Sri Lanka
USA
Canada
India
UK
UAE
A new federal white paper has warned that Canada’s data could still be accessed by foreign courts and governments—even if stored within its borders—if service providers are subject to foreign laws such as those of the United States.
The Canadian government has issued a stark warning about the limits of its control over national data stored on cloud platforms that fall under foreign jurisdiction. According to a new white paper on digital sovereignty, Ottawa cannot maintain full legal control over its data if its cloud service providers are bound by the laws of another country.
The document, prepared for the Treasury Board, emphasizes that true data sovereignty can only be achieved if Canada either delivers its own cloud services or partners exclusively with providers operating entirely under Canadian law. However, it also concedes that even data stored domestically could still fall under foreign jurisdiction.
“Most countries, including Canada and the United States, have laws that allow their authorities to request access to information held by organizations within their borders,” the paper explains, citing the U.S. Cloud Act as a prime example. This legislation enables American authorities to compel U.S. companies to surrender data stored abroad if required for law enforcement purposes.
The warning comes as Ottawa advances its push for “digital sovereignty” — an initiative championed by Artificial Intelligence Minister Evan Solomon and Prime Minister Mark Carney, who has floated the idea of developing a “sovereign cloud” for Canada. Such a system would ensure that data infrastructure complies strictly with Canadian values and laws.
Since 2021, the federal government has spent nearly $1.3 billion on cloud services from major U.S. providers like Amazon, Microsoft, and Google, which host sensitive government operations including defence applications.
Solomon, who recently called digital sovereignty “the most pressing policy and democratic issue of our time,” has yet to clearly define the term. He acknowledged to CBC that while U.S. access under the Cloud Act requires a judicial warrant, Canadians remain deeply concerned about foreign influence over domestic data.
In September, Solomon announced the formation of a 27-member task force to draft recommendations for an updated AI strategy. However, civil society groups have criticized the process for favouring industry voices and overlooking public concerns about AI-related risks.
An open letter released Monday urged the government to reconstitute the task force and extend public consultations, arguing that the current approach shows “serious disregard” for Canadians’ concerns.
Meanwhile, Canadian telecom companies such as Bell and Telus are positioning themselves to play a major role in a sovereign cloud initiative, highlighting their own AI and data infrastructure projects.
Experts, however, caution that foreign links may persist even within local systems. York University’s Professor Jennifer Pybus noted that Bell’s use of U.S.-made chips, for instance, could still allow American authorities to request access under existing U.S. laws.
“If the U.S. wants access to data that a U.S. company has, they can get it,” Pybus warned, underscoring the complex challenge Canada faces in securing true data independence.
