Canada's Privacy Commissioner Ends Effort to Require Consent for Transborder Data Transfer
Time 1 Minute Read
Categories: Information Security, International

On September 23, 2019, the Office of the Privacy Commissioner of Canada (“OPC”) announced that it completed its consultation on transfers for processing and that the OPC’s current guidelines for processing personal data across borders remain unchanged. Under these guidelines, consent for transfers to data processors generally is not required.

The OPC launched its consultation on the issue of transfers for processing on April 9, 2019, after investigating the massive Equifax data breach and finding that consent was required, but not obtained, for the transfer of personal information from Equifax Canada for processing by its U.S. affiliate. That conclusion was in tension with the OPC’s guidelines, which generally require that companies obtain consent to disclose personal data to controllers but not to processors, regardless of location. The OPC proposed erasing this distinction and requiring businesses to obtain consent before transferring data to processors. The OPC received 87 comments, the vast majority of which opposed the proposal.

Tags: Canada, Cross-Border Data Flow, Data Processor, Data Protection Authority, Data Transfer
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
Data Protection Authorities Globally Highlight Privacy Issues in AI Image Generation

On February 23, 2026, a Joint Statement on AI-Generated Imagery was published by 61 data protection authorities. The Joint Statement addresses concerns regarding AI systems capable of generating realistic images and videos depicting identifiable individuals without their knowledge or consent.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
The Federal Aviation Administration Adopts New Airworthiness Directive for Bombardier Inc. Airplanes
The Federal Aviation Administration Adopts New Airworthiness Directive for Bombardier Inc. Airplanes
By and

On February 17, 2026, the Federal Aviation Administration (FAA) issued a final rule adopting a new airworthiness directive (AD) for certain Bombardier Inc. airplanes. This new AD requires locking features to be installed on applicable network interfaces to prevent unauthorized network access. FAA seeks 45-day public comment on any written data, views, or arguments associated with this final rule, ending on April 3, 2026.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
China CAC Issues Guidance on CBDT Security Management

On January 30, 2026, the Cybersecurity Administration of China released a Q&A document on policies and regulations for the security management of cross-border data transfers. 

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Brazil and the European Union Reach Agreement to Recognize Mutual Adequacy in Personal Data Protection

On January 26, 2026, the Brazilian data protection authority (“ANPD”) announced that Brazil and the European Union agreed to mutually recognize the adequacy of each other’s data protection networks.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page