In March of 2014, the Minister of Finance tasked the Standing Senate Committee on Banking, Trade and Commerce to examine the use of digital currencies. The Committee pursued an extensive fact-finding mission in Canada and in the United States, speaking with, amongst others, representatives from regulatory bodies, financial institutions, digital currency interest groups, law enforcement, and universities. The long-anticipated, 64-page report was published this month with a clear message: while there are steps to take to address the risks digital currencies could pose in money laundering, terrorist financing, and tax evasion, the federal government should tread carefully in developing regulations … Continue Reading
Earlier this month, the U.S. Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) each released reports addressing cybersecurity. FINRA’s report targeted its broker-dealer members, and the SEC’s report targeted broker-dealers and investment advisers, but the twin reports provide a roadmap to cybersecurity for financial market participants generally, both in the US and Canada.
There can be no doubt that cybersecurity is top-of-mind for those regulating the Canadian financial market. For example, the Canadian Securities Administrators recently published CSA Staff Notice 11-326 – Cyber Security in which it stated “[s]trong and tailored cyber security measures are an … Continue Reading
Last month, in a bombshell decision, the European Union’s Court of Justice (“CJEU”) demanded that Google “forget” certain items. The demand resulted from a CJEU decision that individuals have a right to request that a search engine remove certain webpage links from the search results of a search including the individual’s name. The ruling is, for all intents and purposes, final.
In short, the CJEU decided that Google Inc. is subject to the EU Data Protection Directive 94/46 (“Direction”), even though its servers were located outside the EU. As a result, Google was a data processor and data controller within … Continue Reading
On May 30, 2014, the Supreme Court of British Columbia rendered a judgment certifying a class action against Facebook Inc. (“Facebook”). In Douez v. Facebook Inc., the plaintiff alleges that Facebook used the names or portraits of Facebook users without their consent in advertisements called Sponsored Stories in breach of section 3(2) of the British Columbia’s Privacy Act which creates a statutory tort. This case, in a pre-certification stage, also dealt with the question of whether a court should decline its jurisdiction in presence of a forum selection clause or pursuant to the forum non … Continue Reading
The CRTC just released a new FAQ on CASL, replacing the old one that it released in December 2013 (“December FAQ”). Those hoping the CRTC would take this opportunity to clarify some of the more vexing aspects of CASL and the accompanying Guidelines will be disappointed, as the new FAQ largely incorporates and reiterates material found in the Guidelines and the Regulatory Impact Assessment Statement.
While there are few new tidbits, in some key respects the new FAQ only further muddies the waters. Below are some select issues.… Continue Reading
Canadian organizations with control over personal information should be aware of the privacy vulnerabilities of Heartbleed and their related legal obligations. Below, we have summarized: (1) the risks of Heartbleed; (2) the notification obligations of organizations that have experienced a privacy breach; (3) amendments to those obligations, as proposed by the federal government; and (4) recommendations to protect your organization from privacy breaches and legal liability.
Heartbleed is a serious security vulnerability that exists in certain versions of the OpenSSL software. OpenSSL is an open source software module created to implement certain cryptographic functions and provide various utility functions. … Continue Reading
For any business seeking to sell its products or offer its services in the Province of Québec, the carrying out of such activities and the way in which such businesses operate generally are profoundly affected by the enduring linguistic restrictions imposed by the Québec Charter of the French Language (the “Charter”). Adopted by the Québec National Assembly in 1977, the Charter’s stated objective is to safeguard the quality and influence of the French language in both the workplace and as the language of commerce. In the area of business and commerce, the Charter requires that business names, … Continue Reading
CASL is the toughest law of its kind in the world and Canadian organizations are awakening to many major challenges they will face when trying to comply with this legislation. However, non-Canadian organizations should not overlook the Act’s extra-territorial application and its effect on their respective operations.
CASL’s requirements far exceed those in other countries. Rather than targeting false and misleading e-mails or those sent in violation of an opt-out request such as in the U.S., or limiting the restrictions to direct marketing messages as in the EU, CASL goes much farther. It does the same thing with its “ban … Continue Reading
The number of Canadian businesses accepting virtual currencies as a form of payment is growing. Bitcoin is emerging as the most popular of these new currencies – none of which are subject to a central authority. Governments, including Canada’s federal government, are starting to take note, expressing opinions on the applicability of domestic laws and proposing new regulations. It is still early days for virtual currencies, however, and uncertainty remains. Before your business decides to accept Bitcoin as a form of payment, consider the practical and legal risks outlined below.
Complying with Anti-Money Laundering and Anti-Terrorist Financing Regulations
Compliance with … Continue Reading
The UK Defamation Act 2013 (the “Act”) came into effect on January 1, 2014. This Act includes a variety of reforms to the UK law of defamation, including codification of the defence of “Publication on a matter of public interest”; however, for Canadian website operators, the most important change is likely to be a new defence against operator liability for third-party defamatory content.
Under section 5 of the Act, website operators now have a complete defence against liability in the UK for defamatory content posted by third parties, provided that the complainant is able to identify the poster. … Continue Reading
2013 was a very active year in the tech sector in Canada. Some of the leading developments over the last year are summarised below.
Tech Transactions – Turbulent Year for BlackBerry (Fairfax transaction)
2013 was a turbulent year for the Canadian leader of the telecommunications industry. It started with a change of name, from Research in Motion Ltd. to BlackBerry, in order to rebrand the company and to be more successful on the stock market. A few months later, BlackBerry publicly announced that it was reviewing its strategic alternatives for the future. In November, BlackBerry received an investment of U.S. … Continue Reading
As discussed in the November 9, 2012 post, Supreme Court Invalidates Pfizer’s Blockbuster VIAGRA® Patent, the Supreme Court of Canada struck down Pfizer’s blockbuster VIAGRA® patent (the “‘446 Patent”) on the basis of insufficient disclosure: see Teva Canada Ltd. v. Pfizer Canada Inc., 2012 SCC 60.
In a curious twist, the SCC declared the ‘446 Patent “void”, despite the case being brought under the Patented Medicines (Notice of Compliance) Regulations (“PM(NOC) Regulations”). However, on June 4, 2013, the SCC granted Pfizer’s rare Rule 76/81 Motion, varying this controversial aspect of its … Continue Reading
The Liberal government in Ontario has introduced significant new amendments to its health privacy legislation, the Personal Health Information Protection Act (PHIPA).
While there are many important aspects to the new legislation, one key aspect involves significant new responsibilities imposed on “prescribed organizations” or “PO”s in the proposed amendments to PHIPA. Sections 55.1 and 55.12 of the proposed amendments appear to contemplate a process by which Lieutenant Governor in Council may regulate the organizations responsible for “creating or maintaining [an] electronic health record”. A definition in s. 55.1(1) suggests that this means to:
- administer, create, integrate, manage, maintain or
On May 23, 2013, the Office of the Privacy Commissioner of Canada (the “Privacy Commissioner”) has released a position paper (“Position Paper“) calling for substantial changes to the Personal Information Protection and Electronic Documents Act(“PIPEDA”).
The Privacy Commissioner argues that PIPEDA is currently insufficient to meet the challenges posed by the advent of technology that allows organizations to collect, use, and disclose an unprecedented amount of data which include personal information (“Big Data”). Big Data poses challenges both with respect to the security of Canadians’ data, and the manner in which … Continue Reading
At McCarthy Tétrault’s Toronto Technology Law Summit, Bram Abramson, Daniel Glover, James Archer, Bob Nakano, Pat McCay, Naseem Malik, and David Tait, were featured in the Six Minute Lawyer panel. Each lawyer provided brief updates on a variety of topical and timely tech law issues, ranging from the regulation of commercial communications to tax issues.
Unsolicited Telecommunications Rules
Bram Abramson provided an overview of the CRTC Unsolicited Telecommunications Rules (“UTRs”), which are overseen by the Commission’s Compliance and Enforcement Section. These rules cover unsolicited phone calls or faxes for the purpose of solicitation. … Continue Reading
In a judgment pronounced on May 10, 2013, Justice O’Reilly of the Federal Court of Canada, granted Apotex’s claim against Pfizer for section 8 damages under Canada’s Patented Medicines (Notice of Compliance) Regulations, SOR/93-133. The sole issue before the Court was whether Apotex had a valid claim to damages. The amount is to be determined in a subsequent proceeding. For the full written decision see: Apotex v. Pfizer Canada Inc., 2013 FC 493.
The section 8 claim arises out of a failed prohibition proceeding. In early 2000, Apotex sought approval for its generic version of ZITHROMAX (azithromycin), … Continue Reading
In Part 1 of this blog series on digital advertising, we canvassed the disclosure rules in light of the recent the U.S. Federal Trade Commission’s recent publication, “.com Disclosures, How to Make Effective Disclosures in Digital Advertising”. In Part 2 of this blog series, we will set out some tips and guidelines to assist businesses in complying with the disclosure rules and avoid falling afoul the FTC.
Entities conducting business online in the U.S. ought to consider whether its advertising meets these guidelines:
- Prominent and Unavoidable: Disclosure should be at least as large as the related claim and
Does the medium matter? According to the U.S. Federal Trade Commission’s recent publication, “.com Disclosures, How to Make Effective Disclosures in Digital Advertising”, consumer protection laws apply equally to all forms of media and devices, including smartphones, tablets, Facebook, Twitter and the internet. The new FTC guidance, released on March 12, 2013, is an update to the FTC’s 2000 publication, “Dot Com Disclosures”.
As a general rule, the FTC requires that an advertiser provide additional information when an ad makes a claim, express or implied, that might be misleading without more information. To be effective, that … Continue Reading
On July 3, 2012, the CEO of Netflix Inc. did what many of us frequently do: updated his Facebook account. However, he updated his account with a post stating that Netflix viewing “exceeded 1 billion hours” in the month of June. This post was viewable by over 200,000 Facebook fans. Netflix Inc. shares rose 6.2% that day, the largest single day gain in approximately 6 weeks.
Shortly thereafter, the Securities and Exchange Commission (“SEC”) provided Netflix and the CEO with a “Wells Notice”, a notice the SEC provides when it is of the opinion that sufficient wrongdoing has … Continue Reading
Recently, the Office of the Information and Privacy Commissioner for British Columbia published cloud computing guidelines for public bodies in British Columbia. The purpose of the guidelines is to provide information to public bodies about how BC’s Freedom of Information and Protection of Privacy Act (BC FIPPA) applies to cloud computing.
What is Cloud Computing?
Cloud computing is an increasingly popular on-demand service model for IT provision, often based on virtualization and distributed computing technologies. It typically involves the provision of web-based services, such as online file storage and applications, using hardware and software managed by the service provider. For
McCarthy Tétrault has just published Canadian Telecommunications Regulatory Handbook by partner Hank Intven.
The Handbook provides a detailed summary of Canadian telecommunications law and regulation and is a convenient single reference source for the text of the laws, treaties, regulations, directions, orders, rules and other key documents that govern Canadian telecommunications regulation.
This Handbook includes a chapter discussing the Do Not Call regime, Canadian anti-spam legislation and lawful access proposals, which may be of interest to in-house counsel in the tech and marketing space.
Due to cloud computing’s borderless and infinite storage potential, vast amount of information can be collected and stored. However, the accumulation of personal information in the cloud increases the risks and impact of unauthorized access to the information, whether through security or data breaches. This risk is compounded when the data is transferred outside of Canada where the information is subjected to the laws of the foreign country.
Storing or Transferring Data Outside of Canada
Where personal information is transferred to a foreign third party, that information is subject to the laws of the foreign country and no contract or … Continue Reading
The Privacy Commissioner of Canada recently released new guidelines to assist organizations involved in online behavioural advertising (OBA) ensure that their practices are transparent and comply with the federal private sector privacy legislation. The guidelines are attention-span friendly, weighing in at three pages, with few surprises and largely high-level takeaways.
The guidelines accept that OBA may be “considered a reasonable purpose under the Personal Information Protection and Electronic Documents Act (PIPEDA),” provided it is done within certain “parameters”, namely:
- Information collected for OBA is likely personal information: as a default position, the Privacy Commissioner takes the view that information collected
In light of the increasing rate of security breaches in industry and government, the US Securities and Exchange Commission (SEC) has issued guidelines encouraging public companies to disclose cyberattacks waged against them. The guidelines apply to both domestic US companies and foreign private issuers, and may therefore apply to Canadian companies registered in the US.
What types of disclosure are required?
A company is obligated to disclose material information relating to risks (e.g., a security system failure) and incidents (e.g., a security breach) if necessary to avoid misleading investors in light of other required disclosures.
When is disclosure required?
In … Continue Reading