It is my pleasure. Chair, and distinguished members of this committee. I really appreciate this kind invitation for me to speak to you today. Let me say that I'm very honoured.
I'm not the EU legislator. I am not formally in charge of any adequacy finding. I represent an independent institution, like the Privacy Commissioner of Canada. We share in all the EU duties and powers of national data protection authorities. Being Brussels-based, however, we also are influential as the special and first adviser of the Council of the European Union and the European Parliament. We're better positioned to be of help.
My third introductory remark relates to our excellent working relations with the Privacy Commissioner of Canada. In general terms, we've always had a very close and fruitful strategic partnership with Canada. We also had the occasion, just to give you an example, to submit our pleadings to the European Court of Justice concerning the Canadian PNR. We had a chance to interact with some of our colleagues in Canada so as to be fully in touch with your legal framework.
I'm very pleased to be at your disposal and to answer any questions you may have about the process and the content of revising PIPEDA. I've been intimately involved in the reform of the European data protection rules. We are here to advise legislators. We adopted many opinions. We have been in touch with the rapporteurs and shadow rapporteurs. It was a process that took almost a decade from consultation, to proposal, to very long negotiations. Now we are focusing on implementation.
My institution will be one of the members of the newly established European Data Protection Board, the new EU body that will replace the existing advisory board, the Article 29 Working Party of the European Commission. In addition, the EDPS, the European data protection supervisor, will also serve the board as secretariat. So 20 people from my staff will be delegated full-time to this initiative.
We are investing all our energies to be ready on day one, May 25 of next year. The GDPR, general data protection regulations, adopted last year and published last year on May 4 in the official journal, comes into force next year in May. Today nothing prevents a data controller from starting with real implementation, although full implementation, with enforcement, can only start at midnight on May 24 next year, when we come to convene all colleagues for the first meeting of the European Data Protection Board.
We are also putting our energies into complementary and necessary reforms. We need, notably on electronic communication privacy, the so-called e-privacy regulation, which is likely to replace the existing e-privacy directive. We have more or less the same approach as for the GDPR versus the 1995 directive. In addition, we are also expecting new rules applicable to the big galaxy of the European Union institutions and bodies subject to my supervision.
We're doing the work of a generation, and the challenge is to make sure people get to enjoy the new rights on the online world. The GDPR is going to be in place for, I predict, at least 15 years, which is more than a decade.
We can see that we have legislated not only for millennials, but perhaps also for the mid post-millennials who have only ever known a connected world. Therefore, the challenge is to consider the reinforced rise in the GDPR and the new rise such as those concerning privacy by design and privacy by default that can be called big data rights.
We really want to be more conversant with new technologies, to be future oriented, and to be, let's say, neutral from a technological viewpoint. You will not see any specific legislation on social networks or other specific applications, though the new rules on profilings, the right to be forgotten, and the rate of data portability are designed to be horizontal.
I see a line of continuity between current legislation and the future one in making existing and new rights and freedoms meaningful for ordinary people and more effective in practice. We will have to depart from former requirements and focus more on substantial safeguards. Therefore, there is a convergence across the world on how these rules are to be drafted and applied, and I see Canada as part of this convergence. I see a growing consensus.
We're now in a position today to focus on transfer of personal data, which is a key factor in this debate. You may be interested to know what is new in the GDPR as compared to the directive and, of course, I can only quote Daniel Therrien, the federal commissioner, to say that the GDPR contains some provisions that did not appear in the current directive and also do not appear in PIPEDA: portability, erasure, privacy by design, and privacy by default. Therefore, we have to analyze together the differences in the two statutes.
I am pleased answer any questions about the major differences between the directive and the GDPR about the process for determining PIPEDA's adequacy status under the GDPR, although neither the current directive nor the GDPR provide for any specific process, but we know what the approach could be.
I guess you will be interested to verify the criteria for determining the adequacy status, what it means after the Schrems case, digital rights versus Ireland, judgment for the European Court of Justice, what it means, and an adequate level of protection of personal data essentially equivalent to the one in the EU. Would you expect consultations with Canadian authorities, for instance, in the evaluation of the new approach in Canada, if any? What about the timelines, and more specifically, what are the long-term implications of the Schrems decision that were confirmed by the Court of Justice in coming decisions? One of them relates to the Canadian PNR.
If this is the right approach, we may focus then on specificities concerning either the retention of data or the protection of children. Many companies are interested to verify, for instance, which consent is to be re-collected once the GPR enters into force. I think we have enough food for a fruitful discussion.
I don't want to abuse your time, and I think it's much better to now go into specificities in answer to your questions or focus on more detailed issues.