PIPEDA
Canada's federal privacy law governing how private-sector organizations collect, use, and disclose personal information in commercial activities.
What PIPEDA means
PIPEDA (Personal Information Protection and Electronic Documents Act) is Canada's federal privacy law governing commercial private-sector data practices. It applies to organizations that collect, use, or disclose personal information in the course of commercial activity. PIPEDA is built on 10 fair information principles including accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance. For advertisers targeting Canadian users, PIPEDA requires meaningful consent for data collection, limits data use to stated purposes, and provides individuals with access to their data. Provincial privacy laws in British Columbia, Alberta, and Quebec may also apply. Quebec's Law 25 (modernized in 2023) is particularly stringent, with GDPR-like consent requirements and significant penalties. PIPEDA works alongside CASL for electronic marketing communications.
Related terms
GDPR
The General Data Protection Regulation — the EU's comprehensive data protection law governing how personal data is collected, processed, and stored.
CASL
Canada's Anti-Spam Legislation — a Canadian law governing commercial electronic messages, requiring express or implied consent.
Consent
A user's explicit or implied permission for data collection, processing, or advertising targeting, required by privacy regulations.
Privacy Policy
A legally required document disclosing how an organization collects, uses, shares, and protects personal data.