PIPEDA
"PIPEDA" Is an acronym for the "Personal Information Protection and Electronic Documents Act". It is a federal law of Canada.
...
There are three points of intersection between PIPEDA and privacy preferences design.
Policies
A minor relationship involves the privacy preferences themselves. Since they are personal preferences, they are a type of personal information and are subject to PIPEDA. The implication is that any organization that uses Privacy Preferences Design is collecting, using, and/or disclosing personal information in the form of preferences. As such, the organization must establish and publish policies that define what is collected, why it is collected, how it is used, and how and why it is disclosed. Note that In this case, one of the main reasons for the preferences it to share (disclose) them with other parties to ensure that the user’s privacy needs are met.
Nonetheless, privacy preferences are relatively low in terms of sensitivity. By comparison, credit card information is much more sensitive and can cause an individual greater harm if not kept private. The implication is that an organization’s privacy policies with respect to preferences is relatively simple: state that the collection, use, and disclosure of these preferences is to enhance an individual’s privacy with respect to more sensitive personal information, and that it is beneficial to the user to collect, use, and disclose this kind of personal information compared to other kinds.
User Control
A more interesting relationship is in terms of control. As noted above, PIPEDA requires organizations to inform users of the organization’s privacy policy. Users can then make an informed choice about whether they are willing to supply the organization with personal information. But, that is the extent of the user’s control. It is an all-or-none affair, and usually means the user either provides personal information or does not use the service at all.
...
Note that this relationship resonates with some of the seven prinicples of Privacy by Design. In that regard, it is proactive on the part of the user (principle 1), it is visible and transparent (principle 6), and it is user centric (principle 7).
Personal Privacy Policy
The most radical idea is that the privacy preferences are the privacy policy required by PIPEDA. Under this view, the preferences are seen as what the user is willing to allow and prohibit in terms of sharing personal information. An organization could respect the user’s wishes and state that their (the organization’s) privacy policy is synonomous with the user’s needs and preferences as expressed through Privacy Preferences Design.
...