ARTICLE
4 February 2025

Privacy Lessons From 2024 That Every Business Should Be Aware Of (Video)

SL
Siskinds LLP

Contributor

Since 1937, Siskinds has been that firm of specialists serving individuals, families and businesses in southwestern Ontario and Canada from our offices in London, Sarnia and Quebec City. We’ve grown as the world around us has evolved. Today, we are a team of over 230 lawyers and support staff covering personal, business, personal injury and class action law and over 25 specialized practice areas.
As a cross-border business technology and privacy lawyer working with clients in Canada and the United States, I understand how overwhelming it can be for businesses to navigate...
Canada Privacy

As a cross-border business technology and privacy lawyer working with clients in Canada and the United States, I understand how overwhelming it can be for businesses to navigate the constantly evolving landscape of privacy laws.

In this brief video, I'll highlight the key lessons from 2024 that every business should be aware of.

Lesson number one, Avoid dark patterns

Dark patterns are deceptive design tactics used to manipulate users into making choices about their privacy that they would not otherwise have made. The Office of the Privacy Commissioner of Canada, the OPC, recently highlighted five common types of dark patterns:

  1. Privacy notices with complex language;
  2. user interfaces that are confusing;
  3. nagging, which are repeated prompts specific actions;
  4. obstruction, which is inserting unnecessary steps between users and the privacy goals; and,
  5. forced action, which is tricking users into disclosing extra personal information.

Avoiding these practices ensures a clear, trustworthy user experience.

Lesson number two, Deepfakes are being used more in cybercrime

Deepfakes, which are A.I. generated or altered videos and audio, are increasingly being used in cybercrime.

Recently, the FBI warned about scams involving voice and video cloning. For example, in February 2024, CNN reported that a finance worker was tricked into transferring $25 million after criminals use deepfake technology to impersonate the company's CFO during a live video call. That's scary. Businesses must stay vigilant and adopt measures to protect against these threats.

Additionally, I would recommend checking with your insurance broker to ensure you're covered for business email fraud and other types of cyber insurance.

Lesson number three, watch out for upcoming A.I. Laws

Canada's proposed Artificial Intelligence and Data Act, aimed at regulating AI systems, is stalled in parliament. However, Ontario recently amended the Employment Standards Act to require businesses to disclose A.I. use in hiring.

In contrast to Canada, the United States has seen more progress. This suggests that Canada will be forced to catch up soon. Colorado, California and Utah are leading the way, while some other states have focused A.I. laws on specific employment applications, just like in Ontario.

Lesson number four, Privacy law keeps on changing

While Canada's proposed privacy law remains stalled, just like the artificial intelligence law and Ontario's Privacy White Paper may not have evolved into a proposed law yet. Privacy laws are changing elsewhere. For example, Quebec's Law 25 now includes data portability provisions requiring businesses to transfer an individual's data to another organization under certain conditions.

In contrast to Canada's stalled privacy environment, seven U.S. states have passed comprehensive privacy laws in 2024.

Additionally, both Canada and the U.S. have seen a surge in child centric privacy laws. If your business handles children's data, you should stay informed about these proposed and evolving laws.

And lastly, lesson number five, don't lie on your privacy notices

Privacy notices are public documents that disclose your businesses privacy practices, which help individuals understand how their personal information will be collected, used, disclosed or retained, and allows those individuals to provide informed consent.

In 2024, many businesses faced scrutiny from a variety of Canadian and American privacy regulations, including the OPC, the FTC and the FCC for having deceptive privacy notices or unfair privacy practices that harmed consumers.

That wraps up the most important privacy lessons for businesses in 2024.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More