Read on Twitter
Ok I've finished reading the draft #CPPA in #C11, and now working my way through all the takes (twitter threads, blog posts, etc). This will be the thread for thoughts /RTs as I go, and then will add own notes etc while hopefully not repeating too much what's already been said:
Everyone who has ever had to cite PIPEDA regularly (or at all), whose _core_central_most_referenced_provisions_ are confusingly enumerated and buried in a Schedule at the back: *cries with joy in McGill Guide* #CPPA #C11 https://twitter.com/TeresaScassa/status/1328809953725964290
T. Scassa on how #CPPA may impact ON privacy reform: "[Federal law] cannot tread on provincial jurisdiction, which leaves ... [provincial] employee privacy, the non-commercial activities of provincial organizations, and provincial political parties." #C11 https://twitter.com/TeresaScassa/status/1330949443504500739
Just started but already tempted to say "If you read ONE thing on #CPPA #C11": @TeresaScassa on "The case of the missing acknowledgement that privacy is a fundamental human right": http://www.teresascassa.ca/index.php?option=com_k2&view=item&id=333:it%E2%80%99s-not-you-it%E2%80%99s-me?-why-does-the-federal-government-have-a-hard-time-committing-to-the-human-right-to-privacy (Also do others *not* have recognition of human rights as a love language?)
"The title of the document is a masterpiece of emotional distancing." This is amazing. And accords w/ the first thing that stood out to me as I read the #CPPA: "An Act to support and promote electronic commerce". That seems like weird commitment to a polite fiction by now? (1/2)
Electronic commerce already has too much eager support & promotion for its (and all our) own good. Is the Act not to *regulate* such commerce and *protect* consumers & democracy *from its excesses*? Why isn't it "An Act to protect consumer privacy in commerce"? #CPPA #C11 (2/2)
Can we just place this highlighted passage verbatim into the preamble of the next draft? #C11 #CPPA Written by @TeresaScassa here: http://www.teresascassa.ca/index.php?option=com_k2&view=item&id=333:it%E2%80%99s-not-you-it%E2%80%99s-me?-why-does-the-federal-government-have-a-hard-time-committing-to-the-human-right-to-privacy
So many new project ideas suddenly! https://twitter.com/TeresaScassa/status/1329423952070979584 (See e.g., https://twitter.com/jasonmillar/status/1329464857305997313) #C11 #CPPA #algorithmictransparency
Troubling exceptions galore. Relatedly, it floors me that the definitional boundary of "socially beneficial purpose" permitting disclosure w/o consent is if “the disclosure is made to any prescribed entity for any prescribed purpose" (s 39). ಠ_ಠ #CPPA #C11 https://twitter.com/TeresaScassa/status/1329401208348565505
There are several instances throughout #CPPA #C11 where they seem to place unbelievable faith in assumed good judgment of commercial orgs and their ability to make legal determinations ("reasonable grounds"). How won't this result in racist vigilante business "initiative"? (1/3)
Everyone is handwringing over whether platforms can determine what is sufficiently abusive behaviour to suspend an account but we're going to entrust them w/ handing over people's (or BIPOC's b/c racism) info at will any time Data 'R Us decides to play nat sec? #CPPA #C11 (2/3)
Finally, some of these provisions include permitting disclosing personal data w/o consent if the business thinks it relates to a crime /offence *about to be committed*. I mean if I were Amazon Ring or Palantir or PredPol this would seem like an open invitation. #CPPA #C11 (3/3)
This is particularly concerning given the rise of child monitoring apps and software and their widely document security vulnerabilities, as @citizenlab research has demonstrated (link in next tweet): https://twitter.com/TeresaScassa/status/1329122644038471685 #CPPA #C11
See e.g.: https://citizenlab.ca/2017/11/still-safer-without-kt-olleh-kidsafe-clean-mobile-plus/ (Also this section about children's privacy rights in the @citizenlab's stalkerware legal analysis, on pages 152-59: https://citizenlab.ca/docs/stalkerware-legal.pdf) #CPPA #C11
The "socially beneficial purpose" I mentioned upthread, w/ what seems an ultimately open-ended definition. I also cannot help but be immediately suspicious of who gets to decide what is "socially beneficial"—beneficial for whom, at whose expense? https://twitter.com/TeresaScassa/status/1329047443950931971 #C11 #CPPA
Great @mgeist breakdown on key highlights: OPC order-making (finally!!!), new privacy rights (data portability, deidentification, algorithmic transparency), consent requirements (so many exceptions 
), & codes of practice. Right, about those... https://www.michaelgeist.ca/2020/11/canadas-gdpr-moment-why-the-consumer-privacy-protection-act-is-canadas-biggest-privacy-overhaul-in-decades/ #CPPA #C11
), & codes of practice. Right, about those... https://www.michaelgeist.ca/2020/11/canadas-gdpr-moment-why-the-consumer-privacy-protection-act-is-canadas-biggest-privacy-overhaul-in-decades/ #CPPA #C11
#CPPA wd create a certification program that lets businesses replace the law with their own OPC-approved code of practice (s 77). Compliance w/ that code can later be a defence to penalties for violating the law (s 93(3)). I can't be the only one who sees the problem here? #C11
My question is: ...why? Is it so unreasonable to require companies just follow the law? As a cost of the *privilege* of doing business. Yes to making compliance easier for mom&pop shops & sole proprietors, but isn't that what guides & built-in proportionality is for? #CPPA #C11
Also must-read: @mgeist on 10 issues in #CPPA #C11: broad biz exceptions; deidentification; what if OPC refuses inquiry; what's up w/ Tribunal; effectiveness; intl scope; cross-border data; impact on non-FAANGs; plain language; too much left to regs? https://www.michaelgeist.ca/2020/11/privacy-pressure-points-a-closer-look-at-ten-consumer-privacy-protection-act-concerns/
Ok I have to tap out for tonight. Haven't even yet gotten to the part I'm most excited about ("reasonably foreseeable consequences"!!!! section 15(3)(c) — thread *probably* forthcoming). But at least now I'm ready to watch this blockbuster panel tm/td!: https://twitter.com/uOttawaTechLaw/status/1330934075712999426
