(5) The Canadian Personal Information Protection and Electronic Documents Act ("the Canadian Act") of 13 April 2000(3) applies to private sector organisations that collect, use or disclose personal information in the course of commercial activities. It enters into force in three stages:
As from 1 January 2001, the Canadian Act applies to the personal information, other than personal health information, that an organisation, which is a federal work, undertaking or business, collects, uses or discloses in the course of commercial activity. These organisations are found in sectors such as airlines, banking, broadcasting, inter-provincial transportation and telecommunication. The Canadian Act also applies to all organisations that disclose personal information for consideration outside a province or outside Canada and to employee data relating to an employee in a federal work, undertaking or business.
From 1 January 2002, the Canadian Act will apply to personal health information for the organisations and activities already covered in the first stage.
As from 1 January 2004, the Canadian Act will extend to every organisation that collects, uses or discloses personal information in the course of a commercial activity, whether or not the organisation is a federally regulated business. The Canadian Act does not apply to organisations to which the Federal Privacy Act applies or that are regulated by the public sector at a provincial level, nor to non-profit organisations and charitable activities unless they are of a commercial nature. Similarly it does not cover employment data used for non-commercial purposes other than that relating to employees in the federally regulated private sector. The Canadian Federal Privacy Commissioner may provide further information on such cases.
(9) The Canadian Act covers all the basic principles necessary for an adequate level of protection for natural persons, even if exceptions and limitations are also provided for in order to safeguard important public interests and to recognise certain information which exists in the public domain. The application of these standards is guaranteed by judicial remedy and by independent supervision carried out by the authorities, such as the Federal Privacy Commissioner invested with powers of investigation and intervention. Furthermore, the provisions of Canadian law regarding civil liability apply in the event of unlawful processing which is prejudicial to the persons concerned.
(1) OJ L 281, 23.11.1995, p. 31.
/n
(2) WP 12: Transfers of personal data to third countries: applying Articles 25 and 26 of the EU data protection directive, adopted by the Working Party on 24 July 1998, available at http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/wpdocs_98.htm
/n
(3) Electronically published (paper and web) versions of the Act are available at http://www.parl.gc.ca/36/2/parlbus/chambus/house/bills/government/C-6/C-6_4/C-6_cover-E.html and http://www.parl.gc.ca/36/2/parlbus/chambus/house/bills/government/C-6/C-6_4/C-6_cover-F.html. Printed versions are available at Public Works and Government Services Canada - Publishing, Ottawa, Canada K1A 0S9.
/n
(4) Opinion 2/2001 on the adequacy of the Canadian Personal Information and Electronic Documents Act - WP 39 of 26 January 2001 available at http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/index.htm