EPIC Comments on Canada Transborder Data Flow Policy

EPIC provided comments to the Office of the Privacy Commissioner on Canada's policy for transborder data flows. EPIC urged the OPC to require that legal protection for personal data protection extend across borders, citing risks to privacy after the Capital One breach impacted affected six million Canadians. EPIC also encouraged the OPC to recognize multiple grounds for transfer, coupled with strong accountability measures. This approach is reflected in the EU General Data Protection Regulation and the Council of Europe's Modernized Privacy Convention. EPIC recently submitted comments on the third annual review of the EU-U.S. Privacy Shield, a framework that permits the transfer of Europeans' personal data to the U.S. EPIC detailed the latest developments in the U.S., including the failure to reform bulk surveillance under Section 702 of FISA, the absence of comprehensive federal privacy law and a data protection authority, the full slate appointments to the PCLOB, and U.S. endorsement of the OECD AI Principles.