TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Canada Dashboard Digest | Notes from the IAPP Canada Managing Director, July 6, 2018 Related reading: Privacy inspection tool finds ad trackers on sensitive nonprofit websites



Last weekend was Canada Day, and I wrote in this space about my sense that things in the privacy industry in Canada are on the verge of pretty significant changes. One of the issues that is fueling this movement deals with the EU’s position that it will judge a country’s privacy protection regime to determine if it is adequate. As a general rule, an organization can only transfer personal information out of the EU to a jurisdiction that has been declared adequate.

The laws of the United States have never been declared adequate by the EU. Instead, organizations rely on different exceptions, such as binding corporate rules, standard contractual clauses and, most notably, on a treaty called Privacy Shield. The treaty allows organizations in the United States to sign up and promise to abide by certain rules. This treaty, and its set of rules, was essentially deemed an adequate level of protection for the personal information of EU residents.

On July 4 this past week, the European Parliament voted in favor of suspending the Privacy Shield treaty, unless the U.S. fully complies with EU data protection rules by Sept. 1. Clearly, many EU politicians are of the view that the United States is not a jurisdiction with adequate privacy protections. I wonder if they will fix the problems or if one of the more fundamental treaties between the U.S. and the EU will be left to falter, thus creating risk that trans-Atlantic data flows will become illegal.

From a Canadian perspective, I mention this development in the EU because I think it bears directly on our own status as being adequate by EU standards. If Privacy Shield is not cutting it, can we say that our privacy laws are? Pundits have written plenty of opinions on this already, but what is clear is that Europeans are not afraid to remove the adequacy label if they believe it’s the right thing to do in order to protect privacy. I can’t help but think this is going to fuel that change in the Canadian privacy landscape I was talking about.

Have a great weekend.


If you want to comment on this post, you need to login.