Loading articles...

Data protection provisions of Pacific trade deal raise questions

Last Updated Feb 21, 2018 at 5:40 pm EDT

Representatives from the Trans-Pacific Partnership prepare for a meeting in Vina del Mar, Chile, on March 15, 2017. A provision of the newly forged Pacific Rim trade deal would allow the federal or provincial governments to insist that a computer server be hosted on Canadian soil to achieve a public policy goal. Still, one privacy advocate wonders whether the wording would truly help protect sensitive personal data. THE CANADIAN PRESS/AP, Esteban Felix

OTTAWA – The newly forged Pacific Rim trade deal has a leading privacy advocate wondering whether the agreement could leave sensitive personal data exposed to prying eyes.

Vincent Gogolek of the B.C. Freedom of Information and Privacy Association says his group wants to know more about how and when provisions on data storage might apply.

“We have questions, and until those questions are answered we have concerns,” he said in an interview.

Public-sector privacy laws in British Columbia and Nova Scotia require domestic data storage — a reflection of uneasiness about foreign law-enforcement and security agencies getting their hands on sensitive personal records.

A text of the 11-country revamped Trans-Pacific Partnership deal made public Wednesday generally says parties cannot demand that a computing facility be located on their own soil as a condition for conducting business there.

However, there are exceptions.

First, the electronic commerce chapter, which covers data storage, does not apply to government procurement.

Gogolek says this appears to mean government tenders involving storage of personal information would be exempted from the agreement, allowing officials to act as they choose.

But it’s not immediately clear how far that goes. Does the carve-out cover, for instance, universities or hospitals — bodies that are not strictly speaking government organizations, though they may fall under provincial privacy laws?

Would a post-secondary institution be allowed to insist a foreign vendor locate its computer server containing personal student information in Canada?

Second, the text says a government can require that a data server be located on its soil in order to “achieve a legitimate public policy objective” — presumably including protection of citizens’ privacy.

However, the measure cannot merely be a disguised trade restriction, and it cannot go beyond what’s required to meet the public policy goal, the text adds.

“It will be interesting to see how this is interpreted,” Gogolek said.

“If they were aiming at protecting the B.C. and Nova Scotia laws, has that been achieved? On the face of it I’m not sure they have.”

Global Affairs Canada did not immediately respond to questions.

The United States is not part of the Pacific Rim deal, but Washington has served notice that it wants an end to measures that restrict cross-border data flows, or require the use or installation of local computing facilities.

It was among the many American goals for the North American free trade renegotiation spelled out by the Office of the U.S. Trade Representative.

— Follow @JimBronskill on Twitter