CETA and GDPR - Will the Marriage Last? Chantal Bernier. Global Privacy and Cybersecurity Group

Similar documents
U.S. Business Immigration Current Issues and Trends U.S.-Mexico Bar Conference September 27-29, 2017

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 115

Bipartisan Congressional Trade Priorities and Accountability Act of 2015: Section-by-Section Summary

Canada: Electronic Commerce Law Overview

(a) Short title. This Act may be cited as the "Trade Promotion Authority Act of 2013". (b) Findings. The Congress makes the following findings:

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 110

ARTICLE 29 DATA PROTECTION WORKING PARTY

TECHNICAL BARRIERS TO TRADE

32000D0520. Official Journal L 215, 25/08/2000 P

The EU-Canada Comprehensive Economic and Trade Agreement (CETA) Opening up a wealth of opportunities for people in Estonia

Energy Transit Provisions in the WTO Agreements, Energy Charter Treaty and Intergovernmental Agreements

Data protection and privacy aspects of cross-border access to electronic evidence

The EU-Canada Comprehensive Economic and Trade Agreement (CETA) Opening up a wealth of opportunities for people in the Czech Republic

LEGAL BASIS OBJECTIVES ACHIEVEMENTS

GDPR: Belgium sets up new Data Protection Authority

EU Data Protection Law - Current State and Future Perspectives

60 th UIA CONGRESS Budapest / Hungary October 28 November 1, UIA Biotechnology Law Commission Sunday, October 30, 2016

Does the Agreement on Internal Trade Do Enough to Liberalize Canada s Domestic Trade in Agri-food Products?

CODE OF CONDUCT AND ETHICS (the Code ) Approved on February 23, 2017

Telekom Austria Group Standard Data Processing Agreement

The New Mandatory Data Breach Requirements under Canada s Federal Privacy Act

Privacy Law Update. David Goodis, Assistant Commissioner, Information & Privacy Commissioner of Ontario)

Privacy, personal information, law enforcement and lawful access

S.I. 7 of 2014 PUBLIC PROCUREMENT ACT. (Act No. 33 of 2008) PUBLIC PROCUREMENT REGULATIONS, 2014 ARRANGEMENTS OF REGULATIONS PART 1 - PRELIMINARY

Part 3 Authority to Practise Law

SHORTCOMINGS OF THE EU PROPOSAL FOR FREE FLOW OF DATA

Annex B. Application of Chapter Five and Relationship to other Chapters

Principles of Fiscal Law and Government Contracts-Related Funding Issues Joseph G. Martinez K. Tyler Thomas

Cross-Border Internal Investigations: Data Protection and Employee Issues. June 11, 2014

Review of reporting on prospective financial information engagement questionnaire

SPONSORSHIP AGREEMENT

Privacy Act of 1974: A Basic Overview. Purpose of the Act. Congress goals. ASAP Conference: Arlington, VA Monday, July 27, 2015, 9:30-10:45am

Is Canada ready for class arbitration?

Data Processing Agreement

FINAL WORKING DOCUMENT

Canada European Union Trade Negotiations 7. Technical Barriers to Trade and Regulatory Cooperation

Memorandum of Understanding. between. The Legal Aid Agency (LAA) and. Solicitors Regulation Authority (SRA)

Bill C-58: An Act to amend the Access to Information Act and the Privacy Act and to make consequential amendments to other Acts

LEGAL BASIS OBJECTIVES ACHIEVEMENTS

1. Purpose. 2. Membership and Organization. 3. Meetings. Canadian Imperial Bank of Commerce Corporate Governance Committee Mandate

Euroclear Central Securities Depository (CSD) User Committees Terms of Reference (incorporating internal governance practice & procedures)

GAMING SECURITY PROFESSIONALS OF CANADA PROFESSIONNELS EN SÉCURITÉ DU JEU DU CANADA

Factsheet on the Right to be

1. The Contracting Parties shall grant each other a regime of free trade.

Good Faith and Honesty: Bhasin v Hrynew

and have agreed as follows: Article I. Purpose of Cooperation and Statement

SAFE HARBOR: STAYING ALIVE?

Five Year Review of the Personal Information Protection and Electronic Documents Act (PIPEDA)

YUM! Brands, Inc. Charter of the Audit Committee of the Board of Directors

LAW ENFORCEMENT ASSISTANCE VODAFONE GLOBAL POLICY STANDARD

Data Processing Agreement

AGREEMENT ON INTERNAL TRADE. Consolidated Version

Is information about legal entities personal data? No. The DPA only applies to information about individuals as opposed to legal entities.

Privacy, Policy and Public Opinion in Canada

Investigatory Powers Bill

Remote Support Terms of Service Agreement Version 1.0 / Revised March 29, 2013

Douwe Korff Professor of International Law London Metropolitan University, London (UK)

Professor Colin J. Bennett Department of Political Science University of Victoria British Columbia, Canada

Data retention: a civil rights perspective. Sjoera Nas, TF-CSIRT seminar, Amsterdam, 24 January 2006

Marc Lee Economist Canadian Centre for Policy Alternatives -- BC Office CANADA-U.S. CUSTOMS UNION: A CRITICAL ASSESSMENT

The Right to Privacy in the Digital Age: Meeting Report

I. Does International Law Prohibit the U.S. Government from Monitoring Foreign Citizens in Foreign Countries?

Chapter Ten: Initial Provisions Comparative Study Table of Contents

European, Middle East, and Latin American Privacy and Cyber Developments For In-House Counsel

Data Processing Addendum

FUJITSU Cloud Service K5: Data Protection Addendum

ADOBE SYSTEMS INCORPORATED. Charter of the Audit Committee of the Board of Directors

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

055, Approved and Ordered FEB

Office of the Commissioner of Lobbying Ottawa, Ontario September 24, The Lobbyists Code of Conduct A Consultation Paper

DATA PROCESSING ADDENDUM. 1.1 The User and When I Work, Inc. ("WIW") have entered into the Terms of Service, for the provision of the Service.

Third country auditor deregistration procedures

Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

Trade Promotion Authority:

Pirate Party Australia

new director election requirements for TSX companies

NATIONAL INSTRUMENT AUDITOR OVERSIGHT PART 1 DEFINITIONS AND APPLICATION

SCHEDULE A. member means a member of the MFDA; (membre)

DATA PROTECTION (AMENDMENT) REGULATIONS Amendments to the Data Protection Regulations Insertion of new sections...

Joint Report on the EU-Canada Scoping Exercise March 5, 2009

Overview on the implementation of the Canada-EU Comprehensive Economic and Trade Agreement

Technology and the Threat to the Attorney- Client Privilege Suzanne Valdez

ENERGY SECTOR ACT. Chapter one. GENERAL

Free and Fair elections GUIDANCE DOCUMENT. Commission guidance on the application of Union data protection law in the electoral context

TELUS Transparency Report

RPL Directory Terms of Inclusion for Recognised Qualification Providers. Version 0.1

The Personal Data Protection Bill, 2018 Issues, Possible Solutions, and Recommendations

The freedom of expression and the free flow of information on the Internet

Brexit: Securing the best legal framework for your businesses

Website Development Agreement

Data, Social Media, and Users: Can We All Get Along?

Robin MacKay Mayra Perez-Leclerc. Publication No C7-E 20 July 2016

Regulatory enforcement proceedings

THE FEDERAL LOBBYISTS REGISTRATION SYSTEM

Request for Proposal. Physical Security Professional Review. ASIS Chapter Calgary / Southern Alberta

The CIBC Rewards Passport to a Million Contest

CHANGING PRIVACY LANDSCAPE MARTIN ABRAMS

Law Enforcement processing (Part 3 of the DPA 2018)

In the present analysis, we cover the most problematic points of the Directive. For our views on the Regulation, please go to our document pool.

Transcription:

CETA and GDPR - Will the Marriage Last? Chantal Bernier Global Privacy and Cybersecurity Group

2

3

4

Why would this marriage not last? 1. The in-laws are not happy 2. The prenup is not clear 3. They both have baggage But the secret to a good marriage may be there Betting on the marriage 5

How they came together: EU is Canada s 2 nd largest trading partner Canada is EU s 12 th largest trading partner Value of bilateral trade exceeds $100bn Both wanted to expand exports by Lowering tariffs Simplifying the rules Opening respective markets to services Opening respective business in bidding for respective government contracts Recognizing respective professional qualifications 6

How they agreed on their privacy future Both assert it is a priority Both boast great privacy records: Canada and eight EU Member States rank second in privacy International s Privacy Index; Canada and the EU have comprehensive data protection laws for the private and public sectors, and protect privacy as a fundamental right; and Both are party to international conventions to protect privacy in cross-border data flows. Canada-European Union CETA www.international.gc.ca/ceta 7

Their vows CETA balances the unambiguous obligation to protect personal information under Canadian and EU law with the need to facilitate regulatory and commercial activity under the agreement. Canada-European Union CETA www.international.gc.ca/ceta Except Canadian and EU law on protecting personal information are different 8

Why privacy law matters On sait que les données commerciales font partie de la négociation. Or, ces données commerciales sont à 80% des données personnelles. Isabelle Falque-Pierrotin Regards sur le numérique (2014) We know that commercial data is a part of negotiations. It so happens that 80% of this commercial data is personal data. Isabelle Falque-Pierrotin Regards sur le numérique (2014) 9

How privacy comes into play Financial Services: CETA 13.15 supports Canada and the EU's enforcement of privacy legislation governing the cross-border transfer of personal information; Telecom: CETA 15.3.4 (4) requires both parties to take appropriate measures to protect the privacy of users of public telecommunications transport services; E-Commerce: CETA 16.4 requires that Canada and the EU take into consideration international standards for data protection of E-Commerce users; Exceptions : CETA 28.3.2 (ii) preserves Canada and the EU s right to adopt or enforce any measure necessary to protect the privacy of individuals. 10

Still, the in-laws are not happy In Europe: CETA e TTIP minano la tutela della privacy. Bruno Saetta 11

The in-laws are not happy In Canada we just came off a third reading vote on CETA. It is supposedly an agreement to eliminate nontariff trade barriers between Canada and Europe how do we make it so that Canadian companies are not going to lose an advantage that they currently have, in spite of having just signed an agreement that's supposed to facilitate trade with Europe? Daniel Blaikie (Elmwood Transcona, NDP) Standing Committee on Access to Information, Privacy and Ethics House of Commons of Canada: February 14, 2017 12

Europe: My child is marrying a bum 1. State surveillance: CETA 28.6 protects Canada from disclosing data on its surveillance activities Bruno Saetta Art. 28.6 Nothing in this Agreement shall be construed: (a) to require a Party to furnish or allow access to information if that Party determines that the disclosure of this information would be contrary to its essential security interests; or (b) to prevent a party from taking an action that is considers necessary to protect its essential security interests 13

Europe (cont d) 2. Canada s accountability gap the Communications Security Establishment (CSE) is allowed to spy on foreigners: There are accountability gaps in all democracies, but Canada s accountability gap is particularly pronounced. Kent Roach quoted by Ante Wessels, CETA and Mass Surveillance https://blog.ffii.org/ceta-and-mass-surveillance/ 14

Europe (cont d) 3. Canada-US links A significant portion of Canadian Internet traffic transits through the United States, usually via a city where the NSA has splitter interception facilities. And the US does not provide essentially equivalent privacy protection as the EU as per the European Court of Justice Safe Harbour Ruling of October 6 th, 2015 at para 74. Ante Wessels, CETA and Mass Surveillance, April 13, 2016 15

Europe: 4. Conflict of rules: CETA prevents the EU from ensuring Canada grant an adequate level of [data] protection Article 28.3 Maryant Fernandez-Perez CETA puts the protection of our privacy and personal data at risk, October 5, 2016 nothing in this Agreement shall be construed to prevent the adoption or enforcement by a Party of measures necessary: [ ] (c) to secure compliance with laws or regulations which are not inconsistent with the provisions of this Agreement including those relating to: [ ] (ii) the protection of the privacy of individual in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts; 16

Europe 5. CETA creates an adequacy carve out Adequacy under GDPR, 45 based on: rule of law, respect for human rights and relevant legislation access of public authorities to personal data rules for the onward transfer of personal data to another third country independent supervisory authorities with adequate enforcement powers periodic review, at least every four years Autonomy under CETA, 28.3.2 means: nothing in this Agreement shall be construed to prevent the adoption or enforcement by a Party of measures necessary for (ii) the protection of the privacy of individuals in relation to the processing and dissemination of personal data and the protection of confidentiality of individual records and accounts; 17

Canada: is my child marrying up or down? 1. Trade harmonization brings regulatory standards down Article 9.3 National treatment The Council of Canadians 1. Each Party shall accord to service suppliers and services of the other Party treatment no less favourable than that it accords, in like situations, to its own service suppliers and services. 2. Data protection can constitute a hidden trade barrier But there is now a tendency to inappropriately conflate national security and law enforcement with... commercial privacy practices, which has put a damper on rational debate. Adam Schlosser, Director of the Center for Global Regulatory Cooperation at the U.S. Chamber of Commerce, 2014. Article 9.4 Formal requirements Article 9.3 does not prevent a Party from adopting or maintaining ( ) requirements provided that such requirements are not applied in a manner which would constitute a means of arbitrary or unjustifiable discrimination 18

Canada 3. CETA may increase power over ISPs in favour of law enforcement with criminalization of circumvention of technical protection measures CETA Privacy Guide CIPP Guide 2017 15.3.4 a Party shall take appropriate measures to protect: (a) the security and confidentiality of public telecommunications transport services; and (b) the privacy of users of public telecommunications transport services, subject to the requirement that these measures are not applied in a manner that would constitute a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade. 19

Canada 4. CETA Data a privacy standards are lower in CETA than GDPR - couldn t that lead to conflicts in interpretation? 26.1.3 Annie Blondin-Obernesser, Les données personnelles dans les relations entre l`union européenne et le Canada, in Un nouveau pont sur L Atlantique, 2015 A Party may refer to the CETA Joint Committee any issue. relating to the implementation and interpretation of this Agreement ( ) 26.3 The decisions made by the CETA Joint Committee shall be binding on the Parties 20

The prenup is not clear 1. On Telcos: measures shall protect the security and confidentiality of services and the privacy of users without raising a disguised restriction on trade (CETA 15.3.4 b) when does a measure go from privacy to trade barrier? 2. On Financial Services: Transfers should be in accordance with privacy law (CETA 13.15,2). Does that lower the standard from shall? 3. On E-Commerce: in protecting privacy, due consideration shall be given to international standards how does that relate to GDPR? (CETA 16.4) 4. On Exceptions: Does 28.3 preserving respective privacy legislation tweak the adequacy process under GDPR? 21

There s baggage 1. The EU refused adequacy to Québec because: 1. Territorial scope overlaps with PIPEDA 2. Requirements on CPO contact are not clear 3. Sensitive data is not specifically defined 4. Provisions on data security in onward transfer are not strong enough So, what about personal information protected under other provincial laws? 2. GDPR is moving on its own, widening the gap with PIPEDA 3. Both the UK and Canada are part of Five Eyes and both CSE and GCHQ were mentioned in Snowden s revelations. 22

But the secret to a good marriage may be there C. C. L. 23

Compatibility 1. Both Canada and the EU view privacy as a human right 2. Both Canada and the EU have independent DPAs and strong privacy policies 3. Their privacy protection is viewed as equivalent (Privacy International) 4. Canada is the only major EU trade partner to have adequacy 24

Commitment 1. Contrary to traditional trade agreements, CETA addresses privacy 2. CETA was negotiated with full knowledge of GDPR development and implications 3. EU and Canada are both introducing: Stronger consent requirements to meet Internet context (6.1 PIPEDA and 7.2 GDPR) Mandatory breach notification 4. Bill C-22 strengthens Canadian oversight for national security through a Parliamentary Committee 25

Luck 1. Will CETA be taken into account in GDPR adequacy review of Canada? 2. How will Article 45 of GDPR be applied to determine essentially equivalent data protection? 3. How will US privacy policy impact on Canada s reputation in the EU? 4. How will the anti-europe movement materialize? 26

Betting on the marriage 1. Canada and the EU both need the agreement for economic reasons 2. Both economies have moved to a digital economy 3. Digital economy does not work without privacy protection 4. Citizens in both territories will hold them to it 27

Thank you Dentons Canada LLP 99 Bank Street Suite 1420 Ottawa, Ontario K1P 1H4 Canada Dentons is the world's largest law firm, delivering quality and value to clients around the globe. Dentons is a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons' polycentric approach and world-class talent challenge the status quo to advance client interests in the communities in which we live and work. www.dentons.com 2017 Dentons. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. This document is not designed to provide legal or other advice and you should not take, or refrain from taking, action based on its content. We are providing information to you on the basis you agree to keep it confidential. If you give us confidential information but do not instruct or retain us, we may act for another client on any matter to which that confidential information may be relevant. Please see dentons.com for Legal Notices. 28

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback