We recently had the pleasure of attending the Money20/20 fintech conference in Las Vegas. It was an immersive and incredibly informative event, featuring speakers and thought leaders from many of the major U.S. and Canadian financial institutions, fintech innovators, major retailers, e-commerce and social media platforms and investors. Money20/20 is described as the largest global event focused on payments and financial services innovation for connected commerce at the intersection of mobile, retail, marketing services, data and technology.… Continue Reading
European Union member states have a new net neutrality framework that will allow service providers to offer specialized services – such as improved internet quality for IPTV – where the upgrades do not impact general Internet quality for other end-users.
On October 27 the European Parliament passed a new electronic communications Regulation, with a view to protecting net neutrality. Broadly speaking, net neutrality is the principle that all Internet traffic should be treated equally regardless of content or volume. The European Parliament adopted a Regulation laying down measures concerning open access. The new Regulation also amends Directive 2002/22/EC on universal … Continue Reading
On October 6, 2015, the Court of Justice of the European Union (“CJEU”) declared that the US-EU Safe Harbour framework is invalid, striking it down in the highly anticipated case of Schrems v. Data Protection Commissioner. The decision is effective immediately, with far-reaching and widespread implications for entities with multinational data flows.
Since EU data protection laws purport to apply to the processing of personal data regardless of whether the individuals affected are EU citizens or not, or are physically present in the EU or not, the potential impacts of this decision go beyond those organizations with … Continue Reading
Many businesses have harnessed cloud computing to improve the way they manage and deliver computing resources. The benefits of cloud computing include cost effectiveness, scalability and accessibility. However, since cloud computing services are provided through a shared pool of computing resources, which often includes the storage and processing of data in third-party data centres, the cloud computing model has inherent risks related to service uptime, records retention, and data privacy and security. Lawyers should approach cloud computing with caution because of these risks, the highly confidential information they hold on behalf of their clients, and their professional responsibilities.
This … Continue Reading
By some estimates, there were more than 2 wireless networked devices for every person on the planet in 2014. The multiplier is expected to reach 5 by the year 2020.
This explosive proliferation of networked technology offers remarkable opportunities, but also inspires concern that the connected future may result in ubiquitous, inescapable, surveillance of every aspect of our lives. Legislators and regulators around the world are grappling with the implications of this technology for the ability to protect personal privacy interests and the practical problems of applying legal regimes originally developed in a very different era.
Against this backdrop, … Continue Reading
Companies in early and growth stages often need significant funding to achieve their business goals but can have difficulties finding potential investors. Until recently, Canadian regulatory rules prohibited companies in Canada from raising financing by issuing shares and other securities to the general public unless they either (i) filed a qualifying prospectus; or (ii) relied on an exemption from the requirement to file a prospectus under securities laws, which limited the pool of potential investors to people such as friends & family, business associates and accredited investors.
Recently, certain Canadian Securities Administrators introduced a new prospectus exemption, known as the … Continue Reading
In March of 2014, the Minister of Finance tasked the Standing Senate Committee on Banking, Trade and Commerce to examine the use of digital currencies. The Committee pursued an extensive fact-finding mission in Canada and in the United States, speaking with, amongst others, representatives from regulatory bodies, financial institutions, digital currency interest groups, law enforcement, and universities. The long-anticipated, 64-page report was published this month with a clear message: while there are steps to take to address the risks digital currencies could pose in money laundering, terrorist financing, and tax evasion, the federal government should tread carefully in developing regulations … Continue Reading
Earlier this month, the U.S. Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) each released reports addressing cybersecurity. FINRA’s report targeted its broker-dealer members, and the SEC’s report targeted broker-dealers and investment advisers, but the twin reports provide a roadmap to cybersecurity for financial market participants generally, both in the US and Canada.
There can be no doubt that cybersecurity is top-of-mind for those regulating the Canadian financial market. For example, the Canadian Securities Administrators recently published CSA Staff Notice 11-326 – Cyber Security in which it stated “[s]trong and tailored cyber security measures are an … Continue Reading
Last month, in a bombshell decision, the European Union’s Court of Justice (“CJEU”) demanded that Google “forget” certain items. The demand resulted from a CJEU decision that individuals have a right to request that a search engine remove certain webpage links from the search results of a search including the individual’s name. The ruling is, for all intents and purposes, final.
In short, the CJEU decided that Google Inc. is subject to the EU Data Protection Directive 94/46 (“Direction”), even though its servers were located outside the EU. As a result, Google was a data processor and data controller within … Continue Reading
On May 30, 2014, the Supreme Court of British Columbia rendered a judgment certifying a class action against Facebook Inc. (“Facebook”). In Douez v. Facebook Inc., the plaintiff alleges that Facebook used the names or portraits of Facebook users without their consent in advertisements called Sponsored Stories in breach of section 3(2) of the British Columbia’s Privacy Act which creates a statutory tort. This case, in a pre-certification stage, also dealt with the question of whether a court should decline its jurisdiction in presence of a forum selection clause or pursuant to the forum non … Continue Reading
The CRTC just released a new FAQ on CASL, replacing the old one that it released in December 2013 (“December FAQ”). Those hoping the CRTC would take this opportunity to clarify some of the more vexing aspects of CASL and the accompanying Guidelines will be disappointed, as the new FAQ largely incorporates and reiterates material found in the Guidelines and the Regulatory Impact Assessment Statement.
While there are few new tidbits, in some key respects the new FAQ only further muddies the waters. Below are some select issues.… Continue Reading
Canadian organizations with control over personal information should be aware of the privacy vulnerabilities of Heartbleed and their related legal obligations. Below, we have summarized: (1) the risks of Heartbleed; (2) the notification obligations of organizations that have experienced a privacy breach; (3) amendments to those obligations, as proposed by the federal government; and (4) recommendations to protect your organization from privacy breaches and legal liability.
Heartbleed is a serious security vulnerability that exists in certain versions of the OpenSSL software. OpenSSL is an open source software module created to implement certain cryptographic functions and provide various utility functions. … Continue Reading
For any business seeking to sell its products or offer its services in the Province of Québec, the carrying out of such activities and the way in which such businesses operate generally are profoundly affected by the enduring linguistic restrictions imposed by the Québec Charter of the French Language (the “Charter”). Adopted by the Québec National Assembly in 1977, the Charter’s stated objective is to safeguard the quality and influence of the French language in both the workplace and as the language of commerce. In the area of business and commerce, the Charter requires that business names, … Continue Reading
CASL is the toughest law of its kind in the world and Canadian organizations are awakening to many major challenges they will face when trying to comply with this legislation. However, non-Canadian organizations should not overlook the Act’s extra-territorial application and its effect on their respective operations.
CASL’s requirements far exceed those in other countries. Rather than targeting false and misleading e-mails or those sent in violation of an opt-out request such as in the U.S., or limiting the restrictions to direct marketing messages as in the EU, CASL goes much farther. It does the same thing with its “ban … Continue Reading
The number of Canadian businesses accepting virtual currencies as a form of payment is growing. Bitcoin is emerging as the most popular of these new currencies – none of which are subject to a central authority. Governments, including Canada’s federal government, are starting to take note, expressing opinions on the applicability of domestic laws and proposing new regulations. It is still early days for virtual currencies, however, and uncertainty remains. Before your business decides to accept Bitcoin as a form of payment, consider the practical and legal risks outlined below.
Complying with Anti-Money Laundering and Anti-Terrorist Financing Regulations
Compliance with … Continue Reading
The UK Defamation Act 2013 (the “Act”) came into effect on January 1, 2014. This Act includes a variety of reforms to the UK law of defamation, including codification of the defence of “Publication on a matter of public interest”; however, for Canadian website operators, the most important change is likely to be a new defence against operator liability for third-party defamatory content.
Under section 5 of the Act, website operators now have a complete defence against liability in the UK for defamatory content posted by third parties, provided that the complainant is able to identify the poster. … Continue Reading
2013 was a very active year in the tech sector in Canada. Some of the leading developments over the last year are summarised below.
Tech Transactions – Turbulent Year for BlackBerry (Fairfax transaction)
2013 was a turbulent year for the Canadian leader of the telecommunications industry. It started with a change of name, from Research in Motion Ltd. to BlackBerry, in order to rebrand the company and to be more successful on the stock market. A few months later, BlackBerry publicly announced that it was reviewing its strategic alternatives for the future. In November, BlackBerry received an investment of U.S. … Continue Reading
As discussed in the November 9, 2012 post, Supreme Court Invalidates Pfizer’s Blockbuster VIAGRA® Patent, the Supreme Court of Canada struck down Pfizer’s blockbuster VIAGRA® patent (the “‘446 Patent”) on the basis of insufficient disclosure: see Teva Canada Ltd. v. Pfizer Canada Inc., 2012 SCC 60.
In a curious twist, the SCC declared the ‘446 Patent “void”, despite the case being brought under the Patented Medicines (Notice of Compliance) Regulations (“PM(NOC) Regulations”). However, on June 4, 2013, the SCC granted Pfizer’s rare Rule 76/81 Motion, varying this controversial aspect of its … Continue Reading
The Liberal government in Ontario has introduced significant new amendments to its health privacy legislation, the Personal Health Information Protection Act (PHIPA).
While there are many important aspects to the new legislation, one key aspect involves significant new responsibilities imposed on “prescribed organizations” or “PO”s in the proposed amendments to PHIPA. Sections 55.1 and 55.12 of the proposed amendments appear to contemplate a process by which Lieutenant Governor in Council may regulate the organizations responsible for “creating or maintaining [an] electronic health record”. A definition in s. 55.1(1) suggests that this means to:
- administer, create, integrate, manage, maintain or
On May 23, 2013, the Office of the Privacy Commissioner of Canada (the “Privacy Commissioner”) has released a position paper (“Position Paper“) calling for substantial changes to the Personal Information Protection and Electronic Documents Act(“PIPEDA”).
The Privacy Commissioner argues that PIPEDA is currently insufficient to meet the challenges posed by the advent of technology that allows organizations to collect, use, and disclose an unprecedented amount of data which include personal information (“Big Data”). Big Data poses challenges both with respect to the security of Canadians’ data, and the manner in which … Continue Reading
At McCarthy Tétrault’s Toronto Technology Law Summit, Bram Abramson, Daniel Glover, James Archer, Bob Nakano, Pat McCay, Naseem Malik, and David Tait, were featured in the Six Minute Lawyer panel. Each lawyer provided brief updates on a variety of topical and timely tech law issues, ranging from the regulation of commercial communications to tax issues.
Unsolicited Telecommunications Rules
Bram Abramson provided an overview of the CRTC Unsolicited Telecommunications Rules (“UTRs”), which are overseen by the Commission’s Compliance and Enforcement Section. These rules cover unsolicited phone calls or faxes for the purpose of solicitation. … Continue Reading
In a judgment pronounced on May 10, 2013, Justice O’Reilly of the Federal Court of Canada, granted Apotex’s claim against Pfizer for section 8 damages under Canada’s Patented Medicines (Notice of Compliance) Regulations, SOR/93-133. The sole issue before the Court was whether Apotex had a valid claim to damages. The amount is to be determined in a subsequent proceeding. For the full written decision see: Apotex v. Pfizer Canada Inc., 2013 FC 493.
The section 8 claim arises out of a failed prohibition proceeding. In early 2000, Apotex sought approval for its generic version of ZITHROMAX (azithromycin), … Continue Reading
In Part 1 of this blog series on digital advertising, we canvassed the disclosure rules in light of the recent the U.S. Federal Trade Commission’s recent publication, “.com Disclosures, How to Make Effective Disclosures in Digital Advertising”. In Part 2 of this blog series, we will set out some tips and guidelines to assist businesses in complying with the disclosure rules and avoid falling afoul the FTC.
Entities conducting business online in the U.S. ought to consider whether its advertising meets these guidelines:
- Prominent and Unavoidable: Disclosure should be at least as large as the related claim and
Does the medium matter? According to the U.S. Federal Trade Commission’s recent publication, “.com Disclosures, How to Make Effective Disclosures in Digital Advertising”, consumer protection laws apply equally to all forms of media and devices, including smartphones, tablets, Facebook, Twitter and the internet. The new FTC guidance, released on March 12, 2013, is an update to the FTC’s 2000 publication, “Dot Com Disclosures”.
As a general rule, the FTC requires that an advertiser provide additional information when an ad makes a claim, express or implied, that might be misleading without more information. To be effective, that … Continue Reading