snIP/ITs Insights on Canadian Technology and Intellectual Property Law

Category Archives: Privacy

Subscribe to Privacy RSS Feed

“Objectively Reasonable” and Privacy: Recent Developments

Posted in Privacy

The ubiquitous and rapidly-evolving nature of technology has recently necessitated serious consideration of our “reasonable expectation of privacy.”  This concept is at the core of Canadian privacy law. In particular, the concept is a key part of the Charter test for s. 8, the right to be secure against unreasonable search and seizure. The Supreme… → Read More

Intrusion Upon Seclusion Part 2: Implications for Businesses Across Canada

Posted in Privacy

Recently, my colleagues Sean Griffin and Ann-Elisabeth Simard considered the Evans v Bank of Nova Scotia (“Evans”) decision wherein the Ontario Supreme Court (the “Court”) certified a class action proceeding for allegations concerning a breach of privacy rights through the tort of intrusion upon seclusion first set out in Jones v Tsige (“Jones”).  You can… → Read More

You can stay anonymous: SCC recognizes a privacy interest in protecting anonymity on the Internet

Posted in Privacy

On June 13, 2014, in a landmark privacy ruling, the Supreme Court of Canada (“SCC”) in R v Spencer[1] (“Spencer”) unanimously recognized that, in addition to confidentiality and control of the use of personal information, there may be a privacy interest in protecting anonymity in the context of internet usage. In this decision, the SCC… → Read More

Notice and notice regime under C-11 coming into force

Posted in Copyright, Privacy

The Government announced today that the notice and notice regime established under C-11 is coming into force. The delay in bringing these provisions into force was a consultations on possible regulations that the regime permitted. The Government announced that the provisions are coming into force without regulations. The regime permits copyright owners to send notices… → Read More

What’s the difference between Google and an elephant? An elephant never forgets.

Posted in Privacy, Regulatory Compliance

Last month, in a bombshell decision, the European Union’s Court of Justice (“CJEU”) demanded that Google “forget” certain items. The demand resulted from a CJEU decision that individuals have a right to request that a search engine remove certain webpage links from the search results of a search including the individual’s name. The ruling is,… → Read More

Big Data – Big Problem? The FTC Recommends the US Congress Reign in Data Brokers

Posted in Privacy

Big Data is the term used to describe the enormous datasets that are beyond the ability of most software to process. Statistical analysis of these giant data sets can allow the holder to predict baseball outcomes (think Moneyball), pregnancy  and, apparently, the stock market. These enormous data sets however, are made up of data pertaining… → Read More

Privacy Breaches: Statutory Torts of the British Columbia’s Privacy Act Override Forum Selection Clauses

Posted in Privacy, Regulatory Compliance

On May 30, 2014, the Supreme Court of British Columbia rendered a judgment certifying a class action against Facebook Inc. (“Facebook”). In Douez v. Facebook Inc.[1], the plaintiff alleges that Facebook used the names or portraits of Facebook users without their consent in advertisements called Sponsored Stories in breach of section 3(2) of the British… → Read More

Barry Sookman comments on Google privacy case

Posted in Consumer Protection, Privacy

Our partner Barry Sookman was interviewed by CTV News Channel this morning to discuss today’s Court of Justice of the European Union judgment concerning Google and ordinary people’s “right to be forgotten”. The Court ruled that Google must amend some of its search results at the request of ordinary people when the results show links to outdated,… → Read More

Clotting Heartbleed: Guidance on Privacy Breaches, Notification Obligations and Proposed Amendments to Privacy Legislation

Posted in E-Commerce, Privacy, Regulatory Compliance

Canadian organizations with control over personal information should be aware of the privacy vulnerabilities of Heartbleed and their related legal obligations. Below, we have summarized: (1) the risks of Heartbleed; (2) the notification obligations of organizations that have experienced a privacy breach; (3) amendments to those obligations, as proposed by the federal government; and (4)… → Read More

The Digital Privacy Act: Proposed Amendments to PIPEDA

Posted in Privacy

On Tuesday April 2, 2014, the government gave first reading to proposed amendments to the Personal Information Protection and Electronic Documents Act (“PIPEDA”). These amendments have been tabled as Bill S-4 in the Senate (the “Bill”), which is entitled the Digital Privacy Act. The Bill is broadly similar to the former Bill C-29 which was… → Read More

2013 Technology Law Year in Review

Posted in Consumer Protection, Contracting/Outsourcing, E-Commerce, M&A/Finance, Privacy, Regulatory Compliance

2013 was a very active year in the tech sector in Canada.  Some of the leading developments over the last year are summarised below. Tech Transactions – Turbulent Year for BlackBerry (Fairfax transaction) 2013 was a turbulent year for the Canadian leader of the telecommunications industry. It started with a change of name, from Research… → Read More

Recent Lessons in Preparing for and Responding to Security Breaches

Posted in Privacy

Target recently acknowledged that it suffered a massive security breach over the holiday season between November 27 and December 15.  The result of the breach was that over 110 million credit and debit accounts which include customer names, credit and debit card numbers, card expiration dates and the three-digit security codes were stolen. It was… → Read More

The Right to be Forgotten

Posted in Privacy, Social Media

This past October, the European Parliament’s Committee on Civil Liberties, Justice and Home Affaires (“LIBE”) voted in favour of a major reform of the current European Union (“EU”) data protection regime consisting of the Data Protection Directive, introduced in 1995, and national legislative works existing across EU member states. Intended as a response to privacy… → Read More

SCC Strikes Down Alberta Privacy Legislation on Speech Grounds

Posted in Privacy

This morning, the Supreme Court of Canada released Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC 62, an important decision relating to the intersection of freedom of expression and protection of privacy and, in the process, struck down Alberta’s Personal Information Protection Act, SA 2003, c. P-6.5 (… → Read More

Under the Hood of Usage-Based Car Insurance: FSCO Issues Guidance on Privacy, Permissible Data Use, and Pricing

Posted in Privacy

The Next Big Thing in privacy is the advent of usage-based insurance (“UBI”), made possible by a telematics device – a small gizmo that plugs in to the diagnostic port of a car, monitors a driver’s driving habits, and sends that information wireless to an insurer/third party. Insurers in turn offer up to 25% savings… → Read More

Manitoba Joins the Ranks of Other Provinces in Enacting its Own Private Sector Privacy Legislation

Posted in Privacy

The government of Manitoba recently enacted the Personal Information Protection and Identity Theft Prevention Act (“PIPITPA”) to regulate the collection, use and disclosure of personal information by the private sector in Manitoba.[1] The statute has not come into force but this enactment is momentous, as it will enable Manitoba to join the ranks of Alberta,… → Read More

Personal Information and Privacy Issues in Business Transactions: Part 2

Posted in M&A/Finance, Privacy

In a previous blog entry we canvassed Canadian privacy legislation and offered businesses a cursory review on how to collect, use and disclose personal information legally in the context of a business transaction. Adding to that information, this entry will look at issues that arise during the due diligence phase of a business transaction and… → Read More

Personal Information and Privacy Issues in Business Transactions: Part 1

Posted in M&A/Finance, Privacy

The free flow of information is essential to all business transactions and presents both opportunities and obligations for the organizations involved. Inadequate appreciation for the complexity of privacy legislation and the related implications can become not only an obstacle but a liability. This will be the first part in a series of articles that canvass… → Read More

Failure to properly wipe data from recycled server costs company $250K, an apology and 160,000 letters of notice

Posted in Privacy

In a tale of best intentions gone wrong, the Office of the Information and Privacy Commissioner of Alberta (“Commissioner”) recently found in Bow Valley College (Re), 2013 CanLII 52666 (AB OIPC) that an educational institution that recycled its servers without ensuring the data on them had been wiped had not met privacy requirements. The decision… → Read More

Tech Summit 2013 Recap – Innovation in Cloud

Posted in Contracting/Outsourcing, Privacy

At McCarthy Tétrault’s 3rd Annual Technology Law Summit, moderator Barry Sookman, and panelists John LeBlanc of Scotiabank and David Crane of McCarthy Tétrault, lead a discussion on procuring and contracting for cloud based services. Top takeaway tips from the session include: Cloud is Everywhere: Be cognisant that software and services that use the cloud may… → Read More

New Electronic Health Records Legislation on the Horizon in Ontario

Posted in Privacy, Regulatory Compliance

The Liberal government in Ontario has introduced significant new amendments to its health privacy legislation, the Personal Health Information Protection Act (PHIPA). While there are many important aspects to the new legislation, one key aspect involves significant new responsibilities imposed on “prescribed organizations” or “PO”s in the proposed amendments to PHIPA. Sections 55.1 and 55.12… → Read More