In addition to the Patriot Act, the reason for this is the American level of data protection, which is significantly lower than the European level. However, since the Privacy Shield was abolished, the use of cloud providers from the USA is no longer just controversial for companies in the EU, but even associated with a legal risk . The Privacy Shield was an agreement with which the US government had committed itself to complying with the provisions of the GDPR when processing personal data from the EU until 2020. Since the transfer of personal data from the EU is prohibited, companies that still have such data stored or processed singapore rcs data on servers of US providers are, in the opinion of some experts, violating European law.
On September 22, 2021, the government of the Canadian province of Quebec passed the "Act to Modernize Legal Provisions for the Protection of Personal Data" - or Act 25 for short - based on the GDPR in Europe. The data protection rules contained in Act 25 have been gradually coming into force since then. The draft law aims to modernize Canada's data protection laws, which are considered outdated, for both the private and public sectors and to adapt them to technological advances.
Patriot Act
Quebec's Law 25 will come into force in annual increments starting in September 2022.
Contents and effects of the law with regard to the Patriot Act
Law 25 is intended to give people more transparency about when and for what purpose companies collect personal data. To achieve this goal, new rules for how companies and institutions handle personal data will apply from September 2023. Among other things, in the future, with a few exceptions, they will always have to obtain explicit consent before they can use a person's data. Consent must be given separately for each specific purpose and this purpose must also be openly communicated to the people concerned. These new data protection rules conflict with the Patriot Act, which generally allows US authorities to access personal data stored on the servers of US companies inside and outside the United States without consent.