Several people have written over the past couple of weeks to call attention to the privacy implications of the Canada.com FAQ. The FAQ asks the question about where Canada.com email account information will be stored with the answer that:
canada.com e-mail (the "Service") is provided by Velocity Services, Inc. ("VSI"), a company located in and conducting its business from the United States. By registering for and/or logging on to the Service, you accept and acknowledge that the information processed or stored outside of Canada may be available to the foreign government of the country in which the information or the entity controlling it, is situated under a lawful order made in that jurisdiction and no longer falls under the jurisdiction of Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA") nor be subject to canada.com's Privacy Statement.
As David Fraser rightly notes "I'm pretty confident that you can't wave a magic wand and say that PIPEDA no longer applies."
Web 2.0 services raise a host of privacy issues, few more than web-based email, which potentially leaves thousands of sensitive, personal email messages in the hands of email providers. The Canada.com approach does little to inspire confidence about the protection of that personal information.
At least they are being honest, data hosted in the U.S. falls under the Patriot Act and as a result you lose all control and jurisdiction. U.S. law enforcement can force the U.S. company to disclose any information they hold and require them to keep such disclosure secret. So canada.com and its customers would never even know a disclosure had (or was) occurring. I think that a treason charge in the U.S. pretty effectively trumps any law from Canada,…
That may be true, but it also does NOT exempt them from liability for the PIPEDA violations
Does this mean that the US host can sift through your email messages at their will?
Can any Canadians-suspect subscribed to the Canada.com site have their privacy ransacked by US officials?
In today’s world I’m surprised anyone would have any expectation of privacy when using a public forum such as the Internet as the vehicle to transmit that information, whether it’s in Canada or anywhere else.
Sale of personal data?
So did Canada.com sell personal information to an American company? Doesn’t PIPEDA require that when personal information is transfered in a sale, that the persons privacy continue to be protected.
Why I didn\t fill out my Census Form
For the exact same reason – The feds here in Canada now shirk data compilation and storage “offshore” to a private third party.. where? You guessed it, the gool ol boys down south.
Why would something as frivolous as Canada.com email be any different? Worried about security? Get off the internet, and don’t participate in the census 🙂
PIPEDA Still In Effect
My understanding of this issue is that PIPEDA cannot be circumvented so long as CanWest continues to have a Canadian presence. In this case, CanWest has merely acquired the services of a 3rd-party (VSI) to host its email service. PIPEDA is still in effect and CanWest is still responsible for ensuring that VSI (or any 3rd-party) meets PIPEDA standards. Unless CanWest has ceased to be a Canadian company, all Canada.com users are still protected by PIPEDA.
Why would a Canadian company operating in America, but maybe servicing canadian customers be subject to Canadian law at all? If the site is physically in america, then at that moment only american law applies. Just because the site has Canada in its name, and has a canadian company paying its bills is pretty meaningless.
If canwest wants to put part of its web services in the US, then that part of it is subject to US law ONLY.
So yes, the US government could sift through your messages at will, if they are in the US, without Canwest knowing. Canwest employees physically in Canada could notify the public, if they found out. If the US government wanted to keep it secret though, it could forbid the employees in the US from cooperating with any Canadian law.
You can SAY that Canada.com would be subject to PIPEDA, and you could try to enforce it outside Canada’s borders. And you could, for example fine or prosecute people once they are in Canada for breaking the PIPEDA for the actions done in the US. Canada might even ask for Cooperation with US, or extradition (if the employees were observing valid american regulations when violating PIPEDA though, there is no cause for extradition). You couldn’t actually enforce Canadian law in the US.
Lost Email and addresses
Ever since canada.com had switched over to the American company, my email and addresses have been lost.I really dont feel comforable using the service any longer ..I will take the time to switch.