Panel Presentation: Compatibility, compliance and accountability at global scale
Remarks at the EU Conference: Privacy and Protection of Personal Data Conference
March 19, 2012
Address by Jennifer Stoddart
Privacy Commissioner of Canada
(Check against delivery)
I’m pleased to have been invited to add a Canadian point of view to this discussion.
These are interesting times for global privacy. We’re here discussing the recent European and US proposals, but there’s also important work going on at both the Organisation for Economic Cooperation and Development and at Asia-Pacific Economic Cooperation.
A crucial theme underlying each of these initiatives is the recognition of the importance of inter-operability of privacy approaches.
We all see the need to find ways to increase international cooperation, while at the same time respecting different approaches.
This morning, I can offer you the perspective of a Privacy Commissioner who is from a country whose laws are considered adequate by the European Union; who is an active supporter of inter-operability initiatives at APEC and the OECD; and who works in an environment heavily influenced by developments in the US.
EU and Adequacy
Canada’s private-sector privacy law was declared adequate in 2001, opening the door to transfers of European personal data to Canada.
Canadian law is significantly different than laws in place in Europe in terms of content and administration. To further complicate matters, we also have provincial laws with very different approaches.
The EU’s decision to grant Canada adequacy status was significant in that it demonstrated flexibility in recognizing substance, rather than form.
Going forward, this flexibility could be very helpful in terms of further enhancing international cooperation.
Recent European Proposals
I’m aware that some have raised concerns that the European Commission’s proposal to significantly overhaul the EU privacy framework may hinder greater inter-operability.
However, the European proposal recognizes the importance of international co-operation and I would point to two provisions that should facilitate this co-operation.
First, there is a requirement for the Commission and supervisory authorities to develop international co-operation mechanisms to facilitate enforcement and to more generally cooperate with other data protection authorities. As well, the proposed concept of a lead regulator should facilitate international cooperation by providing a single point of contact for authorities outside the EU.
I would also like to say that I find recent developments in the US extremely encouraging.
I was particularly heartened by the White Paper’s discussion on how to achieve greater inter-operability. It sends a strong message about the US government’s desire to work with other countries and data protection frameworks.
Another very welcome global development is the increased focus on accountability.
Canadian law refers to the need for organizations to be accountable, but discussions taking place as part of the Accountability Project and elsewhere are expanding and elaborating on the concept in very helpful ways.
Indeed, I expect that my Office will be drawing on some of that work as we consider proposals for updating our own law.
Many of you will be aware of the interesting work underway at APEC, which indirectly draws on the concept of accountability as a way of encouraging compliance in a region that has very diverse cultures and legal systems.
I’m very heartened by all of these developments. It seems to me that, despite our different approaches, we are learning from one another. Change in one part of the world is prompting others to re-examine and improve their own approaches.
We’re seeing an increasing convergence between data protection regimes and an increasing ability to work with one another.
From my vantage point in Canada, I am watching all of the recent developments with interest. I am cautiously optimistic that we’re heading in the right direction.
- Date modified: