Citizen Labs’ new report adds to criticism of Canada’s pending (and long-titled) Bill C-27: An Act to enact the Consumer Privacy Protection Act (CCPA), the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act. Bill C-27 is an update to the Personal Information Protection and Electronic Documents Act (PIPEDA), which has been in force as federal law for two decades. Among the concerns raised is that the new CCPA law would be weaker than GDPR and that it includes problematic exemptions, including that organizations can decide when benefits of collecting of personal information outweighs risks - and that this could be done without having to notify people of collection or planned use.

France has determined that free versions of Office 365 and Google Workspace potentially leave data at risk because they store data in the cloud in the US, so are not under obligation to comply with the EU’s GDPR and Schrems II, the 2020 ruling by the European Court of Justice on the cross-border sharing of data. As a result free versions are not allowed to be used in French schools.