Global fintech and funding innovation ecosystem

Privacy Implications of an Open Banking System in Canada

McMillan | Darcy Ammerman, Mitch Koczerginski, Robbie Grant, Anthony Pallotta | Oct 12, 2021

privacy implications of open banking in Canada - Privacy Implications of an Open Banking System in Canada

Privacy and Open Banking

Since open banking is predicated on the free flow of information, privacy is key to an open banking system. In its February 2019 Review into the Merits of Open Banking, the Committee said “[t]he trust needed to allow the digital economy to flourish, and the social license that organizations will need from Canadians to innovate with their personal data, hinges on having an appropriate legal framework in place that puts at the forefront key privacy issues.” In its January 2020 review of stakeholder submissions, the Committee observed that all stakeholders considered privacy to be a significant risk of open banking. In its own submission to the Committee, the Office of the Privacy Commissioner of Canada (“OPC”) called for several privacy reforms to support an open banking system.

Many of those reforms are already making progress. Before the election was called, the government had introduced a substantive overhaul to Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), in the form of Bill C-11, which would have enacted the Consumer Privacy Protection Act (“CPPA”) (we summarized the proposed changes in a previous bulletin). Bill C-11 died on the order paper when the election was called, but since the liberal government has now returned to office, a new privacy law bill is expected to be forthcoming. There is added international pressure for privacy reforms too, as the EU reviews Canada’s adequacy status under the General Data Protection Regulation (“GDPR”). Maintaining such status is crucial as it permits data processed in accordance with the GDPR to be subsequently transferred from the EU to Canada without requiring additional data protection safeguards or authorization to transfer the data.

See:  Canada’s Library of Parliament Report: A Comparison of Open Banking Recommendations

Meanwhile in Quebec, An Act to modernize legislative provisions as regards the protection of personal information (“Bill 64”) received Royal Assent on September 22, 2021. This Bill amends Quebec’s Act respecting the protection of personal information in the private sector (“Quebec’s Private Sector Act”) to include a data portability right, increased fines for non-compliance, and enhanced requirements for breach notification, consent, and data protection, among other changes.

Data Portability

In its June 2019 report on open banking, the Standing Senate Committee on Banking, Trade and Commerce recommended modernizing PIPEDA to align it with global privacy standards. It wrote that these changes “must include a consumer data portability right.”

In the context of open banking, data portability means a consumer’s right to direct that their personal financial information be shared with another organization. While this sounds simple in theory, it presents challenges for the organization sharing the data (typically the financial institution). First, personal information owned by the consumer is often grouped together with information owned by the sharing organization. For example, financial institutions may create “derived data” by processing consumer information together with proprietary algorithms and analysis. The Final Report takes the position that the financial institution should generally be able to exclude derived data from an open banking system. However, if such data is normally available to the consumer, the financial institution should have an obligation to justify an exclusion.


Betakit podcast with Senator Deacon on Open Banking and Competition

Reflections on Canada’s open banking report

The second and related challenge is that sharing organizations may store and process data in a variety of formats, but for data portability to be meaningful, the personal information must be shared in a usable technological form. The difference between a string of loose data, and a properly organized spreadsheet is significant to the utility of such information for a third party app developer. Financial institutions can look to Quebec’s Bill 64 as an example of how the concept of data portability could play out in practice. When it comes into force, Bill 64 will amend Quebec’s Private Sector Act to provide consumers with a right to request their computerized personal information in a “structured, commonly used technological format” unless doing so raises serious practical difficulties.

The introduction of a data portability right may require financial institutions to overhaul their data processing systems to ensure consumer data can be shared in a commonly used form, while separating out data that is unnecessary or proprietary to the financial institution. Depending on the sharing organization’s data processing systems, data portability may require significant lead time to implement. The challenges outlined above are likely why the technological format amendment to Quebec’s Private Sector Act does not come into force until September 22, 2024 (a full year after the majority of the amendments).

Continue to the full article --> here

NCFA Jan 2018 resize - Privacy Implications of an Open Banking System in Canada The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit:

Latest news - Privacy Implications of an Open Banking System in CanadaFF Logo 400 v3 - Privacy Implications of an Open Banking System in Canadacommunity social impact - Privacy Implications of an Open Banking System in Canada

Support NCFA by Following us on Twitter!

NCFA Sign up for our newsletter - Privacy Implications of an Open Banking System in Canada


Leave a Reply

Your email address will not be published. Required fields are marked *

10 + 13 =