Luckily, Cookiebot CMP<\/a> is a plug-and-play solution<\/strong> that has completely automated the entire PIPEDA compliance process for you and your website.<\/p>\n\n\n\n Built around\u00a0a powerful scanner<\/strong>\u00a0that detects every single cookie and similar tracking technology,\u00a0Cookiebot CMP\u00a0gives you total insight into your domain\u2019s personal information processing activities.<\/p>\n\n\n\n Cookiebot CMP\u00a0gives you detailed information on each cookie on your website, including its\u00a0purpose<\/strong>,\u00a0duration<\/strong>,\u00a0technical specifications<\/strong>\u00a0and\u00a0provider<\/strong>\u00a0\u2013 facts that you need to inform your users about as part of your PIPEDA compliance.<\/p>\n\n\n\n Through highly customizable consent banners that can be shaped to fit the compliance requirements specific to any region\u2019s data privacy law, including Canada\u2019s PIPEDA, Cookiebot CMP offers a simple way of collecting users\u2019 valid, informed consent.<\/p>\n\n\n\n Cookiebot CMP safely stores all collected consents, automatically renews consent on a regular basis and makes it easy for your website\u2019s users to withdraw their consent as easily as they gave it.<\/p>\n\n\n\n Try Cookiebot CMP for PIPEDA compliance today<\/a><\/p>\n\n\n\n Scan your website for free to see what cookies and trackers are in use<\/a><\/p>\n\n\n\n Visit the Canadian Privacy Commissioner (OPC) for more on PIPEDA compliance<\/a><\/p>\n\n\n\n Get started with Cookiebot CMP and Google Consent Mode<\/a><\/p>\n\n\n\n Let\u2019s break down Canada\u2019s PIPEDA<\/strong> even further and look at its 10 PIPEDA Principles<\/strong>, how it interacts with provincial data privacy laws<\/strong> around Canada (e.g. Albert and Ontario), and hold it up against the EU\u2019s GDPR for comparison<\/strong>.<\/p>\n\n\n\n See the full PIPEDA law text<\/a><\/p>\n\n\n\n Canada\u2019s PIPEDA revolves around the ten so-called fair information principles<\/strong> that spell out the rules and regulations around the use of personal information for commercial purposes.<\/p>\n\n\n\n PIPEDA\u2019s definition of commercial purpose<\/strong> includes acts such as selling or trading of your users\u2019 data, e.g. in exchange for analytics services or marketing schemes.<\/p>\n\n\n\n If your website collects personal information from Canadian residents, such as IP addresses or search history, and then trades this information with a third-party service in exchange for tracking of users or marketing services, you are likely liable for PIPEDA compliance<\/strong> \u2013 no matter where in the world you and your website is operated from.<\/p>\n\n\n\n Did you know that websites on average have 20 cookies in use? The 10 PIPEDA Principles are \u2013<\/p>\n\n\n\n The first PIPEDA Principle makes it clear that you are responsible for all personal information that your website collects<\/strong>, and that you must have a designated representative<\/strong> in charge of ensuring your PIPEDA compliance.<\/p>\n\n\n\n Additionally, you need to develop and implement privacy policies and practices<\/strong>, which must be readily available for your users to read.<\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n Why does your website collect the personal information that it does?<\/p>\n\n\n\n This is the question that the second PIPEDA Principle requires you to answer \u2013 in detail<\/strong> and prior to actually collecting<\/strong> any personal information from your users.<\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n This is the most important PIPEDA Principle of all.<\/p>\n\n\n\n In a nutshell: you must obtain the meaningful consent from users before collecting, using and sharing their personal information<\/strong>.<\/p>\n\n\n\n \u201cMeaningful consent\u201d<\/em> under PIPEDA involves informing your users of exactly what they are consenting to, e.g. telling them what cookies your website uses, why and what the data is going to be used for.<\/p>\n\n\n\n PIPEDA states that consent is only valid, if it is \u201creasonable to expect\u201d that your users understand the nature, purpose and consequence of your website\u2019s personal information processing.<\/p>\n\n\n\n Additionally, consent under PIPEDA can either be implied<\/strong> consent<\/strong> or express<\/strong> consent<\/strong>.<\/p>\n\n\n\n Implied consent<\/strong> means that your website can collect personal information from users on the assumption that they will consent, without the need for them to explicitly and actively give their consent.<\/p>\n\n\n\n However, for implied consent<\/strong> to be valid, you must still inform your users prior to collection about \u2013<\/p>\n\n\n\n Try Cookiebot CMP for PIPEDA compliance today<\/a><\/p>\n\n\n\n Express consent<\/strong> means the active and explicit action on part of the user that constitutes consent, e.g. clicking a button or ticking a box to signal that they allow the subsequent collection of their personal information.<\/p>\n\n\n\n This form of consent is obligatory when processing personal information that can be considered sensitive of nature \u2013 e.g. medical and health data, information about an individual\u2019s sexual orientation or religious beliefs.<\/p>\n\n\n\n However, making sure that you always collect express from all your website\u2019s users is a safe way to avoid any grey areas of potential non-compliance with PIPEDA.<\/p>\n\n\n\n Additional requirements for valid consent include \u2013<\/p>\n\n\n\n Try Cookiebot CMP free for 14 days<\/a>\u00a0\u2013 or forever if you have a small website.<\/p>\n\n\n\n Scan your website to see what cookies and trackers are in use<\/a><\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n The crux of the fourth PIPEDA Principle is this: your website is not allowed to collect personal information in ways that exceed or are beside the stated purposes<\/strong>, to which your users have already consented.<\/p>\n\n\n\n If you want to use personal information for different purposes, you must rewrite your privacy policy<\/strong> to include these new purposes \u2013 and renew the consent<\/strong> of your users.<\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n Similar to the fourth, the fifth PIPEDA principle requires you to only use and disclose personal information in the ways that you\u2019ve stated in your privacy policy, and to which your users have already consented.<\/p>\n\n\n\n You are also only allowed to keep<\/strong> personal information (known as \u201cretention\u201d) for as long as needed to serve the purposes that you\u2019ve informed your users about and to which they\u2019ve consented.<\/p>\n\n\n\n As with the previous principle, should you change the ways you want to use or share personal information on your website, you must inform users anew and obtain their consent again<\/strong>.<\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n It\u2019s a requirement for PIPEDA compliance that the personal information your website collects is accurate<\/strong> and complete<\/strong>, as well as up to date<\/strong>.<\/p>\n\n\n\n Canadian residents have the right to access<\/strong> data collected about them and the right to have it corrected<\/strong>, should they find it inaccurate<\/strong>.<\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n It is also your responsibility to keep collected personal information safe<\/strong> and secure<\/strong>.<\/p>\n\n\n\n Though Canada\u2019s PIPEDA doesn\u2019t specify exactly what kinds of security measures you must take on your website in order to protect your users\u2019 personal information, this PIPEDA principle helps you get an overview of the safeguards required<\/strong>.<\/p>\n\n\n\n Among the proposed safeguards in PIPEDA are \u2013<\/p>\n\n\n\n Personal information must be protected by appropriate security relative to the sensitivity<\/strong> of the information. Is the data collected of a more sensitive nature, e.g. data on your users\u2019 sexual orientation, it will require stronger safeguards than less sensitive data.<\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n Your website needs to be transparent, honest and clear about the kinds of personal information it collects, what it uses it for and the ways in which it gathers and shares it. This eight PIPEDA Principle clarifies that your privacy policies and information to users must be easy to understand and written in plain language (i.e. not long legal texts). Information to be open about to your website\u2019s users include \u2013<\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n Canadian residents have the right to access<\/strong> what personal information your website has collected from them, as well as the right to have it corrected<\/strong> if the data not accurate or complete.<\/p>\n\n\n\n This ninth PIPEDA Principle spells out how you are required to respond to such requests from users, including \u2013<\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n If users find that you are non-compliant with PIPEDA, e.g. because you violate or don\u2019t live up to one of the above nine PIPEDA Principles, they are legally allowed to challenge your compliance status<\/strong>.<\/p>\n\n\n\n The last PIPEDA principle spells out how such challenges must be issued and how you must respond to them, i.e. by providing users with a simple way to give their complaint and informing them of their rights to refer to the Privacy Commissioner (OPC)<\/a>.<\/p>\n\n\n\n Learn more from the Privacy Commissioner (OPC)<\/a><\/p>\n\n\n\n Though Canada\u2019s PIPEDA is a federal data privacy law, several Canadian provinces have similar data privacy laws that are in effect in parallel with PIPEDA.<\/p>\n\n\n\n The following provincial data privacy laws are considered equivalent to PIPEDA<\/strong>, so if you\u2019re in compliance with them, it means you are exempt from also seeking compliance with PIPEDA \u2013<\/p>\n\n\n\n Firstly, Alberta\u2019s Personal Information Protection Act (PIPA)<\/a> regulates the commercial use of personal information in Alberta, enforced and supervised by the Information and Privacy Commissioner of Alberta<\/a>.<\/p>\n\n\n\n Secondly, British Columbia\u2019s Personal Information Protection Act (PIPA)<\/a> regulates the commercial use of personal information in British Columbia, enforced and supervised by the Information and Privacy Commissioner of British Columbia<\/a>.<\/p>\n\n\n\n Lastly, Quebec\u2019s Act Respecting the Protection of Personal Information in the Private Sector<\/a> regulates the commercial use of personal information in Quebec, enforced and supervised by the Commission d\u2019acc\u00e8s \u00e0 l\u2019information du Qu\u00e9bec<\/a>.<\/p>\n\n\n\n Try Cookiebot CMP for free today<\/a><\/p>\n\n\n\n Scan your website to see what cookies are in use<\/a><\/p>\n\n\n\n Canada\u2019s PIPEDA has been in force since 2000 and reflects a pre-GDPR time of data protection (although it has been amended several times in response to changes in global data privacy).<\/p>\n\n\n\n The biggest similarities<\/strong> between PIPEDA and GDPR are \u2013<\/p>\n\n\n\n The biggest differences<\/strong> between PIPEDA and GDPR are \u2013<\/p>\n\n\n\n With the impending 2021 overhaul of PIPEDA<\/a>, which will repeal and replace large parts of the law with the new Consumer Privacy Protection Act (CPPA), Canada\u2019s data protection regime might move even closer to EU\u2019s GDPR, bringing even stronger data privacy to Canadian users than PIPEDA offers currently.<\/p>\n\n\n\n Canada\u2019s PIPEDA is a strong and veteran data privacy law that like its EU counterpart, the GDPR, provides for a substantial consent regime, which empowers Canadian residents with actionable and enforceable rights over the personal information they share every day online.<\/p>\n\n\n\n PIPEDA requires your website to obtain the valid consent<\/strong> from users before collecting or using any of their personal information, and to inform users about the details of your website\u2019s data collection processes<\/strong>.<\/p>\n\n\n\n Cookiebot CMP<\/a>\u00a0by\u00a0Usercentrics<\/a>\u00a0is a plug-and-play PIPEDA compliance solution that can automate all data privacy requirements for your website.<\/p>\n\n\n\n Cookiebot CMP\u00a0offers full and automated compliance with not only Canada\u2019s PIPEDA, but the\u00a0EU\u2019s GDPR<\/a>,\u00a0UK\u2019s GDPR<\/a>,\u00a0California\u2019s CCPA\/CPRA<\/a>,\u00a0Brazil\u2019s LGPD<\/a>,\u00a0South Africa\u2019s POPIA<\/a>,\u00a0Singapore\u2019s PDPA<\/a>\u00a0and many others.<\/p>\n\n\n\n![\"Person](\"\/media\/4047\/michelle-spollen-p22afmgmuuc-unsplash.jpg?width=217&&mode=max\")
\n
![\"Person](\"\/media\/4048\/stefan-spassov-hkn2zde2ga4-unsplash.jpg?width=354&&mode=max\")
PIPEDA compliance with Cookiebot CMP<\/h2>\n\n\n\n
![\"Cookieboot](\"\/media\/4333\/consent_en.png?width=500&\")
Canada\u2019s PIPEDA, in detail<\/h2>\n\n\n\n
The 10 PIPEDA Principles<\/h3>\n\n\n\n
<\/strong>Scan your website for free to detect and control them all<\/a><\/p>\n\n\n\n\n
![\"Canadian](\"\/media\/4049\/john-lee-omneobyhjxy-unsplash.jpg?width=360&&mode=max\")
PIPEDA Principle 1 \u2013 Accountability<\/h3>\n\n\n\n
PIPEDA Principle 2 \u2013 Identifying Purposes<\/h3>\n\n\n\n
PIPEDA Principle 3 - Consent<\/h3>\n\n\n\n
![\"Flagpole](\"\/media\/4050\/hermes-rivera-ahhn48-zkwo-unsplash.jpg?width=367&&mode=max\")
\n
\n
![\"Toronto](\"\/media\/4051\/alex-shutin-uhn-u0ssxfq-unsplash.jpg?width=377&&mode=max\")
PIPEDA Principle 4 \u2013 Limiting Collection<\/h3>\n\n\n\n
PIPEDA Principle 5 \u2013 Limiting Use, Disclosure, and Retention<\/h3>\n\n\n\n
PIPEDA Principle 6 \u2013 Accuracy<\/h3>\n\n\n\n
![\"Toronto](\"\/media\/4052\/james-thomas-ug-m_ngzmfm-unsplash.jpg?width=363&&mode=max\")
PIPEDA Principle 7 \u2013 Safeguards<\/h3>\n\n\n\n
\n
PIPEDA Principle 8 \u2013 Openness<\/h3>\n\n\n\n
\n
PIPEDA Principle 9 \u2013 Individual Access<\/h3>\n\n\n\n
\n
PIPEDA Principle 10 \u2013 Challenging Compliance<\/h3>\n\n\n\n
![\"Road](\"\/media\/4053\/matthew-henry-_xytu0lcvwo-unsplash.jpg?width=363&&mode=max\")
PIPEDA and provincial data privacy laws<\/h2>\n\n\n\n
PIPEDA and Alberta, PIPEDA and British Columbia, PIPEDA and Quebec<\/h3>\n\n\n\n
![\"Person](\"\/media\/4054\/guillaume-jaillet-eiwcd0414xq-unsplash.jpg?width=366&&mode=max\")
PIPEDA vs GDPR<\/h2>\n\n\n\n
\n
![\"Combined](\"\/media\/4055\/canada-eu001.jpeg?width=365&&mode=max\")
\n
Summary of Canada\u2019s PIPEDA<\/h2>\n\n\n\n
PIPEDA compliance with Cookiebot CMP<\/h3>\n\n\n\n