Our own Michael Geist has stated on his blog: «Given these challenges, it appears that Canada is facing a privacy crisis that can only be resolved by instituting statutory reform that creates
adequate privacy safeguards.
However the new data transfer mechanism has drawn criticism from the start, such as for lacking
adequate privacy safeguards, and for the complexity of complaint processes it provides EU citizens seeking redress from a US company.
Not exact matches
These contractual clauses provide
adequate safeguards with respect to the protection of the
privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights.
Conclusion: Among others, the «lessons» that can be gleaned from the VTech and VTech USA cases include: (i) IoT / connected toys and devices remain very vulnerable in the face of haphazard / sloppy security practices; (ii) inadequate security
safeguards will no longer be tolerated by regulators, particularly when children's information or other sensitive information is involved; (iii) robust and
adequate security
safeguards involve multi-level tiers of protection per the above; (iv) vendors should never misrepresent the state of their security practices in their
privacy policies; and (iv) in a connected world, regulators are willing to work together and share data and resources to combat «deceptive and unfair practices that cross national borders» (in the words of the FTC).
(PIPEDA) and where provincial law is not to an equivalent standard, contractual clauses will be required to provide
adequate safeguards in respect to the protection of the individual's
privacy.
In the meantime in the UK, the 2014 Data Retention and Investigatory Powers Act was challenged before the High Court of Justice of England and Wales and declared invalid on 17 July 2015, because the data retention regime did not provide for
adequate safeguards in order to protect the right to
privacy and the right to protection of personal data laid down in the Charter.