snIP/ITs Insights on Canadian Technology and Intellectual Property Law

Category Archives: Regulatory Compliance

Subscribe to Regulatory Compliance RSS Feed

What’s the difference between Google and an elephant? An elephant never forgets.

Posted in Privacy, Regulatory Compliance

Last month, in a bombshell decision, the European Union’s Court of Justice (“CJEU”) demanded that Google “forget” certain items. The demand resulted from a CJEU decision that individuals have a right to request that a search engine remove certain webpage links from the search results of a search including the individual’s name. The ruling is, for all intents and purposes, final.

In short, the CJEU decided that Google Inc. is subject to the EU Data Protection Directive 94/46 (“Direction”), even though its servers were located outside the EU. As a result, Google was a data processor and data controller within … Continue Reading

Privacy Breaches: Statutory Torts of the British Columbia’s Privacy Act Override Forum Selection Clauses

Posted in Privacy, Regulatory Compliance

On May 30, 2014, the Supreme Court of British Columbia rendered a judgment certifying a class action against Facebook Inc. (“Facebook”). In Douez v. Facebook Inc.[1], the plaintiff alleges that Facebook used the names or portraits of Facebook users without their consent in advertisements called Sponsored Stories in breach of section 3(2) of the British Columbia’s Privacy Act[2] which creates a statutory tort. This case, in a pre-certification stage, also dealt with the question of whether a court should decline its jurisdiction in presence of a forum selection clause or pursuant to the forum non Continue Reading

CRTC updates FAQs – some clarity, along with some contradictions

Posted in Anti-Spam, Consumer Protection, E-Commerce, Regulatory Compliance

The CRTC just released a new FAQ on CASL, replacing the old one that it released in December 2013 (“December FAQ”). Those hoping the CRTC would take this opportunity to clarify some of the more vexing aspects of CASL and the accompanying Guidelines will be disappointed, as the new FAQ largely incorporates and reiterates material found in the Guidelines and the Regulatory Impact Assessment Statement.

While there are few new tidbits, in some key respects the new FAQ only further muddies the waters. Below are some select issues.… Continue Reading

Clotting Heartbleed: Guidance on Privacy Breaches, Notification Obligations and Proposed Amendments to Privacy Legislation

Posted in E-Commerce, Privacy, Regulatory Compliance

Canadian organizations with control over personal information should be aware of the privacy vulnerabilities of Heartbleed and their related legal obligations. Below, we have summarized: (1) the risks of Heartbleed; (2) the notification obligations of organizations that have experienced a privacy breach; (3) amendments to those obligations, as proposed by the federal government; and (4) recommendations  to protect your organization from privacy breaches and legal liability.

HEARTBLEED

Heartbleed is a serious security vulnerability that exists in certain versions of the OpenSSL software. OpenSSL is an open source software module created to implement certain cryptographic functions and provide various utility functions. … Continue Reading

Permitted Exclusive Use of English Trademarks in Québec: Magasins Best Buy Ltée, Costco Wholesale Canada Ltd. et al v. Québec

Posted in Regulatory Compliance

For any business seeking to sell its products or offer its services in the Province of Québec, the carrying out of such activities and the way in which such businesses operate generally are profoundly affected by the enduring linguistic restrictions imposed by the Québec Charter of the French Language[1] (the “Charter”). Adopted by the Québec National Assembly in 1977, the Charter’s stated objective is to safeguard the quality and influence of the French language in both the workplace and as the language of commerce. In the area of business and commerce, the Charter requires that business names, … Continue Reading

CASL Applies To You Even If You Aren’t In Canada

Posted in Anti-Spam, Consumer Protection, Regulatory Compliance

CASL is the toughest law of its kind in the world and Canadian organizations are awakening to many major challenges they will face when trying to comply with this legislation.  However, non-Canadian organizations should not overlook the Act’s extra-territorial application and its effect on their respective operations.

CASL’s requirements far exceed those in other countries. Rather than targeting false and misleading e-mails or those sent in violation of an opt-out request such as in the U.S., or limiting the restrictions to direct marketing messages as in the EU, CASL goes much farther. It does the same thing with its “ban … Continue Reading

Legal Implications of Accepting Bitcoin as Payment

Posted in Consumer Protection, Regulatory Compliance

The number of Canadian businesses accepting virtual currencies as a form of payment is growing. Bitcoin is emerging as the most popular of these new currencies – none of which are subject to a central authority. Governments, including Canada’s federal government, are starting to take note, expressing opinions on the applicability of domestic laws and proposing new regulations. It is still early days for virtual currencies, however, and uncertainty remains. Before your business decides to accept Bitcoin as a form of payment, consider the practical and legal risks outlined below.

Complying with Anti-Money Laundering and Anti-Terrorist Financing Regulations

Compliance with … Continue Reading

New UK Web Defamation Rules for User Content: What Canadian Website Operators Need to Know

Posted in Regulatory Compliance

The UK Defamation Act 2013 (the “Act”) came into effect on January 1, 2014.  This Act includes a variety of reforms to the UK law of defamation, including codification of the defence of “Publication on a matter of public interest”[1]; however, for Canadian website operators, the most important change is likely to be a new defence against operator liability for third-party defamatory content.

Under section 5 of the Act, website operators now have a complete defence against liability in the UK for defamatory content posted by third parties, provided that the complainant is able to identify the poster.  … Continue Reading

2013 Technology Law Year in Review

Posted in Consumer Protection, Contracting/Outsourcing, E-Commerce, M&A/Finance, Privacy, Regulatory Compliance

2013 was a very active year in the tech sector in Canada.  Some of the leading developments over the last year are summarised below.

Tech Transactions – Turbulent Year for BlackBerry (Fairfax transaction)

2013 was a turbulent year for the Canadian leader of the telecommunications industry. It started with a change of name, from Research in Motion Ltd. to BlackBerry, in order to rebrand the company and to be more successful on the stock market. A few months later, BlackBerry publicly announced that it was reviewing its strategic alternatives for the future. In November, BlackBerry received an investment of U.S. … Continue Reading

Update: Supreme Court of Canada Amends Controversial Aspect of VIAGRA® Judgment

Posted in Intellectual Property, Patents, Regulatory Compliance

As discussed in the November 9, 2012 post, Supreme Court Invalidates Pfizer’s Blockbuster VIAGRA® Patent, the Supreme Court of Canada struck down Pfizer’s blockbuster VIAGRA® patent (the “‘446 Patent”) on the basis of insufficient disclosure: see Teva Canada Ltd. v. Pfizer Canada Inc., 2012 SCC 60.

In a curious twist, the SCC declared the ‘446 Patent “void”, despite the case being brought under the Patented Medicines (Notice of Compliance) Regulations (“PM(NOC) Regulations”).  However, on June 4, 2013, the SCC granted Pfizer’s rare Rule 76/81 Motion, varying this controversial aspect of its … Continue Reading

New Electronic Health Records Legislation on the Horizon in Ontario

Posted in Privacy, Regulatory Compliance

The Liberal government in Ontario has introduced significant new amendments to its health privacy legislation, the Personal Health Information Protection Act (PHIPA).

While there are many important aspects to the new legislation, one key aspect involves significant new responsibilities imposed on “prescribed organizations” or “PO”s in the proposed amendments to PHIPA. Sections 55.1 and 55.12 of the proposed amendments appear to contemplate a process by which Lieutenant Governor in Council may regulate the organizations responsible for “creating or maintaining [an] electronic health record”. A definition in s. 55.1(1) suggests that this means to:

Federal Privacy Commissioner proposes changes to PIPEDA to address challenges of Big Data

Posted in Privacy, Regulatory Compliance

On May 23, 2013, the Office of the Privacy Commissioner of Canada (the “Privacy Commissioner”) has released a position paper (“Position Paper“) calling for substantial changes to the Personal Information Protection and Electronic Documents Act(“PIPEDA”).

The Privacy Commissioner argues that PIPEDA is currently insufficient to meet the challenges posed by the advent of technology that allows organizations to collect, use, and disclose an unprecedented amount of data which include personal information (“Big Data”). Big Data poses challenges both with respect to the security of Canadians’ data, and the manner in which … Continue Reading

Tech Law Summit 2013 Recap – Six Minute Lawyer Sessions: Thinking Beyond

Posted in Consumer Protection, Copyright, E-Commerce, Intellectual Property, Regulatory Compliance

At McCarthy Tétrault’s Toronto Technology Law Summit, Bram Abramson, Daniel Glover, James Archer, Bob Nakano, Pat McCay, Naseem Malik, and David Tait, were featured in the Six Minute Lawyer panel. Each lawyer provided brief updates on a variety of topical and timely tech law issues, ranging from the regulation of commercial communications to tax issues.

Unsolicited Telecommunications Rules

Bram Abramson provided an overview of the CRTC Unsolicited Telecommunications Rules (“UTRs”), which are overseen by the Commission’s Compliance and Enforcement Section.  These rules cover unsolicited phone calls or faxes for the purpose of solicitation.  … Continue Reading

Pfizer Liable to Apotex for Section 8 Damages: Amount to be Determined

Posted in Intellectual Property, Patents, Regulatory Compliance

In a judgment pronounced on May 10, 2013, Justice O’Reilly of the Federal Court of Canada, granted Apotex’s claim against Pfizer for section 8 damages under Canada’s Patented Medicines (Notice of Compliance) Regulations, SOR/93-133.  The sole issue before the Court was whether Apotex had a valid claim to damages.  The amount is to be determined in a subsequent proceeding.  For the full written decision see: Apotex v. Pfizer Canada Inc., 2013 FC 493.

The section 8 claim arises out of a failed prohibition proceeding.  In early 2000, Apotex sought approval for its generic version of ZITHROMAX (azithromycin), … Continue Reading

How to “.Com”ply with Disclosure Rules for Digital Advertising

Part 2: Tips for Businesses Advertising Online in the U.S.

Posted in Consumer Protection, E-Commerce, Regulatory Compliance

In Part 1 of this blog series on digital advertising, we canvassed the disclosure rules in light of the recent the U.S. Federal Trade Commission’s recent publication, “.com Disclosures, How to Make Effective Disclosures in Digital Advertising”. In Part 2 of this blog series, we will set out some tips and guidelines to assist businesses in complying with the disclosure rules and avoid falling afoul the FTC.

Entities conducting business online in the U.S. ought to consider whether its advertising meets these guidelines:

  1. Prominent and Unavoidable: Disclosure should be at least as large as the related claim and
  2. Continue Reading

How to “.Com”ply with Disclosure Rules for Digital Advertising

Part 1: Avoiding Deceptive Advertising in the Digital Age

Posted in Consumer Protection, E-Commerce, Regulatory Compliance

Does the medium matter? According to the U.S. Federal Trade Commission’s recent publication, “.com Disclosures, How to Make Effective Disclosures in Digital Advertising”, consumer protection laws apply equally to all forms of media and devices, including smartphones, tablets, Facebook, Twitter and the internet. The new FTC guidance, released on March 12, 2013, is an update to the FTC’s 2000 publication, “Dot Com Disclosures”.

As a general rule, the FTC requires that an advertiser provide additional information when an ad makes a claim, express or implied, that might be misleading without more information. To be effective, that … Continue Reading

Social Media, Disclosure and Securities Regulation

Posted in M&A/Finance, Regulatory Compliance, Social Media

 On July 3, 2012, the CEO of Netflix Inc. did what many of us frequently do: updated his Facebook account. However, he updated his account with a post stating that Netflix viewing “exceeded 1 billion hours” in the month of June. This post was viewable by over 200,000 Facebook fans. Netflix Inc. shares rose 6.2% that day, the largest single day gain in approximately 6 weeks.

Shortly thereafter, the Securities and Exchange Commission (“SEC”) provided Netflix and the CEO with a “Wells Notice”, a notice the SEC provides when it is of the opinion that sufficient wrongdoing has … Continue Reading

OIPC Cloud Computing Guidelines for BC Public Bodies

Posted in Contracting/Outsourcing, Privacy, Regulatory Compliance

Recently, the Office of the Information and Privacy Commissioner for British Columbia published cloud computing guidelines for public bodies in British Columbia. The purpose of the guidelines is to provide information to public bodies about how BC’s Freedom of Information and Protection of Privacy Act (BC FIPPA) applies to cloud computing.

What is Cloud Computing?

Cloud computing is an increasingly popular on-demand service model for IT provision, often based on virtualization and distributed computing technologies. It typically involves the provision of web-based services, such as online file storage and applications, using hardware and software managed by the service provider. For

Continue Reading

Hot Off the Press – Canadian Telecommunications Regulatory Handbook

Posted in E-Commerce, Privacy, Regulatory Compliance

McCarthy Tétrault has just published Canadian Telecommunications Regulatory Handbook by partner Hank Intven.

The Handbook provides a detailed summary of Canadian telecommunications law and regulation and is a convenient single reference source for the text of the laws, treaties, regulations, directions, orders, rules and other key documents that govern Canadian telecommunications regulation.

This Handbook includes a chapter discussing the Do Not Call regime, Canadian anti-spam legislation and lawful access proposals, which may be of interest to in-house counsel in the tech and marketing space.

You can read more about the Handbook on McCarthy Tétrault’s website, where the book … Continue Reading

Cloud Computing and Privacy Issues: Implications for Businesses

Posted in Contracting/Outsourcing, Privacy, Regulatory Compliance

Due to cloud computing’s borderless and infinite storage potential, vast amount of information can be collected and stored. However, the accumulation of personal information in the cloud increases the risks and impact of unauthorized access to the information, whether through security or data breaches. This risk is compounded when the data is transferred outside of Canada where the information is subjected to the laws of the foreign country.

Storing or Transferring Data Outside of Canada

Where personal information is transferred to a foreign third party, that information is subject to the laws of the foreign country and no contract or … Continue Reading

Privacy Commissioner Releases New Online Behavioural Advertising Guidelines

Posted in E-Commerce, Privacy, Regulatory Compliance

The Privacy Commissioner of Canada recently released new guidelines to assist organizations involved in online behavioural advertising (OBA) ensure that their practices are transparent and comply with the federal private sector privacy legislation. The guidelines are attention-span friendly, weighing in at three pages, with few surprises and largely high-level takeaways.

The guidelines accept that OBA may be “considered a reasonable purpose under the Personal Information Protection and Electronic Documents Act (PIPEDA),” provided it is done within certain ”parameters”, namely:

  • Information collected for OBA is likely personal information: as a default position, the Privacy Commissioner takes the view that information collected

Continue Reading

Network Breached? Then Report It – New SEC Guidance on Cybersecurity Disclosure Obligations

Posted in Privacy, Regulatory Compliance

In light of the increasing rate of security breaches in industry and government, the US Securities and Exchange Commission (SEC) has issued guidelines encouraging public companies to disclose cyberattacks waged against them. The guidelines apply to both domestic US companies and foreign private issuers, and may therefore apply to Canadian companies registered in the US.

What types of disclosure are required?

A company is obligated to disclose material information relating to risks (e.g., a security system failure) and incidents (e.g., a security breach) if necessary to avoid misleading investors in light of other required disclosures.

When is disclosure required?

In … Continue Reading

New Consumer Protection Legislation in Australia – Implications for B-2-C Companies

Posted in Consumer Protection, Regulatory Compliance

Early this year, Australia introduced a new set of consumer protection laws that should be of significant interest to any consumer-facing company with operations in Australia, especially given the government’s diligent efforts to inform consumers of their rights and how to exercise them.

The Australian Consumer Law (CPL), which is in fact a schedule to the Competition and Consumer Act 2010, is a large consolidation of what was previously a disparate set of 20 or so acts and regulations dealing with consumer protection.

In this post, I provide a non-exhaustive list of CPL issues that I have encountered recently … Continue Reading