In February 2016 the European Commission and Canadian government published the final draft text of the EU – Canada trade agreement (CETA).
Before that the Court of Justice of the EU in October 2015 invalidated the Safe Harbour framework that allowed the transfer of European citizens’ data to the United States. The Court confirmed that cross border data transfer frameworks need robust privacy safeguards. However, during the legal scrub the European Commission did not make the CETA text compatible with the Court’s Safe Harbour ruling. This incompatibility exposes our privacy to interference. This is the first in a series of blogs on CETA and privacy.
Canada is a member of the Five Eyes, a group of countries committed to (suspicionless) mass surveillance. Canada’s Communication Security Establishment (CSE) is allowed to spy on foreigners.  According to Kent Roach Canada’s accountability gap is particularly pronounced:
“There are accountability gaps in all democracies, but Canada’s accountability gap is particularly pronounced. Alone out of our Five Eyes partners, Canada still does not give any parliamentarians access to secret information. SIRC was state-of-the-art when it was created in 1984, but comparable Australian and British reviewers now are much closer to a whole-of-government mandate that is fit to review whole-of-government security.” 
Furthermore, a significant portion of Canadian Internet traffic transits through the United States, usually via a city where the NSA has splitter interception facilities. 
According to the Court of Justice Safe Harbour ruling a third country has to provide essentially equivalent privacy protection as the EU; paragraph 74:
“(…) those means must nevertheless prove, in practice, effective in order to ensure protection essentially equivalent to that guaranteed within the European Union“. (emphasis added)
Canada’s privacy protections seem to fall short in practice. A carte blanche to spy on foreigners is not a proportionate derogation from the protection of the fundamental right to respect for private life. After more research a European citizen could file a complaint against data transfers to Canada.  In the next blogs I will show that CETA curtails the EU’s ability to protect our privacy.
Next blog: CETA places itself above EU Charter of Fundamental Rights
 See Law, Privacy and Surveillance in Canada in the Post-Snowden Era, editor Michael Geist, page 88
 idem, page 194
 idem, page 25
 CETA article 28.6 National security, page 214, allows Canada to not provide information on surveillance.