note from Hannah: UNDER CONSTRUCTION!
PIPEDA: an introduction
What is the PIPEDA?
Canada’s PIPEDA is the federal law governing the gathering, use and disclosure for commercial purposes of the personal information of Canadian residents. Through its 10 PIPEDA Principles, the law lays out requirements and compliance obligations that include informing users of the purposes of data collection, obtaining user consent before collecting personal information and ways to safeguard and secure collected user data.
What is personal data under the PIPEDA?
Canada’s PIPEDA defines personal information broadly as any kind of data that can identify an individual. This includes common personal information collected by most websites through cookies and trackers, such as IP addresses, unique IDs, search and browser history.
Who is required to comply with the PIPEDA?
Canada’s PIPEDA applies to any website or company anywhere in the world that handles personal information from Canadian residents for commercial purposes. This means that if your website has users from Canada, you’re liable for PIPEDA compliance.
How can my website become compliant with the PIPEDA?
Want to know more about PIPEDA?
Check out our blog post: Canada's PIPEDA
PIPEDA: A Cookiebot CMP checklist:
The checklist is not intended as legal advice - if in doubt, seek advice from a trusted legal source or your Data Protection Authority.
Make sure you comply with PIPEDA by following these simple steps in our Checklist.
✔ Check 1: Create a new domain group
New to Cookiebot?
Don’t already have a Cookiebot account? Sign up for a free trial today and see how we can help you with your website compliance. Follow our guide here to get started!
Already have a Cookiebot account?
Please note: If you are already using Cookiebot for GDPR and ePR compliance, you can most likely use the existing banner configuration in the domain group you set up for GDPR compliance.
Alternatively, you can create a new domain group for your PIPEDA setup. Want to use our solution to cover GDPR, PIPEDA and maybe even CCPA as well? No problem! See our guide on how to setup multiple banners on the same domain with no additional cost to cover different regions.
✔ Check 2: banner type
Navigate to Settings > Dialog. For PIPEDA compliance, make sure to have the following configurations added;
✔ Check 3: Add your geo configurations
If you'd like to limit the banner to be displayed only to visitors from Canada, you can do so by configuring "Distribution" at the bottom of the page:
✔ Check 4: Set your banner language
✔ Check 5: Check your monthly scan report
With Cookiebot you receive monthly scan reports with detailed information on cookies and other tracking found on your website. Your report will currently only highlight compliance towards the GDPR adequacy list. This information should be manually assessed in relation to PIPEDA.
Make sure to check your report for these 3 things;
*GDPR introduced the notion of data protection “adequacy”, where certain countries outside of the EU are deemed to have “GDPR-adequate” levels of personal data rights and protection measures in place. Data transfer can happen to these countries without the need for additional safeguards and similar to intra-EU transmissions of data. The list of adequate countries can be found here: the GDPR Adequacy decision list.
PIPEDA takes a similar approach, however the list of PIPEDA-adequate countries has not yet been published. It is known however, that the countries operating under GDPR (EU plus Norway, Liechtenstein and Iceland) are deemed PIPEDA-adequate.
Limitations in the Cookiebot compliance test and scan: Currently the Cookiebot compliance test does not fully support PIPEDA as a separate legislation from GDPR. We’re working on this.
Our current compliance test will scan your website and assess your compliance against the GDPR ruleset. This has no effect on Cookiebot’s ability to comply with PIPEDA.