The CMA on privacy, progress and future-proofing brands

The CMA has issued an updated privacy compliance guide, covering everything from breaches to cookie consent, in light of recent changes.

In a 2019 Forbes column by cultural scientist and co-founder of Iconoculture, Mary Meehan predicted that data privacy would be the biggest issue of the next decade. In the piece, she pulled no punches, calling digital tools and social platforms an “information con job” – having been created by companies not simply to improve consumers’ lives, but to “[build] a multi-billion dollar war chest of information to use against us.”

Gradually, consumers are becoming more aware of the kinds of data they share and what happens when advertisers get their hands on it.

But there’s a catch-22 when it comes to consumers becoming more tuned into data privacy rules, says Sarah Clodman, VP of public affairs and thought leadership at the CMA. They tend to pay more attention when something goes wrong. “People are more concerned about privacy issues, and I think it’s because they’re increasingly hearing about things like breaches,” says Clodman. Some of the most high-profile breaches that affected Canadians in the last year happened within companies like Desjardins and Capital One.

In light of increasing privacy concerns and ever-changing rules and regulations, this week the CMA celebrated Data Privacy Day – an initiative created by the Council of Europe in 2007 – by issuing an updated privacy compliance guide, with regards to breaches, meaningful consent and transparency, as well as behavioural advertising rules.

“[2019 was] a very big year for privacy from a government perspective,” says Clodman. “The government announced the Digital Charter… They also released a major consultation paper on PIPEDA reform, and there was also a consultation by the privacy commissioner. All of those things have been very significant, and there were new rules issued on data breaches and meaningful consent.”

Last year, consultations led to the Federal Government announcing its Digital Charter. The accompanying paper included numerous recommendations for amending the Personal Information Protection and Electronic Documents Act (PIPEDA). Proposed amendments include enhancing consumers’ individual control and transparency over their personal information by requiring specific standardized, plain language that is easy to understand, strengthening enforcement and increased penalties for non-compliance and more.

Amendments may be on their way. On Jan. 17, the Prime Minister’s Office issued a mandate letter to the Minister of Innovation, Science and Industry to outline a number of proposal changes that included, among other things, establishing a new set of rights for individuals online such as data portability and privacy, and the right to be forgotten. These amendments, according to various industry groups, would bring Canada more in line with other markets that have more sophisticated rights-based data protection laws such as the E.U.

The digital landscape also recently saw a major change when Google announced that Chrome, a browser used by more than half of the world’s internet users, would stop supporting third-party cookies in two years. But that doesn’t mean first-party cookies are going anywhere, and in fact, some experts believe the best solution is for online publishers to embrace log-in environments in order to build stronger customer profiles.

Clodman says brands and publishers will have to be sharp on meaningful consent rules. “[In the guide] we specifically addressed consent around cookies,” she says. “It’s very important that companies make sure consumers have the ability to be informed and make that information clear and transparent before they enter their information.”

Clodman says that although regulatory changes pose challenges for marketers, there’s a genuine desire to do better. “People forget that marketers are also consumers,” she says. “There’s very much a desire to bring their brands in line with these changes and really build them into how they do things… [Because] responsible data practices earn you loyalty and trust.”

Members of the CMA can access its full privacy guide here; non-members can view an abridged version.