'Essential Equivalence' and European Adequacy after Schrems: The Canadian Example
66 Pages Posted: 12 Jan 2017
Date Written: January 10, 2017
In Schrems v. Data Protection Commissioner, the Court of Justice of the European Union found that national security surveillance by foreign countries undermines the privacy rights of Europeans. In so finding, the Court struck down the most important data transfer mechanism between the European Union and the United States. Much more than just derailing the EU-US Safe Harbor arrangement, this could spell the demise for every legal mechanism used to transfer data out of Europe, with significant implications on global trade. Already, a challenge to standard contractual clauses has been brought before the Court of Justice. Existing adequacy determinations for transfers to other countries could also be at risk, as it is doubtful that the European Commission explored government access when approving them. In the early 2000s, Canada gained adequate status on the basis of the Personal Information Protection and Electronic Documents Act (PIPEDA), an omnibus privacy law designed to keep pace with Europe and assure access to its market. But PIPEDA focused only on the data handling practices of Canada’s private sector, without limitations on national security access. Now it too seems vulnerable to the same attack. This article looks at Canada as a test case for the resilience of the other existing adequacy regimes. By exploring the national security apparatus in Canada, this article examines the new test for adequacy that flows from the Schrems ruling.
Keywords: privacy, data protection, adequacy, Canada, European Union, national security, surveillance
JEL Classification: K23, K33
Suggested Citation: Suggested Citation