The Privacy Suite for WordPress

Canada: CASL and Pipeda for WordPress

Get compliant today in the European Union, United States, Canada, United Kingdom, Australia, Brazil & South Africa with the only Privacy Suite for WordPress that offers a fully-featured plugin for Worldwide Compliance.

In the Complianz plugin, we recently have added Full support for the privacy regime in Canada.

There are two primary privacy laws for Canada:

  • Canada’s Anti-Spam Legislation (CASL)
  • Personal Information Protection and Electronic Documents Act (PIPEDA)

To comply with these laws, a website operator is required to:

(1) Make use of a cookie statement to clearly explain the function and purpose of the cookies and to provide all other relevant information; and

(2) obtain the user’s consent, whether explicit or implied.

This means there are two relevant types of consent:

  • Express consent. This type of consent is given explicitly through a person’s action. For example, by clicking on a, “I agree” button on a cookie banner.
  • Implied consent. This type of consent can be inferred through a person’s actions or inaction; for example, a user has not opted out after seeing the pre-ticked boxes on a cookie banner.

Although CASL requires that a website operator gets “Express consent” to install a cookie on anyone’s computer system, Implied consent for cookies is also allowed if the user’s conduct is such that it is reasonable to believe that they have consented to the installation of the cookies.

According to the Canadian Radio-television and Communications Commission, a person who disables cookies in their browser indicates that they do not consent to install cookies.  The Complianz legal team assumes that the same is possibly true for a person whose browser sends out a Do Not Track signal.

By providing proper information, providing an opt-out process, and respecting people’s browser settings, a website operator can assume that he has a visitors’ express consent to set cookies. However, it is inappropriate to rely on implied consent if a cookie makes it possible to use sensitive personal information to remarket tailored advertising. An individual’s online activity related to the viewing of health-related websites already constitutes sensitive personal information. In that case, Express consent is required. This is why we have added an additional question in the Complianz Wizard regarding the use of sensitive personal information. If our cookiescan discovers the use of marketing or tracking cookies on a website dynamically, a cookie banner will be shown to the visitors based on opt-in instead of opt-out.

Privacystatement CPPA & PIPEDA for WordPress

In our Privacystatement (available in Premium), we not only focus on the specific privacy rights PIPEDA gives to Canadian citizens, such as access to personal information in an alternative format to an individual with a sensory disability, but we also take into account PIPEDA obligations such as mentioned in the Privacystatement the person who is accountable for the organization’s policies and practices and to whom complaints or inquiries can be forwarded.

As a bonus, we also created a specific Canadian Privacy statement for Children.

Data breach Notification

Last but not least, we also made sure that our data breach notification wizard follows the PIPEDA obligations.



Recent articles

The Privacy Suite for WordPress
Get compliant today with the only Privacy Suite made for WordPress


Popular articles

TTDSG, the New Cookie Law for Germany

As of December 1st, 2021 the Telecommunications-Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz) regulates the handling of cookies, local storage, cookieless tracking,  and other tracking technologies in

Read More

Cookieless Tracking and GDPR

In this article, we will have a closer look at cookieless and server-side tracking and how this affects your website’s configuration regarding privacy laws. The

Read More

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!