The Trouble with the TPP series focus on privacy has thus far examined weak privacy laws, restrictions on data localization requirements, and a ban on data transfer restrictions. The data transfer restriction post cited one of my recent technology law columns in concluding that the net effect of a recent European privacy case and the TPP provisions is that Canada could end up caught in a global privacy battle in which Europe restricts data transfers with Canada due to surveillance activities and the TPP restricts Canada’s ability address European concerns.
Interestingly, at least one TPP country identified the potential risk of a clash between European privacy rules and the TPP. Australia obtained a side letter with the United States that largely addresses the concern. The letter states:
Should the Government of the United States of America undertake any relevant additional commitments to those in the TPP Agreement with respect to the treatment of personal information of foreign nationals in another free trade agreement, it shall extend any such commitments to Australia. The United States will also endeavor to apply extensions of privacy protections with respect to personal information of foreign nationals held by the United States Government to Australian citizens and permanent residents.
The letter contains two key undertakings: a U.S. promise to extend any privacy commitments in other trade agreements to Australia and a promise to work to extend privacy protections to Australian data held by the U.S. government. The side letter could prove important should the U.S. and European Union renegotiate the safe harbour agreement in order to address the concerns expressed in the Schrems case. While Australia would enjoy the benefits of additional protections, Canadian officials did not obtain a similar commitment, potentially leaving Canada caught in privacy perfect storm.
(prior posts in the series include Day 1: US Blocks Balancing Provisions, Day 2: Locking in Digital Locks, Day 3: Copyright Term Extension, Day 4: Copyright Notice and Takedown Rules, Day 5: Rights Holders “Shall” vs. Users “May”, Day 6: Price of Entry, Day 7: Patent Term Extensions, Day 8: Locking in Biologics Protection, Day 9: Limits on Medical Devices and Pharma Data Collection, Day 10: Criminalization of Trade Secret Law, Day 11: Weak Privacy Standards, Day 12: Restrictions on Data Localization Requirements, Day 13: Ban on Data Transfer Restrictions)