Earlier this year, TikTok was issued a €5M fine by the French data protection regulator because it made it too difficult for users to opt out of tracking on its website.
TikTok is being fined for two reasons: not offering a “refuse all” button on their cookie banner, and not informing users about the purpose of the cookies.
This news-worthy fine serves as a reminder of the importance of consent and compliance with the law when building audiences – regardless of what country you’re operating in or what type of business you run.
Read on to ensure your audience development strategy follows Canadian data privacy laws.
Do you know about the Canadian laws that protect your audience’s data privacy?
🔒 The Personal Information Protection and Electronic Documents Act (PIPEDA) governs how private sector organizations collect, use, and disclose personal information in the course of commercial business.
🔒 Canada’s Anti-Spam Legislation (CASL) protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats. It also aims to help businesses stay competitive in a global, digital marketplace.
What’s the difference between the two?
PIPEDA deals with the collection, use, and disclosure of personal information, while CASL applies to sending commercial electronic messages and appropriate consent.
According to the Office of the Privacy Commissioner of Canada, “PIPEDA requires businesses to ask for the least amount of personal information to meet the purpose of providing the product or service and to clearly tell customers why they are collecting it. You may ask for information that goes beyond the purpose of providing the product or service if you make it clearly optional; or you may ask for consent to use information for secondary purposes, such as marketing, if you make it optional.”
CASL defines spam as:
- Unsolicited email
- Unauthorized alteration of transmission data
- False or misleading electronic representations
- Collecting and/or using email or other electronic addresses without permission
- Collecting personal information by accessing a computer system or electronic device illegally
Under CASL, companies can only send emails to people who have expressed consent to receive messaging from them. There are two types of consent:
- Express consent: A consumer gives explicit verbal or written consent to receive email from a company. This type of consent does not have an expiration date. Consent remains valid until the consumer withdraws their consent.
- Implied consent: Certain activities, such as purchasing a product or inquiring about a service, can imply consent to receive email from a company. Implied consent can expire. Implied consent for a purchase is valid for two years, and implied consent for an inquiry is valid for six months. Consent can be renewed by the recipient purchasing another product or inquiring about a service again.
Whether a creator or a consumer, understanding how data is collected and governed is essential. While building an audience database, ensure that your audiences provide consent and understand how you are using their data.
Walking the talk at Magnify Digital
We take compliance seriously, too. Our audience analytics platform, ScreenMiner™ follows software industry best practices to ensure user data is private and secure.
We run the application out of the Amazon Web Services (AWS) cloud, with all data secured “at rest” (in encrypted databases) and “on the wire” (while travelling to your browser) using the same HTTPS/SSL security your banking applications use.
Beyond that, we have audit trails, event logs that can trigger real time alarms if unexpected data access is detected, and more. So you can rest soundly knowing your valuable and sensitive audience development data is being guarded by ScreenMiner™!
If you are interested in learning how ScreenMiner™ or the Magnify Digital team can help you track your audiences and build audiences, book a demo here!