With Nod to Europe, Canada Tightens Data Privacy ; A New Law That Took Effect Jan. 1 Meets EU Demands, Takes a Middle- Ground Approach
Ruth Walker writer of The Christian Science Monitor, The Christian Science Monitor
When it comes to the Internet, US companies aren't the only ones feeling pressure from Europe.
European Union rules on data privacy are credited with prompting Canada to pass legislation that went into effect Jan.1. The federal data-privacy law, more comprehensive than anything so far in the US, requires any company collecting personal information online to explain to individuals - including customers and employees - who is doing the gathering, and why and how it will be used.
In the Internet age, Web surfers can inadvertently send all manner of personal information off into cyberspace with a few unguarded keystrokes.
The new law in part reflects a desire at Industry Canada, a government ministry, to bolster consumer confidence in e-commerce. But "everybody recognized the EU directive had the potential for becoming a trade barrier," says Heather Black, legal adviser to the federal privacy commissioner in Ottawa.
The EU directive forbids the export of data - customer mailing lists, for instance - from an EU member to any country lacking what it terms "adequate privacy protection."
"It's fair to say that the EU is driving the international agenda on privacy issues," says Michael Geist of the University of Ottawa, a leading authority on cyberlaw. The directive "effectively exports EU privacy law around the world," he adds, citing new legislation in Australia and India in response to the European policy. "They're raising the bar on privacy, and that's a good thing."
But Canada hasn't been merely reactive, Mr. Geist suggests. Rather, Canadians for some time have been working to develop "sensible, middle-of-the-road approaches" to privacy issues which, he says, "set some good examples and show that there is some role for government." Says Ms. Black: "Canada is kind of in between" the US, which prefers to let industry groups regulate themselves, and Europe, where government bodies regulate data protection.
The Canadian system is intended to be tough enough to represent adequate privacy protection in the eyes of the Europeans. …