One of the American targets in the upcoming renegotiation of the North American Free Trade Agreement appears on a collision course with privacy laws in British Columbia and Nova Scotia.
In negotiating objectives published last week, the Office of the United States Trade Representative said it wanted to "establish rules to ensure that NAFTA countries do not impose measures that restrict cross-border data flows and do not require the use or installation of local computing facilities."
But provincial legislation in two Canadian provinces does exactly that, with rules requiring personal information collected by governments, such as health records, to be stored on domestic servers to prevent it being accessed for reasons other than those for which it was collected.
For example, under the U.S. Patriot Act brought in to fight terrorism in the days after Sept. 11, if a Canadian government had contracted a U.S. facility to store electronic records, American security or intelligence officers could access them.
"This is something that we have decided democratically that we want to do to protect our privacy rights," said Vincent Gogolek, the executive director of B.C.'s Freedom of Information and Privacy Association.
Following an outcry over the move by a previous Liberal government in B.C. to outsource the administration of government health-care information, "this is something that has acquired political consensus in B.C.," he said.
"We want the feds to protect our privacy rights."
Canadian restrictions on data storage have been a burr under the USTR's saddle for years, even before the most recent push to modernize NAFTA for e-commerce.
"The American position is that we would prefer to have our server farms in Arizona or California or wherever ... and you send your data down here," Gogolek said. The U.S. viewpoint is: "this gets in the way of us making money, and we resent it, so we want you to change it."
"They haven't had any opportunity to go after it, and this is their opportunity," he said. But Canada "shouldn't be swapping rights off in exchange for lower tariffs on widgets. It should be pretty straightforward for the federal government to just stand up and say 'No, we're not doing it.'"
Previous negotiations among the three NAFTA partners, who were all part of the 12-country Trans-Pacific Partnership, proposed grandfathering existing privacy legislation. Would that happen this time? It's unclear.
The federal government hasn't been afraid of invoking national security to ensure government email is stored in Canada, Gogolek said. If it's willing to do that, "why shouldn't we be protecting Canadians' information generally, that they have to provide to government?"
Both provinces adopted their laws over a decade ago, out of concern about foreign intelligence gathering without notice to individuals, which isn't consistent with Canadian privacy standards.
"It isn't so much about the security, because of course you could have better security on a foreign server. The problem is that if the server is in the United States, then American law applies to it," said Catherine Tully, the information and privacy commissioner for Nova Scotia.
She said she does occasionally hear from organizations unhappy about having to comply. But database services and cloud providers are increasingly available in Canada, she said.
"Public bodies get to access a lot of our personal information so they can provide us with services. In exchange we expect public bodies to protect that data," she said.
The Information Technology Association of Canada — which represents 330 technology companies, two-thirds of which are Canadian-owned small and medium-sized businesses — said in its recent submission to Canada's NAFTA consultation process that it wants to see more open contracting for all public institutions.
"Data residency rules don't make a whole lot of sense. It really creates a false sense of security," said David Messer, ITAC's vice-president of policy. "Most internet traffic, whether it's emails or data … goes around the world," he said, including major exchange points in Seattle or New York.
"The way to address security in the cloud and over the internet isn't through data localization," he said, but other safeguards like contractual obligations for service providers and encryption.
Vital national security data may need to stay local, Messer said. But too much of this discussion is driven by paranoia about U.S. intelligence services, he said. "The focus needs to be on outcomes, not on arbitrary things like location."
Do local storage requirements create local jobs?
"You're not going to get thousands of jobs working at a server farm," he said. Meanwhile, prohibiting cloud computing could really drive up costs for taxpayers.
"If that's our approach to economic development, it's not a great one," he said.
John Horgan said during B.C.'s provincial election campaign that he supports maintaining the privacy legislation and would resist any move by the Trump administration to undermine these rights.
The premier met with Prime Minister Justin Trudeau in Ottawa Tuesday. Trade was on their agenda, but they didn't address this particular issue in their public remarks.
Trudeau and other federal officials say that in the lead-up to the start of NAFTA talks next month, they won't be negotiating in public: they'll keep their detailed strategy close to their chests.
In response to a request for comment, Foreign Affairs Minister Chrystia Freeland's spokesperson Adam Austen emailed a general statement saying the government is committed to hearing from Canadians about their priorities.
"When negotiations begin, we will be ready to work with our partners to modernize NAFTA, while defending Canada's national interest and standing up for our values," he wrote.
Freeland agreed last week to appear before the Commons trade committee Aug. 14 to discuss Canada's priorities. That meeting is two days before talks with American and Mexican negotiators officially begin on Aug. 16.
From Ottawa, Horgan is heading to Washington for more meetings Wednesday to defend B.C.'s trade interests.