Privacy Laws in the United States, the European Union and Canada
Privacy and personal information are regulated differently in the European Union (E.U.), the United States (U.S.) and Canada. The E.U. and Canada supervise the private sector’s use of personal data, whereas the U.S. regulation of the private sector is minimal. These differences emanate from distinct conceptual bases for privacy in each jurisdiction. In the US, privacy protection is essentially liberty protection, i.e. protection from government. For Europeans, privacy protects dignity or their public image. In Canada, privacy protection is focused on individual autonomy through personal control of information. Is it possible to develop a universal solution for consumer privacy?
In a recent article posted on The Information, concern was raised about the European Parliament’s vote to suspend the current “Safe Harbor” privacy agreement between the E.U. and the U.S. which was a direct result of the revelations of U.S. electronic surveillance programs and the resulting fear of privacy violations. The agreement determines how US companies that choose to comply handle personal information from E.U. citizens.
Under Canadian law, protection of personal information is guaranteed through two federal laws: the Personal Information Protection and Electronic Documents Act (PIPEDA) for the private sector and the Privacy Act for the public sector. In addition, there are provincial laws that govern the use of personal information in Alberta, British Columbia, and Quebec that are considered to be equivalent to PIPEDA by the federal government and take precedence in those provinces. All businesses operating in Canada are subject to the applicable laws based on where they are located. These laws ensure that personal information is used in such a way that the privacy of the owner is protected and not abused.
Contrast this with the United States, which does not have such laws regarding privacy in place, but rather resorts to voluntary “self-certification” over legislation. Canada has in place strict privacy laws that are recognized by the E.U. as providing “adequate protection” of personal information. Therefore, the exchange of personal data between E.U. member states and Canada can take place without the need for a safe harbour agreement. Also, unlike the U.S., privacy compliance is overseen at the federal and provincial/territorial levels by privacy commissioners and ombudsmen. This ensures that there is a system of checks and balances in place that is independent of any bias.
As a company based in Vancouver, British Columbia, Canada, Trulioo takes consumer privacy very seriously. Our CEO, Stephen Ufford, wrote a response to Mark Zuckerberg’s open letter on user privacy, where he expresses the need for a single solution on which industry, governments and consumers could all agree to ensure that a unified framework would be adaptable no matter the geography, demographic or situation; a solution that would establish a single trust layer across the web and allow businesses, users and governments, no matter where they are in the world, to seamlessly engage online.
“In my opinion, the concept of User as Owner should be pushed to the forefront due to its simplicity and overarching philosophy,” said Ufford. “The idea that one’s data is one’s own, dismantles the need for customized privacy policies, legislative solutions and privacy seal programs by shifting responsibility from business and government to the individual. User as Owner combines personal rights with technology and turns a blind eye to geography, age, income level and citizenship in order to place everyone on a level playing field. This approach is in line with the fundamental nature of the Internet.”
What are your thoughts on developing a single solution for consumer privacy that would create a unified framework of trust across the web?