By some estimates, there were more than 2 wireless networked devices for every person on the planet in 2014. The multiplier is expected to reach 5 by the year 2020.
This explosive proliferation of networked technology offers remarkable opportunities, but also inspires concern that the connected future may result in ubiquitous, inescapable, surveillance of every aspect of our lives. Legislators and regulators around the world are grappling with the implications of this technology for the ability to protect personal privacy interests and the practical problems of applying legal regimes originally developed in a very different era.
Against this backdrop, the Online Trust Alliance, a U.S.-based organization with the goal (among other things) of advancing best practices to “enhance online safety, data security, privacy and brand protection” has recently release a discussion draft of a “Trust Framework” for the Internet of Things. This framework is intended to set out guiding principles for connected home and wearable devices. It is conceptually based on the “Fair Information Practice Principles” (FIPPs) that underlie privacy law in many jurisdictions, including Canada. Continue Reading
Part 1 of this post provided an overview of the Canadian Internet Registration Authority’s domain name dispute resolution process. Part 2 outlines a similar process available through the World Intellectual Property Organization’s (“WIPO”) Arbitration and Mediation Center. Continue Reading
Individuals or businesses may find themselves in a dispute over a domain name, whether as a complainant or the registered owner of the domain name.
Depending on the parties involved and where the domain name is registered, two potential avenues for domain name dispute resolution are through: (1) the Canadian Internet Registration Authority (“CIRA”), and (2) the World Intellectual Property Organization (“WIPO”).
Part 1 of this two-part blog will address CIRA’s dispute resolution process for .CA domain names. Part 2 will address WIPO’s domain name dispute resolution process. Continue Reading
Copyright law offers up a panoply of interesting questions, which often verge on the philosophical. One such question is: if one tries to make a copy of something, but the copy is defective and useless, has one made a copy at all? According to a recent decision of Master Hanebury, of the Court of Queen’s Bench of Alberta, the answer could be yes. Continue Reading
Recently, Google has announced two new patent-related initiatives. The first being the overhaul of Google Patents, a search tool of existing patent databases, and the second being the launch of the Google Patent Starter Program, giving away patents for free.
These two initiatives build on Google’s effort to impact patent reform in the United States and beyond. Prior to these announcements, Google’s efforts included the launch of the Patent Purchase Promotion in April (which we discussed here). Google has not officially released any information on the outcome of the Patent Purchase Promotion but Kurt Brasch, a lawyer at Google, reported that the program was a big success. In a phone interview with Fortune.com Mr. Brasch stated that the company bought numerous patents at purchase prices ranging from $3000 to $250,000. Continue Reading
Companies in early and growth stages often need significant funding to achieve their business goals but can have difficulties finding potential investors. Until recently, Canadian regulatory rules prohibited companies in Canada from raising financing by issuing shares and other securities to the general public unless they either (i) filed a qualifying prospectus; or (ii) relied on an exemption from the requirement to file a prospectus under securities laws, which limited the pool of potential investors to people such as friends & family, business associates and accredited investors.
Recently, certain Canadian Securities Administrators introduced a new prospectus exemption, known as the “Crowdfunding Exemption”, which permits companies who meet the requirements of the exemption, to issue securities to the general public without going through the lengthy and costly process of filing a prospectus. Continue Reading
In a Judgment released July 23, 2015, the Federal Court of Appeal upheld the Federal Court’s award of more than C$180 million in damages and interest for Apotex’s infringement of Merck’s Canadian lovastatin patent. In this decision, the Federal Court of Appeal reversed the Trial Judge and held that the availability of a non-infringing alternative (“NIA”) is relevant under Canadian law but held that Apotex could not have and would not have deployed it. Continue Reading
In today’s Internet, advertising is ubiquitous. It is the main source of revenue for many web sites and services. It is also the subject of increasing scrutiny by privacy advocates and regulators, as advertisers and ad networks develop ever-more sophisticated means to track and profile users in the quest to optimize their effectiveness.
In Canada, online behavioural advertising (sometimes referred to as interest-based advertising) has been the subject of significant attention from the Office of the Privacy Commissioner. The Office recently released a research report on the subject, concluding that many organizations and web sites are not fully-compliant with the guidelines the Office issued on the subject in 2011. This comes in the wake of specific findings in a number of cases relating to opt-in consent, use of sensitive information for profiling purposes, and online tracking of children.
These are not new issues. In 2007, consumer advocate groups asked the U.S. Federal Trade Commission to establish a national “Do Not Track” list, which web advertisers would be required to honour. By 2011, this had evolved into an http header-based signaling model, allowing users to communicate their preference to web servers but relying on voluntary adoption by the advertisers.
In 2011, the World Wide Web Consortium (W3C) began efforts to standardize the model. On July 14, 2015, they released a long-awaited “Last-Call Working Draft” standard for server-side compliance, as a companion to an earlier draft standard for the user expression of tracking preferences. Continue Reading
A question that I often get from clients is one about cyber-insurance. In light of the recent passing of Bill S-4, better known as the Digital Privacy Act, the Personal Information Protection and Electronic Act (“PIPEDA”) has now been amended to include mandatory breach notification provisions. While these mandatory breach notification provisions are not yet in force, it is a good time to review your cyber-insurance coverage.
As data breach incidents continue to rise, and legislative regimes provide more and more stringent regulation of data breaches, including the proliferation of mandatory breach notification provisions, the expense associated with data breaches also rises. Estimated costs of dealing with a data breach, even to resolve a potential attack, or an attempted breach, have been as high as $600 000. Costs can be incurred as a result of forensic and investigative activities, assessment and audit services, crisis team management, and the necessary internal and external communications. As these incidents increase in number, scope, and impact, organizations are looking to transfer the risk associated with informational security breaches.
The most common way of transferring risk is by obtaining insurance policies: if the risk is insurable, the risk is transferable. Cyber and privacy insurance has been available on the market for the last decade, covering organizations’ liability for a data breach in which the organization’s or customers’ information is lost or stolen. Marsh Inc., a global insurance broker, said that the number of organizations that purchased cyber insurance in the US increased by 33% from 2011 to 2012, and that cyber insurance is currently the fastest growing area of commercial insurance in the world. Policies vary, with cyber insurance offered as an add-on or included in more generally policies, or sold as a distinct product. Marsh Inc. also noted that the lesser growth of cyber insurance in Canada compared to the US is likely due to the higher number of mandatory breach reporting regimes in the US. Continue Reading
On June 12, 2015, at the urgent request of Horizon Pharma PLC (“Horizon”), the Federal Court of Canada granted a rare interlocutory stay preventing the Minister of Health (the “Minister”) from issuing a Notice of Compliance (“NOC”) to Horizon in respect of its own glycerol phenylbutyrate drug RAVICTI that will be used to treat Urea Cycle Disorders (“UCDs”). Horizon sought the stay to prevent generic competitors from using the information in its regulatory submission while Horizon challenged the Minister’s decision to deny RAVICTI data protection. The Minister did not oppose Horizon’s motion.
While this case raises a fairly unique issue, the Court’s ruling in respect of irreparable harm may have broader implications in terms of the ability to obtain interlocutory injunctions (TROs) in Canadian pharmaceutical patent litigation. In this case, the Court linked the recovery of Horizon’s R&D investment to the period of exclusivity Horizon would enjoy should data protection ultimately apply. The risk associated with the inability of Horizon recouping its investment in that specific time period was held to be irreparable harm.
This finding may have broader implications, for example, in the context of pharmaceutical patent litigation where innovators are often entitled to a period of market exclusivity as a result of patent protection. In such instances, the grant of a generic NOC before the expiry of a relevant patent might make it impossible for an innovator to recoup its R&D investment during the period of exclusivity it would have otherwise enjoyed as a result of its patent protection. This is especially so if and where patent infringement damages may be limited or reduced. Accordingly, a stay of the Minister’s decision to grant a generic NOC might be appropriate in certain circumstances, for example, where an innovator is seeking to appeal from an invalidity judgment in the context of the PM(NOC) Regulations and might be unable to fully recoup its R&D investment in the form of damages for patent infringement. Continue Reading