Memorandum of Understanding (United States Federal Communications Commission)

MEMORANDUM OF UNDERSTANDING
Between the
UNITED STATES FEDERAL COMMUNICATIONS COMMISSION
and the
PRIVACY COMMISSIONER OF CANADA
on
COOPERATION IN THE ENFORCEMENT OF LAWS PROTECTING PERSONAL
INFORMATION IN THE PRIVATE SECTOR

The United States Federal Communications Commission (“FCC”) and the Privacy Commissioner of Canada (“PCC”) (herein referred to individually as “Participant” and collectively as “the Participants”):

RECOGNIZING that today’s digital age means consumers are sharing vast amounts of personal information with telecommunications carriers; these carriers store and transmit this information across complex networks that expand beyond traditional nation-state borders; and there is a resulting need for increased cross-border enforcement cooperation among international partners to protect consumer privacy, data, and cybersecurity;

RECOGNIZING that the OECD Recommendation on Cross-Border Co-operation in the Enforcement of Laws Protecting Privacy, the Global Privacy Enforcement Network’s Action Plan, the International Enforcement Coordination Framework of the Global Privacy Assembly, and the APEC Privacy Framework call for the development of cross-border information sharing mechanisms and enforcement cooperation arrangements; and that such information sharing and enforcement cooperation are essential elements to ensure privacy, data protection compliance, and cybersecurity, serving a substantial public interest;

RECOGNIZING that the United States Communications Act of 1934, as amended, 47 U.S.C. § 151 et seq., authorizes the FCC to disclose information to law enforcement authorities from other countries under appropriate circumstances; and

RECOGNIZING that section 23.1 of Canada’s Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”) authorizes the PCC to share information with authorities from other countries that have responsibilities relating to the protection of personal information in the private sector,

HAVE REACHED THE FOLLOWING UNDERSTANDING:

1. Definitions

   For the purposes of this Memorandum:

   1. “Applicable Law” means for the specified Participant the laws and regulations identified in Annex 1 of this Memorandum and such other laws or regulations as the Participants may from time to time jointly decide in writing to be an Applicable Law for purposes of this Memorandum.
   2. “Confidential Information” means any non-public information, including information subject to obligations regarding confidentiality or privacy, including information that is sensitive for national security reasons, personally identifiable information, and confidential commercial or financial information including such information about third parties.
   3. “Covered Violation” means conduct that would, based on available information, be in contravention of the Applicable Laws of one Participant’s country and that is the same or substantially similar to conduct that would be in contravention of the Applicable Laws of the other Participant’s country.
   4. “Enforcement Activities” means any work conducted by the Participants in respect of their Applicable Laws, including but not limited to: research, investigations, and proceedings.
   5. “Memorandum” means this Memorandum of Understanding.
   6. “Person” means any natural person or legal entity, including any corporation, unincorporated association, or partnership, a statutory authority or instrumentality of a government, existing under the laws of the United States or the laws of Canada.
   7. “Request” means a written request for assistance under this Memorandum, although in urgent cases, a request may be made orally in the first instance, with a written request to follow forthwith.
   8. “Requested Participant” means the Participant from which assistance is sought under this Memorandum, or which has provided such assistance.
   9. “Requesting Participant” means the Participant seeking or receiving assistance under this Memorandum.
2. Objectives and Scope
   1. This Memorandum sets forth the Participants’ intent with regard to mutual assistance and the exchange of information for the purpose of enforcing and securing compliance with Applicable Laws as well as the exchange of knowledge and expertise on regulatory policies and technical efforts to address matters related to Applicable Laws.
   2. This Memorandum does not and is not intended to be interpreted as committing either Participant to disclose information in circumstances where doing so would breach its statutory, regulatory, or other legal responsibilities. In particular, each Participant is expected to ensure that any disclosure of personal data pursuant to these arrangements fully complies with its Applicable Laws. This Memorandum sets out the framework for information sharing, but each Participant intends to determine for itself whether any proposed disclosure is compliant with its applicable domestic laws and regulations.
   3. The Participants have determined that they do not anticipate exchanging sufficient quantities of personal data to warrant entering into a separate data sharing arrangement at this time, but intend to further consider this issue should circumstances change. The Participants also acknowledge that a particular Request may justify entering into such an arrangement as per V.B.6 of this Memorandum.
   4. The Participants understand that it is in their common interest to:
      1. cooperate with respect to the enforcement of the Applicable Laws, including the sharing of complaints and other relevant information as permitted by the laws and regulations applicable to each Participant and providing investigative assistance related to Covered Violations;
      2. facilitate research and education related to the protection of personal information;
      3. promote a better understanding by each Participant of the economic and legal conditions and theories relevant to the enforcement of the Applicable Laws of the other Participant;
      4. facilitate the mutual exchange of information (as permitted by the laws and regulations applicable to each Participant), knowledge and expertise through bilateral meetings, digital videoconferences (DVCs), training programs and staff exchanges, where opportunities may arise and priorities permit; and
      5. inform each other of developments in their respective countries that relate to this Memorandum in a timely fashion.
   5. In furtherance of these common interests, and subject to Section III, the Participants intend to use their best efforts to:
      1. disclose information relevant to Enforcement Activities related to Covered Violations of the Applicable Laws of a Participant’s country, including Confidential Information, upon request, when permitted by the laws and regulations applicable to each Participant and under conditions considered appropriate by the Requested Participant;
      2. provide investigative assistance in appropriate cases in accordance with the laws and regulations respectively applicable to each Participant;
      3. provide other relevant information about matters within the scope of this Memorandum such as regulatory information, technical and policy developments, information relevant to consumer and business education, self-regulatory solutions, amendments to relevant legislation, and staffing and other resource issues;
      4. explore the feasibility of staff exchanges and joint training programs;
      5. coordinate enforcement against cross-border Covered Violations that are a priority for both Participants;
      6. collaborate on initiatives to promote regulatory, policy, technical, and commercially viable solutions in relation to privacy, data protection, and cybersecurity matters; 
      7. participate in periodic teleconferences to discuss ongoing and future opportunities for cooperation;
      8. provide other appropriate assistance that would aid in compliance activities and/or investigations and enforcement actions related to Covered Violations; and
      9. jointly explore opportunities for senior strategic engagement to facilitate a shared cross-jurisdictional approach and understanding to deal with relevant regulatory issues and consumer protections.
3. Procedures Relating to Mutual Assistance
   1. Each Participant intends to designate a primary contact for the purposes of Requests and other communications under this Memorandum. Notices of these designations and any subsequent changes are expected to be sent to the PCC in care of the Director of PIPEDA Investigations with a courtesy copy to the Director of International, Provincial and Territorial Relations, and to the FCC in care of Chief of the Enforcement Bureau with a courtesy copy to the Chief of the Office of International Affairs.
   2. If a Participant makes a Request relating to investigations or enforcement actions in relation to Covered Violations, the Participants expect the Request to include sufficient information to enable the Requested Participant to determine whether a Request relates to a Covered Violation and to take action in appropriate circumstances. 
      1. Such information is expected to include:
         1. a description of the facts underlying the Request (including the conduct or suspected conduct which gave rise to the Request) and the type of assistance sought, as well as an indication of any special precautions that are expected to be taken in the course of fulfilling the Request;
         2. the purpose for which the information requested would be used (identifying the provisions of any relevant law or other legal basis for the Requesting Participant seeking the information and the relevant regulatory functions to which the Request relates); and
         3. the suggested time period for reply and, if the Request is urgent, the reasons for the urgency.
      2. In urgent cases, a Participant may make an oral Request that contains the information described in clause B.1 of this Section, but is expected to then send a written Request containing all information specified in clause B.1 within 7 days, if possible.
      3. Consistent with other provisions of this Memorandum, and unless the Participants reach a different understanding in writing, a Request is expected to include an affirmation by the Requesting Participant concerning the need to maintain confidentiality of: each Request; the existence of any investigation related to the Request; all materials related to each Request; and all the information and material provided in response to each Request. When receiving the Request, the Requested Participant is also expected to provide an affirmation of the same understanding.
      4. Prior to requesting assistance, a Participant is expected to perform a preliminary inquiry to assess whether the Request is consistent with this Memorandum and does not impose an excessive burden on the Requested Participant.
   3. Participants intend to:
      1. communicate and cooperate with each other, as appropriate, about matters that may assist ongoing investigations;
      2. notify each other promptly if a Participant becomes aware that information the Participant shared under this Memorandum is not accurate, complete, and up-to-date;
      3. refer, as appropriate and subject to its Applicable Laws, complaints to the other Participant, or provide the other Participant notice of possible Covered Violations of the other Participant’s Applicable Laws.
4. Limitations on Assistance
   1. The Participants acknowledge that a Requested Participant has full discretion to decline a Request or limit or condition its cooperation. In deciding whether to decline a potential Request, a Requested Participant expects to take into account relevant considerations, which may include whether the request is outside the scope of this Memorandum or, whether the provision of the information, documents, or assistance would or may:
      1. be inconsistent with the national or public interest, or with the laws and regulations applicable to the Requested Participant, including relevant privacy or data protection laws;
      2. be beyond the statutory powers of the Requested Participant or involve dealing with the administration of a law that has no parallel within its jurisdiction;
      3. put the Requested Participant in breach, or at risk of being in breach, of a legal or equitable duty owed to any Person (particularly in relation to the treatment of Confidential Information and personal information, or an obligation to afford procedural fairness);
      4. expose the Requested Participant to the threat of legal proceedings;
      5. place a strain on the Requested Participant’s resources or substantially or unreasonably divert its resources;
      6. impact adversely on any enforcement or compliance action being taken or contemplated by the Requested Participant;
      7. not be within the Participant’s scope of authority or jurisdiction; or
      8. give rise to any other circumstance that renders a Participant unable to participate.
   2. The Participants recognize that it is not feasible for a Participant to offer assistance to the other Participant for every Covered Violation. Accordingly, the Participants intend to use best efforts to seek and provide cooperation focusing on those Covered Violations that are most serious in nature, such as those that cause or are likely to cause injury or harm to a significant number of persons, and those otherwise causing substantial injury or harm.
   3. The Requesting Participant may request the reasons for which the Requested Participant declined or limited assistance.
   4. The Participants intend to share Confidential Information in response to a Request pursuant to this Memorandum only to the extent that it is necessary to fulfil the objectives set forth in Section II of this Memorandum, and in a manner consistent with Section V of this Memorandum.
   5. Where, under applicable law, regulation and/or policy, the Requested Participant requires the consent of a Person or is required to notify a Person of the Request before it is able to respond to the Request, the Requested Participant understands that it is expected to advise the Requesting Participant of the need for such consent or to provide notification, before contacting that Person.
   6. The Requested Participant may provide information, documents, or assistance to the Requesting Participant subject to any conditions that the Requested Participant considers appropriate, including restrictions or limitations as to the use, access storage, disclosure, or disposal of the requested information or documents. Where the Requested Participant seeks to impose a condition, it is expected to advise the Requesting Participant in writing of that condition prior to providing the information, documents, or assistance.
5. Confidentiality, Privacy, and Limitations on the Use of Information Received Under this Memorandum
   1. Subject to this Section, each Participant understands that the information received under this Memorandum, the existence of the investigation to which the information relates, and any requests made pursuant to this Memorandum are confidential and are expected to not be further disclosed or used for purposes other than those for which they were originally shared, without the prior written approval of the other Participant, and may be subject to further conditions consistent with Section IV.
   2. The Participants recognize that material exchanged in connection with investigations and Enforcement Activities often contains Confidential Information. Where information that is subject to a duty of confidentiality is shared between the Participants it is expected to be marked with the appropriate security classification. The Participants intend to take necessary protective measures to safely transmit and safeguard as confidential materials containing Confidential Information. Appropriate protective measures under this paragraph include, but are not limited to, the following examples and their reasonable equivalents, whether used separately or combined as appropriate to the circumstances:
      1. transmitting the material in an encrypted format;
      2. utilizing technologies with event logging and similar features that allow each Participant to track access to Confidential Information;
      3. transmitting the material by a courier with package tracking capabilities;
      4. maintaining the materials in secure, limited access locations (e.g. password protected files for electronic information and locked storage for hard copy information);
      5. if used in a proceeding that may lead to public disclosure, redacting Confidential Information, as required by law, or filing under seal, as consistent with law; and
      6. entering into a separate information sharing arrangement to govern the use, access, storage, disclosure, or disposal of information.
   3. Each Participant intends to use best efforts to safeguard the security of any information received under this Memorandum and intends to implement safeguards decided on by the Participants, consistent with applicable laws, and associated rules and policies:
      1. restricting access to such information to its officers, employees, consultants, contractors, and agents who have a need for such information in the performance of their official duties and, with respect to consultants, contractors, and agents, restricting access to those who are required by law to keep such information confidential or who have entered into appropriate non-disclosure agreements that cover such information, and informing such persons with access of their responsibilities consistent with the Memorandum, except as otherwise provided in writing by the other Participant;
      2. applying other appropriate administrative, technical, and physical safeguards to ensure the confidentiality of personally identifiable information and data security and integrity; and
      3. following applicable breach notification policies and procedures, or conditions imposed by the Requested Participant consistent with Section IV.
   4. The Participants expect that nothing in this Memorandum would be construed to reflect a Participant’s intent to:
      1. withhold information provided pursuant to this Memorandum in response to a formal demand from that Participant’s country’s legislative body, regulatory authority, or an order issued from a court with proper jurisdiction in an action commenced by that Participant or its government, or if disclosure is otherwise required by law in that Participant’s country; or
      2. prevent material obtained in connection with the investigation or enforcement of criminal laws from being used for the purpose of investigation, prosecution, or prevention of violations of either Participant’s country's criminal laws.
   5. Notwithstanding paragraph D above, a Participant is expected to use its best efforts to preserve the confidentiality of any Confidential Information obtained from the other Participant under this Memorandum, including by asserting all applicable legal exemptions from disclosure and seeking a protective order where applicable, and, consistent with applicable laws and regulations, and the authority of the country’s legislative body, regulatory authority, or courts, is expected to notify the Requested Participant of the formal demand or court order and do so prior to the production or disclosure of Confidential Information.
   6. In the event of any suspected or confirmed unauthorized access or disclosure of Confidential Information provided by a Participant under this Memorandum, each Participant intends to take all reasonable steps to remedy the unauthorized access or disclosure and to prevent a recurrence of the event. The Participant discovering the suspected or confirmed unauthorized access or disclosure is expected to promptly notify the other Participant of the occurrence.
   7. Each Participant intends to oppose, to the fullest extent possible consistent with their country’s laws, regulations, and policies, any application by a third party for disclosure of Confidential Information or confidential materials received from the other Participant under this Memorandum, unless that other Participant approves its release. The Participant that receives such an application is expected to notify forthwith the Participant that provided it with the Confidential Information to the extent consistent with applicable law and regulations.
6. Changes in Applicable Laws

   In the event of significant modification to the Applicable Laws of a Participant’s country, the Participants intend to use best efforts to consult promptly, and if possible, prior to the effective date of the enactment of such modifications, to determine whether to modify this Memorandum.

7. Retention of Information
   1. Each Participant intends to retain information received under this Memorandum for no longer than is required to fulfill the purpose for which it was shared or than is required by the laws of the Requesting Participant’s country. The Participants intend to use best efforts to return any information that is no longer required if the Requested Participant makes a written request that such information be returned at the time it is shared. If no request for return of the information is made, it is the Participants’ intent that the Requesting Participant would dispose of the information using methods prescribed by the Requested Participant or if no such methods have been prescribed, by other secure methods, as soon as practicable after the information is no longer required.
   2. The Participants recognize that in order to fulfil the objectives set forth in Section II, the Participants typically need to retain the shared materials until the conclusion of the investigation for which the materials were requested and any related proceedings.
8. Costs

   This Memorandum does not obligate the provision of funds for any particular expenditure and does not authorize the transfer of funds and/or resources from one Participant to the other. If either Participant provides goods and/or services to the other Participant, the Participants intend to address in a separate arrangement any financial terms applicable to the provision of such goods or services. Any such separate arrangement would be executed by the Participants before the provision of such goods or services and would include the signature of officials with authority to obligate funds and would be subject to the availability of funds.

9. Duration of Cooperation
   1. Cooperation under this Memorandum is expected to commence as of the date of its signing.
   2. The assistance provided under this Memorandum may address Covered Violations occurring before and after this Memorandum is signed.
   3. This Memorandum may be discontinued at any time by either Participant, but a Participant is expected to endeavour to provide 30 days written notice of such discontinuance and use its best efforts to consult with the other Participant prior to providing such notice.
   4. The Participants intend to review the operation of this Memorandum periodically and to consult for the purpose of reviewing this Memorandum at a time mutually decided by both Participants.
   5. Upon the discontinuation of this Memorandum, each Participant understands that, to the extent consistent with its applicable law and regulations, it is expected to:
      1. maintain the confidentiality of any information communicated to it by the other Participant under this Memorandum, and
      2. return or destroy, by any methods prescribed by the other Participant, information obtained from the other Participant under this Memorandum, and in a manner contemplated by the other Participant’s country’s laws and regulations or any conditions imposed by the Requested Participant.
   6. This Memorandum may be modified by mutual decision of the Participants. Any modifications are expected to be in writing and signed by the appropriate officers of the Participants.
10. Legal Effect
    1. This Memorandum is a statement of intent that does not give rise to any rights or obligations under international or domestic law. Nothing in this Memorandum is intended to:
       1. affect existing rights or obligations under international or domestic law;
       2. prevent a Participant from seeking assistance from or providing assistance to the other Participant pursuant to other agreements, arrangements, or practices;
       3. affect any right of a Participant to seek information on a lawful basis from a Person located in the territory of the other Participant’s country or preclude any such Person from voluntarily providing legally obtained information to a Participant;
       4. create a commitment that conflicts with or would be inconsistent with either Participant’s national laws, court orders, regulations, and policies, or any applicable international obligation or commitments;
       5. create expectations of cooperation that would exceed a Participant’s jurisdiction; or
       6. affect a Participant’s ability to comply with applicable international law or applicable domestic laws or regulations.
11. Consultations

    The Participants intend to resolve any issues that may arise under this Memorandum through amicable consultations through the contacts referred to in Section III.A and, failing resolution in a reasonably timely manner, by discussion between appropriate senior officials designated by the Participants.

Signed in English.

Annex 1

Applicable Laws

1. Federal Communications Commission
   1. Communications Act of 1934, as amended, 47 U.S.C. §§ 151-155, 201, 222, 338, 551
   2. Federal Communications Commission Rules, 47 CFR §§ 0.111 (a)(24), 0.441-0.470, 64.2001-2011
   3. The Privacy Act of 1974, as amended, 5 U.S.C. § 552a and the FCC’s published System of Records Notices
   4. The Federal Information Security Modernization Act of 2014 (FISMA), 44 U.S.C. § 3551 et seq., and applicable guidance from the Office of Management and Budget (OMB) and the National Institute of Standards (NIST)
   5. The E-Government Act of 2002, 44 U.S.C. §§ 101, 3501 et seq.
   6. The Freedom of Information Act, as amended, 5 U.S.C. § 552
   7. The Trade Secrets Act, 18 U.S.C. § 1905
2. Privacy Commissioner of Canada:
   1. Part 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5
   2. Privacy Act, R.S.C., 1985, c. P-21
   3. Access to Information Act, R.S.C., 1985, c. A-1
   4. An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23 (Anti-Spam Legislation).