Industry Minister James Moore announced today that most of Canada’s long-anticipated anti-spam/malware legislation (“CASL” for short) will be coming into force on July 1, 2014. As part of today’s announcement, Industry Canada also released a significantly revised and final version of its important CASL regulations.
CASL is widely considered to be the toughest commercial electronic messaging legislation in the world, and its coming into force will have significant implications for Canadian businesses, not-for-profit organizations and individuals using electronic means to communicate. Those who violate CASL could face fines of up to $1 million for individuals and $10 million for organizations. CASL also provides for a private right of action, which will not be available until July 1, 2017, with potential remedies that could amount to as much as $1 million per day for violations.
Most of the act, and the provisions concerning messaging will come into force on July 1, 2014. The provisions concerning the installation of computer programs will come into force on January 15, 2015, and the private right of action provided by CASL will come into force on July 1, 2017.
The Supreme Court of Canada recently formulated new rules for computer searches by police, acknowledging that the traditional legal framework was inadequate to protect the privacy rights of individuals in their digital life. In R. v. Vu, 2013 SCC 60, the Court said that a police search of a computer now requires prior authorization in the form of a specific warrant.
The police had been tipped about electricity theft at a residence suspected of being used to cultivate marijuana. They obtained a warrant to search the residence for evidence of such theft, including information identifying the owners and/or occupants of the residence. The information to obtain the warrant indicated the police intended to search for “computer-generated notes” but did not specifically refer to computers or authorize a search of computers. Continue Reading
This morning, the Supreme Court of Canada released Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC 62, an important decision relating to the intersection of freedom of expression and protection of privacy and, in the process, struck down Alberta’s Personal Information Protection Act, SA 2003, c. P-6.5 ( “PIPA”). At issue were the privacy rights created by the PIPA and the right to free expression, which is constitutionally enshrined as section 2(b) of the Canadian Charter of Rights and Freedoms (the “Charter”).
The case arose from a strike in 2006, at the Palace Casino in Edmonton. Both the union and the employer videotaped the picket line, which was located in a shopping mall. The evidence on record suggests that recording picket lines was standard practice in Alberta at the time. The union posted notices at the site that recordings of people crossing the picket line might be posted to a web site.
Certain individuals, including officers of the employer, employees, and other members of the public, filed complaints with Alberta’s Information and Privacy Commissioner, under PIPA. The record indicates that the complainants were recorded crossing the picket line, but that no such recordings of any of the complainants were ever posted on the web site. Continue Reading
In the case of XY, LLC v. Zhu, 2013 BCCA 352¸ the B.C. Court of Appeal has confirmed that employees of a company can be personally liable for the breach of a technology license agreement by their employer. The Court held that employees who continue to carry out low level tasks even after they become aware of their employer’s dishonest conduct may avoid liability; employees who knowingly assist their employer in carrying out a fraud can be personally liable for the damages caused by the company’s conduct.
The plaintiff XY, LLC was formed to bring to market technology that makes it possible to separate X and Y chromosomes in bovine sperm in order to allow sex-selection in calves. In 2004, XY licensed this technology to JingJing Genetic Inc. (JingJing). JingJing was to use the technology to export calf embryos produced in Canada to cattle farms located in China. Under the terms of the license agreement, JingJing was to pay XY a royalty based on the number of embryos and amount of sperm it sold in China. Continue Reading
Whether we are talking about patents, trademarks, copyright or other forms of intellectual property, they need to be enforced and protected. One outcome of IP litigation can be a monetary award, for example, an award of damages. Organizations sometimes find themselves in a position where a final award in an IP case must be enforced against an individual or a company located in Canada. This happens, for example, where the Canadian defendant has no meaningful assets located in the foreign jurisdiction. It happens more often than one might think.
Essentially, a foreign judgment is viewed as a contractual obligation that can be enforced by a court in Canada. The following six points outline the relevant steps and considerations associated with such enforcement. Continue Reading
The Next Big Thing in privacy is the advent of usage-based insurance (“UBI”), made possible by a telematics device – a small gizmo that plugs in to the diagnostic port of a car, monitors a driver’s driving habits, and sends that information wireless to an insurer/third party. Insurers in turn offer up to 25% savings on insurance rates based on “safer” driving. Available for over a year in the US, insurers have now begun offering similar programs in Canada, prompting the industry regulator in Ontario, the Financial Services Commission of Canada (“FSCO”), to release a bulletin designed to outline what it views as acceptable and unacceptable practices with respect to privacy, pricing and marketing of such programs. 
In one Canadian insurer’s program, which is expected to be typical, the device records information relates to vehicle location (“GPS”), time, device connections/re-connections and vehicle identification number (“VIN”).The information is transmitted wirelessly to a third party data service provider, and then erased from the device. Other information, such as kilometres driven, rates of acceleration and braking, speed, cornering and lane changes is derived from the above recorded information. This collected data is then sent from the third party data service provider to insurer, which uses it to calculate the appropriate level of telematics discount, based on distance driven, fast acceleration and hard braking, and time of use. Continue Reading
Almost invariably, defendants in a patent lawsuit seek to examine the inventors of the patent or patents in issue. But, what do you do if an inventor resides in Canada? Generally, non-Canadian courts are not able to assert personal jurisdiction over Canadians and, therefore, cannot compel them to give evidence under oath for the purposes of a lawsuit. If a Canadian witness does not willingly provide evidence, commission evidence may be sought via the enforcement of what are called “letters of request”. Essentially, these represent a foreign court’s request that a Canadian court order someone to appear and be examined under oath.
The enforcement of such requests is a matter of discretion for a Canadian court and is by no means a slam dunk. Enforcement is generally granted where both specific legal requirements, and public policy objectives, are satisfied. It is important to ensure that letters of request are designed to satisfy such legal requirements, and it is wise to have a Canadian lawyer help with their preparation. The legal requirements for enforcement are generally summarized below. Continue Reading
The Honourable Jean-Pierre Plouffe has been appointed the new Commissioner of the Communications Security Establishment (CSEC).
The Commissioner’s role is, among other things, to provide independent review of the CSEC’s activities and undertake investigations in response to complaints.
Last week was an exciting week for those who monitor developments in technology and the law. First, a Canadian telecom company announced it had just signed a deal that would allow it to introduce wireless internet service for Canadian cars. The next day, the Ontario Court of Appeal released two companion decisions that added some oomph to Ontario’s distracted driving laws – merely holding a mobile phone, said the court, is sufficient to put you offside the law. The phone doesn’t have to be on and it doesn’t even have to be near your ear: it just has to be a cell phone.
Distracted driving advocates and telecom executives no doubt cheered. Just as the court declared that drivers ought to keep their hands on the wheel, a telecom declared it had a business plan that could facilitate that very thing. Win-win.
Except that few people read the details of the court’s decisions. Yes, both decisions censured hand-held cell phones by drivers. However, in parsing the legislation, and commenting generally on the distraction created by “other prescribed devices”, the Ontario Court of Appeal may also have inadvertently censured the next generation of connected vehicles. Continue Reading
The government of Manitoba recently enacted the Personal Information Protection and Identity Theft Prevention Act (“PIPITPA”) to regulate the collection, use and disclosure of personal information by the private sector in Manitoba. The statute has not come into force but this enactment is momentous, as it will enable Manitoba to join the ranks of Alberta, British Columbia and Quebec, which all have their own private sector privacy legislation that is “substantially similar” to the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). Manitoba is also the first province to move in this direction with an all-encompassing private sector law since 2004.
This significant moment in privacy law in Canada cannot escape a historic parallel. Despite its title, PIPITPA is almost identical to the 2009 version of Alberta’s Personal Information Protection Act (“2009 Alberta PIPA”), with word-for-word similarities in many places. Similar to the 2009 Alberta PIPA, PIPITPA is organized by divisions of purpose, protection, access and care, regulation, and general provisions. The key differences are that the Alberta legislation takes a different approach on breach notification and on the role of the Privacy Commissioner. Accordingly, many of the experiences under the Alberta Personal Information Protection Act (“Alberta PIPA”) will help guide organizations in Manitoba as to their risks and obligations. Likewise, the case law in Alberta should guide Manitoba courts whenever privacy litigation arises.
This article will focus on how these two statutes compare and provide commentary on what organizations can do to prepare for the coming into force of PIPITPA. Continue Reading