Canadian Insights from the California Consumer Privacy Act (CCPA)

In June last year, the California Consumer Privacy Act was passed. This consumer data privacy bill will have a broad impact on businesses across the United States and around the world. Here in Canada, we have our own consumer data privacy act, The Personal Information Protection and Electronic Documents Act or PIPEDA.

Consumer data privacy bills have been debated and passed all over the world. Previously, we’ve written about the CCPA and the European Union’s General Data Protection Regulation (GDPR).


PIPEDA is a federal regulation that establishes the rules for how private-sector organizations must handle the personal consumer data they collect. PIPEDA was drafted based on 10 Fair Information Principles, including accountability, consent and the appropriate data protection measures.

The Canadian legislation refers to the commercial collection, use or disclosure of personal information.

Commercial organizations are required to obtain an individual's consent when they collect, use or disclose that individual's personal information. Consumers have the right to request and access the personal information collected on them and held by an organization. They also have a right to challenge its accuracy. Organizations must only use the information collected for the express purpose of collection. If the intended use of personal information changes, they must request consumer consent again. Consumers must also be assured that their personal information is sufficiently protected.

PIPEDA is a good start for Canadian consumer data privacy. There are two key elements of the CCPA that could be integrated to strengthen the breadth and width of consumer data privacy in Canada. The CCPA gives consumers three main rights. The Right to Know, The Right to Opt Out and The Right to Delete. The Right to Opt Out could augment current Canadian legislation.

While current legislation allows Canadians the ability to re-consent (or not) to additional uses of their personal data, more rigorous legislation is required to provide Canadians the right to opt out of the sale of their personal data. Increasingly, additional uses of consumer personal data include selling insights on consumer trends and preferences in an effort to monetize data.

The second area of augmentation relates to the national and international protection of Canadian consumer data. PIPEDA applies to for-profit organizations in Canada, who aren’t covered under another piece of data privacy legislation. British Columbia, Alberta and Quebec have privacy legislation that is deemed “substantially similar” to PIPEDA. PIPEDA may also be superseded in cases where there is substantially similar regulation concerning the collection and/or use of personal health information.

As data flows across provincial and national borders and is stored on servers in countries around the world, Canadian consumers need more robust data privacy protection.

Canadians are at risk of having their personal data monetized by international businesses, without their knowledge or consent and without ever being compensated.

This is one of the things that Sightline Innovation’s Datatrust was designed to combat. SID is the only distributed AI software solution that allows data owners complete data sovereignty. SID puts consumers in complete control of their data and gives them the means to monetize it.

A Datatrust establishes a technology framework that enables the control and sovereignty of data assets between trusted data partners. SID is for any organization that would like to share their data without sacrificing their ability to retain data ownership or benefit from related monetary gains. At Sightline, we believe that data should belong to and be governed by those who create it.

About SID


Our latest product is a smart-contract platform to secure and monetize your data and the latest addition to our family of AI products.