Hello beautiful community! Looking to connect with Canadian Airtable users to better understand how the new Bill 25 will affect how they use Airtable in the futur.
We have until September 2023 to comply and i am at a loss. Airtable has been my main platform for processes in the city. The new Bill required all Canadian data to be hosted outside of USA and away from the Patriot Act’s long arms.
I understand that Airtable uses Amazon servers to host our datas and inquired about being able to host data in the Amazon Canada servers too and was told that it was not in the plans.
Any thoughts or suggestions would be greatly greatly appreciated.
Thanks for bringing this up. I’ve been working to get my data hosted elsewhere for quite some time (actually right after the Patriot Act came into effect) using servers in Europe etc., and have mostly been successful, except for with Airtable. I too am at a loss, but it’s good to know that I’m not alone in this!
Any more Canadians out there?
It would help to include a reference to Bill 25. If we knew exactly what the requirements are, we’d have a better chance of advising you. Indeed, the Patriot Act is anything but; it is a security brain-fart that should have been repealed at least a decade ago. But it stands, and if you want Airtable (or every other big tech provider), you get the Patriot Act which is very kind compared to China’s corollary. :winking_face:
I think that’s like jumping out of the frypan into a forest fire. :winking_face: Imagine taking Bill 25 and wrapping it inside GDPR - it’s a very big matrix of issues. Add a sprinkle of HIPAA, and you’ll go insane faster than you can dial the ACLU hotline.
And there it is. There’s no shortage of hypocrisy among either the US or Canadian governments.
Canada is part of the Five Eyes intelligence network—with the US, UK, Australia and New Zealand—that cooperates with the US National Security Agency (NSA) in collecting their citizens’ personal information. Oddly, Five Eyes has full access to the data collected under the Patriot Act.
Does Bill 25 also advise you to avoid hosting your data in any of the Five Eyes countries?
Sorry, tongue-in-cheek; I had to ask.
What’s the Remedy?
(disclaimer - I’m not an expert in secrecy laws in any country, and what follows are just my opinions)
There isn’t one - even data stored in Canada is subject to Bill C-13, which legalized telecom service providers voluntarily providing subscriber information to law enforcement without warrants and lowered the standard for judges to order disclosure of communication data. Bill C-44 made it worse by removing all territorial restrictions on CSIS activities which allows the agency to conduct activities that could even breach the laws of other countries. But the kicker (in the groin area) is Bill C-51, the most controversial bill, which created a new power for CSIS to take measures to “reduce threats to the security of Canada.” The law gives CSIS a special power to stand high above the Charter rights of your fellow citizens. C-51 is ostensibly Canada’s Patriot Act.
It seems that it doesn’t matter where you take your data; it [can] be collected and reported to agencies without your consent. Airtable is probably not aggressively pursuing an out-of-US hosting option because it knows there’s little to gain.
Yes, the nature of privacy is complex. My concern is about the best way to keep my client’s information safe as best I can. I engaged with GDPR when it came out as I have clients in Europe. I was happy to declare who has access to my data depending on which pieces of software I use. Quebec Bill 25 asks that companies report when they have data intrusions or breaches. Bill C-27 is an upgrade to PIPEDA, however, all Canadians who use cloud-based storage for their client data can be affected. Certainly, big companies are more at risk than a little operation like mine, but one can never be too careful when it comes to internet and data security.
Without getting political my only interest here is the best way for me to keep data safe while using Airtable. I use AWS (for other things), and keep data in Ireland as well as Germany. If I can’t have the option to host my data elsewhere, then I will have to find a way to change my strategy in keeping with my personal commitments.