Communicating privacy practices to users of mobile apps can be challenging, especially given small screen sizes and the difficulty of capturing app user attention. The Office of the Privacy Commissioner of Canada (OPC) has acknowledged these challenges and, in September 2014, published Ten Tips for Communicating Privacy Practices to Your App’s Users.
These tips were provided in connection with the findings of the second annual Global Privacy Enforcement Network (GPEN) Privacy Sweep, which the OPC participated in along with twenty-five other privacy enforcement authorities from around the world.
The GPEN Privacy Sweep assessed 1,211 apps with a focus on the information provided and consents request with respect to the collection, use and disclosure of personal information. Certain findings of the GPEN Privacy Sweep are summarized in a news release issued by the OPC on September 10, 2014.
The Ten Tips for Communicating Privacy Practices to Your App’s Users build on the guidelines on good privacy practices for developing mobile applications jointly issued by the OPC and the offices of the Privacy Commissioners of Alberta and B.C. in 2012.
The key takeaways from the Ten Tips for Communicating Privacy Practices to Your App’s Users are:
- Be Transparent. Issues and complaints arise when there is a lack of transparency around the collection, use and disclosure of personal information. Privacy practice information should be clear and specific (rather than generic or broad), taking into account the sophistication of the audience and “small screen challenge” of mobile devices. Where personal information is not being collected, that fact should be clearly indicated.
- Explain the Data Being Requested and Collected. To obtain meaningful consent from app users, they need to be informed not just of the app’s ability to access personal information (including information made available through logins to third party social media accounts, such as Facebook), but also why that information is needed and how it will be used if consent is provided. When requesting consent, the request needs to specifically cover the full scope of use (e.g. consent to access does not necessarily constitute consent for the collection, use or disclosure of personal information).
- Make, and Keep, Privacy Information Accessible. It is recommended that privacy practice information be provided just-in-time (when it is most relevant, such as at a key decision point) and be included in the app itself rather than by providing a link to a website that has that information. Users should be able to easily re-visit privacy practice information at any time (e.g. if an explanation is provided in a pop-up, the same explanation should be available in a location that is accessible after the pop-up has been dismissed).
To ensure compliance with Canadian privacy laws, app providers should take into consideration these tips provided by the OPC when developing and implementing privacy practices for their apps.
On October 30, 2014, the Supreme Court of Canada granted leave to Sanofi-Aventis’ (“Sanofi”) application for leave to appeal a decision of the Federal Court of Appeal (2014 FCA 68). By granting leave to Sanofi, the Supreme Court will now consider for the first time the correct interpretation of, and the correct legal framework applicable to quantifying section 8 damages under the Patented Medicines (Notice of Compliance) Regulations (“PM(NOC) Regulations”).
The PM(NOC) Regulations strike a balance between the interests of innovative pharmaceutical companies and generic manufacturers, by requiring generic manufacturers to address innovators’ patents before receiving approval from the Minister of Health to market their copycat drugs. This scheme provides a set of rights to innovative companies who develop new drugs and patents, and to generic manufacturers who market copies of such drugs at reduced prices.
Section 8 of the PM(NOC) Regulations provides generic manufacturers with a right to compensation for losses suffered during the period of delay caused in part by unsuccessful litigation brought under the PM(NOC) Regulations.
In the lower court’s decision, a divided Federal Court of Appeal disagreed about the correct legal framework applicable to quantifying Apotex Inc.’s section 8 damages for having been delayed entry for Ramipril to the Canadian market. Under the construct affirmed by the majority, the section 8 compensation awarded to Apotex in this single action was over $200 million. However, the dissent held that the legal framework used by the trial judge (and affirmed by the majority) is one that “inherently leads to windfalls” for both the plaintiff and other generic manufacturers seeking section 8 damages – a result, the dissent found to have occurred in the case at bar, particularly when considering the combined effect of the multiple section 8 claims that have been advanced in respect of Ramipril.
The Supreme Court’s consideration of this issue will be of substantial precedential value and will inject clarity into the body of section 8 jurisprudence that has developed. Given the multitude of section 8 damages cases proceeding before the Federal and Provincial Courts, and the billions of dollars at stake in current and future actions, the Supreme Court’s decision will have important ramifications for the Canadian pharmaceutical industry and the public.
Sanofi is represented by Andrew Reddon, Steven Mason, David Tait and Sanjaya Mendis of McCarthy Tétrault LLP.
In my blog dated October 17, 2014, titled, “Impending Lapse of PIPA Creates Uncertainty”, I explored the consequences of PIPA being struck had the Alberta government failed to amend PIPA to comply with the Canadian Charter of Rights and Freedom (the “Charter”) and meet the November 15, 2014 deadline.
Since my October 17, 2014 blog, I have had the opportunity to meet Jill Clayton, the Alberta Information and Privacy Commissioner. In my discussion with Jill Clayton, she advised me that, on October 31, 2014, the Alberta government was granted a 6 month extension to amend PIPA and ensure compliance. This means that it should be business as usual for the next 6 months.
Was it all for nothing? CASL, I mean.
The mad rush towards the July 1, 2014 deadline, the thousands (in many cases, hundreds of thousands) of dollars spent on compliance, the escalating salvo of shrill e-entreaties to please, please, please provide consent.
All the hype, all the fuss and….nothing. Was it Y2K all over again?
From the perspective of organizations, the eerie calm may indeed be reminiscent of those first few seconds past midnight on January 1, 2000. For the CRTC, however, the regulatory wheels have been furiously churning for months. Unlike Y2K, the first few hours after July 1, 2014 saw the CRTC online spam reporting go live, with newly hired (news reports variously reported 15 and 30 new employees) ready to start processing complaints. And complaints there were.
Speaking on July 4, 2014, the CRTC’s chief compliance and enforcement officer Manon Bombardier told media that over one thousand complaints had been submitted in the first two days. By July 9, 2014 that number was up to 12,000. By the end of July, it was edging past 50,000. By October 7, 2014, 120,000 irate Canadians had filed complaints.
Will all of these complaints be investigated? Even the CRTC has acknowledged that is unlikely. It has promised that all complaints will be reviewed, but will be selective when it decides whether a complaint will be investigated. Continue Reading
On November 15, 2013, the Supreme Court of Canada struck down the Alberta Personal Information Protection Act (“PIPA”) in Alberta (Information and Privacy Commissioner) v United Food and Commercial Workers, Local 401, 2013 SCC 62 (“United Food”), and despite a one-year stay to allow for necessary amendments, delay on the part of the Alberta government has caused PIPA’s lapse to become an inevitability.
The SCC found that sections of PIPA violated the right to freedom of expression enshrined in s. 2(b) of the Canadian Charter of Rights and Freedoms (the “Charter”). Further, the SCC found PIPA unconstitutionally overbroad in that it deemed “virtually all personal information to be protected regardless of context,” thus infringing the right to freedom of expression in a manner disproportionate to the government’s objective (United Food at para 25). Continue Reading
On September 26, 2014, Prime Minister Harper announced that Canada and the European Union have successfully concluded negotiations on a new trade agreement, the Comprehensive Economic and Trade Agreement (CETA) that was five years in the making, and publicly released the consolidated text of the agreement.
CETA is deeper in substance and broader in scope than any other such agreement in Canadian history, significantly affecting all economic areas, including the pharmaceutical sector.
The CETA chapter on intellectual property is of particular interest to the pharmaceutical industry, because it will introduce into Canada for the first time:
- additional (sui generis) patent protection for pharmaceutical products; and
- effective rights of appeal for Patented Medicines (Notice of Compliance) (PM(NOC)) litigants Continue Reading
There is no denying the increasing popularity and notoriety of the virtual currency Bitcoin. Bitcoin market capitalization currently stands in the billions of dollars, with over 13 million Bitcoins having been mined and made available for circulation. An increasing number of merchants, including Dell, have begun accepting payment by way of Bitcoin. The list of goods and services that have been purchased with Bitcoin now includes university tuition, airline tickets, cars, and pizza delivery. Some companies have started paying employees in Bitcoins. Canada in particular has been a world leader in Bitcoin ATM’s: the first Bitcoin ATM in the world was installed in Vancouver and a number of Bitcoin ATMs have now been installed in other Canadian cities. Canada also stands second, behind the US, in global rankings in the amount of venture capital invested in Bitcoin companies according to a recent study by the Montreal Economic Institute. Will funding M&A transactions by way of Bitcoins in Canada be next? Continue Reading
The Supreme Court granted leave to appeal on September 4, 2014 in another copyright case, Canadian Broadcasting Corporation / Société Radio-Canada v. SODRAC 2003 Inc. The appeal is from the decision of the Federal Court of Appeal which ruled that broadcasters must pay royalties for ephemeral recordings in accordance with the 1990 decision of the Supreme Court in Bishop v. Stevens.
In the Court of Appeal, CBC argued that Bishop v Stevens was no longer good law, having been overruled by a series of decisions of the Court which had, in various circumstances, made references to the principle of technological neutrality in construing the Copyright Act. CBC particularly relied on the decision of the Supreme Court in ESA v SOCAN which it contended had fundamentally changed the well established law that broadcasters payment of royalties to communicate works to the public did not affect their obligations to also pay royalties in respect of reproductions made to effect the communications. Continue Reading
With the computer program sections of Canada’s anti-spam/anti-malware law (CASL) coming into force in January 2015, the CRTC has now started reaching out to the public for questions they want guidance on in FAQs or bulletins. I attended such a session last week (on September 9, 2014) at an IT.CAN Public Affairs Forum Roundtable. The attendees were Dana-Lynn Wood (Senior Enforcement Officer, Electronic Commerce Enforcement, CRTC) Kelly-Anne Smith (Legal Counsel, Legal Sector CRTC), and Andre Leduc (Manager of the National Anti-spam Coordinating Body, Industry Canada). Continue Reading
On July 10, 2014 the Court of Justice of the European Union (the “CJEU”) issued its decision in Apple Inc. v. Deutsches Patent und Markenamt and recognized the possibility to register a three-dimensional representation of the design and layout of a retail store as a Community Trade Mark.
In May 12, 2010, Apple Inc. (“Apple”) filed two applications for marks that are described mainly as the design and layout of a retail store. The United States Patent and Trademark Office (the “USPTO”) granted registration on January 22, 2013. The trademarks are each represented by a three-dimensional representation of the front and inside of an Apple store. One of the representations is in black and white and the other is in colour and includes steel gray, light brown and black. Both trademarks were registered in association with services within Class 35 of the Nice Classification system which includes “retail store services featuring computers, computer software, computer peripherals, mobile phones, consumer electronics and related accessories and demonstrations of products relating thereto.” Continue Reading