Ok I& #39;ve finished reading the draft #CPPA in #C11, and now working my way through all the takes (twitter threads, blog posts, etc). This will be the thread for thoughts /RTs as I go, and then will add own notes etc while hopefully not repeating too much what& #39;s already been said:
Everyone who has ever had to cite PIPEDA regularly (or at all), whose _core_central_most_referenced_provisions_ are confusingly enumerated and buried in a Schedule at the back: *cries with joy in McGill Guide* #CPPA #C11 https://twitter.com/TeresaScassa/status/1328809953725964290">https://twitter.com/TeresaSca...
T. Scassa on how #CPPA may impact ON privacy reform: "[Federal law] cannot tread on provincial jurisdiction, which leaves ... [provincial] employee privacy, the non-commercial activities of provincial organizations, and provincial political parties." #C11 https://twitter.com/TeresaScassa/status/1330949443504500739">https://twitter.com/TeresaSca...
Just started but already tempted to say "If you read ONE thing on #CPPA #C11": @TeresaScassa on "The case of the missing acknowledgement that privacy is a fundamental human right": http://www.teresascassa.ca/index.php?option=com_k2&view=item&id=333:it%E2%80%99s-not-you-it%E2%80%99s-me?-why-does-the-federal-government-have-a-hard-time-committing-to-the-human-right-to-privacy">https://www.teresascassa.ca/index.php... (Also do others *not* have recognition of human rights as a love language?)
"The title of the document is a masterpiece of emotional distancing." This is amazing. And accords w/ the first thing that stood out to me as I read the #CPPA: "An Act to support and promote electronic commerce". That seems like weird commitment to a polite fiction by now? (1/2)
Electronic commerce already has too much eager support & promotion for its (and all our) own good. Is the Act not to *regulate* such commerce and *protect* consumers & democracy *from its excesses*? Why isn& #39;t it "An Act to protect consumer privacy in commerce"? #CPPA #C11 (2/2)
Can we just place this highlighted passage verbatim into the preamble of the next draft? #C11 #CPPA Written by @TeresaScassa here: http://www.teresascassa.ca/index.php?option=com_k2&view=item&id=333:it%E2%80%99s-not-you-it%E2%80%99s-me?-why-does-the-federal-government-have-a-hard-time-committing-to-the-human-right-to-privacy">https://www.teresascassa.ca/index.php...
So many new project ideas suddenly! https://twitter.com/TeresaScassa/status/1329423952070979584">https://twitter.com/TeresaSca... (See e.g., https://twitter.com/jasonmillar/status/1329464857305997313)">https://twitter.com/jasonmill... #C11 #CPPA #algorithmictransparency
Troubling exceptions galore. Relatedly, it floors me that the definitional boundary of "socially beneficial purpose" permitting disclosure w/o consent is if “the disclosure is made to any prescribed entity for any prescribed purpose" (s 39). ಠ_ಠ #CPPA #C11 https://twitter.com/TeresaScassa/status/1329401208348565505">https://twitter.com/TeresaSca...
There are several instances throughout #CPPA #C11 where they seem to place unbelievable faith in assumed good judgment of commercial orgs and their ability to make legal determinations ("reasonable grounds"). How won& #39;t this result in racist vigilante business "initiative"? (1/3)
Everyone is handwringing over whether platforms can determine what is sufficiently abusive behaviour to suspend an account but we& #39;re going to entrust them w/ handing over people& #39;s (or BIPOC& #39;s b/c racism) info at will any time Data & #39;R Us decides to play nat sec? #CPPA #C11 (2/3)
Finally, some of these provisions include permitting disclosing personal data w/o consent if the business thinks it relates to a crime /offence *about to be committed*. I mean if I were Amazon Ring or Palantir or PredPol this would seem like an open invitation. #CPPA #C11 (3/3)
This is particularly concerning given the rise of child monitoring apps and software and their widely document security vulnerabilities, as @citizenlab research has demonstrated (link in next tweet): https://twitter.com/TeresaScassa/status/1329122644038471685">https://twitter.com/TeresaSca... #CPPA #C11
See e.g.: https://citizenlab.ca/2017/11/still-safer-without-kt-olleh-kidsafe-clean-mobile-plus/">https://citizenlab.ca/2017/11/s... (Also this section about children& #39;s privacy rights in the @citizenlab& #39;s stalkerware legal analysis, on pages 152-59: https://citizenlab.ca/docs/stalkerware-legal.pdf)">https://citizenlab.ca/docs/stal... #CPPA #C11
The "socially beneficial purpose" I mentioned upthread, w/ what seems an ultimately open-ended definition. I also cannot help but be immediately suspicious of who gets to decide what is "socially beneficial"—beneficial for whom, at whose expense? https://twitter.com/TeresaScassa/status/1329047443950931971">https://twitter.com/TeresaSca... #C11 #CPPA
Great @mgeist breakdown on key highlights: OPC order-making (finally!!!), new privacy rights (data portability, deidentification, algorithmic transparency), consent requirements (so many exceptions
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😒" title="Unerfreutes Gesicht" aria-label="Emoji: Unerfreutes Gesicht">), & codes of practice. Right, about those... https://www.michaelgeist.ca/2020/11/canadas-gdpr-moment-why-the-consumer-privacy-protection-act-is-canadas-biggest-privacy-overhaul-in-decades/">https://www.michaelgeist.ca/2020/11/c... #CPPA #C11
#CPPA wd create a certification program that lets businesses replace the law with their own OPC-approved code of practice (s 77). Compliance w/ that code can later be a defence to penalties for violating the law (s 93(3)). I can& #39;t be the only one who sees the problem here? #C11
My question is: ...why? Is it so unreasonable to require companies just follow the law? As a cost of the *privilege* of doing business. Yes to making compliance easier for mom&pop shops & sole proprietors, but isn& #39;t that what guides & built-in proportionality is for? #CPPA #C11
Also must-read: @mgeist on 10 issues in #CPPA #C11: broad biz exceptions; deidentification; what if OPC refuses inquiry; what& #39;s up w/ Tribunal; effectiveness; intl scope; cross-border data; impact on non-FAANGs; plain language; too much left to regs? https://www.michaelgeist.ca/2020/11/privacy-pressure-points-a-closer-look-at-ten-consumer-privacy-protection-act-concerns/">https://www.michaelgeist.ca/2020/11/p...
Ok I have to tap out for tonight. Haven& #39;t even yet gotten to the part I& #39;m most excited about ("reasonably foreseeable consequences"!!!! section 15(3)(c) — thread *probably* forthcoming). But at least now I& #39;m ready to watch this blockbuster panel tm/td!: https://twitter.com/uOttawaTechLaw/status/1330934075712999426">https://twitter.com/uOttawaTe...