Late yesterday, the Minister of Innovation, Science and Industry issued updated Guidelines on the National Security Review of Investments (“Guidelines“). An important addition to the Guidelines is the specific inclusion of “sensitive personal data”.
In a statement accompanying the Guidelines, the Minister emphasized the importance of foreign investment in Canada: “As we work with businesses to help them recover from the effects of the COVID-19 pandemic, Canadian companies may look to global capital to help their growth. Foreign direct investment allows many of Canada’s cutting-edge, intellectual property-intensive firms to scale up and reach global customers.”
Nevertheless, the Minister highlighted in the revised Guidelines four areas where the Governments sees heightened risk:
- sensitive personal data,
- specified sensitive technology areas,
- critical minerals; and
- investments by state-owned or influenced foreign investors
This effort to increase transparency will be welcome to foreign investors, even if the message of elevated scrutiny of certain foreign investments may not be.
Access to sensitive personal data
The Guidelines add a new risk factor, namely, “the potential of the investment to enable access to sensitive personal data that could be leveraged to harm Canadian national security through its exploitation”. This data includes: personally identifiable health or genetic (e.g., health conditions or genetic test results); biometric (e.g., fingerprints); financial (e.g., confidential account information, including expenditures and debt); communications (e.g., private communications); geolocation; or, personal data concerning government officials, including members of the military or intelligence community.
This risk factor potentially applies to a broad array of Canadian businesses given that many businesses – from financial services to dating applications – rely upon vast stores of personal information in their daily operations. As a result, foreign investments in such businesses could trigger national security concerns. For example, in 2019, the Committee on Foreign Investment in the US or “CFIUS”, the body responsible for national security screening of US investments, required the divestiture by Beijing Kunlun Tech Co. Ltd., a Chinese gaming company, of its interest in Grindr, a dating app for the LGBTQ community. A key national security concern related to access by a Chinese company to a database containing personal information such as user location, messages and medical information.
Canadian government concern about foreign access to sensitive personal or business information does not necessarily mean that the investment will be prohibited outright. Potential mitigation measures which might be available include:
- Requiring that all servicing and support for some or all business lines be conducted in Canada;
- Creating approved corporate security protocols to safeguard information and access to a site;
- Requiring employees with access to sensitive information to attest to compliance with approved security protocols;
- Providing notice to the Minister of new prospective employees who would have access to sensitive Information or technology as a part of their job description.
This is an interesting addition to the Guidelines, and is consistent with overall theme of the provisions being proposed in Bill C-11 (the Digital Charter Implementation Act), introduced on November 17, 2020, proposing the new Consumer Privacy Protection Act (“CPPA“) as a replacement for the existing Personal Information Protection and Electronic Documents Act (“PIPEDA“), the federal legislation regulating privacy in the private sector (see our CPPA: In Depth Guide for a detailed analysis of the proposed CPPA).
Critical minerals and critical mineral supply chains
The news reports almost daily about the importance of supply chains relating to vaccine procurement and concerns about self-sufficiency in domestic production. The Canadian government is also concerned about supply chains of critical minerals, in order to ensure a steady supply of minerals and metals for a lower carbon economy, as well as rare earth metals used in high tech sectors such as aerospace, manufacturing and defence. The revised Guidelines state that the Government will take into account the potential impact of a foreign investment on critical minerals and their supply chains, referring to the Government’s Critical Mineral List.
This List notes that “critical minerals are the building blocks for the clean and digitized economy”. It goes on to note: “….Essential for renewable energy and clean technology applications (batteries, permanent magnets, solar panels and wind turbines), they are also required inputs for advanced manufacturing supply chains, including defence and security technologies, consumer electronics, agriculture, medical applications and critical infrastructure. Economies that quickly secure a position in shifting supply chains will be well situated for long-term economic growth and prosperity.”
There are 31 minerals listed that are “are critical for the sustainable economic success of Canada and our allies” and to “position Canada as the leading mining nation”. They include nickel, manganese, cobalt, potash, rare earth elements, uranium and lithium, among others. The reference to “our allies” is also significant as the Canadian government is cooperating with the US on a joint action plan to secure North American access to critical minerals.
For national security purposes, it is not only the mineral that can raise national security concerns, but also where the mine is located. As noted in our previous article, the federal Cabinet blocked Chinese provincial SOE, Shandong Gold Mining Co. Ltd., from acquiring TMAC Resources, a junior gold mining company in Nunavut (northern Canada) on national security grounds. Although the Canadian government did not provide reasons for its decision (and gold is not a critical mineral), key concerns appear to have been TMAC’s location on an inlet to the Northwest Passage which serves as a shipping route between the Atlantic and Pacific Oceans – and potentially raises Canadian sovereignty issues – and TMAC’s proximity to one of a chain of Canadian early warning radar stations. Press reports also indicate that the US government had pressured Canada to reject the transaction.
Greater clarity on what constitutes “sensitive technology”
While the previous Guidelines identified the potential effects of a foreign investment on the transfer of “sensitive technology”, the new Guidelines offer greater specificity and indicate that the Government will consider whether “the investment provides access to information not in the public domain related to the research, design or manufacture of sensitive technologies. Sensitive technology areas include those that have military, intelligence or dual military/civilian applications. Such technologies may be developed in multiple fields, including, but not limited to those listed at Annex A.” Annex A includes a non-exhaustive list of technology areas that may be “sensitive” for national security review purposes and includes artificial intelligence, biotechnology, energy generation, storage and transmission and robotics and autonomous systems, among other things.
State-owned and state-influenced investors subject to elevated scrutiny
In April 2020, former Minister of Innovation, Science and Industry Bains issued a statement that the Canadian government would scrutinize closely investments by foreign state investors. His successor, Minister Champagne, has reiterated the same message in the revised Guidelines:
“State-owned enterprises may be motivated by non-commercial imperatives that could harm Canada’s national security. The Government will subject all foreign investments by state-owned investors, or private investors assessed as being closely tied to or subject to direction from foreign governments, to enhanced scrutiny under Part IV.1, regardless of the value of the investment.”
The inclusion of foreign state ownership or influence as a risk factor is not surprising and underlines the government’s more sober view of SOE investment over the last few years stemming from the rise in global geo-political tensions, greater concerns about cyber-security (including in relation to 5G networks), and a chill in relations between Canada and China.
Background on National Security Review
The national security review process under the ICA allows the federal Cabinet to take measures to address national security risks related to foreign investments. Those measures include blocking the acquisition of an interest in a Canadian business (or the establishment of a new Canadian business) or authorizing an investment subject to terms and conditions. If an investment has already been completed, the Cabinet can also order a divestiture of the business and such disposition may occur at fire sale prices. Investments subject to national security review include acquisitions of control of Canadian businesses (whether or not Canadian owned) of any monetary value, minority investments and the establishment of a Canadian business. In addition, national security reviews can be lengthy – up to 200 days, or longer with the investor’s consent.
For more information about Denton’s data expertise and how we can help, please see our Transformative Technologies and Data Strategy page and our unique Dentons Data suite of data solutions for every business, including enterprise privacy audits, privacy program reviews and implementation, and training in respect of personal information. Subscribe and stay updated.