Assistant Privacy Commissioner has ruled that the privacy risks posed by the USA Patriot Act are similar to those found in Canada and therefore not grounds to rule that the privacy protection afforded by a U.S. email provider is not comparable to Canadian-based providers. The finding arises from a complaint launched by CIPPIC against Canada.com over the use of a U.S.-based provider. In assessing the USA Patriot Act issue, the Assistant Privacy Commissioner found that:
The risk of a U.S.-based service provider being ordered to disclose personal information to U.S. authorities is not a risk unique to U.S. organizations. In the national security and anti-terrorism context, Canadian organizations are subject to (and may be just as likely to receive) similar types of orders to disclose personal information of Canadians to Canadian authorities. There are also several former bilateral agreements in place between analogous Canadian and U.S. organizations that provide for the cooperation and exchange of relevant information. In light of such arrangements, there are many alternatives to a Section 215 Order to obtain information about Canadians.
I focused on these issues several years ago in a submission to the B.C. Information and Privacy Commissioner co-authored with Milana Homsi.