OTTAWA — The personal information of Canadians will be on the negotiating table when North American free trade talks begin this month.
The United States has served notice it wants an end to measures that restrict cross-border data flows, or require the use or installation of local computing facilities.
It is among the many American goals for the coming NAFTA renegotiation spelled out by the Office of the U.S. Trade Representative.
Privacy advocates say that means trouble for Canada’s ability to shield sensitive information such as health or financial data from the prying eyes of foreign agencies by storing it in computer servers on Canadian soil.
The U.S. proposal runs counter to public-sector privacy laws in British Columbia and Nova Scotia that require domestic data storage.
It also seems at odds with the federal government’s strategy on cloud computing — the purchase of digital storage from third parties — that says all “sensitive or protected data under government control will be stored on servers that reside in Canada.”
The B.C. Freedom of Information and Privacy Association is urging Foreign Affairs Minister Chrystia Freeland to ensure legislation already on the books is not undermined by the NAFTA negotiations.
“Canadians are concerned about their personal information being shared in any way, shape or form with an increasingly erratic United States,” says a recent submission to the minister from association executive director Vincent Gogolek.
Some American companies offer a Canadian data storage option in response to market demand and governments should continue to have freedom to protect citizens’ information and privacy rights as they see fit, Gogolek says in the submission, part of federal consultations on the NAFTA renegotiation.
Freeland is saying little about the government’s tactics for now, but Canada plans to soon outline broad objectives for the talks.
The Ottawa-based International Civil Liberties Monitoring Group says Canadians must have a say before Canada signs off on any new provisions.
“Privacy rights are something that are really fundamental for Canadians,” said Tim McSorley, the group’s national co-ordinator. “Our first concern is that any agreements made in NAFTA regarding privacy rights should be done in public and open to consultation and discussion, both in Parliament and with stakeholders.”
The U.S. trade representative flagged the data storage issue in its 2017 report on foreign trade barriers, noting the B.C. and Nova Scotia laws prevent public bodies such as schools, universities, hospitals and government-owned utilities from using American services when there’s a possibility that personal information would be stored in, or accessed from, the United States.
The report also highlighted the Canadian government’s major consolidation of federal email services, a procurement project that cited national security as a reason for requiring the contracted company to keep data in Canada.
This requirement effectively precludes U.S.-based cloud-computing suppliers from participating in the process, unless they replicate data storage and processing facilities in Canada, the U.S. trade representative noted.
The Information Technology Industry Council, a Washington-based lobby group, has expressed concerns about the national-security exemption to the Canadian government, according to correspondence obtained by Gogolek’s association through the U.S. Freedom of Information Act.
The council calls on governments worldwide to forbid local infrastructure requirements, denouncing them as discriminatory and contrary to the notion of cross-border trade.
In the post-9-11 era, however, many countries remain skittish about U.S. law-enforcement and security agencies getting their hands on sensitive personal records.
The U.S. Patriot Act, passed following the 2001 terrorist attacks, gave the Federal Bureau of Investigation broader access to records held by firms in the United States, including data on Canadians.
Revelations in recent years by former U.S. spy contractor Edward Snowden about widespread surveillance of communications have done nothing to dispel the wariness of civil libertarians and privacy advocates concerning sovereignty over data.
Analysts also point out that the European Union has been moving toward stronger control over data, including transfers between member states and the U.S.
It would therefore be difficult for Washington to demand that Canada let U.S. firms host government data about Canadians with no restrictions, suggested Toronto lawyer David Young, who specializes in regulatory law with an emphasis on privacy.
“I believe it has to be dealt with on a different level,” Young said.
The best way to store sensitive domestic data—as well as when and how it can be transferred across borders—should be decided by Canadians, digital freedom organization OpenMedia says in its NAFTA consultation submission.
“We should be able to make our own data privacy policies without the interference or intervention of other state actors, and Canadians’ sensitive data and privacy rights must not become a bargaining chip sacrificed for the sake of economic gain.”