If all TPP countries implemented similarly strong privacy protections, there would be little need to consider alternative mechanisms to enhance public confidence in their privacy through additional legal safeguards. However, the Trouble with the TPP is that it actually weakens privacy protections by treating voluntary undertakings as equivalent to comprehensive privacy laws (prior posts include Day 1: US Blocks Balancing Provisions, Day 2: Locking in Digital Locks, Day 3: Copyright Term Extension, Day 4: Copyright Notice and Takedown Rules, Day 5: Rights Holders “Shall” vs. Users “May”, Day 6: Price of Entry, Day 7: Patent Term Extensions, Day 8: Locking in Biologics Protection, Day 9: Limits on Medical Devices and Pharma Data Collection, Day 10: Criminalization of Trade Secret Law, Day 11: Weak Privacy Standards). The TPP goes further in harming privacy, however, by restricting the use of data localization requirements that might otherwise be used to provide privacy protection.
Data localization has emerged as an increasingly popular legal method for providing some additional assurances about the privacy protection for personal information. Although heavily criticized by those who fear that it harms the free flow of information, requirements that personal information be stored within the local jurisdiction is an unsurprising reaction to concerns about the lost privacy protections if the data is stored elsewhere. Data localization requirements are popping up around the world with European requirements in countries such as Germany, Russia, and Greece; Asian requirements in Taiwan, Vietnam, and Malaysia; Australian requirements for health records, and Latin America requirements in Brazil. Canada has not been immune to the rules either with both British Columbia and Nova Scotia creating localization requirements for government data.
Read more ›
Over the past few months, the Treasury Board of Canada has quietly been developing a government-wide policy on the use of cloud computing services. The initiative started with an industry engagement event in November that highlighted many of the issues faced by the government. Following that event, the government issued a cloud computing Request for Information that asked the industry to provide detailed information and recommendations on the government’s approach. The deadline for submissions to the RFI close today. Unfortunately, the public is unlikely to gain access to the submissions as the government has promised to keep confidential the information it receives.
The government’s cloud computing RFI provides considerable insight into its current thinking. Of particular interest are the privacy implications of using cloud computing services, particularly where the data is either hosted outside the country or by foreign-owned organizations. While the consultation asks the industry for its views on these questions, the document features proposed contractual clauses that address encryption and data storage. These include:
Read more ›
In August 2011, the federal government announced plans to consolidate more than 100 different email systems used by over 300,000 employees into a single, outsourced email system. While the email transition is currently underway – Bell won the nearly $400 million contract last year – the decision quietly sparked a trade fight with the United States that placed the spotlight on the risks associated with hosting computer data outside the country.
At the heart of the dispute is the emergence of cloud computing services such as web-based email, online document storage, and photo sharing sites. These services are based on a computing infrastructure that relies on huge computer server farms and high-speed network connections that allow users to access their content from any device connected to the Internet.
My weekly technology law column (Toronto Star version, homepage version) notes that cloud computing services offer the promise of convenience and cost savings, but at a price of reduced control over your own content, reliance on third-party providers, and potential privacy risks should the data “hosted in the cloud” be disclosed to law enforcement agencies without appropriate disclosure or oversight.
Read more ›
Appeared in the Toronto Star on March 8, 2014 as Time for Consumers to Think Local for Cloud Computing In August 2011, the federal government announced plans to consolidate more than 100 different email systems used by over 300,000 employees into a single, outsourced email system. While the email transition […]
Read more ›
Does it matter where your computer data such as email, digital photos, personal videos, and documents resides? The Canadian Chamber of Commerce apparently doesn’t think so. It recently joined forces with its U.S. counterpart to argue for new rules in the Trans Pacific Partnership – a proposed new trade agreement that includes Canada, the U.S., Japan, Australia and many other Asian and South American countries – that would create barriers to privacy protections designed to require that personal data be stored locally.
My weekly technology law column (Toronto Star version, homepage version) notes that for many years, the issue was largely irrelevant to most computer users since their data was typically kept on computer hard drives within their own homes or offices. While there was always a security risk associated with malware or hackers, using reasonable security precautions provided some protection and there was little risk of warrantless access to the data.
Read more ›