TrustArc Blog

Canadian Data Privacy Issues – TrustArc Participates in the Inaugural DAAC Summit in Toronto

October 04, 2018

On September 28, 2018, TrustArc was pleased to participate at the Digital Advertising Alliance of Canada (DAAC)’s inaugural Summit, which brought together leaders from across the marketing, advertising technology, law firm, brand, and broadcasting spaces to discuss the critical data privacy issues of the day.

From the 63rd floor offices of Osler law firm on a sunny Toronto day, industry and regulators interfaced to look at where privacy matters are–and where they are going–for data-driven Canadian advertisers and marketers in particular.   

TrustArc Senior Counsel, Darren Abernethy, took part in an interactive panel discussion entitled The Global Effects of EU Regulations, which honed in on what Canadian companies need to know and action-on, now that the GDPR is in effect and the ePrivacy legislative process may be inching closer to completion.  

A key theme was that of accountability–using the proper combination of people, process and technology to be able to document and demonstrate to the C-suite, customers, vendors and regulators not only that an organization proactively complies with privacy laws and regulations,  but that, for GDPR purposes, it does so while putting the data subject firmly in control of his or her data. As illustrated throughout the Summit, when done with care, this can be highly valuable and business-enhancing. The panel further addressed topics of:

  • email marketing consent (Canadian Anti-Spam Law vs. the EU vs. the U.S.);
  • the possibility of legitimate interests as a basis for processing data in the ads industry;
  • the takeaways and tea leaves from headline-grabbing recent lawsuits filed against prominent digital advertising powerhouses;
  • areas where the first GDPR enforcement actions are likely to come (on the heels of a Canadian company being the first to receive a GDPR formal notice from the U.K. ICO);
  • what the extraterritorial application of EU law means for companies globally;
  • the intersection of GDPR and the draft ePrivacy regulation, and where mechanisms such as the IAB Europe Transparency & Consent Framework–for which TrustArc is a Consent Management Provider (CMP)–fit in; and
  • what an update to PIPEDA could look like that would preserve EU adequacy while maintaining Canada’s special role in data protection globally (hint: a greater emphasis on start-up/SME realities, a continuation of the reasonableness standard and “appropriate purposes,” and building out specifics around certifications, codes of conduct, seals and global interoperability with other frameworks, such as APEC CBPRs and PRPs.

The audience was highly engaged, and the session was allowed to run long in order to accommodate the Q&A interest.  Other panels during the DAAC Summit included discussion of avoiding algorithmic bias, brand trust, recent self-regulatory enforcement actions and best practices, the DAA family’s global expansion, the Canadian Office of the Privacy Commissioner’s 2018/2019 priorities (including being granted more powers for enforcement), and what the next great Canadian privacy innovations may be.

To learn more about how TrustArc can assist your company with technology solutions, consulting or privacy assurance programs, contact TrustArc today for more information or to set up a complimentary demonstration.