Canadian tech companies are turning to Europe's stringent regulations for guidance as they face uncertainty from the prorogation of parliament, which stalled key legislative bills on privacy, cybersecurity, AI, and data governance, The Canadian Press reported.
When parliament reconvenes on March 24, any wiped bills will require reintroduction and reconsideration unless restored to their previous stages by unanimous consent. The uncertainty leaves businesses like Cyder, a Toronto-based fintech startup, in limbo. Co-founder Will Christodoulou expressed frustration, questioning when the bills might progress again.
Without updated Canadian laws, companies align themselves with international standards, particularly the European Union's General Data Protection Regulation (GDPR). GDPR mandates strict controls over personal data, prioritizing security and transparency, and imposes penalties of up to €20 million or four percent of global revenue for violations.
"A lot of things they do, we typically would just copy," Christodoulou said. Patricia Thaine, CEO of Private AI, emphasized that many companies comply with GDPR's rigorous framework and adapt it to other markets. She highlighted the need for modern Canadian legislation to enhance data protection and incentivize compliance. Thaine noted that the shelved Bill C-27, which aimed to overhaul Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), could have filled this gap.
Bill C-27 proposed three acts addressing consumer privacy, data protection, and AI governance. For severe violations, penalties could be up to $25 million or five percent of gross global revenue. Thaine stressed the importance of modernizing outdated laws and providing clarity on AI use, which she said could otherwise lead to questionable corporate practices.
However, some experts argue that Canada is not entirely without resources. Antoine Guilmain, a partner at Gowling WLG, acknowledged PIPEDA's limitations but noted its continued relevance. He also pointed to Quebec's Law 25, which imposes stricter privacy requirements, as an example of provincial action.
Other delayed bills include Bill C-26, which sought to enhance cybersecurity for federally regulated industries, and Bill C-72, focused on improving medical data sharing. For Robert Fraser, CEO of Vancouver-based Molecular You, the interoperability promised by Bill C-72 would have addressed long-standing challenges in Canada's healthcare sector.
As Canadian lawmakers prepare to reconvene, the tech sector remains hopeful for a clearer regulatory framework to address emerging data privacy, cybersecurity, and AI governance challenges.