· Order in Council / Protection of Privacy Regulation · in-force
Protection of privacy regulation
Establishes the Protection of Privacy Regulation under the Protection of Privacy Act, defining key terms and setting rules for consent, disclosure for audits, and researcher agreements for public bodies.
Moderate impactPrivacy & surveillanceInstitutional independenceThe public, directlyHealth-care bodiesPost-secondary institutions
What changed
- Defines key terms for the Protection of Privacy Act, including 'enactment of Alberta,' 'imminent danger,' and 'reasonable security arrangements.'
- Establishes specific requirements for valid written, electronic, and oral consent for public bodies to use or disclose personal information.
- Outlines conditions under which personal information may be disclosed to public body employees or contractors for financial or systematic audits.
- Mandates specific information and conditions to be included in agreements for researchers accessing personal information under the Act.
- Specifies that the consent of a minor is not valid unless the public body determines the minor has capacity to understand and appreciate consequences.
- Sets an expiry date of June 10, 2035, for the regulation, requiring review for ongoing relevancy and necessity.
Why it matters
- Provides the operational framework for the Protection of Privacy Act, standardizing how public bodies manage personal information.
- Clarifies the process for individuals to provide and withdraw consent for the use and disclosure of their personal data by public bodies.
- Establishes safeguards and accountability measures for the sharing of personal information for research and audit purposes.
- Introduces definitions for key privacy and security terms, guiding public bodies in their data protection practices.
- Ensures that public bodies must assess a minor's capacity before accepting consent for personal information use or disclosure.
- The expiry clause mandates a future review, allowing for adaptation of privacy rules over time.
Rights affected
- Privacy — Control over personal information held by governments and institutions.
- Access to information — The ability to see public records and government decisions.
Other governance concerns
- Standardization of consent mechanisms for personal information
- Conditions for disclosure of personal information for audits
- Safeguards for personal information in research agreements
- Definition of security arrangements for data protection
- Capacity assessment for minors' consent
Primary sources (1)
- Primary sourceGovernment documentOrder in Council 193/2025 (Alberta King's Printer)
Secondary sources (3)
- Secondary sourceNews articleIAPP: Major privacy changes, new requirements for Alberta's public sector
- Secondary sourceNews articleRMRF: Alberta's Privacy Laws, Rewritten
- Secondary sourceNews articleGowling WLG: Alberta overhauls public-sector privacy and access to information law