· Bill / New Privacy Framework · enacted
Bill 33 — Protection of Privacy Act, 2024 (New Provincial Privacy Framework)
Establishes a new comprehensive privacy framework for Alberta public bodies, replacing the privacy provisions of the Freedom of Information and Protection of Privacy Act, introducing new rules for data handling, and enhancing oversight.
High impactPrivacy & surveillanceInstitutional independenceCivil libertiesThe public, directlyIndependent watchdogs
What changed
- Repeals the privacy provisions of the Freedom of Information and Protection of Privacy Act (FOIP Act) and enacts a new standalone Protection of Privacy Act (Section 64(1)).
- Establishes new rules for the collection, use, and disclosure of personal information by public bodies (Part 1).
- Introduces a framework for 'data matching,' 'data derived from personal information,' and 'non-personal data,' regulating how public bodies create and use data from personal information (Part 3).
- Mandates public bodies to establish 'privacy management programs' and conduct 'privacy impact assessments' in prescribed circumstances (Part 4, Sections 25, 26).
- Creates an 'Independent Adjudicator' role (a designated judge) to investigate complaints and reviews where the Information and Privacy Commissioner has a conflict of interest (Part 6, Div 2, Section 45).
- Provides whistleblower protections for employees of public bodies who disclose privacy contraventions in good faith (Sections 52, 59).
Why it matters
- Replaces the foundational privacy legislation in Alberta, establishing a modern framework for how public bodies manage personal information.
- Introduces specific regulations for advanced data practices like data matching and the creation of non-personal data, addressing evolving digital governance challenges.
- Strengthens accountability by requiring public bodies to implement privacy management programs and conduct privacy impact assessments.
- Enhances oversight mechanisms by establishing an independent adjudicator for cases where the Information and Privacy Commissioner may have a conflict.
- Provides explicit protections for employees who report privacy breaches or contraventions, encouraging internal accountability.
Rights affected
- Privacy — Control over personal information held by governments and institutions.
Other governance concerns
- New framework for personal data handling by government.
- Mandatory privacy management programs and impact assessments.
- Independent review mechanism for privacy complaints.
- Whistleblower protections for privacy disclosures.
Primary sources (1)
- Primary sourceGovernment documentBill 33 – Protection of Privacy Act (Alberta Legislative Assembly)
Secondary sources (4)
- Secondary sourceNews articleIAPP: Major privacy changes, new requirements for Alberta's public sector
- Secondary sourceNews articleBennett Jones: Alberta's New Privacy Laws Are Now in Effect
- Secondary sourceNews articleM. Ross: Introduction of Bill 33 and Bill 34 to Replace the FOIP Act
- Secondary sourceNews articleGowling WLG: Alberta overhauls public-sector privacy and access to information law