The United States will be allowed to share information about Canadians with other countries under a sweeping border deal.
The U.S. won't have to explicitly tell Canada about its plan to pass along the personal details in many cases, suggests a newly released binational privacy charter.
Information-sharing about security cases has sometimes been a sore point between the two countries since the 9-11 terrorist attacks.
Canada and the U.S. jointly released the 12-point statement of privacy principles late Thursday, covering areas including sharing, data quality, information security, effective oversight, and redress for people whose privacy is infringed.
The principles help flesh out a perimeter security deal struck by the two countries last year. The deal is intended to smooth the passage of people and cargo across the Canada-U.S. border while bolstering continental security.
The plan calls for joint, integrated assessments about security threats and improved intelligence sharing. The countries have pledged to create common privacy principles to guide such information exchanges.
Other main components include more comprehensive advance screening of travellers from third countries heading to North America and a harmonized approach to screening cargo arriving from offshore.
The most contentious feature could be the plan to exchange entry information collected from all persons at the border, which would serve as a record of exit from the other country.
In separate statements, Public Safety Minister Vic Toews and U.S. Homeland Security Secretary Janet Napolitano welcomed release of the privacy principles.
The privacy charter's preamble says greater information sharing between Canada and the U.S. "is vital to protecting the security of our citizens" and that personal information is to be provided, received and used only in accordance with domestic and international laws applicable to the two countries.
The principles say Canada or the U.S. may transfer information received from the other to a third country.
For instance, the U.S. could send information received from Canada to an ally abroad. However, the U.S. could do so only if American law allowed it. And it must be done in accordance with relevant international agreements and arrangements.
In the absence of such "international agreements and arrangements," the U.S. must inform Canada prior to the transfer, or as soon as possible after the transfer in the case of urgent circumstances.
Emily Gilbert, director of the Canadian studies program at the University of Toronto, said the sharing principle begs questions.
"When somebody is a person of interest in the United States, but is a Canadian, what does that mean?" she asked. "And then what does it mean if that information is then being sent to the European Union or somewhere else?"
Ms. Gilbert said that overall the privacy principles represent a welcome first step. But she added it is unclear how the distinct constitutional and legal frameworks of the two countries are going to be maintained in the context of cross-border information sharing.
She would like to know more about where data collected under the border processes will be physically stored and who will have access to it.
Ms. Gilbert said she was pleased to see mention in the principles of "effective remedies before a fair and objective authority" when a person's privacy has been breached, but wondered who would fulfil the role of authority and whether the body's rulings could be appealed.
"We have no sense of that coming from this document."
The federal privacy commissioner's office, which was consulted during drafting of the principles, said Thursday it would "take some time to read these in order to see how any suggestions we provided may have been reflected."
The principles say Canada and the U.S. intend to consult each other on application of the privacy principles to particular projects that flow from the border pact, and to discuss "more general developments in the protection of privacy rights."