Data localization rules, which require data to be stored locally, have emerged as an increasingly popular legal method for providing some additional assurances about the privacy protection for personal information. Although heavily criticized by those who fear that it harms the free flow of information, requirements that personal information be stored within the local jurisdiction is an unsurprising reaction to concerns about the lost privacy protections if the data is stored elsewhere. Data localization requirements are popping up around the world with European requirements in countries such as Germany, Russia, and Greece; Asian requirements in Taiwan, Vietnam, and Malaysia; Australian requirements for health records, and Latin America requirements in Brazil. Canada has not been immune to the rules either with both British Columbia and Nova Scotia creating localization requirements for government data.
Given that data often ends up in the United States, restrictions on data localization requirements have emerged as a key U.S. demand in its trade agreements. The provisions appeared in the TPP, in the proposed digital trade chapter in NAFTA, and in the stalled Trade in Services Agreement. While the issue is a prominent one in trade talks, the Canadian position has remained largely unknown. That may have changed last week at a hearing of the Standing Committee on International Trade when NDP MP Tracey Ramsey asked department officials about the issue:
My next question is about the probability of including provisions that ban data localization. I think you mentioned things in the future…I think about NAFTA, we couldn’t have envisioned the world that we’re in now 25 years ago, and so there wasn’t language in there. So do you think that this will include data localization measures, in TiSA? It’s a concern for Canadians in particular, with the two provinces that we have that protect that.
Darren Smith, the Director of Services Trade with Global Affairs, replied:
Yes, in fact, data localization is an issue that is being discussed in TiSA. That work is not complete but Canada’s approach, which is shared by a good number of other participants, is to have a balanced approach so that we can still ensure a cross-border flow of data but at the same time protect that information that’s held by government or in a government procurement context. So the two cases that you referred to, Nova Scotia and B.C., would not be part of TiSA.
To the best of my knowledge, this is the first time the government has stated its position, which amounts to retaining the right for data localization measures for government data that it holds or that is held by third parties under contract. That addresses some potential concerns (including the viability of provincial data localization laws in B.C. and Nova Scotia) but it would appear to exclude wider use of data localization requirements.
Given the privacy concerns extend beyond just government data, agreeing to a ban on future data localization requirements consistent with privacy and security needs is a short-sighted position that unnecessarily handcuffs policy makers on future privacy measures. There is a balance to be struck with data localization, but the balance involves more than just government data. Rather, it requires ensuring that reasonable privacy, security, and public policy measures will not be banned due to trade agreements such as the TPP or NAFTA.
That is heartbreaking and despicable. The government can keep *their* data protected, but every single Canadian can have their private information used and abused by foreign businesses at will and there’s no plan on the part of the government to protect Canadians from that abuse. We’re all just sheep to be shorn.
Sonny Bubbles’ government is government of the entitled, by the entitled and for the entitled. Everyone else gets the shaft.
Withheld is right, this is heartbreaking and despicable. For one, it only serves to widen the gulf between government and citizens – a trend that is most dangerous and does not bode well for our future. Also, surely our negotiators must know that the US is a rogue and dangerous country to be dealing with. Any data that crosses into their jurisdiction will be available to one of the most dangerous political entities the world has ever seen, the NSA.
Pingback: Canadian Position on Data Localization Rules in Trade Deals Revealed: Protection for Government Data Only « Data Protection News
What about the flipside of localization?
Let’s say Facebook serves employment ads to millennials only: If the ads are US served to Canadians are they legal? If they are served from Canada are they legal, or in violation of the Charter?
https://www.propublica.org/article/facebook-ads-age-discrimination-targeting
Pingback: Canadian billionaire bemoans lack of Canadian leadership – Ministry Of Data