GDPR an Example for the World? Be Careful of Fool’s Gold...


Remember all the spam you got when companies concluded they needed expressed consent under the Canadian Anti-Spam Legislation to keep sending you emails? You would receive an email from a Nigerian prince advising that, while he does not currently have any lucrative commissions on a business transaction for you, he would still like to have your consent to continue sending you email offers. The same thing occurred in Europe leading up to the implementation of the General Data Protection Regulation (GDPR) on May 25. Similarly, California will be putting into action the California Consumer Privacy Act
of 2018.

The debate is happening now in Canada. There is pressure on the government to redefine consent, increase penalties for non-compliance and increase transparency obligations, even though the new breach notification regulations under Canada’s Personal Information The traditional business model is also affected. The idea that an app was free was never accurate—if you’re not paying for something, then you’re the product, as the saying goes. Disrupting this model could increase the cost of apps and other digital services or platforms and stifle innovation.

Data and the techniques and technologies employed to collect and analyze it will allow us to solve some of the world’s most pressing economic, social and environmental problems. Data is now the engine of economic growth and prosperity. Countries that promote data availability and use it for societal good and economic development will lead the fourth industrial revolution and give their citizens a better quality of life. But to seize this opportunity, people and businesses need to be able to share data with one another.

The right framework for Canada’s data economy is one that both creates trust and incentivizes innovation. In this new world, we cannot ignore the role that companies that are yet to be created will play—both as innovators and wealth creators. Canada’s framework for the data economy must help SMEs start up, grow and become world leaders in the digital space.

Protection and Electronic Documents Act (PIPEDA) do not come into force until November 1, 2018.

This is a reaction to massive security safeguard breaches and declining trust. On the surface, this seems like a good idea—let’s give back control of personal data to the individual. However, the wholesale wresting of personal data away from the companies that collect it shatters the social contract of the service/data exchange that apps are built on and disrupts decades-old established business models.

There are many costs to this new regime in Europe. The obvious one is compliance— acquiring the technology to successfully respond to individual requests for data transparency, retooling for data portability and extracting personal data across multiple 


Finally, regulatory overreach could disrupt the free flow of information, which is one of the digital age’s greatest benefits. For instance, the Los Angeles Times has responded to GDPR by cutting access to its website in most European countries—something that goes against the basics of the internet.

Ironically, none of these new rules will have any impact on how data is protected. Almost half of IT decision makers in the EU note that cyber attackers will still find a way to access almost anything they want. More needs to be done to go after those who cause the most harm, such as those who engage in cybercrime and fraud. Government agencies should follow the money and prosecute those who commit fraud online.

– Scott Smith, Director

Canadian Chamber of Commerce

Posted on:
Friday, August 10, 2018