New legislation to give Canadians more control over their personal information will include the steepest corporate fines among Group of Seven nations, according to the country’s industry ministry.

The proposed Consumer Privacy Protection Act establishes penalties of $25 million (US$19.4 million), or as much as 5 per cent of global revenue, whichever is greater, for companies that breach privacy rules. 

The bill will allow Canadians to move their information from one company to another securely and request that data be deleted. It will also limit the collection and usage of minors’ information, and give the country’s privacy commissioner broad powers to order a company to stop collecting data or using personal information.

Industry Minister Francois-Philippe Champagne and Justice Minister David Lametti introduced the legislation on Thursday as part of the government’s Digital Charter Implementation Act. It comes amid broader calls by several business groups to reform Canada’s privacy law to be more closely aligned with those of key trading partners, including the European Union.

“Without updated privacy legislation, Canadian business finds itself at a disadvantage. The law has not kept up with the pace of change, nor with Canada’s international competitors,” Mark Agnew, senior vice president at the Canadian Chamber of Commerce, said by email. “Finalizing and passing this legislation must be a top priority when the fall session begins.”

Earlier this month, Tim Hortons Inc. was found to have violated privacy laws by collecting “vast amounts” of sensitive location data from people who downloaded the restaurant chain’s mobile app.

Champagne and Lametti also tabled the Personal Information and Data Protection Tribunal Act to create a new court to enforce the privacy law, and the Artificial Intelligence and Data Act to establish a new AI and data commissioner who will monitor company compliance to ensure technology is used responsibly.