Skip to main content

Using Cookiebot for PIPEDA compliance

Hannah
  • Updated

note from Hannah: UNDER CONSTRUCTION!

 

If you are already using Cookiebot CMP for GDPR and ePR compliance, follow the guide below to setup your PIPEDA configuration and then see this article on how to setup coexisting configurations on your website to be displayed depending on the visitor's location.

 

Skip introduction and take me to the checklist

 

PIPEDA: an introduction

What is the PIPEDA?

Canada’s PIPEDA is the federal law governing the gathering, use and disclosure for commercial purposes of the personal information of Canadian residents. Through its 10 PIPEDA Principles, the law lays out requirements and compliance obligations that include informing users of the purposes of data collection, obtaining user consent before collecting personal information and ways to safeguard and secure collected user data.

 

What is personal data under the PIPEDA?

Canada’s PIPEDA defines personal information broadly as any kind of data that can identify an individual. This includes common personal information collected by most websites through cookies and trackers, such as IP addresses, unique IDs, search and browser history.

 

Who is required to comply with the PIPEDA?

Canada’s PIPEDA applies to any website or company anywhere in the world that handles personal information from Canadian residents for commercial purposes. This means that if your website has users from Canada, you’re liable for PIPEDA compliance.

 

How can my website become compliant with the PIPEDA?

You must inform users in detail of your website’s personal information processing, including the purposes for collection and use. This can be done in your website’s privacy policy. You must also obtain the meaningful consent from users before processing any of their personal information. Meaningful consent can be implied, unless the personal information is of a sensitive nature, in which case you must obtain the explicit consent from your website’s visitors.

 

Want to know more about PIPEDA?

Check out our blog post: Canada's PIPEDA

 

PIPEDA: A Cookiebot CMP checklist:

This guide is focusing solely on providing the tools needed to make your website’s use of cookies and online tracking compliant with PIPEDA. Other aspects of the PIPEDA are therefore not covered or addressed in the checklist.

The checklist is not intended as legal advice - if in doubt, seek advice from a trusted legal source or your Data Protection Authority.

 

Make sure you comply with PIPEDA by following these simple steps in our Checklist.

Check 1: Create a new domain group

New to Cookiebot?

Don’t already have a Cookiebot account? Sign up for a free trial today and see how we can help you with your website compliance. Follow our guide here to get started!


Already have a Cookiebot account?

Please note: If you are already using Cookiebot for GDPR and ePR compliance, you can most likely use the existing banner configuration in the domain group you set up for GDPR compliance. 

Alternatively, you can create a new domain group for your PIPEDA setup. Want to use our solution to cover GDPR, PIPEDA and maybe even CCPA as well? No problem! See our guide on how to setup multiple banners on the same domain with no additional cost to cover different regions.

 

adddomain.png

If this is part of a multi-legislation setup with a domain already configured for GDPR/ePR, please leave this field empty!

 

Check 2: banner type

Navigate to Settings > Dialog. For PIPEDA compliance, make sure to have the following configurations added;

 

 

✔ Check 3: Add your geo configurations

If you'd like to limit the banner to be displayed only to visitors from Canada, you can do so by configuring "Distribution" at the bottom of the page:

 

 

Check 4: Set your banner language

 

 

Check 5: Check your monthly scan report

With Cookiebot you receive monthly scan reports with detailed information on cookies and other tracking found on your website. Your report will currently only highlight compliance towards the GDPR adequacy list. This information should be manually assessed in relation to PIPEDA.

Make sure to check your report for these 3 things;

  1. Unclassified cookies
  2. Cookie not blocked prior consent
  3. Data is sent to adequate countries*

*GDPR introduced the notion of data protection “adequacy”, where certain countries outside of the EU are deemed to have “GDPR-adequate” levels of personal data rights and protection measures in place. Data transfer can happen to these countries without the need for additional safeguards and similar to intra-EU transmissions of data. The list of adequate countries can be found here: the GDPR Adequacy decision list.

PIPEDA takes a similar approach, however the list of PIPEDA-adequate countries has not yet been published. It is known however, that the countries operating under GDPR (EU plus Norway, Liechtenstein and Iceland) are deemed PIPEDA-adequate.

 

Limitations in the Cookiebot compliance test and scan: Currently the Cookiebot compliance test does not fully support PIPEDA as a separate legislation from GDPR. We’re working on this.
Our current compliance test will scan your website and assess your compliance against the GDPR ruleset. This has no effect on Cookiebot’s ability to comply with PIPEDA.

 

Check 6: Get your scripts

  • Navigate to the "Your scripts" pane
  • Follow the instructions to insert your banner and cookie declaration on your website.
    If you intend to implement Cookiebot CMP by other means than manually adding the script(s) to your template, please refer to our implementation section in the Help Center.
Was this article helpful?
0 out of 0 found this helpful
Return to top

Comments

0 comments

Please sign in to leave a comment.