The Consumer Privacy Protection Act (CPPA) falls under the umbrella of the Digital Charter Implementation Act (DCIA). DCIA, introduced in June 2022, proposes legislation that intends to increase legal protections for Canadians’ personal information when collected and used for commercial purposes.
CPPA closes a number of privacy gaps that existed in the previous PIPEDA legislation and introduces stricter standards for data governance and control. It also implements a new Personal Information and Data Protection Tribunal that has much greater power to enforce rules and levy fines and other sanctions against organizations that fail to comply.
Although the proposed new rules must still work their way through the legislative process, it is likely that Canadian businesses will need to comply with stricter data protection laws in the next year or two. In this article, we’ll explain the most significant changes proposed by CPPA and how they could affect Microsoft customers that collect and use consumer data.