Once Canadians can buy legal recreational cannabis sometime this Summer/Fall, 2018, mountains of consumer data will start to be generated that could work against you at the U.S.A. border, resulting in a big and expensive pain in the butt for cannabis-loving Canadians, even for medical marijuana users.
For example, some of the data will be clearly linked to individuals: credit card purchases at physical stores and online ordering to home addresses.
Your Canadian cannabis-purchase data could end up on a server in the United States, and it could it make its way to U.S. border officials. Privacy experts say, there’s little to stop it.
The consequences can be expensive, troublesome and downright unfair.
Canadians can be banned for life from the United States, even after legalization — if a border officer decides that they are an “abuser” of marijuana. “Under current technical instructions, use in the last year would qualify as a drug abuser,” says Scott Railton, an immigration lawyer in Bellingham, Wash. “If they were able to access that data point for home delivery and everything, it would open the door for more questions.”
Any U.S. border officer who knew of a Canadian’s cannabis buying history could quickly put the person in a lose-lose situation — admit to cannabis use and be banned as a “drug abuser,” or deny it and be banned for lying. Immigration lawyers advise refusing to answer the question, which will probably get you turned back on that one occasion but doesn’t carry lasting consequences.
“Any information that goes outside of Canada is up for grabs by local law enforcement,” says Heather Black, a former assistant federal privacy commissioner. “It’s part of the globalization of data. It goes all over the place.”
“American authorities are pretty greedy for scooping up information, and they clearly don’t confine themselves to the borders of the United States.” And under U.S. law, Canadians don’t have the safeguards over their U.S.-held data that Americans would have, explains University of Toronto law professor Lisa Austin. “In Canada, we would be protected by the Charter. In the U.S. we’re not protected by the Fourth Amendment, as non-U.S. persons, so there’s no constitutional protection for our data.”
Mastercard, Visa and CIBC didn’t respond to questions about where credit card data is stored. However, the privacy agreements of all five of the big banks warn that customers’ financial data can be stored outside Canada, and be subject to the laws of the country it’s stored in.
Some don’t specify the U.S. by name, but others do. BMO’s agreement, for example, says that companies holding data “may be located outside of Canada (such as in the United States) and may be required to disclose information to courts, government authorities, regulators or law enforcement in accordance with applicable law in that country.”
In a 2005 decision, the federal privacy commissioner noted that Canadians’ credit card data held in the U.S. could be obtained by American authorities under the PATRIOT Act, an anti-terrorism law passed in the aftermath of the September 11, 2001, attacks.
Under the law ” … certain U.S. intelligence and police surveillance and information collection tools have been expanded, and procedural hurdles for U.S. law enforcement agencies have been minimized. Under section 215 of the USA PATRIOT Act, the Federal Bureau of Investigation can access records held in the United States,” the decision said.
Canadians banned from the U.S. can apply for a waiver allowing them to cross the border, but the process is lengthy and expensive, and the application has to be restarted from scratch every few years for the rest of the person’s life.
“It could be a public relations disaster if people realize they’re sending sensitive information across the border that could get them banned from crossing the border,” Austin says.
“Lots of people smoke pot, and we are all going to want to cross the border. It can screw up your whole work life if you can’t cross.”
Depending on the province, Canadian marijuana buyers could leave identifying data in two ways:
1) Online ordering
Online marijuana shopping may be popular, especially since a network of marijuana retail stores will take years to develop.
Research by B.C.’s Liquor Distribution Branch found that 15 percent of the province’s adult population, or about half a million people, were interested in buying pot online, spokesperson Viviana Zanocco wrote in an email.
Global News contacted every province to ask where data about online marijuana customers — name, delivery address and so forth — will be stored:
- Quebec, B.C., P.E.I. and Nova Scotia will operate their own online ordering systems directly, and plan to store the data only in Canada.
- Alberta and Ontario have contracted out online ordering, but require the contractor to store the data only in Canada. Ontario won’t collect date of birth information through the ordering process, verifying age through an ID check at delivery instead.
- Newfoundland and Labrador and New Brunswick haven’t chosen a contractor but will impose a similar requirement.
- Manitoba and Saskatchewan will allow online cannabis sales by licensed private-sector companies, and won’t limit where they store their consumer data. (Federal privacy laws have no requirement to keep data in Canada.)
Neither Manitoba nor Saskatchewan prepared privacy impact assessments about their approach to marijuana legalization, spokespeople for those provinces said. They didn’t have to because the data will be handled by private-sector companies, they said.
2) Credit cards
Credit card data is a more challenging problem. From the moment legal pot stores open, records of Canadians’ cannabis purchases are going to start to pile up in credit card data which the banks that issue the cards warn may end up south of the border.
So it’s an important question how credit card transactions will be recorded.
Nova Scotia cannabis purchases will be entered as NSLC (Nova Scotia Liquor Commission), which will make them effectively invisible in the data. Did the cardholder buy Bud or buds? It’s impossible to tell.
(“That’s smart,” Austin says. “It seems like the easiest way to solve the problem, to just not have the data available.”)
P.E.I., New Brunswick, Ontario, Quebec and B.C. haven’t yet decided how credit card transactions will appear on customers’ statements.
The credit card issue is “on our radar,” says New Brunswick Liquor Corporation spokesperson Mark Barbour. Nova Scotia’s cannabis sales will be run by a subsidiary of the NSLC, while New Brunswick’s will be run by a separate Crown corporation, Barbour points out. That makes it hard for New Brunswick to copy Nova Scotia’s solution.
In provinces with private-sector retailers, the details of credit card transactions are somewhat beyond government control. In Newfoundland and Labrador, for example, the name of the private-sector cannabis retailer will appear on the credit card statement, says liquor board spokesperson Greg Gill.
“The whole data piece, from domain name registration to credit card information, anything that might fall into federal U.S. hands, I can see how that would be a matter of concern, for sure,” he says.
So the big question is — What do you do if you’re asked if you ever smoked cannabis at the U.S.A. border once it’s legalized in Canada?
Until we know more and both sides of the border figure out a win-win strategy to work together around this border issue, I think the best answer is no answer at all, you can’t be penalized for that, just turned around and denied entry that one time with no lasting consequences. Afterall, you won’t have any idea if the border officer has access to your purchase data or not, if you decide to lie about it, then you could be banned for lying. Until the border policies are made clear on both sides, its a crap shoot any way you decide to play it.
Source: Global News