Where does data portability stand today in Canada?
Bill C-27: Digital Charter Implementation Act, 2022
Bill C-27 is a reworking of Bill C-11, which was introduced in 2020 but fell through with the announcement of the federal election.¹ The currently proposed Consumer Privacy Protection Act in the Digital Charter Implementation Act includes the enablement of the following:
- Increasing control and transparency when organizations handle Canadians’ personal information.
- Giving Canadians the freedom to move their information from one organization to another in a secure manner.
- Ensuring that Canadians can request that their information be disposed of when it is no longer needed.²
At the time of writing, Bill C-27 is on its second reading stage in Parliament.
Québec’s Bill 64
On September 22, 2021, the Québec Government adopted Bill 64. The law affords individuals increased rights and control over their personal information, and increases the requirements of public and private sector organizations that hold personal information, including compliance with the collection, storage, sharing and retention of personal information.³
While these regulatory changes are coming into force in Canada, other jurisdictions have already witnessed and embraced this regulatory change. The EU introduced the General Data Protection Regulation (GDPR) in 2018 and Australia adopted the Customer Data Right (CDR) reform in 2017, just two examples of evolving regulatory reforms. This regulatory framework will be supported with open banking legislation, which will include requirements for what data is in scope and the API specifications. The legislation will outline the necessary guidelines that enable customer data to be seamlessly exchanged between financial institutions, given their explicit consent.
Summary
The data portability movement is a business world manifestation of changes we’re witnessing in social contracts that underpin our social, political and economic models.