Hey David, Another great video. I am delighted by the decision, and agree that it is the right decision for the EU. As noted in the Adequacy Decision, Schrems I held that the adequacy test must be understood as requiring an 'essentially equivalent' level of protection. But what does that really mean? The EU Article 29 Data Protection Working Party established criteria for the assessment of adequacy in the 'Adequacy Referential', including 9 mandatory content principles. Most of these content principles are surprisingly-general high level principles that are easy to align with Schedule 1 of PIPEDA. But one of the mandatory requirements (number 9) would require that Canadian privacy law have prohibitions on the onward transfers of personal data to non-EU jurisdictions, except in compliance with certain rules or conditions. One might argue that is in someway indirectly covered by the consent or safeguards provisions of PIPEDA, but I don't think that argument is necessarily an easy one (particularly after the OPC abandoned its briefly-asserted position that transfers of data outside Canada for processing require consent). If the EU wanted to come after Canada on adequacy, then I would have expected it to be on the issue of onward transfers of personal data from Canada to the US.
Do you want to take my case professor, yay or nay? the thought of me searching for another law firm around edmonton that specializes in privacy and commercial exploits and IP is making me feel dumb
Hey David,
Another great video. I am delighted by the decision, and agree that it is the right decision for the EU.
As noted in the Adequacy Decision, Schrems I held that the adequacy test must be understood as requiring an 'essentially equivalent' level of protection. But what does that really mean?
The EU Article 29 Data Protection Working Party established criteria for the assessment of adequacy in the 'Adequacy Referential', including 9 mandatory content principles. Most of these content principles are surprisingly-general high level principles that are easy to align with Schedule 1 of PIPEDA. But one of the mandatory requirements (number 9) would require that Canadian privacy law have prohibitions on the onward transfers of personal data to non-EU jurisdictions, except in compliance with certain rules or conditions. One might argue that is in someway indirectly covered by the consent or safeguards provisions of PIPEDA, but I don't think that argument is necessarily an easy one (particularly after the OPC abandoned its briefly-asserted position that transfers of data outside Canada for processing require consent).
If the EU wanted to come after Canada on adequacy, then I would have expected it to be on the issue of onward transfers of personal data from Canada to the US.
Crazy
Holy moire
Do you want to take my case professor, yay or nay? the thought of me searching for another law firm around edmonton that specializes in privacy and commercial exploits and IP is making me feel dumb