Personal data transfer opportunities in Canada

By Molly Reynolds, Tory LLP

European Union data protection laws prohibit the transfer of personal information to non-member countries unless they provide adequate protection for that information. Canada is deemed to be a country that provides adequate privacy protection, based on its Personal Information Protection and Electronic Documents Act (PIPEDA).

By Molly Reynolds, Torys LLP

The US does not have federal legislation comparable to PIPEDA or EU laws, so the US government and the European Commission negotiated a safe-harbour framework of principles to permit US-based organizations subject to Federal Trade Commission or Department of Transportation jurisdiction to self-certify that they provided such protection for information transferred from the EU. In 2000, the European Commission declared that organizations that adhered to the safe-harbour principles adequately protected personal information and the framework has since been widely used to facilitate transfers from EU countries to the US.

In early October 2015, the EU Court of Justice struck down the European Commission’s decision. The court found that the decision did not find that the US as a country ensures an adequate level of protection for personal information and that the safe-harbour principles apply only to certain organizations that choose to adhere to them. Governmental authorities could override the protections by operation of national security laws, without sufficient oversight to ensure the protection of the privacy rights of EU citizens under EU laws.

You must be a subscribersubscribersubscribersubscriber to read this content, please subscribesubscribesubscribesubscribe today.

For group subscribers, please click here to access.
Interested in group subscription? Please contact us.



Torys_-_logo79 Wellington Street West, 30th Floor,

Box 270, TD South Tower

Toronto, Ontario M5K 1N2 Canada

Tel: +1 416 865 3688

Fax: +1 416 865 7380