skip to main content
Back to all blog posts

Posted in: Data Security/Privacy

Dec 2, 2016

Will Trump Trump Privacy?

By Paige Backman

A lot of inflammatory statements were thrown around during the campaign leading up to the U.S. election on November 9, 2016. Policy specifics and plans often took a back seat to comments and discussions not typically associated with U.S. election campaigns. Whether you are a supporter of President-elect Donald Trump or not, I think it's fair to say that there is a strong unknown element surrounding whether what Trump said during the U.S. election campaign will actually turn into policy and law, or, whether once he starts governing, other factors will prevail and positions will change. This is what we do know:

President-elect Donald Trump will appoint a National Security Agency (NSA) Director. For those of you who don't know, the NSA is the intelligence organization of the United States government. The NSA is responsible for global monitoring, collection and processing of information and data for foreign intelligence and counterintelligence purposes. It is one of the world's most comprehensive mass surveillance-based organizations. The means used by the NSA to collect data and information about individuals includes passive collection means, as well as active collection means based on secrecy. Given the purpose of the NSA, a level of secrecy in how it operates is understandable. To facilitate this 'surveillance,' the NSA maintains a physical presence in a large number of countries around the world.

The Republican Party now also controls both the House and the Senate. This means that Trump will likely have an easier time passing laws and policies that reflect his views. President-elect Donald Trump will also be nominating judges to the United States Supreme Court, who will interpret existing and future laws.

The following are statements and sentiments expressed by Trump during the U.S. Election campaign:

    • Governments should err on the side of security over privacy
    • Many Americans should be willing to give up some privacy in order to have more safety
    • Protecting America from terrorist attacks would require more surveillance of Muslims and "people that have to be tracked"
    • He wants to reintroduce the Patriot Act provisions
    • He has said that "I assume that when I pick up my telephone, people are listening to my conversations anyway"
    • He came out strongly against Apple for refusing to help law enforcement break into an iPhone
    • He favours bulk metadata collection, particularly targeting U.S. enemies

Given some other statements made by Trump and his surrogates during his campaign, it's not clear who "people that have to be tracked" or who the enemies of the United States currently are.

How Will This Impact Canadians?                                   

Given Canada's geographic proximity and significantly interconnected economy, the laws and policies of the United States will impact Canada and Canadians.

If Trump either enacts laws that give more power to various law enforcement authorities to access personal information, permit greater unregulated sharing or information in the private or public sector, or he enacts laws or policies that water down powers of regulatory authorities to protect privacy rights, any person or organization that does business with the United States will be impacted. This includes Canadian affiliates of U.S. entities and individuals doing business with U.S. entities.

If Trump's policies raise the eyebrows of Canadian privacy regulators, we may see changes in directions and guidance for how data may flow and be handled when U.S. persons are involved. Many of you may remember that when the Patriot Act was first introduced, certain privacy commissioners took strong positions opposite allowing personal information to be transferred, stored or accessed outside of Canada. Those positions have had a significant impact on U.S. companies doing business in certain parts of Canada and in certain sectors.

We may see more active regulatory involvement and investigations involving relationships between Canadian and U.S. entities relating to data sharing and ensuring that the data shared or transferred to the United States is sufficiently protected.

There are many things we don't know about the future direction of the United States under Trump. The one thing that was clear as we watched the campaign and the results is that we won't know what will happen until it actually happens. However, given the consistent language and positions held by Trump on the issue of security and privacy, all businesses on both sides of the border should keep the potential impact of real or apparent challenges to privacy rights in mind when structuring or entering into new arrangements involving Canadians, and they should take a look at existing arrangements and agreements. Consider how to structure the relationships and obligations in a way that would continue to permit the desired information handling practices and data flow while managing the laws and the risks.



Related Categories

Related Blogs

Posted in: GDPR | Data Security/Privacy | Data Protection

Insights TheSpotlight
GDPR Now in Force Has Worldwide Reach By Paige Backman and Ara Dungca Jun 19, 2018 The General Data Protection Regulation was implemented on May 25, 2018. While it officially only affects European citizens, it has worldwide effects. As discussed previously on The Spotlight, any organization offering goods or services to residents of the European Union are expected to comply wit...

Posted in: Data Security/Privacy | Data Protection

Insights TheSpotlight
Notifying Consumers of Data Breaches: New Regulations By Stephen Crawford Apr 24, 2018 The federal government has introduced new regulations setting out what information must be disclosed to consumers and to the Privacy Commissioner after a data breach. These regulations will take effect on November 1, 2018.

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
New Notification Requirements for Data Breaches By Stephen Crawford Apr 13, 2018 As of November 1, 2018, if your organization suffers a data breach, new reporting requirements will be in place that may require you to notify consumers and the Privacy Commissioner of the breach – or else face a fine of up to $100,000.