Federal (Canada)
Federal privacy law splits between public-sector institutions and private-sector commercial activity. The Office of the Privacy Commissioner of Canada (OPC) enforces both PIPEDA and the Privacy Act and investigates complaints against federal institutions and private-sector organizations.
Governs how federal public bodies collect, use, disclose, retain, and protect personal information. Gives individuals the right to access their own records held by the federal government and to request corrections.
Gives Canadians the right to request records held by federal institutions. The ATIA covers general government records; the Privacy Act covers personal information specifically. Both are enforced under the same complaint framework.
Canada's main federal private-sector privacy law. Sets rules for collection, use, disclosure, safeguarding, access, correction, and mandatory breach reporting where there is a real risk of significant harm.
Prohibits unsolicited commercial electronic messages without express or implied consent. Requires clear identification of the sender, a working unsubscribe mechanism, and prohibits unauthorized software installation. Enforced by the CRTC, Competition Bureau, and OPC.
Proposed replacement for PIPEDA. Would introduce stronger consent requirements, expanded individual rights (including a right to disposal and algorithmic transparency), a new Privacy Tribunal, and substantially higher administrative monetary penalties. Part of Bill C-27.
Proposed federal framework for regulating high-impact AI systems. Would require risk assessments, mitigation measures, transparency obligations, and mandatory reporting of harm. Introduced as Part 3 of Bill C-27 alongside the CPPA.