June 18, 2021, Posted By John M

Internet Privacy Laws in Canada: Here’s What to Know

Internet Privacy Laws in Canada

Internet privacy laws in Canada are in place to protect Canadian citizens. They exist to safeguard citizens against invasions of internet privacy and have undergone several key changes over the years. Each year poses new, interesting privacy challenges in the digital world.

Countries are always trying to keep up with the changing needs of citizens. This effort is designed to maintain a delicate balance between privacy and safety.

Today, we’ll review some of the current Canadian laws on internet privacy. We also explore how they protect Canadian citizens from unreasonable searches – and undisclosed use – of their information.

The Personal Information Protection and Electronic Documents Act (PIPEDA)

Consumers are increasingly concerned about the use (and potential misuse) of their information. They are more interested in protecting their digital privacy than ever before.

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a set of internet privacy laws designed to do exactly that. PIPEDA consists of a series of obligations and recommendations to ensure companies comply with the law regarding how they handle personal information.

Canada’s Personal Information Privacy Laws Explained

According to PIPEDA, companies cannot collect, use, or disclose personal information without consent. PIPEDA outlines ten principles to adhere to when collecting, using, or disclosing personal information.

Some of these principles are obligations, while others are recommendations. We review each below. Still, we recommend a deeper dive that explores the complete legal documents or consulting with an internet privacy attorney when your privacy is compromised.


The principle of accountability designates the company as responsible for upholding compliance. It makes it the company’s duty to protect personal data and uphold compliance during everyday activities.

This means every company you deal with should have someone in charge of upholding data and personal information compliance.

If you are concerned about privacy, reach out to the company and inquire about their privacy policy and protocols.

Identifying Purposes

If a business collects personal information and data, it must be clear about why it collects that information. The purpose for collection must be clear before collecting the information.

Internet privacy laws in Canada center around transparency. And companies must be upfront about why they request your personal information and how they will use it.

Before giving out your identifying information, make note of how that company plans to use it. Make sure they operate the confines of consent by monitoring their use of your information.


In Canada, you have the right to know if companies collect personal information about you. You also have the right to know how they’ll use it and if they will disclose it to third parties. The only exception is when disclosure would be inappropriate.

When submitting your information online, the website should detail future use of that information at the beginning. If they email you sales offers, they have to tell you they will do so.

Limiting Collection

The limiting collection principle states that businesses must only collect the information they will need for the purposes identified and consented to by that individual.

For example, if a customer places an order, it may be necessary to collect their name, phone number, address, and payment information. But it will not be necessary to collect their social profiles or other pieces of data not absolutely required.

If you suspect a company went outside the scope of their information collection, remain calm. Contact the company with your concerns, and learn if they can back up their actions with documentation.

It is possible you forgot about completing their form. And you may remember consenting once you have an open discussion.

Limiting Use, Disclosure & Retention

The limiting use, disclosure, and retention principle states that businesses must use and disclose the information only in the way that was expressed to the individual prior to their consent.

If a company says it must collect its information, it may not use that information for marketing campaigns or other purposes.

Companies are limited to what the customer has consented to. And, they must obtain additional consent to use the information in other ways.

This principle also covers the retention of a person’s information. It states that companies may only store information for as long as needed to fulfill the original purpose.

Simply put, this means your information must only be used for the reason you were told. Companies cannot collect your information for one reason and then use it for other reasons. They must first get consent.

Whether they get consent for multiple uses at once or for one use at a time, you should be informed about any data collection at all times.

Also, they must dispose of your information within a reasonable time frame after the original purpose is fulfilled.


Businesses must do due diligence to ensure that all information is up-to-date and accurate. If a business holds outdated personal information, then it likely no longer needs it.

You can do your part to help companies keep accurate records. Update any accounts you still use to ensure personal information accuracy. You can also reach out to companies you no longer use and request they delete your personal information.


The safeguard principle is one of the most important for consumers. They want to feel confident their data is safe, and internet privacy laws in Canada take this into account.

This principle says that businesses must safeguard all personal information with proper security protocols. This includes measures to protect against “hacks” and other disclosures that may compromise personal info.

Protect yourself by using sites and companies that have safe and secure internet browsing. Be sure you send all purchase and account data over a secure payment processing portal.

It may be the company’s job to protect your data, but it’s important that you also remain diligent on your end.


This principle is all about transparency. It requires companies to make their information management protocols available to individuals upon request.

Companies should be prepared to answer questions about data protection policies and procedures. If interested, you may find their privacy policy on their website.

If you can’t find any published materials, reach out to customer service. They should be able to connect you with someone who can provide the desired information.

Individual Access

Building on the openness and accuracy principles above, the individual access principle allows individuals to request access to their collected information. This includes info about any use or disclosure of that information.

Individuals may also request corrections to their personal information.

Companies must track how they use your personal information. They must also store it and make it easy to pull when you request your records.

Challenging Compliance

You have the right to challenge a company’s compliance. Upon request, a company must direct you to the person charged with upholding compliance. You should also be provided assurances that the firm is compliant with all privacy laws.

Whoever is in charge of compliance should have a strategy for handling compliance challenges. If you think a company is noncompliant, request a meeting with the person in charge. This an effective way to ensure your data is safe.

Are You Unwittingly Consenting to Information Collection?

You may sometimes consent to your data collection without even knowing it.

Have you ever authorized a company’s use of HTTP cookies to track your preferences? Chances are, you checked a box authorizing the collection of your data and browsing history.

Take a look at these common internet privacy FAQs so that you can be prepared to protect your own personal information online.

Regardless of how much you know, it’s important to always learn and improve your privacy practices. Laws and regulations change constantly. Stay up-to-date on changes by reading blogs from expert sources regularly.

Take time to learn how to avoid common Google Chrome privacy issues/. Read up on new ways to protect online privacy in 2021. Check out some of the many internet security tools now available.

Want more information about internet privacy laws in CanadaCall our experts today!