Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Briefing note on Bill C-69

PURPOSE:

For decision.

ISSUE:

  1. Bill C-69: An Act to implement certain provisions of the budget tabled in Parliament on April 16, 2024 (BIA 2024)Footnote 1 was tabled on May 2nd, 2024. The Standing Senate Committee on Banking, Commerce and the Economy (BANC) has been assigned Subdivision A of Division 34 related to amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).
  2. You have been called to appear on a panel with the Commissioner of the RCMP and the Director of FINTRAC before BANC on Thursday May 23, 2024. We have prepared this note with a draft opening statement, and proposed issue sheet topics for your approval.

OVERVIEW:

  1. (redacted) Subdivision A of Division 34 of Bill C-69 under Clause 341 would amend the PCMLTFA to add a new section 11.01(1) allowing reporting entities to disclose and collect personal information between one another under a safe harbour protection without knowledge or consent if:
    • The disclosure and subsequent collection or use is done in the course of their activities;
    • The disclosure is reasonable for the purposes of detecting or deterring money laundering/terrorist financing/sanctions evasion (ML/TF/SE);
    • Disclosure with knowledge or consent would compromise the ability to detect ML/TF/SE; and
    • The disclosure is made in accordance with regulations.
  2. A new subsection 11.01(3) of the PCMLTFA would provide reporting entities with criminal and civil immunity for such disclosures and collections/uses made in “good faith”.
  3. Clause 347 would amend s. 7(3) of PIPEDA (disclosure without knowledge and consent) to add a new paragraph (d.21) to permit disclosures without knowledge/consent if done under section 11.01 of the PCMLTFA. Additionally, ss. 7(1) and 7(2)(d) of PIPEDA would be amended to permit the related collection and use of this information.
  4. Other amendments that have implications related to anti-money laundering contained in Part 4; Division 34; Subdivision A include:
    • Authorizing the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) to disclose certain information to provincial and territorial civil forfeiture offices and to the Department of Citizenship and Immigration, subject to certain conditions (Part 4; Division 34; Subdivision A; Clauses 342-343); and,
    • Extending the application of the PCMLTFA to transporting currency or money orders, traveller’s cheques, or other similar negotiable instruments (Part 4; Division 34; Subdivision A; Clause 340).

BACKGROUND:

OPC Discussions with Interested Parties

  1. In a meeting with our office on October 24, 2023, ISED and Finance Canada indicated that they were contemplating legislative amendments to provide for a safe harbour regime that would allow for private-to-private (P2P) sharing of personal information without consent for suspicious anti-money laundering (AML) transactions amongst reporting entities under the PCMLTFA.
  2. (redacted)
  3. (redacted)

STRATEGIC CONSIDERATIONS:

  1. While the amendments to PIPEDA and the PCMLTFA under the Bill generally reflect the proposals we had previously been presented by Government officials, some details regarding the implementation of the P2P sharing remain unclear.

Meaningful Involvement of the OPC

  1. Clause 344 amends the PCMLTFA to provide the Governor in Council (GIC) the authority, on recommendation of the Minister, to make any regulations respecting the disclosure of information under this section, “including the establishment and implementation of codes of practice … and respecting the role of the Privacy Commissioner… in relation to those codes”, among other things.
  2. While our Office has said we would be supportive of a regime that included meaningful involvement for our Office, the proposed provisions leave OPC involvement to be outlined only in regulations. (redacted)
  3. (redacted)
  4. (redacted)

    Involvement of [Data Protection and Privacy Authorities] from the beginning of any information-sharing project is often critical and beneficial to the success of a private-sector AML/CFT/CPF information sharing project… The Estonian sharing initiative [for its Safe Harbour information sharing initiative] … has invited [Data Protection and Privacy] authorities to join the project and provide advice and input as part of the steering group. In the early stages of the project, fortnightly meetings were held in order to obtain immediate feedback, which in turn allowed timely adjustment to the design of the sharing initiative.

Setting Baseline Conditions for Information Sharing

  1. (redacted) In addition, Singapore and the UK have a centralized system administered by the regulator to enhance oversight and quality control of the AML safe harbour regime. As it stands, it is unclear what baseline standards or rules the Government will require for reporting entities to benefit from the safe harbour protection as these will be left to regulations.

    (redacted)
  2. (redacted)

Accountability and Transparency Measures

  1. (redacted). The FATF has noted that suitable oversight mechanisms and transparency would help to ensure confidence in and accountability of all stakeholders.Footnote 2 They have also recommended that private sector entities develop indicators and metrics to determine whether the initiative is achieving its purpose and continually reassess whether the information sharing is necessary, reasonable, and/or proportionate, noting that sharing positive results can help to build trust in initiatives.Footnote 3

Privacy Protective Measures for AML Information Exchanges

  1. The FATF has also recommended using privacy enhancing technologies (PETs), and privacy by design to help minimize personal data sharing for AML/ATF initiatives and noted that pseudonymization and anonymization can help minimize privacy-related risks in these circumstances.Footnote 4

RECOMMENDED ACTION:

  1. (redacted)
  2. Proposed issue sheet topics are included at Annex B.

REFERENCE:

CONSULTATIONS:

Legal Services (K. Wilson, M. Shogilev and R. De Sanctis)

APPROVAL:

Prepared by Arun Bauri
Strategic Policy and Research Analyst

Date May 13, 2024

Revisions

Approved by Laura Crestohl
Manager, Policy and Research

Date May 14, 2024

Approved by Lara Ives
Executive Director, Policy, Research and Parliamentary Affairs Directorate (PRPA)

Date May 16, 2024

Approved by Deputy Commissioner Gregory Smolynec
Deputy Commissioner, Policy and Promotion

Date

Approved by Privacy Commissioner

Date

  • I agree with the proposed recommendation(s).
  • I do not agree with the proposed recommendation(s) for the following reason(s):
Additional comments or instructions:

Philippe Dufresne
Privacy Commissioner

DISTRIBUTION:

Deputy Commissioner Legal Services; Deputy Commissioner Compliance, PRPA, Kate Wilson, Matthew Shogilev, Rebecca De Sanctis.

(Redacted)

Annex B - Proposed issue sheet topics

  1. Approach in other Jurisdictions (Legal)
  2. Sections 7(1)(b.01), 7(2)(d), and 7(3)(d.21)) of PIPEDA (PRPA)
  3. Bill C-69: Disclosure to Civil Asset Forfeiture Offices (Legal)
  4. Bill C-69: FINTRAC disclosures to IRCC (Legal)
  5. OPC Oversight (Legal)
  6. Financial Action Task Force 2021 Evaluation of Canada (PRPA)
  7. FINTRAC Audits (Compliance)
  8. FINTRAC data breach (Compliance)
  9. OPC Submission to Finance Canada AML Consultation (PRPA)
  10. Canada Financial Crimes Agency (GA)
  11. Cullen Commission Final Report (PRPA)
  12. Open Banking (PRPA)
Date modified: