What is Canada’s Consumer Privacy Protection Act (CPPA)? - Actonic – Unfolding your potential
We have outsourced our Atlassian licensing and services business to the newly founded Seibert Solutions GmbH. Actonic's products will be further developed under the usual name.
Become an Atlassian Knowledge Champion

What is Canada’s Consumer Privacy Protection Act (CPPA)?

Canada’s Consumer Privacy Protection Act (CPPA) is a new Law under Canada’s digital privacy act. It replaces the Personal Information Protection and Electronic Documents Act (PIPEDA), which is over 20 years old. CPPA is described as “An act to promote and support electronic commerce wherein the personal information that is collected, used or disclosed is protected in the course of commercial activities”. Rules are established so that the protection of personal information can be governed in a manner that balances the right to privacy of individuals.

It is critical that businesses handling sensitive data protect Canadians’ privacy by using industry-best practices and solutions to offset the risks posed by Canada Digital.

What is changing with CPPA?

The changes made by the CPPA include the right of disposal and the right to data mobility.

With the right of disposal, the user has the right to ask the website to get rid of his personal information – just like the right to opt-out in CCPA. The right to portability allows users to move specified personal information from one organization to another.

The Act also simplifies PIPEDA’s data consent laws by requiring organizations to obtain the user’s consent before collecting a user’s personal data. With that, the enforcement powers have been increased, and parallel to that, the penalties for breaking the law have also been increased.

Following are some of the important characteristics of CPPA:


  • Transparency and control are increased when the organization handles Canadians’ personal information
  • Providing freedom to citizens so that their information can be moved from one organization to another in a secure manner.
  • Broad order-making powers should be provided to the privacy commissioner of Canada, including the power to stop the company from using personal information or collecting data.


Penalties for non-compliance with the CPPA could cause fines of up to 5% of a company’s total global revenue for the prior year, or CA $25 million.

Therefore, if you have a Canadian company or company that does business with Canadian clients and customers online, make sure you comply with Canada’s new data protection law. Actonic’s apps, Data Protection and Security Toolkit for Jira and Data Protection and Security Toolkit for Confluence make complying with the CPPA significantly easier. If you want to see how Jira and Confluence apps can help you with CPPA-compliance while saving you time and money, book a demo now.

Discover our Apps for Jira and Confluence