Canada privacy law may be held to EU-U.S. model: internal memo
By Ethan Lou
TORONTO (Reuters) - Canadian officials expressed concern in an internal memo the European Union may hold personal-data transfers to their country to the tougher standards of the bloc's new Privacy Shield pact with the United States.
That potentially affects the operations of Canadian businesses handling transatlantic data, according to the memo, obtained under access-to-information laws.
The EU-U.S. Privacy Shield, formally adopted on Tuesday, limits how American firms handle European personal data. It replaces Safe Harbour, the framework that the EU's top court struck down last year on concerns about intrusive surveillance.
In a February memo, Canadian officials said Privacy Shield, which was provisionally adopted that month, may become the new standard and result in Canada's privacy law being “scrutinized” when the EU reviews whether the law adequately protects European data.
Such a review will be conducted as part of a larger privacy-protection report due in 2020, according to the EU. But a review can also happen in the event of a legal challenge, as was the case for Safe Harbour.
Parts of the Canadian memo were redacted, and it was not immediately clear how the country is addressing the issue or the extent its businesses would be affected.
Global Affairs Canada, the country's foreign department that created the memo, has been probing "foreign cyber policy considerations," according to the note. It has also been assisting another federal agency, Innovation, Science and Economic Development (ISED) Canada, in "examining the span of Canadian business sectors that may be impacted."
If Canada's law does not pass muster, a broad range of the country's companies, from multinationals that centralize employee data at Canadian headquarters to tech firms that parse their user data west of the Atlantic, may find themselves in the same situation as American ones after Safe Harbour's nixing. Continued...