Privacy and data protection policy

Privacy and data protection policy involves the ongoing review and development of Canada's federal private-sector regulatory framework governing the digital economy landscape and the development of legislative policy recommendations to protect Canadians in a data driven economy. The links below provide additional information on Innovation, Science and Economic Development Canada's activities around privacy and data protection policy.

The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out the ground rules for how businesses must handle personal information in the course of their commercial activity.

The Canada's Anti-Spam Legislation (CASL) protects Canadians from spam and other electronic threats, while ensuring that Canadian businesses can remain competitive in the global marketplace.

Consultation on the implementation of the Global Cross-Border Privacy Rules (CBPR) Forum certifications in Canada

Building trust in cross-border data flows is critical in a data-driven global economy.

As announced on March 11, 2025, Canada intends to implement the Global Cross Border Privacy Rules (CBPR) Forum certifications in the Canadian marketplace.

The Global Forum certifications would provide a mechanism to embed enforceable privacy standards into cross-border data flows. Implementing these certifications in Canada will advance regulatory interoperability between jurisdictions, will help foster data-driven innovation, and strengthen competitiveness of Canadian organizations, while protecting privacy and promoting trust in the digital economy.

This consultation seeks views of organizations operating in Canada, and other interested parties, on different approaches to implementing the certifications in the Canadian marketplace.

For more information, visit the Consultation on the implementation of the Global Cross-Border Privacy Rules (CBPR) Forum certifications in Canada page.

• News release: Government of Canada launches consultation to implement international data protection and privacy certifications to enable trusted cross-border data flows globally

Further information

For further information, see:

• the Competition Bureau
• the Canadian Radio-television and Telecommunications Commission
• the Office of the Privacy Commissioner of Canada

Data protection policy is the responsibility of the Privacy and Data Protection Policy Directorate, which is part of the Marketplace Framework Policy Branch.