The U.S. government is prodding Ottawa and some provinces to overhaul their privacy laws and allow Canadians’ personal data to be hosted on U.S. servers.
In its latest report on international trade barriers, the Office of the U.S. Trade Representative (OUSTR) criticized federal and provincial regulations preventing public bodies from storing Canadians’ personal data outside Canada.
The OUSTR took aim at Ottawa’s plan, launched in 2011, to build a unified email system for the entire federal government that would require data to be stored within Canada. That privacy regulation essentially ruled out U.S.-based companies from bidding on the contract. Bell Canada won the $400-million contract last year.
Many data services are moving to cloud-based storage, the U.S. report notes, but Ottawa’s rule “hinders U.S. exports of a wide array of products and services.”
The issue has been a point of contention between the U.S. and Canada for some years, and this is not the first time the OUSTR highlighted its concerns; the previous year’s report contained many of the same criticisms. As the agency responsible for recommending trade policy to the White House, the OUSTR’s reports are a good barometer of what the U.S. wants from its trade relationships.
The OUSTR singled out two provinces, British Columbia and Nova Scotia, for their privacy laws that prohibit the export of personal data by government agencies.
But while governments can avoid sensitive data moving through U.S. servers, most Canadians don’t have the same luxury. Some 90 per cent of Canadian internet traffic is routed through the U.S.
The head of the Canadian Internet Registration Authority, which administers the .ca domain, has suggested Canada build its own internet exchange points to avoid U.S. surveillance.
The issue of cloud-based storage of personal data has raised concerns for years among some Canadian privacy experts. Many point to the controversial USA Patriot Act, the 2001 law passed in the wake of 9/11 that greatly expanded the U.S. government’s ability to monitor communications.
According to OUSTR documents recently obtained by the B.C. Freedom of Information and Privacy Association, major U.S. corporations have complained to trade representatives about Canadian privacy laws.
Canadian officials were reportedly reluctant to allow data storage in the U.S. due to “privacy concerns stemming from the Patriot Act.”
However, recent revelations about Canada’s cooperation with U.S. electronic surveillance (see here, here and here) have made some privacy experts question whether Canadians’ data is safe from prying U.S. eyes even in Canada.
The European Parliament issued a report earlier this year calling for a review of data-sharing with Canada, which it said was “involved on a large scale in mass surveillance of electronic communications” and may have co-operated with the U.S. on surveillance of EU citizens.