A new government white paper on digital sovereignty says Ottawa can’t maintain full control over its data if its data storage supplier is subject to the laws of another country.
What a terribly written article. Either the paper was self-contradicting, or this journalist made it appear that way with these 2 paragraphs.
It warns the federal government can only maintain full legal control if it delivers the service itself, or uses service providers that operate completely under Canadian jurisdiction.
It says storing data in Canada, or using a Canadian supplier, would not guarantee foreign courts wouldn’t have jurisdiction.
Doesn’t name the paper or link the source clearly so I can read the paper for myself. Is this CTV’s typical writing standard? Ambiguous like they didn’t understand the assignment?
The statement you say is contradictory isn’t, in that they differentiate between “operate completely under Canadian jurisdiction” from businesses just ‘storing data in canada’, or ‘using a canadian supplier’. For example Telus is one of our big telcos. Telus has significant business ties to US companies, in that their email is just reselling either Microsoft or Google, and their VoiP is just reselling US Ring Central (even uses the same servers for call routing). Telus is currently a “Canadian” company that is effectively just a US software supplier, that has data ‘reside’ in Canada when it’s demanded by client/regulatory requirements. Telus is beholden to US laws and regulations. Even the data that Telus has “residing” in Canada, is potentially subject to US laws and regulations – that’s what the Cloud Act solidified: basically the US govts authority to coerce any business that wants to do business in/with the US, to give up that company’s data from anywhere in the world.
When it comes to something like AI and training on user data – companies like Microsoft and Google don’t really care all that much about Canada’s legislation / sovereignty, especially as the US is letting them write their own regulation down south. So any email that goes through US tech giant servers, is likely getting ingested / processed by US AI’s, with US laws / trends in mind.
What a terribly written article. Either the paper was self-contradicting, or this journalist made it appear that way with these 2 paragraphs.
Doesn’t name the paper or link the source clearly so I can read the paper for myself. Is this CTV’s typical writing standard? Ambiguous like they didn’t understand the assignment?
It’s not contradictory really, though the lack of a link to the white paper is definitely lazy journalism. I’m ‘guessing’ the paper is here: https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/cloud-services/digital-sovereignty/gc-white-paper-data-sovereignty-public-cloud.html . I haven’t read through that yet, so its just a guess.
The statement you say is contradictory isn’t, in that they differentiate between “operate completely under Canadian jurisdiction” from businesses just ‘storing data in canada’, or ‘using a canadian supplier’. For example Telus is one of our big telcos. Telus has significant business ties to US companies, in that their email is just reselling either Microsoft or Google, and their VoiP is just reselling US Ring Central (even uses the same servers for call routing). Telus is currently a “Canadian” company that is effectively just a US software supplier, that has data ‘reside’ in Canada when it’s demanded by client/regulatory requirements. Telus is beholden to US laws and regulations. Even the data that Telus has “residing” in Canada, is potentially subject to US laws and regulations – that’s what the Cloud Act solidified: basically the US govts authority to coerce any business that wants to do business in/with the US, to give up that company’s data from anywhere in the world.
When it comes to something like AI and training on user data – companies like Microsoft and Google don’t really care all that much about Canada’s legislation / sovereignty, especially as the US is letting them write their own regulation down south. So any email that goes through US tech giant servers, is likely getting ingested / processed by US AI’s, with US laws / trends in mind.
Edit: link to the paper if you want to read it yourself