server-farm by laboratorio linux (CC BY-NC-SA 2.0) https://flic.kr/p/SQVdB4

server-farm by laboratorio linux (CC BY-NC-SA 2.0) https://flic.kr/p/SQVdB4

News

The NAFTA E-commerce Chapter: Ensuring the New Chapter Reflects Canadian Priorities

Canadian Foreign Minister Chrystia Freeland outlined Canada’s NAFTA negotiating objectives in talk earlier this week, identifying the need to modernize NAFTA so that “all sectors of our economy can reap the full benefits of the digital revolution.” I posted yesterday on how the IP chapter could be used to level the playing field for innovation. This post discusses how the new e-commerce chapter, which will be the most obvious manifestation of a modernized NAFTA, offers the opportunity to address an increasingly important aspect of modern cross-border commercial activity.

The policy behind an e-commerce chapter should be to facilitate modern, electronic commerce. Canada should be wary of provisions that undermine legitimate public policy interest, including privacy and security. This concern is particularly pronounced with respect to restrictions on data localization and data transfers, both identified by the USTR as issues of concern. Further, Canada should seek higher level privacy protections and e-commerce regulations in NAFTA.

The Implications of NAFTA for Privacy and Security

The U.S. has identified restrictions against local data storage – often called data localization – as one of its objectives. The issue originates from Silicon Valley tech company frustration with a growing number of governments that want local data to remain within their jurisdiction. The reason for data localization requirements typically stem from mounting concerns over U.S. surveillance activities and the power granted to U.S. law enforcement under laws such as the USA Patriot Act.

The combined effect of these U.S. laws is that many users fear that once their information is stored in the U.S., it will be accessible to U.S. authorities without suitable privacy protections or oversight. Since U.S. law provides less privacy protection to foreigners, there is indeed limited legal recourse for Canadian data held in the U.S.  Provinces such as British Columbia and Nova Scotia have enacted laws to keep government information (such as health data) within the country.

In response to the mounting public concerns, leading technology companies such as Microsoft, Amazon, and Google have established or committed to establish Canadian-based computer server facilities that can offer localization of information. These moves follow on the federal government’s 2016 cloud computing strategy that prioritizes privacy and security concerns by mandating that certain data be stored in Canada. The Canadian government should resist efforts within NAFTA to limit the ability of federal or provincial governments to establish legitimate privacy and security safeguards through data localization requirements.

Limitations on data transfer restrictions, which mandate the free flow of information on networks across borders, raises similar concerns. Those rules are important to preserve online freedoms in countries that have a history of cracking down on Internet speech, but in the Canadian context, could restrict the ability to establish privacy safeguards. In fact, should the European Union mandate data transfer restrictions as many experts expect, Canada could find itself between a proverbial privacy rock and a hard place, with the EU requiring restrictions and NAFTA prohibiting them. While the U.S. is seeking a ban on data transfer restrictions, Canada should ensure that privacy and security laws will not be superseded by NAFTA restrictions.

Using NAFTA To Safeguard Privacy Protections

Privacy protections are a key aspect of e-commerce, providing consumers with assurances that their personal information will be appropriately safeguarded. A renegotiated NAFTA should include a high level privacy protection requirement. The starting point for privacy protection in most countries is a national privacy law modeled on the OECD privacy principles. Enforcement measures are frequently handled by privacy or data protection commissioners with some form of enforcement powers as well as additional rules on issues such as mandatory disclosure of security breaches. A privacy requirement that extends beyond voluntary undertakings is essential for Canadians to have the necessary assurances that their information is properly protected and to place Canadian companies on a level playing field with their NAFTA counterparts.

NAFTA should also include mandatory anti-spam legislation as a national requirement. The provisions could specify that the law provide for a binding unsubscribe mechanism and an opt-in consent requirement, consistent with the Canadian anti-spam law. Other e-commerce laws, including consumer protection requirements and electronic contracting provisions, would be suitable for inclusion in an e-commerce chapter.

5 Comments

  1. note: (incoherant rant below. new article posted momentarily, tho)

    beware the cell.

    Local DBs, access, builds,managment.

    industry, services and management;
    localization of the means of…

    que wanted gambling;
    everyone wants censorship on their enemies; (and for free, ask an ISP)

    meanwhile, china, who doesn’t pay royalties…
    will charge $.0000019 vs a NA $25.00 hr.

    cost-effective (unstoppable) sat services after the locals get BB’d to death, anyone? (hired on appearances, survive on politics, performance monopolized?

    heavens, will cable get legislated as mandatory and not a right?
    drama-porn, gambling , news too?

    a copyright on data, tech and productions. (ie: pot)
    lets see where the research goes, eh? (NAFT’d to brazil, betcha)

    or AI assistants on cells do it for ya.

    the systems already in place can/will smoke right past any official meddling;
    it looks like a white elephant forcing it’s own demise to me.

    local patronage games will NOT be productive, they’re PC first.

    why yes, I do make this up as I go along. When yer hot, yer hot.

  2. Well if Trump doesn’t kill this NAFTA deal, I’d like to see a Canadian mandate to take privacy seriously. That would mean no US closed source software, such as MS-Windows, allowed on government computers. If that doesn’t happen, then we’ve lost already.

  3. Really pretty puzzling that Prof Geist has written two columns about the current NAFTA revival without mention of the obvious and public Canadian and Mexican agendas, namely to make it a quick and dirty negotiation to bring the USA back into the TPP. Much or all of what’s been proposed on IP and online commerce was decided in the TPP to Obama’s satisfaction, and it’s only Trump’s kneejerk rejection of anything Obama approved that prevents TPP from simply being implemented in this back-assed process. Maybe more in the fall semester.

  4. The policy behind an e-commerce chapter should be to facilitate modern, electronic commerce. Canada should be wary of provisions that undermine legitimate public policy interest, including privacy and security. This concern is particularly pronounced with respect to restrictions on data localization and data transfers, both identified by the USTR as issues of concern. Further, Canada should seek higher level privacy protections and e-commerce regulations in NAFTA.

  5. This message is posted here using XRumer + XEvil 3.0
    XEvil 3.0 is a revolutionary application that can bypass almost any anti-botnet protection.
    Captcha Recognition Google, Facebook, Yandex, VKontakte, Captcha Com and over 8.4 million other types!
    You read this – it means it works! 😉
    Details on the official website of XEvil.Net, there is a free demo version.