I think the situation right now is quite confused. Section 5 of the new act says that it's subject to other existing acts that constrain or control the disclosure of information, which would suggest the Privacy Act. The Privacy Act itself has an exception saying that where some other active statute authorizes disclosure, then the Privacy Act rules don't apply, so you get into a bit of a circle. The new act says subject to other laws, the Privacy Act says subject to permission in new laws, so which prevails?
The green paper implies that the government views the Security of Canada Information Sharing Act as a lawful authority constituting an exception to the Privacy Act, and so they've opted for an exit off the merry-go-round, but it's not an exit that you can predict from the wording of the statutes. Again, I think the best we can say about the drafting is it's very confusing, and that's just one illustration of how confusing drafting could be construed inside government. We wouldn't necessarily know how it's being construed, and so we're left with the prospect that an ambiguous law is given definitional rigour by secret legal opinions that we can never see.