Earlier this month, the U.S. Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) each released reports addressing cybersecurity. FINRA’s report targeted its broker-dealer members, and the SEC’s report targeted broker-dealers and investment advisers, but the twin reports provide a roadmap to cybersecurity for financial market participants generally, both in the US and Canada.
There can be no doubt that cybersecurity is top-of-mind for those regulating the Canadian financial market. For example, the Canadian Securities Administrators recently published CSA Staff Notice 11-326 – Cyber Security in which it stated “[s]trong and tailored cyber security measures are an … Continue Reading
Last month, in a bombshell decision, the European Union’s Court of Justice (“CJEU”) demanded that Google “forget” certain items. The demand resulted from a CJEU decision that individuals have a right to request that a search engine remove certain webpage links from the search results of a search including the individual’s name. The ruling is, for all intents and purposes, final.
In short, the CJEU decided that Google Inc. is subject to the EU Data Protection Directive 94/46 (“Direction”), even though its servers were located outside the EU. As a result, Google was a data processor and data controller within … Continue Reading
On May 30, 2014, the Supreme Court of British Columbia rendered a judgment certifying a class action against Facebook Inc. (“Facebook”). In Douez v. Facebook Inc., the plaintiff alleges that Facebook used the names or portraits of Facebook users without their consent in advertisements called Sponsored Stories in breach of section 3(2) of the British Columbia’s Privacy Act which creates a statutory tort. This case, in a pre-certification stage, also dealt with the question of whether a court should decline its jurisdiction in presence of a forum selection clause or pursuant to the forum non … Continue Reading