Data Privacy, NAFTA Negotiations, and the Canadian Cloud

By: Lee Rickwood

August 4, 2017

The ability to safely store and then access important data is crucial to both personal and business users.

These days, both individual and institutional data needs to be available anywhere, anytime, and it needs to be safely and securely protected from any number of inappropriate or illegal actors.

Data Privacy, NAFTA Negotiations, and the Canadian Cloud

Storing data in the cloud is touted as a safe option: it is available to any authorized user, on any authorized device. image.

So storing data in the cloud has been touted as a solution: data is available to any authorized user, on any authorized device. The data space and computing power available in the cloud means that companies and individuals can make use of scalable storage and computing horsepower well beyond what they could afford or operate on their own.

But proposed new international data privacy rules, and upcoming renegotiation of the controversial NAFTA trade deal, may present significant challenges to both data privacy and national self-determination.

The Canadian cloud has been seen as one of the most attractive data destinations: national privacy policies and provincial rules and regulations in this country provide good protections for an individual’s personal information, as well as important data held or used by public institutions such as schools, universities, hospitals, government-owned utilities and government-operated service providers.

It is considerations such as these that have helped one Canadian cloud provider sign up hundreds of thousands of clients here at home and around the world. was founded in Toronto some five years ago by Suhan Shan, Thomas Savundra and Darius Antia (the trio also launched Netfirms, a global web hosting company). At launch, the start-up clearly knew its competition (including big guns like Google Drive and Dropbox), and the founders clearly knew their competitive advantage:

“Being 100% Canadian owned and operated is a huge plus for our customers,” said Thomas Savundra, now company president and CEO, in email conversation with “By using Sync, Canadian companies can comply with virtually all Canadian federal and provincial data privacy legislation in the cloud, including PIPEDA and Canadian data residency.”

Data Privacy, NAFTA Negotiations, and the Canadian Cloud

Sync says it’s been experiencing rapid growth, with users from over 150 countries; admin features allow users to control and manage their data and their accounts.

He pointed to recent company stats showing it has more than 350,000 active users (at the beginning of this month), with nearly 80 per cent of them from outside the country. Sync says it’s been experiencing rapid growth, with users from over 150 countries, because its “focus on security and privacy is super-popular” with businesses and individuals worldwide.

From the feature-set point-of-view, Sync is similar to other cloud storage services: it offers the same file syncing, sharing and backup capabilities as other business-class cloud service providers. But its take on privacy is said to be the polar opposite.

Some providers state quite openly that they regularly access, scan and even share customer data or related activities with trusted third party partners, often for revenue-generating purposes. Such practices, although perhaps widespread, cause concern among some users and privacy advocates.

Sync says it cannot read user data; files are encrypted and only users have encryption keys to unlock them. Even passwords and files recovery procedures fall under what Sync calls its “zero knowledge first” philosophy.

If a user forgets his or her password, the associated account and all its files are gone; there is no password recovery tool at the company, because that would open a backdoor to the account that could compromised. Only on the local desktop app side of the service is an option for recovery available before the fact; the company cannot “flip a switch” to get at user passwords, and the option cannot be triggered after it is needed.

Sync stores all customer data on Canadian soil, so local jurisdictional data privacy protections are in place, including PIPEDA, PIPA and FIPPA (the company also offers HIPAA data-privacy compliance for U.S. healthcare providers).

“Canada’s data privacy legislation is (also) recognized by the EU,” Savundra added, “which means that Sync users can safely share and collaborate globally. This is a big deal.”

A big deal indeed. Business is a global activity, and markets know few borders. Likewise, data flows freely in the global economy (perhaps too freely), and users want the data to flow freely (and safely).

How data privacy, NAFTA negotiations, and the Canadian cloud will intersect is a hot topic of discussion for data users and service providers, not the least of which is Sync, as Savundra noted of recent and ongoing internal discussions about global data residency concerns:

“Frankly, we’re happy that NAFTA is forcing government to address this, and whatever the outcome, clarity will benefit our entire industry, “he said. The U.S. and E.U. have been sparring on this front – the question of ‘where’ your data is stored – for years, he continued, mentioning both ‘Safe Harbour’ and ‘Privacy Shield’ rules.

“[N]ow is probably a good time for the U.S. and Canada to adopt a common set of guidelines that both countries can work with.”

Savundra knows that the Office of the U.S. Trade Representative has stated it wants to put an end to rules and activities that restrict cross-border data flows, or that mandate the use or installation of local computing facilities.

The new NAFTA proposals run counter to current Canadian policies, such as public-sector privacy laws in British Columbia and Nova Scotia that require in-country data storage for reasons of confidentiality, privacy and protection. And they threaten to radically change the competitive advantage, if not business model, of Canadian-based cloud service providers.

The entrepreneurial, tech-savvy start-up mentality at Sync remains optimistically in place even with such data challenges looming on the horizon.

“For Canadian cloud providers these issues are not limited to the United States,” Savundra explained. “With the upcoming EU-GDPR (General Data Protection Regulation) ratification, we may need to renegotiate our data storage and transmission rules with Europe as well. And beyond politics, data localization has always been an important consideration in terms of the overall speed and performance of the cloud. Regardless of which ‘laws’ are the new status quo, we’re constantly evaluating localization as an opportunity for growth.”

Other growth opportunities at the company are on its current development road map, including putting the finishing touches on brand new mobile apps, and other new features based on customer feedback. “We’ve also invested heavily in our server-side infrastructure, to keep up with growth,” Savundra touted a 99.9 per cent or better up time for Business Pro users (free accounts with up to five GB storage are among the company’s package offering).

Data Privacy, NAFTA Negotiations, and the Canadian Cloud

New cloud-based file storage and sharing features are coming to Sync, including applications for using popular mobile devices.

Cloud based storage providers like Sync offer end-to-end data encryption, secure file sharing and collaboration, protection against hardware failure, malware and ransomware, unlimited file revision and more, services that Savundra says will help businesses work smarter and keep people’s data safer.

With mounting data privacy concerns around the world, with due considerations for new rules and regulations such as may come from the NAFTA negotiations, the forecast is sunny for the Canadian cloud and providers like Sync that are finding shelter – and opportunity – under it.



Leave a Reply

Your email address will not be published. Required fields are marked *