CanucktAI
Glossary

CPPA (Consumer Privacy Protection Act)

The CPPA was the proposed federal law meant to replace PIPEDA’s private-sector rules with stronger consent, individual rights, and order-making and fining powers; it died with Bill C-27 in January 2025.

The Consumer Privacy Protection Act (CPPA) was the centrepiece of Bill C-27. It would have replaced PIPEDA’s private-sector provisions with modernized rules: clearer consent, a right to disposal (deletion), data mobility, special protections for minors’ information, and — crucially — real enforcement power, including order-making and administrative monetary penalties, plus a new Personal Information and Data Protection Tribunal.

The bill also proposed the Artificial Intelligence and Data Act (AIDA) as a companion.

Because Parliament was prorogued in January 2025, Bill C-27 and the CPPA died on the Order Paper. Until any successor is passed, PIPEDA remains the governing federal private-sector law.

Our own compliance

We run our own compliance programme inside Valdra — the product we sell. Our SOC 2, ISO 27001 and ISO 42001 programmes are actively in progress; we do not claim certifications we do not yet hold.

Valdra compliance badge — click to verify
  • PIPEDA
  • Law 25 (Quebec)
  • CASL
  • Data hosted in Canada 🇨🇦
  • AI governance
View our Trust Centre

Self-declared, not audited by a third party. Click the badge to verify it is genuine and see what it covers.

CPPA (Consumer Privacy Protection Act) — definition | Canuckt AI