NAFTA, Trump and the cloud: What the negotiations mean for your personal data
Global News | 10 August 2017
NAFTA, Trump and the cloud: What the negotiations mean for your personal data
By Erica Alini
What does NAFTA have to do with the cloud?
A lot, it turns out.
The cloud is what allows you to take a picture on your phone and then look at it on your desktop computer, or to start watching a movie on your laptop and then pick up where you left off on your smartphone. It’s the reason most of us no longer back up files on clunky hard drives.
But the data you’re uploading to “the cloud” is actually stored in giant physical servers owned by private corporations like Dropbox, Apple, Google and Amazon. The cloud works the same way for businesses: Uploading customers’ data to the cloud and means they can make it immediately accessible to any company computer. Governments also can – and increasingly are – using the cloud.
But where should the data be physically stored and how should it be transferred? That’s where NAFTA comes into play – because international trade is increasingly about moving data across borders.
When Canada, the U.S. and Mexico kick off NAFTA renegotiations on Aug. 16, some of what they’ll be talking about is how to regulate what happens to personal data like your bank account information and SIN number.
U.S. demands
Washington wants few restrictions on cross-border data transfers and has taken aim at rules in other countries that require certain digital information to be stored on computers located within their national borders.
U.S. President Donald Trump’s list of NAFTA negotiating objectives urges Canada and Mexico to “refrain from imposing measures in the financial services sector that restrict cross-border data flows or that require the use or installation of local computing facilities.”
The document uses similar language when discussing digital trade in goods and services (think: things like online music and video and e-books).
The U.S. is also unimpressed with Ottawa’s 2016 cloud-computing strategy, which mandates that certain data handled by the federal government be stored in Canada.
Canadian concerns
The stakes are high for Canada, according to Michael Geist, who holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa.
Since well before the Trump administration, the U.S. has had, generally, a looser approach to data privacy than Canada, according to Geist.
“There are far fewer privacy-related rules in the U.S. as compared to Canada and many other jurisdictions,” he told Global News.
With a few exceptions, the U.S.’s approach to privacy law is, essentially, “tell people what you’re going to do and live by what you told them,” said Geist. But restrictions on what entities can do with the data “isn’t something you typically find in the U.S.”
There are even fewer U.S. protections for data that belongs to non-U.S. citizens and residents.
“Mounting concerns” over U.S. surveillance activities and the far-reaching powers granted to U.S. law enforcement under laws such as the USA Patriot Act have prompted a number of countries to adopt requirements that some data be held locally, Geist wrote in comments to the Canadian government about the upcoming NAFTA negotiations.
“The combined effect of these U.S. laws is that many users fear that once their information is stored in the U.S., it will be accessible to U.S. authorities without suitable privacy protections or oversight. Since U.S. law provides less privacy protection to foreigners, there is indeed limited legal recourse for Canadian data held in the U.S.,” continued Geist.
In addition to Ottawa’s steps to keep some data storage local, provinces such as British Columbia and Nova Scotia have also adopted their own laws to keep government information such as health data within the country, he noted.
U.S. tech giants, which make up much of the current cloud computing offering, have expressed frustration at these government rules, even as many of them are setting up local servers in response to them, Geist told Global News.
The Trump administration has taken a similarly dim view of so-called data-localization.
Washington is now urging the free flow of data even in the financial industry, a sector where the U.S. Treasury had pushed for some restrictions during negotiations over the Trans Pacific Partnership Agreement, a now-stalled trade deal among Canada, the U.S. and 10 other nations around the Pacific.
Anti-spam legislation
NAFTA could also affect your spam box, according to Geist.
Both Canada and the U.S. have anti-spam laws that ensure you can unsubscribe from unwanted messages and that companies ask for your consent before filling your inbox with promotional material.
But Canada has “tougher requirements and tougher penalties,” said Geist.
Companies that don’t comply with the rules here can face fines “in the millions of dollars,” he noted, while “nothing comparable” exists in the U.S.
The bottom line, said Geist, is that when it comes to establishing common requirements for data handling throughout NAFTA, “the U.S. is really the outlier.”
“It would be up to Canada to argue that stronger privacy laws throughout the NAFTA countries are a good thing for consumer confidence and consumer protection.”
