In today’s Internet, advertising is ubiquitous. It is the main source of revenue for many web sites and services. It is also the subject of increasing scrutiny by privacy advocates and regulators, as advertisers and ad networks develop ever-more sophisticated means to track and profile users in the quest to optimize their effectiveness.
In Canada, online behavioural advertising (sometimes referred to as interest-based advertising) has been the subject of significant attention from the Office of the Privacy Commissioner. The Office recently released a research report on the subject, concluding that many organizations and web sites are not fully-compliant with the guidelines the Office issued on the subject in 2011. This comes in the wake of specific findings in a number of cases relating to opt-in consent, use of sensitive information for profiling purposes, and online tracking of children.
These are not new issues. In 2007, consumer advocate groups asked the U.S. Federal Trade Commission to establish a national “Do Not Track” list, which web advertisers would be required to honour. By 2011, this had evolved into an http header-based signaling model, allowing users to communicate their preference to web servers but relying on voluntary adoption by the advertisers.
In 2011, the World Wide Web Consortium (W3C) began efforts to standardize the model. On July 14, 2015, they released a long-awaited “Last-Call Working Draft” standard for server-side compliance, as a companion to an earlier draft standard for the user expression of tracking preferences. Continue Reading
A question that I often get from clients is one about cyber-insurance. In light of the recent passing of Bill S-4, better known as the Digital Privacy Act, the Personal Information Protection and Electronic Act (“PIPEDA”) has now been amended to include mandatory breach notification provisions. While these mandatory breach notification provisions are not yet in force, it is a good time to review your cyber-insurance coverage.
As data breach incidents continue to rise, and legislative regimes provide more and more stringent regulation of data breaches, including the proliferation of mandatory breach notification provisions, the expense associated with data breaches also rises. Estimated costs of dealing with a data breach, even to resolve a potential attack, or an attempted breach, have been as high as $600 000. Costs can be incurred as a result of forensic and investigative activities, assessment and audit services, crisis team management, and the necessary internal and external communications. As these incidents increase in number, scope, and impact, organizations are looking to transfer the risk associated with informational security breaches.
The most common way of transferring risk is by obtaining insurance policies: if the risk is insurable, the risk is transferable. Cyber and privacy insurance has been available on the market for the last decade, covering organizations’ liability for a data breach in which the organization’s or customers’ information is lost or stolen. Marsh Inc., a global insurance broker, said that the number of organizations that purchased cyber insurance in the US increased by 33% from 2011 to 2012, and that cyber insurance is currently the fastest growing area of commercial insurance in the world. Policies vary, with cyber insurance offered as an add-on or included in more generally policies, or sold as a distinct product. Marsh Inc. also noted that the lesser growth of cyber insurance in Canada compared to the US is likely due to the higher number of mandatory breach reporting regimes in the US. Continue Reading
On June 12, 2015, at the urgent request of Horizon Pharma PLC (“Horizon”), the Federal Court of Canada granted a rare interlocutory stay preventing the Minister of Health (the “Minister”) from issuing a Notice of Compliance (“NOC”) to Horizon in respect of its own glycerol phenylbutyrate drug RAVICTI that will be used to treat Urea Cycle Disorders (“UCDs”). Horizon sought the stay to prevent generic competitors from using the information in its regulatory submission while Horizon challenged the Minister’s decision to deny RAVICTI data protection. The Minister did not oppose Horizon’s motion.
While this case raises a fairly unique issue, the Court’s ruling in respect of irreparable harm may have broader implications in terms of the ability to obtain interlocutory injunctions (TROs) in Canadian pharmaceutical patent litigation. In this case, the Court linked the recovery of Horizon’s R&D investment to the period of exclusivity Horizon would enjoy should data protection ultimately apply. The risk associated with the inability of Horizon recouping its investment in that specific time period was held to be irreparable harm.
This finding may have broader implications, for example, in the context of pharmaceutical patent litigation where innovators are often entitled to a period of market exclusivity as a result of patent protection. In such instances, the grant of a generic NOC before the expiry of a relevant patent might make it impossible for an innovator to recoup its R&D investment during the period of exclusivity it would have otherwise enjoyed as a result of its patent protection. This is especially so if and where patent infringement damages may be limited or reduced. Accordingly, a stay of the Minister’s decision to grant a generic NOC might be appropriate in certain circumstances, for example, where an innovator is seeking to appeal from an invalidity judgment in the context of the PM(NOC) Regulations and might be unable to fully recoup its R&D investment in the form of damages for patent infringement. Continue Reading
In March of 2014, the Minister of Finance tasked the Standing Senate Committee on Banking, Trade and Commerce to examine the use of digital currencies. The Committee pursued an extensive fact-finding mission in Canada and in the United States, speaking with, amongst others, representatives from regulatory bodies, financial institutions, digital currency interest groups, law enforcement, and universities. The long-anticipated, 64-page report was published this month with a clear message: while there are steps to take to address the risks digital currencies could pose in money laundering, terrorist financing, and tax evasion, the federal government should tread carefully in developing regulations for digital currency so as not to restrict or stifle its use and development. Continue Reading
However, local laws sometimes modify or invalidate these kinds of agreements. For example, in 2011, the Supreme Court of Canada ruled that the B.C. Business Practices and Consumer Protection Act overrode an arbitration clause in a consumer contract.
A similar issue recently arose when a B.C. resident tried to initiate a class action lawsuit in B.C. against Facebook. Continue Reading
On June 8, 2015, the Minister of Industry introduced Bill C-65, with the short title Support for Canadians with Print Disabilities Act. This Bill amends provisions of the Copyright Act dealing with exceptions intended to facilitate access to alternate format works by the visually impaired and other persons with so-called “print disabilities”. These changes are intended to implement (and enable Canada to accede to) the Marrakesh Treaty, as announced in the federal budget. (See pp. 21, 281, 286.)
The proposed amendments broaden the exception in section 32, including by removing the exclusion of large print books and by expressly addressing distribution of, or providing access to, the accessible works.
The Bill also proposes a number of changes to the provisions in section 32.01 dealing with export of accessible format works, including to permit direct exports to beneficiary persons in other countries, subject to some conditions, and to remove conditions on the nationality of the author.
Additionally, the proposed amendments include conforming changes in section 41.16, which would broaden the existing exemption permitting circumvention of technological protection measures for the benefit of persons with perceptual disabilities to expressly include doing so in order to permit the exercise of the exceptions set out in sections 32 and 32.01.
The Ontario Securities Commission (“OSC”) has announced a series of criminal and quasi-criminal charges following an investigation related to the misuse of confidential patient information from the Rouge Valley Health System and the Scarborough Hospital. The OSC charges stem from allegations that a RESP sales representative purchased stolen maternity patient labels from a hospital nurse over a two-and-a-half-year period. The health information of approximately 14,000 new mothers was allegedly compromised.
This comes 6 months after a separate review by the Information and Privacy Commissioner of Ontario (“IPC”) which determined that Rouge Valley Health System failed to put in place “reasonable technical and administrative safeguards to protect patient information.” In an Order issued in December 2014, the IPC found the hospital was not in compliance with its obligations under the Personal Health Information Protection Act, 2004 (“PHIPA”) and ordered the hospital to implement changes to its electronic information systems, revise its privacy and audit policies, as well as deliver privacy training to all staff. Continue Reading
In a decision released on June 3, 2015 (2015 FCA 137), a unanimous Federal Court of Appeal (“FCA”) dismissed Apotex’s appeal of Justice O’Reilly’s order prohibiting the Minister of Health from issuing a NOC to Apotex to market its generic version of LUMIGAN RC® until the expiry of Canadian Patent No. 2,585,691 (the “‘691 Patent”).
Significantly, on the issue of sound prediction the FCA held that the elements of sound prediction need not be disclosed in a patent if they would be self-evident to the skilled person. The Federal Court of Appeal has previously stated this principle in obiter in relation to the requirement that there be a “line of reasoning” linking the factual basis for the prediction and the prediction itself. However, the issue was squarely before the Court on this appeal and the Court’s ruling is a ratio of the case. Further, the Federal Court of Appeal held that any element of the test for sound prediction that would be self-evident to the skilled person need not be disclosed in the patent. Continue Reading
On April 27th, 2015 Google announced the launch of its Patent Purchase Promotion. The “experiment,” as Google calls it, allows patent owners, or those otherwise authorized to sell a patent, to set a price for their patent and offer it for sale to Google. The Promotion is Google’s attempt to “remove friction from the patent market” and “help improve the patent landscape and make the patent system work better for everyone.” By offering to buy patents direct, Google is attempting to provide an alternative to the lure of selling one’s patent to a non-practicing entity, more commonly known as a patent troll. Continue Reading
Grant v. Winnipeg Regional Health Authority et al., 2015 MBCA 44 (“Grant”), is a successful appeal of the decision of the motion judge, which upheld the decision of the Master striking parts of an amended statement of claim as disclosing no reasonable cause of action. In doing so, the Manitoba Court of Appeal (the “Court”) held that the tort of intrusion upon seclusion, as set out in Jones v Tsige, may allow family members, who claim to have suffered as a result of a breach of a privacy interest of another member, to advance a claim in their own right. Continue Reading