Privacy Impact Assessment (PIA) Executive Summary

Archived - Customs Mutual Assistance Agreements (CMAAs) between the Government of Canada and Other Foreign Governments

Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Overarching Privacy Impact Assessment (PIA)

The CBSA works with foreign customs administrations to effectively combat customs fraud and related infractions through the sharing of “customs information” as defined and restricted by the Customs Act. The exchange of customs information is supported by a Customs Mutual Assistance Agreement (CMAA), which is a standard and established international means of enhancing collaboration on customs matters among customs administrations. When CMAAs are brought into force, they are legally binding treaties governed by international public law and represent a high level of commitment between the two signing Parties. 

CMAAs provide Canada with a legal basis to share customs information with foreign governments to prevent, investigate and combat customs offences, particularly customs fraud, and to provide reciprocal mutual assistance to ensure the proper application of customs laws. Under CMAAs, Canada may share customs information pertaining to: persons, goods and means of transport; activities planned, on-going, or completed, that constitute or appear to constitute a customs offence in the territory of the country requesting the data; proven law enforcement techniques; new and emerging trends, means or methods of committing customs offences; and, facilitation of risk assessment activities, within the mandate and authority of the CBSA.

Currently the CBSA has ten CMAAs in force, which entered into force at various times over the last 36 years: France (1979), United States (1985), Germany (1986), Republic of Korea (1986), Mexico (1990), European Community (which currently includes the 28 countries of the European Union) (1998), Netherlands (2010), South Africa (2010), Israel (2013), and People’s Republic of China (2015).   

The Government of Canada (GoC) has made significant endeavors with a smart and secure border strategy which promotes modern technology, risk management, and information sharing. The strategy encompasses several initiatives at the CBSA and the expansion of CMAAs represents one aspect of that strategy. To support the expansion of CMAAs, the CBSA has developed a robust Canadian Model Text, which is being used to initiate CMAA negotiations. The Canadian CMAA Model Text includes robust privacy protection clauses that adhere to GoC privacy policies and guidelines.

In parallel to the negotiation of new CMAAs, the CBSA is reviewing its existing CMAAs to ensure, among other facets, that proper privacy protection clauses support the information exchange with international partners.

As a baseline for going forward with this CMAA strategy, an Overarching Privacy Impact Assessment (PIA) has been developed with a multi-faceted scope. First, this PIA assesses the business processes of the CBSA in submitting and receiving Requests for Assistance (RFAs) to and from a foreign customs administration under a CMAA.

Second, based on the planned use in future CMAA negotiations, this Overarching PIA includes an assessment of the updated Canadian CMAA Model Text against existing GoC privacy policies and guidelines, as well as internal policies related to customs disclosures and the security of information. As new CMAA negotiations near conclusion, additional or updated privacy risk assessments will be conducted and attached as subsequent Annexes to this Overarching PIA.

Third, this PIA assesses the ten in-force CMAAs to identify privacy risks within the language of each country-specific CMAA. These CMAAs, and the ten corresponding privacy risk assessments, are provided in the Annexes to this Overarching PIA. The goal is that the risk assessments of the ten in-force CMAAs will identify those that are in greater need of being potentially considered for renegotiation. The privacy risk analyses of these ten CMAAs will be used in conjunction with program analysis, insight and advice provided by Legal Services, senior management, and the Department of Foreign Affairs, Trade and Development Canada (DFATD) to create a negotiation prioritization plan. 

The PIA identified ten (10) possible privacy risks and an Action Plan has been developed to implement mitigating measures. None of the risks related to the Canadian Model Text were considered to have a high impact or likelihood of occurrence. However, some previously negotiated agreements were determined to be outdated and may be considered for further review to determine if renegotiation is required. The CBSA is considering developing a phased renegotiation strategy to ensure that all CMAAs closely adhere to the Canadian Model Text examined in the CMAA overarching PIA.

Date modified: