I'm a little late in getting around to reporting on this (my plate is surprisingly full these days) and it has been blogged elsewhere but I thought I should say a few words about this ruling.
On August 7, 2008, the Office of the Privacy Commissioner of Canada released a report of findings relating to the change of email provider for canada.com customers. The complaints alleged that canada.com did not get customer consent to disclose personal into the new US provider and did not provide adequate notice. The complainant also said that the level of protection for personal information is not comparable to that which is available in Canada. The response of the Office was that all three complaints were unfounded.
Having read through the document, I follow the arguments presented by the Privacy Commissioner. The actions of canada.com seem to follow what Canadian law requires. However, it could be said that there are deficiencies with Canadian law; for instance, it may be legal to transfer the accounts as canada.com though some customers may not like the transfer. Implementing blocking legislation would change the law in order to satisfy the customers.
I think the Commissioner did give short shrift to the implications of the USA PATRIOT Act. With the transfer of email accounts to the US-based provider, personal information of Canadian customers of canada.com is susceptible to seizure under the Act and the customers would know nothing of us. There is legislation similar to the PATRIOT Act in Canada but that's our issue to deal with. That being said, even with the implications of the PATRIOT Act, it's still legal for canada.com to transfer the email function to the US supplier.
I could go on but I will stop there. Please have a look at the document. It can be found at http://www.cippic.ca/uploads/OPC_Findings-canada.com.pdf.