As we get ready to enter what promises to be a very contentious renegotiation of the North American Free Trade Agreement (NAFTA), we should keep in mind that supply-managed milk and chickens are not the only things the Americans will want to have on the table. The list of items for negotiation includes a number of sectors that were not included in the original agreement, often because those industries did not exist in the mid-1990s, at least not on the scale they do now.

In fact, the United States has made it explicit that it intends to “establish rules to ensure that NAFTA countries do not impose measures that restrict cross-border data flows and do not require the use or installation of local computing facilities.” British Columbia’s public sector privacy law does just that, and we can expect that the domestic data-storage requirement in its Freedom of Information and Protection of Privacy Act (FIPPA) will be a bone of contention.

And no, this intention of the Americans’ isn’t some new zaniness from the mind of President Donald Trump, but a long-standing claim by successive administrations.

BC is one of two provinces in Canada that have a domestic data storage requirement in law (the other is Nova Scotia). In BC the law came about as a way out of a huge controversy during the first government of Liberal premier Gordon Campbell. In 2004, Campbell undertook a number of outsourcing initiatives, one of which involved the health ministry contracting out the administration of BC’s public health insurance program to Maximus, a US-controlled private service provider.

The centre of the controversy was the prospect of the application of the USA Patriot Act to British Columbians’ personal health information. The USA Patriot Act contained a number of measures allowing American security and law enforcement agencies to gain access to personal information. This caused a huge uproar in BC.

BC’s information and privacy commissioner demanded that protections be brought in, requiring that this data be stored in Canada (among other things), and Campbell agreed. As a result, BC’s law requires public bodies in the province to “ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada,” subject to a few limited exceptions.

The BC and Nova Scotia laws have been targeted by the Office of the US Trade Representative (USTR). In the latest annual report on what it considers to be trade barriers around the world, the USTR claims these laws are barriers to digital trade:

British Columbia and Nova Scotia each have laws that mandate that personal information in the custody of a public body must be stored and accessed only in Canada unless one of a few limited exceptions applies. These laws prevent public bodies, such as primary and secondary schools, universities, hospitals, government-owned utilities, and public agencies, from using U.S. services when there is a possibility that personal information would be stored in or accessed from the United States.

Internal USTR documents we obtained through the American Freedom of Information Act show that major US companies (Rackspace/Salesforce) complained to the USTR about BC’s requirement that government and other public sector data be stored in Canada. The documents also show the USTR took those complaints seriously, and it made a point of calling the BC ministry responsible for the law in early 2012 to discuss the issue. We didn’t get a record of what precisely was said during the call, but the USTR officials’ e-mails we did receive indicated they were interested in what they heard from the BC Ministry of Citizens’ Services.

When the BC Freedom of Information and Privacy Association (FIPA) tried to find out the Canadian version of events, our freedom of information request came up with nothing. The BC Ministry of Citizens’ Services claimed that although it received a call from the USTR to set up a later call, and although its officials actually talked on the phone with the USTR for at least a half hour on the day in question, it didn’t have any agenda, minutes, notes or anything else. The BC Ministry of International Trade was similarly bereft of documentation about this call, so we have no idea what BC government officials told the USTR, nor do we know what, if anything, they told their political masters about this.

One thing we do know is that the Americans will want to open up opportunities to do business in BC’s public sector, which they are currently denied, and that they will probably be looking for language that will prevent other governments in this country from requiring that data collected from Canadians in this country be stored in this country.

When FIPA asked about this issue during the recent provincial election, the major BC political parties stated unequivocally that they would take whatever measures were available to them to protect this part of FIPPA. Where the federal government (which will be conducting the actual trade negotiations) stands on this question is considerably less clear.

As Canadians increasingly become concerned about their personal information being shared in any way with an increasingly erratic United States, pressure will likely build for legislative action to keep this personal information inside our borders. Some American companies have already started offering a Canadian data storage option in response to market demand by Canadians, but other large players in the American tech sector will undoubtedly keep the pressure on the US negotiators to ensure the free flow of data by preventing Canadian governments from using law or policy to protect privacy rights with domestic data storage.

We deserve a firm commitment from the Canadian government that the coming negotiations about trade in goods and services will not see our privacy rights used as a bargaining chip.

This article is part of the Trade Policy for Uncertain Times special feature.

Photo: Shutterstock/Ralwel


Do you have something to say about the article you just read? Be part of the Policy Options discussion, and send in your own submission. Here is a link on how to do it. | Souhaitez-vous réagir à cet article ? Joignez-vous aux débats d’Options politiques et soumettez-nous votre texte en suivant ces directives.

Vincent Gogolek
Vincent Gogolek is a retired lawyer and the former executive director of the B.C. Freedom of Information and Privacy Association.

You are welcome to republish this Policy Options article online or in print periodicals, under a Creative Commons/No Derivatives licence.

Creative Commons License

More like this