Original Brainstorm Below
On one hand, PIPEDA is a law that dictates how organizations (Org) must handle personal information (PI) about an individual. Examples of PI include credit card information, driver’s licence, pictures, bank account information, phone number, and email address. This list is not exhaustive. PI could also include personal needs and preferences, and specifically privacy preferences. To the extent that it does, these are also covered by PIPEDA – an organization that collects, uses, and discloses privacy preferences (or any personal needs and preferences) has responsibilities.
IDRC’s privacy preferences designs encompasses a set of privacy preferences, user interface, and information model for capturing, storing, and transmitting a user’s privacy preferences with respect to their PI.
The question is how does the IDRC’s privacy preferences design relate to PIPEDA? How might the design reinforce or facilitate an Org’s responsibilities as defined by PIPEDA?
PIPEDA “grants” users a degree of control (expectations?) over the privacy of their PI (control is also a feature of Privacy by Design). Here’s how: The Org informs users how the Org will collect, use, and disclose their PI. Users can also make requests in relation to the Org’s policies (e.g., how PI is used, update accuracy of PI, complaints to Org). Based on this information, users can choose, to some extent, how they will interact with that Org.
Privacy preferences design gives a greater or finer degree of control. It allows users to configure how different aspects or features of their PI are to be shared (collected! used!, disclosed!).