The EU’s GDPR has numerous flaws that preclude its use as a model for Canada -- and probably the United States, judging by Privacy Law Pitfalls: Lessons Learned from the European Union, a study by the Canadian Marketing Association (CMA).
The GDPR, which took effect in 2018, “has proven after more than three years to be much better in theory than in practice,” states John Wiltshire, president and CEO of the CMA.
Based on studies researched by the CMA, the GDPR’s many pitfalls include:
Canada is expected to update its private-sector privacy law this spring, but clearly will not replicate the GDPR. The new law would replace the Personal Information Protection and Electronic Documents Act (PIPEDA), needs updating after serving for over a decade.
“The GDPR’s pitfalls show us that rigidity and complexity create extensive hurdles for businesses, governments and consumers alike, and Canada needs to take a more proportionate and less burdensome approach.” Wiltshire says.