We are constantly sharing parts of our lives on the internet. We feel free to do this because we believe that we can still preserve some privacy and remain in control of what we share. Governments have a moral and legal duty to protect our privacy, prevent abuses and preserve a climate of trust. This is done through laws. Nowadays, our online privacy and the protection of our personal information are threatened in “creative” ways. One of these ways can be found in the Comprehensive Economic Trade Agreement (CETA) between Canada and the European Union. Unlike traditional “trade agreements”, CETA goes far beyond trade, touching upon privacy and data protection, as well as other fundamental rights.

Fifteen years ago, the European Union formally recognised that Canada offered EU citizens an adequate level of protection of their privacy and personal information, and this permitted EU data to be exported to Canada without additional restrictions. However, the European Court of Justice (CJEU) has recently clarified in the Schrems case that this means that non-EU countries must provide not just “adequate” but essentially equivalent protection as the EU does.

Thanks to the Snowden revelations, it was proven that Canada was conducting mass surveillance activities within the so-called “Five Eyes” arrangement. If brought to court, as the Austrian student Max Schrems did with the EU-US agreement on transfer of personal data (the “Safe Harbor agreement”), the adequacy status given by the EU could be overturned. However, if CETA is ratified, the EU would be prohibited from protecting personal data in this way.

CETA does not allow the suspension of the transfer of data from one country to the other. If it was proven in Court that Canada violated citizens’ rights to privacy and personal data protection, the EU would be prevented from ensuring Canada grant an adequate level of protection. There are three main reasons for this.

Firstly: in theory, CETA provides some safeguards and exceptions that could allow both parties to adopt rules to protect our privacy and personal data. However, these clauses can be activated only if they are not inconsistent with other provisions of CETA – putting the Charter of Fundamental Rights of the European Union on a de-facto lower level than this Agreement.

Second reason: in the adoption and maintenance of rules on data protection and privacy, CETA requires that standards of international organisations where both parties are a member be followed. However, Canada is not part of the Council of Europe’s Convention on the protection of personal data, even though this Convention is open to non-European countries. The only standards that Canada can be held to, therefore, are vastly less meaningful than current EU standards.

Third and final reason: CETA creates a Regulatory Cooperation Forum, where big companies would be able to lobby legislators when laws are being drafted. We saw over and over again in the recent review of EU data protection legislation – and already before the planned review of online privacy rules – that lobbyists have no qualms in producing weak or downright false arguments about trade and innovation being undermined by citizens’ fundamental rights.

The negotiations to conclude CETA started in 2009 and concluded in 2014. During this period, neither citizens nor the representatives of national parliaments could vote on the content of the agreements. Yet, the 28 Member States of the European Union are being requested to approve CETA. It does not matter that we know that its clauses are not perfect or appropriate. Only a “yes” or a “no” to CETA is possible right now. Only a “yes” or “no” to risking the safeguards and protections of our privacy and personal data is possible. Improved trade agreements, that respect our democratic values, rights and freedoms, are possible, but it seems we lack the willingness to achieve this. A better Europe is possible.

This article was originally published in Polish on Dziennik Gazeta Prawna http://biznes.gazetaprawna.pl/artykuly/980577,co-to-jest-ceta-10-rzeczy-ktorych-nie-wiecie-o-umowie-ue-kanada.html.

CETA will undermine EU Charter of Fundamental Rights (04.05.2016)

https://edri.org/ceta-will-undermine-eu-charter-of-fundamental-rights/

Fifteen years late, Safe Harbor hits the rocks (06.10.2015)

https://edri.org/safeharbor-the-end/

(Contribution by Maryant Fernández Pérez, EDRi)