Breaking News

As per Cavoukian : EU ruling on US agreement may nudge Canada to update our privacy law

As per Cavoukian : EU ruling on US agreement may nudge Canada to update our privacy law



The dismissal by an EU court of a European-American personal data protection transfer agreement is in the spotlight in the United States. 

But an expert here says it may have implications for pushing Canada forward to update its federal privacy law. NY Caokian, head of privacy for the Design Center for Privacy, agreed to Thursday's decision by the EU Court of Justice that the 2015 EU-US Data Protection Shield provides EU residents with Europe's General Data Protection Regulation (GDPR ) May not provide adequate protection. Nude Ottawa will have to overhaul the Personal Information Protection and Electronic Documents Act (PIPEDA). 

"Now maybe it is abolished in the US, maybe they (EU) will hardly come down in Canada because we no longer have the necessary equality with them that we used to have in the past." 

The question of equivalence - or, legally more precisely, adequacy - is essential for companies in and outside the EU that do business with the community and collect personal data of customers and partners. 

A long time ago, the European Union decided that an organization could only send personal data about an EU resident if the destination country had a sufficient level of data security. PIPEDA was given sufficiency status years ago. 

The U.S., which does not have a national data privacy law, required arrangements such as the 2000 Safe Harbor Agreement, so data transfer was permitted. 

When it was scrapped in 2015, it was to negotiate the Privacy Shield with the EU. 

What were the complexities of the GDPR in 2018, which unified and tightened individual privacy laws in the European Union. Since then, the issue of adequacy with the privacy laws of other countries is up in the air. 

For continuity, the European Union immediately made the privacy laws of all other countries inadequate unless they are equivalent to the GDPR. Instead, it is taking a few years to review those laws and give an opinion on their adequacy. How did the EU Court of Justice come into this? 

In short, it stems from a 2013 request by Austrian lawyer and activist Max Schrems to suspend Facebook from Irish privacy regulators or ban them from transferring their personal account data to the US, initially the case was dismissed Because the Safe Harbor agreement with the US was considered sufficient EU law.

But that agreement was scrapped in 2015, which led to the EU-US Privacy Shield. 

The Irish regulator asked the High Court of the European Union to rule on the adequacy of the Privacy Shield for GDPR. 

In a blog post, Toronto privacy lawyer Barry Suckman described yesterday's ruling that the Privacy Shield was a "bombshade" for US companies in the U.S. 

Does not provide sufficient protection for data transferred to. 

"It will directly affect Canadian companies," he said, "including multinationals that do business in the US and transfer personal information from the EU to the US for processing or other uses." 

Colin Bennett, a professor of political science at the University of Victoria, said in a blog that the resulting E.U. The court's decision should be "an improvement in PIPEDA, something serious rather than cosmetic." 

Quebec's recently proposed changes to its privacy law came close to the GDPR and eliminated "ups for the federal government". 

PIPEDA's status is, for now, safe. However, some privacy experts, including the Kavokians and Federal Privacy Commissioner Daniel Therrien, certainly need to update PIPEDA. 

In February 2018, the House of Commons Access to Information, Ethics and Privacy Committee issued a report urging the government if any change in PIPEDA is needed to maintain its adequacy.

 At the same time, it also recommended several changes to PIPEDA, which make it closer to adequacy to provide privacy, including a central doctrine of the Act by design for privacy and power to order the Federal Privacy Commissioner and impose penalties for non Can bring. Compliance. 

Therrien has been advocating for some time to update PIPEDA and increase powers. But after the committee's report "nothing happened," complained Cavocain. Asked whether the government is waiting for the European Union to specifically say whether or how it wants PIPEDA to be updated, rather than simply change the law, to find that it is not enough Tha, Cavokian was rejected. "Why can't we be proactive for change?" He asked. "We know it's coming. Why wait for the EU to come to us and say, that is what we expect. 'It's not rocket science to find out.'

No comments