TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, 11 August 2017 Related reading: A conversation on protecting children's privacy



Greetings et salutations de Montréal!

This week, I am in Canada taking a road trip through this splendid country with my eldest son. Talk about scale: I have been driving through the provinces of Ontario and Quebec, and clearly, this is a country with a staggering abundance of space and geography. What has impressed me considerably is also their sense of rich and diverse culture and history, from the indigenous peoples — the Nations, Inuits and Métis — through to the successive waves of European settlers over time, shaping Canada with both the English and French language and culture. The bilingual nature of the country is not dissimilar to Belgium, and speaking French has its advantages here, as well. Canada is 150 years old this year, a milestone in this young — yet mature — country’s history. 

It seems only appropriate to comment on the state of privacy in Canada while in the country, and Canada has been in the news as of late. In the context of the new EU privacy regulations coming into force next year, it is being called into question whether Canada’s approach to privacy is keeping up with global evolutions in other parts of the world.

Industry observers are increasingly commenting that if Canada does not continue to modernize its approach to privacy and data protection, it could face roadblocks in maintaining its status as an "adequate" jurisdiction — an official status that facilitates a more fluid trade with the EU28 market. The status quo is that the European Commission concluded in 2001 that the Canadian law under the Personal Information Protection and Electronics Documents Act would afford sufficient protection to personal data transferred from the EU to Canada. One wonders if this will still be the case under the provisions of the GDPR?

Maintaining adequacy will be key for Canada (and the EU) against the backdrop of the recently agreed Comprehensive Economic and Trade Agreement. Considered to be the most ambitious trade agreement ever signed by either party, European Commission President Jean-Claude Juncker and Canadian Prime Minister Justin Trudeau voiced the accord’s potential in cementing their commitment to shared values across various areas, which they explained could transform globalization in the direction of a trade model that best supports our respective economic areas and citizens.

More recently, we did, however, witness a technical roadblock with the Court of Justice of the European Union issuing an opinion — although nonbinding — that the passenger name records provisional agreement signed with Canada in 2014 may not be concluded in its current form because several of its provisions are incompatible with the fundamental rights recognized by the EU. It's also fair to say that, on the PNR front, the opinion of CJEU is likely to create a headache for a host of similar agreements between the EU and the USA and Australia. The implications of the judicial opinion may have far-reaching implications beyond the PNR rules.

On a more general note, since the beginning of the year, the Canadian House of Commons’ standing committee on access to information, privacy and ethics has been holding sessions to review the current PIPEDA in consultation with industry, regulatory and other privacy stakeholders. Where the review will end up is anyone’s guess at present, but you have to think that Canada might overhaul its privacy regulation to ensure growing trade flows with the EU and beyond. As Canada continues to become an increasing influence on the global stage, enhanced data protection safeguards could well be key to continued confidence in this growing country.


If you want to comment on this post, you need to login.