privacycanada.net Open in urlscan Pro
162.159.134.42  Public Scan

URL: https://privacycanada.net/gdpr-pipeda-guide/
Submission Tags: falconsandbox
Submission: On September 14 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

GET /

<form action="/" method="get">
  <input type="text" placeholder="Search" name="s" class="">
</form>

Text Content

logo v0.6
 * News
 * VPN Essentials
   * Best VPN Services
   * Best Cheap VPN
   * Best VPNs for Netflix
   * Best VPN Routers
   * icon/40x40/-flag canada Free VPNs
   * VPN for Android
   * icon/40x40/-flag canada VPN for iOS
   * icon/40x40/-flag canada VPNs for Kodi
   * VPN Scams to Avoid
   * icon/40x40/-flag canada Meilleur VPN
 * Reviews
   * icon/90x50/-logo#1 NordVPN
   * icon/90x50/-logo#2 Surfshark
   * icon/90x50/-logo#3 ExpressVPN
   * icon/90x50/-logo#4 VyprVPN
   * icon/90x50/-logo#5 Private Internet Access
   * icon/90x50/-logo#6 Windscribe
   * icon/90x50/-logo#7 CyberGhost
   * icon/90x50/-logo#8 Avast SecureLine
 * Privacy Tools
   * icon/40x40/-#18 Strong password generator
   * icon/40x40/-#11 Online Privacy Guide
   * icon/40x40/-flag canada Internet Safety for Kids
   * icon/40x40/-#13 Malware Scanners
   * icon/40x40/-#14 Ad Blockers
   * icon/40x40/-flag canada Secure Emails
   * icon/40x40/-#16 Private Search Engine
   * icon/40x40/-#17 Secure Browsers
   * icon/40x40/-#19 Home Security
   * icon/40x40/-#20 Security Cameras
 * About us
   * Our Mission
   * icon/40x40/-flag canada Our Team
   * icon/40x40/-#22 Testing
   * icon/40x40/-#23 Research
   * icon/40x40/-flag canada Encryption
   * icon/40x40/-#25 How We Make Money
   * icon/40x40/-#26 Contact Us
   * icon/40x40/-flag canada Work With Us


Add Your VPN Review


Privacy Canada is community-supported. We may earn a commission when make a
purchase through one of our links. Learn more.


THE GDPR AND WHAT IT MEANS FOR CANADA

LUDOVIC REMBERT

Last Updated on August 12, 2021
 * 
 * 
 * 



The GDPR is one of the most important pieces of data protection legislation to
come out in the last 20 years. It outlines a set of comprehensive guidelines for
all members of the European Union to follow and it concerns data privacy and
protection laws for any business is using their customers’ data.

Given the proliferation of data used in marketing and profile creation by
companies across the world, this has resulted in a major shakeup of data
legislation and has already had wide-ranging ramifications.

Below, you can find a record of the GDPR and what it means for Canadian
legislation and its companies. You’ll also find an explanation of the most
similar collection of regulations to the GDPR in Canada – PIPEDA. Further, you
can find a record of recent new stories concerning the GDPR and its effects on
Canada as well as important documents explaining both pieces of legislation.


WHAT IS THE GDPR?

The GDPR, or General Data Protection Regulation, is a regulation that replaces
the Data Protection Directive formally followed by members of the European
Union. The GDPR was agreed upon in April 2016 and came into effect in spring
2018, with a compliance deadline for companies affected by the GDPR of May 25,
2018.

The GDPR has had wide-ranging consequences for digital businesses both in the EU
and across the world, as it not only affects companies hosted by the EU or its
member states but also companies that do business with citizens of those member
states. Thus, the GDPR is perhaps the widest-ranging Internet information
legislation passed so far.



The GDPR is a lengthy document, but the major sticking points for its
requirements – and those that apply to every member of the European Union –
include:

 * the anonymization of collected data in order to protect citizens’ privacy
 * the requiring of consumers’ consent for their data to be processed
 * the providing of notifications to consumers if their data is lost or breached
 * the safe handling of data transfers across country borders
 * the requiring of a data protection officer, appointed by companies
   themselves, to ensure GDPR compliance

Basically, the GDPR requires that companies who do business with EU citizens’
data (which essentially means every company in the modern era) must take certain
steps to protect that data. This includes both the processing and the movement
of data, as well as its sale and potential use or misuse by the first company or
any other companies.


WHAT IS CONSENT?

Consent, as described by the GDPR, is only measurable if it is on ambiguously
given by the individual in question. Therefore, any customer whose data will be
used by a company or service must explicitly give consent for their data to be
used in either a written or verbal manner.



Former methods of consent, as permitted by the previous Directive, are no longer
acceptable. These illegal means of obtaining consent include:

 * Opt-out consent, which assumes consent on the part of an individual unless
   they state otherwise.
 * Implied consent, such as data processing necessary for drawing up a contract.
 * Consent derived from an imbalance of power.
 * Continual consent, such as that gained from companies when they switch a
   customer from one plan to another.

Under the GDPR, consent must be:

 * Explicit
 * Repeated whenever a customer changes services or contracts
 * Specific
 * Include an option for withdrawal or refusal
 * Knowledge of direct marketing
 * The withdrawal or refusal of consent must be as easy as giving consent, and
   users must be informed of this right
 * Above 16, otherwise requiring parental consent


HOW FAR DOES THE GDPR REACH?

There has been some confusion about the reach of the GDPR since it is an EU law.
Of course, the GDPR is applicable to any company within the EU. This law affects
every member state of the coalition so that every state doesn’t need to write
different laws that may come into conflict with one another.



Additionally, any EU company that markets goods or services to EU residents is
subject to the GDPR. This includes companies based in other countries. As an
example, Amazon, which sells to customers across the world, is subject to the
GDPR’s requirements if they sell products to an EU citizen. This is why the GDPR
has had such wide-ranging effects on global commerce.

Already, this has produced significant strain for companies without the
resources or foresight to adjust their behavior, resulting in several fines or
in some companies ceasing delivery or services to EU citizens.


GDPR SPECIFICS

Canadians business owners need to be aware of the major articles within the GDPR
that directly affect their operations and commerce.

Articles 17 and 18 both give consumers more control over their personal data,
even and especially if it is processed automatically by a website or system.
This “right to portability” also allows consumers to transfer their personal
data between service providers much more easily than before. This encourages
customers to switch Internet service for wireless service providers more
frequently in search of a better deal.

Additionally, article 18 ensures that consumers have the right to erase their
personal data under specific circumstances – this is called the “right to
erasure”.

Articles 23 and 30 require that all companies handling data for their customers
implement reasonable data protection measures. This will defend their customers’
data from exploitation and prevent their data or privacy from being lost or
unduly exposed. This is relevant both to misuse by the company itself and by
outside forces or individuals.

Article 31 and 32 concern data breach notifications. Specifically, article 31
requires that any data controllers (meaning any employees who handle personal
data to any degree) must notify any supervisory authorities (which can include
managers or chief executive officers) to personal data breaches within 72 hours
of initially learning of said breach. Specific details about the breach must
also be provided; this includes the nature of the breach and how many data
subjects are affected.



Article 32 then covers the customer side of things. Specifically, it requires
that data controllers must tell the subjects of that data as soon as possible
that their data was breached or lost, especially when their rights or freedoms
are placed at risk.

Articles 33 and 33a both involve Data Protection Impact Assessments. These are
required procedures that companies must undergo to preemptively identify risks
to their customers’ data. They must also perform Compliance Reviews; these
ensure that any risks that are identified are addressed rather than being
ignored or dismissed as unlikely.

Article 35 concerns the aforementioned data protection officers. It describes
that any company which handles data about a customer or subject’s health,
demographic information, genetic information, or other important (i.e.
identifying) data must also have a designated data protection officer. Such
officers’ duties involve advising their host companies about GDPR compliance and
to act as intermediaries between supervisory authorities and GDPR officials.

Naturally, the vast majority of companies who handle any kind of data at all
will require a data protection officer automatically. However, it is not
specified that the data protection officer needs to be a new employee; companies
may transition an existing employee into the role provided that the position’s
duties are fulfilled adequately.

Thus, Articles 36 and 37 are written to outline the position of data protection
officer and make sure that its responsibilities are crystal-clear. This involves
procedures for ensuring GDPR compliance and procedures involving supervisory
authority reporting.

Article 45 is about extended data protection requirements. This relates to
international companies, identifying them as subject under the GDPR regulations
if they handle data about EU citizens. It’s essentially there to make sure no
international company escapes the GDPR’s net.

Finally, Article 79 talks about GDPR noncompliance penalties.


WHAT ARE THE CONSEQUENCES OF GDPR NONCOMPLIANCE?

While the EU’s former data regulatory measure, the Data Protection Directive,
had relatively lax penalties, the GDPR has much more severe consequences for
noncompliance. In this new legislation, supervisory authorities have much more
authority to enact meaningful change for consequences in their employing
companies. In addition, supervisory authorities can now investigate and correct
any noncompliance issues they find.



Other powers include the ability to perform audits to ensure compliance, issue
warnings, demand that companies make specific improvements, prescribe deadlines
for those improvements, order the erasure of citizens’ data, and prevent
companies from transferring data to other companies. Any data controllers – that
is, employees that handle the data of customers – are subject to the powers of
supervisory authorities.

Additionally, the GDPR provide supervisory authorities the ability to issue much
larger fines than before. Any noncompliance fine is determined based on the
circumstances of the error, and fines are not necessary unless a supervisory
authority deems it necessary. Fines may be up to two or 4% of global annual
turnover, or €10 million or €20 million, whichever is greater.


WHAT DATA DOES THE GDPR APPLY TO?

Broadly speaking, the GDPR applies to any personal data, just like its
predecessor, the Data Protection Act. This includes personal but general data,
such as an individual’s IP address. But it also includes sensitive data that is
unique to an individual – this is distinct from data like the above IP address,
which could theoretically be used by more than one individual.

Sensitive data includes genetic or biometric data. It’s generally understood as
data that cannot be shared with another person. Personal data also includes
names, photos, email addresses, bank details, or posts on social networking
websites.


WHO DOES THE GDPR APPLY TO?

As described above, any company that sells or markets goods or services to any
EU residents, no matter that company’s location, must adhere to the regulations
described in the GDPR. If they fail to comply with these regulations, they must
pay the requisite fines or make improvements.

At this time, any websites that are not GDPR compliance are not accessible by EU
member states. As an example, both the Chicago Tribune and the LA Times were
temporarily blocked to members of the EU until they achieved GDPR compliance.


WHAT ARE THE GOALS OF GDPR?

The GDPR is clearly an extensive piece of legislation, but what are its goals
and to its current directives make measurable progress toward those goals?



The GDPR’s purpose is to define standardized data protection laws across all
member countries in the European Union. Before the 1990s Directive, data
protection laws were largely left up to the decisions of each member state,
which made commerce and law enforcement a much more complicated and difficult
affair. In addition, consumers’ data rights were not very well known and were
frequently violated by companies for the purposes of exploitation.

By standardizing data protection laws across the entirety of the EU, the GDPR
will reportedly:

 * improve the privacy and data rights of all EU residents
 * help those residents understand their personal data use
 * address personal data exportation outside the EU
 * provide regulatory authorities with better powers to act against companies or
   organizations who do breach the new regulations
 * simplify regulations for international businesses so they don’t have to
   remember separate data laws for each member state of the EU
 * require that new businesses abide by GDPR regulations

These goals are important in the modern economic world because users’ data is
arguably a commodity in and of itself.

Marketers and companies for all types of products and services use the data they
gather from both their consumers and the consumers of other websites or services
in order to better market their products to those consumers. Consider Facebook
or similar social networking websites. These websites frequently sell the data
they collect on their users to marketing companies, who then sell that data to
actual producing companies or services.

Armed with specific data, companies can then target an individual by providing
advertisements specifically tailored to their interests. Alternatively, they can
broaden their marketing efficacy by targeting specific demographics or
individuals.



Of course, this may seem discriminatory and its legality is very gray. One of
the biggest ways in which this type of data use is seen as bad is because it
necessarily uses information about individuals that may constitute “private
information”. A good example is browsing data, which marketing companies use to
extrapolate consumer habits or demographic facts.

This apparent violation of privacy is a part of the GDPR. Its primary focus is
on returning more privacy to the citizens of the EU.


WHAT DO GDPR LAWS MEAN FOR CANADA?

As a country with many companies and organizations that frequently do business
with EU companies or citizens, GDPR regulations are of chief concern to many of
Canada’s people. As a basic example, any Canadian website that allows the
purchase of its goods or services in euros or which provides deliveries to
European citizens will require compliance with the GDPR.

GDPR compliance for Canadian organizations and citizens is particularly
important because many Canadian privacy laws are already very similar to the
GDPR. Thus, it may be easy for companies or individuals to mistake compliance
when actually they are not in compliance.


PIPEDA

Canada has its own GDPR-esque legislation designed to protect the personal data
of consumers from private sector organizations across Canada. This Act – the
Personal Information Protection and Electronic Documents Act – was written to
provide rules for the collection, use, and disclosure of personal information
for all Canadian private businesses. It was originally enacted in 2000 but has
recently been updated in the wake of the GDPR.



PIPEDA currently applies to any private sector organization in Canada that uses
personal data in the course of a commercial activity. A commercial activity,
defined by this act, is any transaction, conduct, or action that is of a
commercial character. This includes buying, selling, leasing, fundraising, or
membership transitions.

However, the territories of Québec, British Columbia, and Alberta already have
similar private-sector privacy laws. These are very similar to PIPEDA and thus,
any organizations within those territories who follow those laws are often
considered exempt from PIPEDA so long as any transactions pertaining to those
companies or organizations happen within those provinces. If a company in
Alberta were to perform an international transaction, that transaction would be
subject to the regulations described by PIPEDA.

Like the GDPR, any businesses that operate in Canada and handle personal
information that crosses international or provincial borders at any point are
subject to PIPEDA regulation. As a result, it’s often easier for companies to
ensure PIPEDA compliance rather than territorial or provincial compliance.

Additionally, all federally regulated organizations in Canada are subject to
PIPEDA. This includes banks, airlines, telecommunications companies, and radio
and television broadcasters.

Under PIPEDA, personal information is defined as any factual or subjective
information that may or may not be recorded about an identifiable individual.
This includes similar factors as the GDPR’s definition, including age, ID
numbers, ethnic origin, blood type, credit records, and more. However, it also
includes more subjective information such as social media comments, social
status, opinions, or disciplinary actions.

PIPEDA does not cover business contact information that is solely used for the
purpose of communicating with an individual in relation to their profession or
their place of employment. In addition, PIPEDA does not cover the use or
disclosure of information strictly use for personal purposes, such as
information gained from a greeting card list. Any collection or use of personal
information for artistic, literary, or journalistic purposes is also not subject
to the regulations described by PIPEDA.

This tends to exclude nonprofit or charity groups, political parties and
associations, and artistic groups.



All Canadian businesses must follow 10 fair information principles, which are
laid out in Schedule 1 in PIPEDA:

 * accountability
 * identifying purposes
 * consent
 * limiting collection
 * limiting use, disclosure, and retention
 * accuracy
 * safeguards
 * openness
 * individual access
 * challenging compliance

PIPEDA consent also looks very similar to consent as described by the GDPR. The
main sticking points are as follows:

 * companies must obtain consent to collect or use personal information
 * information collected must only be used as an individual has consented
 * you must limit your collection and use of information to “what a reasonable
   person would consider appropriate in the circumstances”
 * individuals must have the ability to access and change or correct mistakes
   about their information at any time

Consent under PIPEDA is explicit, intentional, and specific.


DIFFERENCES BETWEEN THE GDPR AND PIPEDA

In a nutshell, PIPEDA is slightly less strict than the GDPR across several
aspects. As an example, Canadian companies are required to report any security
breaches that pose real risks of harm to subjects. However, this report must
come “as soon as feasible” rather than within 72 hours, as dictated by the GDPR.



However, there have been significant calls to update Canadian data protection
laws in the wake of the GDPR even further.


HOW TO ENSURE GDPR COMPLIANCE IN CANADA

All Canadian organizations should review their data processing operations and
compare them to the regulations described in the GDPR.

Firstly, all Canadian organizations or individuals subject to GDPR compliance
should physically read the document if they have the time. While it is written
in a very legal language, it is not difficult to read and is lengthier than it
is complex. Anyone already familiar with PIPEDA compliance guidelines should
find a lot that is similar in the GDPR.



An additional tactic is to examine other organizations affected by the GDPR. You
can either reach out to those organizations or companies directly and ask for
their advice on compliance or examine what they do outwardly and copy their
efforts.

Of course, your own website or company should be examined thoroughly. If you are
a part of an international company, you already must appoint a data protection
officer; this is one of their chief duties. Spend a lot of time examining your
data collection methods, both intentional and inadvertent, to ensure GDPR
compliance.

The GDPR will not discriminate between accidental and intentional breaches of
its regulations.

Good strategies involve mapping out how the data you collect enters your
systems, examining how the data is stored, investigating how the data is
transferred between different companies or across borders, and finally
investigating how the data is deleted (if at all). This will allow you to get a
good insight into how data moves throughout your organization and where you need
to pay closer attention or change your procedures.

You should also investigate any contracts or consent forms that you currently
have with EU citizens to make sure that the contract is in compliance with GDPR
regulations. It may be that your previous contracts or terms of the agreement
are not compliant. You should additionally review any contracts you have with
data processors (i.e. any employees in your company that handle the data of your
customers or consumers) to make sure that their duties are laid out correctly.

For instance, any data processor whose contract does not include GDPR
regulations may have ground to stand on if they claim that you are ordering them
to do something not in their contract.

It may also be a good idea to consult legal counsel. They may be able to
interpret your own contracts and the GDPR’s legislation and make sure there are
no blind spots you aren’t seeing and no compliance issues. As the GDPR has
already passed and the compliance deadline is long gone, there is no longer any
time to wait for data-using companies.



Finally, those Canadian companies who have already been PIPEDA-compliant in
recent years may find that the majority of their data infrastructure is already
GDPR-compliant. You can also rely on your PIPEDA compliance procedures to follow
the above advice, although it’s still important to be aware of the major
differences between the legislations.


RECOMMENDED DIGITAL PRIVACY TOOLS

 * Best VPN Services
 * Best VPNs for Netflix
 * Best Password Manager
 * Most Secure Browsers


RECENT GDPR NEWS IN CANADA

YEAR-ONE IMPACTS OF THE GDPR ON CANADIAN BUSINESSES

Thus far, the GDPR has already been significantly influential on Canadian
privacy law, in particular, because it has inspired updates to the Canadian
PIPEDA legislation. This is partially because many Canadian businesses also do
international business to one degree or another. It has been thought that
updating PIPEDA to make it more like the GDPR will improve business flow from
Canada to EU countries.

As a smaller example, many of the terms used in the GDPR are commonly used by
Canadian lawmakers and other professionals. The GDPR has forced many businesses
and individuals to become familiar with the concepts and ideas present in the
legislation much more quickly than anyone imagined.

EUROPE’S NEW DATA PRIVACY LAWS MAY BENEFIT CANADIANS

Users of many Canadian websites and companies have already received emails
detailing updates to those companies’ privacy policies and contract agreements.
This is because the GDPR’s adoption by the EU Parliament has required that any
companies doing business with EU citizens must be in compliance with new data
privacy laws.



However, this is good news for many Canadian citizens. The GDPR is inspiring
updated looks at existing data privacy laws and encouraging many large companies
to adopt consumer-friendly practices in relation to their data and its use.
Microsoft, as an example, is adopting the GDPR rights to its users all across
the world, not just those in the EU. Apple has followed a similar trend.

Others, like Facebook, have stated that they intend to be more transparent,
although some have criticized them for making their notification guidelines
notoriously difficult to opt-out of.

CANADA TO UPDATE DATA LAWS TO GDPR STANDARD

Since the GDPR came into effect on May 25th, 2018, it has acted as a catalyst
for other countries to update their own data privacy laws and encouraged new
looks at what responsible data use means. Argentina and Japan were among the
first companies to align their national data protection laws with the GDPR. This
is largely because many of their companies do international business and
adopting similar laws makes business easier across the board.

Canada is now looking to do the exact same thing by updating its PIPEDA
legislation. However, these updates will not necessarily be quite as strict as
the GDPR.

Additionally, new national concentrations on digital and data transformation
will take place in the near future. These will re-examine the role of net
neutrality in data protection for Canadians and consider how best to adopt new
laws or adjust existing PIPEDA legislation.

UPDATES TO PIPEDA

The Office of the Privacy Commissioner of Canada has released a new breach
reporting requirement for businesses. This is an official update to PIPEDA,
which first became a law in 2000. It will affect any private sector
organizations that do business with or operate with Canadians.



Specifically, the updates pertain to data breach reporting. While these updates
are not as strict as the ones currently adopted by the GDPR, they are much more
explicit and will result in more consistent data breach reporting than previous
legislation.

In brief, an organization subject to PIPEDA must report to the Privacy
Commissioner’s office if any data breach may result in real risk of significant
harm and notify individuals of said security breach. Records of security
breaches must be kept for two years. Some have noted that these steps are not
complete but are at least in the correct spirit of better data protection.

IMPACT OF GDPR FINES ON CANADA

As the GDPR’s new legislation has resulted in several companies facing fines,
these fines have come under scrutiny by Canadian companies. Specifically,
British Airways and Marriott international have been fined 183.4 million British
pounds and 99.2 million British pounds respectively.

These examples have provided valuable insight for Canadian companies to see the
actual results of GDPR noncompliance firsthand. Under the GDPR, organizations
that have breached said regulations can be fined up to 4% of their annual
turnover or €20 million, whichever is greater. Thus, companies can weigh the
potential risks of breaching GDPR regulations. It should be noted that actual
GDPR fines are dictated by authorities rather than distributed as preset
amounts.


GDPR RESOURCES

 * Guide to Canadian PIPEDA Legislation
 * Office of the Privacy Commissioner of Canada – PIPEDA in Brief
 * Office of the Privacy Commissioner of Canada – PIPEDA Compliance Help for
   Companies
 * Office of the Privacy Commissioner of Canada – PIPEDA Main Resource
 * Official GDPR Main Legal Text
 * GDPR Compliance Checklist

Share:
 * 
 * 
 * 
 * 
 * 

TOP RATED VPNS

NordVPN


Surfshark

BEST VPN DEALS

68% Off
NordVPN
83% Off
Surfshark
38% Off
ExpressVPN

RELATED POSTS

Read
Are Security Features in Your UI/UX Driving Traffic the Other Way?
Last Updated on August 11, 2021
Read
Public Key Encryption
Last Updated on August 6, 2021
Read
HTTPS (Secure HTTP)
Last Updated on August 6, 2021
Load more
All Rights Reserved © Privacy Canada
 * VPN Essentials
   * Best VPN Services
   * Best Cheap VPN
   * Best VPNs for Netflix
   * Best VPN Routers
   * Free VPNs
   * VPN for Android
   * VPN for iOS
   * VPNs for Kodi
   * VPN Scams to Avoid
   * Meilleur VPN

 * Privacy Tools
   * Online Privacy Guide
   * Internet Safety for Kids
   * Malware Scanners
   * Most-Effective Ad Blockers
   * Secure Emails
   * Private Search Engines
   * Secure Browsers
   * Password Managers
   * Home Security
   * Security Cameras

 * Reviews
   * NordVPN
   * Surfshark
   * ExpressVPN
   * VyprVPN
   * Private Internet Access
   * Windscribe
   * CyberGhost
   * Avast SecureLine

 * News
 * Our Mission
   * Our Team
   * Testing
   * Research
   * Encryption
   * How We Make Money
   * Contact Us
   * Work With Us

Privacy Canada is located in Toronto, Ontario. Canada

ludovic@privacycanada.net
 * 
 * 
 * 

 * VPN Essentials
   * Best VPN Services
   * Best Cheap VPN
   * Best VPNs for Netflix
   * Best VPN Routers
   * Free VPNs
   * VPN for Android
   * VPN for iOS
   * VPNs for Kodi
   * VPN Scams to Avoid
   * Meilleur VPN

 * Privacy Tools
   * Online Privacy Guide
   * Internet Safety for Kids
   * Malware Scanners
   * Most-Effective Ad Blockers
   * Secure Emails
   * Private Search Engines
   * Secure Browsers
   * Password Managers
   * Home Security
   * Security Cameras

 * Reviews
   * NordVPN
   * Surfshark
   * ExpressVPN
   * VyprVPN
   * Private Internet Access
   * Windscribe
   * CyberGhost
   * Avast SecureLine

 * News
 * Our Mission
   * Our Team
   * Testing
   * Research
   * Encryption
   * How We Make Money
   * Contact Us
   * Work With Us

ABOUT PRIVACY CANADA

At Privacy Canada, we believe in a world where individuals maintain and own
their digital identities. We research and test for Canadians and Canadian
businesses to better understand the ever changing landscape of digital privacy
and protection. Written by Canadians for Canadians.

OUR MISSION

Our goal is to educate and inform Canadians about their data privacy rights and
empower them to protect it. Our reviews are objective, research backed and
community driven. We encourage all our readers to leave a review.

EARNING DISCLOSURE

PrivacyCanada.net may earn a commission from products and services reviewed on
this site.
 * Privacy Policy
 * Contact Us

Add Your VPN Review