NAFTA: data flows back on the trade agenda

By Justin Ling July 21, 201721 July 2017

NAFTA: data flows back on the trade agenda


It’s like malware that just keeps coming back.

The removal of data localization restrictions is back on the trade agenda, with the backing of U.S. President Donald Trump.

When the White House released a statement of negotiating objectives for NAFTA trade talks with Canada and Mexico, trade experts welcomed the mostly moderate position it staked out: the U.S. Trade Authority suggested that the expansive continental trade deal ought to remain mostly as-is — albeit with some changes to dispute resolution, duty application for online-shopping, and country-of-origin labelling, as well as on a few other fronts.

But one of the priorities touches upon cross-border data flows.

The administration is hoping to “establish rules to ensure that NAFTA countries do not impose measures that restrict crossborder data flows and do not require the use or installation of local computing facilities.”

That, in short, would prevent governments from passing regulations to require companies like Facebook and Google from keeping their citizens’ data within the country’s borders.

Doing so, cyber security experts have figured, would protect that data from cyber criminals, snooping governments, and would allow the data to be more readily accessible to law enforcement.

Canadian governments have grown fond of the idea. British Columbia and Nova Scotia require that hospitals, schools, and other public institutions keep their data on servers within Canada.

It’s not the first time it’s come up. Similar language has appeared in the text of Trans-Pacific Partnership and leaked texts of the proposed Transatlantic Trade and Investment Partnership, which have mostly stalled for now.

NAFTA negotiations, however, are steaming ahead.

Three lawyers with McMillan who work in commercial, technology, and privacy law — Elisa Henry, Darcy Ammerman, and Michael E. Reid — penned an overview of the unexpected issue this sort of requirement could pose for Lexology.

They point to the European Union Data Protection Directive (DPD) and its successor, the General Data Protection Regulation, which set requirements on how member states process and transfer the personal information of their citizens. Some 15 years ago, the EU Commission deemed that Canada’s own central privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), was good enough to obtain an equivalent rating to the European directive, giving it similar footing to EU members when it comes to data sharing.

“In more recent years, however, following continued revelations of the ease with which US surveillance practices may capture data coming from Canada, concerns have arisen with respect to whether the EU Commission’s adequacy decision may be in jeopardy,” they write.

They continued that any data localization effort could further harm Canada’s ranking as “adequate” in the eyes of EU.

Given that many of the larger possible stumbling blocks for negotiations appear to have been taken off the table — automatic retaliatory tariffs, for one — it’s well possible that data localization could be a fight the Canadian government chooses to pick.

Filed Under:
No comments

Leave message

 Security code