snIP/ITs Insights on Canadian Technology and Intellectual Property Law

Category Archives: Regulatory Compliance

Subscribe to Regulatory Compliance RSS Feed

Canada implements expanded WTO agreement eliminating tariffs on certain high tech products

Posted in Regulatory Compliance

In December 2015, over 50 WTO members, including Canada, gathered at the Nairobi Ministerial Conference, and agreed to the expansion of the Information Technology Agreement (ITA), a WTO agreement that aims to eliminate tariffs on IT products. The ITA was originally concluded by 29 participants in 1996. It now has over 82 participants, representing around 97 per cent of world trade in IT products.

On July 1, 2016, the expanded ITA finally came into effect, eliminating tariffs on 201 tech and information-related products valued at over $1.3 trillion per year. An expansion of the agreement was necessary given recent … Continue Reading

New Quebec Regulation Facilitating Contracting With Public Bodies in the Field of Information Technologies

Posted in Regulatory Compliance

On June 1st, 2016, the new Regulation respecting contracting by public bodies in the field of information technologies (the “Regulation”), which now allows Quebec public bodies greater flexibility to negotiate complex Information Technologies (“IT”) service agreements, came into force . It supplements the Act respecting contracting by public bodies[1] (the “Act” which establishes the legal framework for contracting with public bodies in Québec, including among others the Québec government and its departments, certain Crown corporations, universities, hospitals, towns and municipalities. It applies to contracts and sub-contracts of a value of $1M or above.

The coming into force … Continue Reading

U.S. Treasury Issues Marketplace Lending White Paper

Posted in Fintech, Regulatory Compliance

In response to the U.S. Department of the Treasury’s (“Treasury”) July 20, 2015 request for information on online marketplace lending (the “RFI”), Treasury issued its white paper on marketplace lending “Opportunities and Challenges in Online Marketplace Lending” (the “White Paper”) on May 10, 2016. The White Paper outlines the risks and potential of this emerging form of credit, makes specific policy recommendations and identifies certain trends for future monitoring.

The White Paper defines marketplace lending as financial services that use “investment capital and data-driven online platforms to lend either directly or indirectly … Continue Reading

Competition Bureau to Study Fintech Market

Posted in Fintech, Regulatory Compliance

The Competition Bureau announced on May 19, 2016 that it will launch a market study focused on how innovation in the fintech sector is impacting consumers and businesses, with the results intended to be published in the spring of 2017, seeking to determine whether there is a need for “regulatory reform to promote greater competition while maintaining consumer confidence in the sector.”

The announcement cites a report indicating that Canada appears to be lagging other countries in adoption of fintech as one of the reasons for deciding to study the financial services industry.… Continue Reading

From Broadcasting to Telecommunications and Everything in Between: Reflections on the Recent New Developments in Communications Law and Policy Conference

Posted in Privacy, Regulatory Compliance, Telecommunications

We recently attended the 18th Biennial National Conference: New Developments in Communications Law and Policy, a national symposium of the Law Society of Upper Canada and the Entertainment Media and Communications Law section of the Canadian Bar Association.  This conference is always a stimulating and fascinating opportunity to share thoughts with colleagues in the Canadian communications sector.  This year’s event was no exception.… Continue Reading

Competition Bureau Finalizes IP Enforcement Guidelines on ‘Pay-for-Delay’ Settlements, Pharmaceutical Product Switching, and ‘Patent Trolls’

Posted in Consumer Protection, Intellectual Property, Patents, Regulatory Compliance

On March 31, 2016, the Competition Bureau (Bureau) released revised Intellectual Property Enforcement Guidelines (IPEGs). These IPEGs reflect incremental changes to the draft version released for consultation last year. Most notably the new IPEGs provide further guidance on (i) pharmaceutical patent litigation settlements, (ii) product switching (also known as “product hopping”), (iii) collaborative standard setting and standard essential patents, and (iv) patent assertion entities.… Continue Reading

“Do Not Call” means Do Not Call: CRTC Enters into MOU with FTC on Spam and Unsolicited Telecommunications

Posted in Anti-Spam, Regulatory Compliance, Telecommunications

On March 24, 2016, the Canadian Radio-television and Telecommunications Commission (“CRTC”) signed a memorandum of understanding (“MOU”) with the United States Federal Trade Commission.[1]  This MOU is an effort by Canada and the United States to work together on anti-spam enforcement measures, and expressly refers to unsolicited telecommunications, unsolicited commercial electronic messages (spam), and other unlawful electronic threats (e.g., malware and botnets).… Continue Reading

CRTC CASL Compliance and Enforcement Update

Posted in Anti-Spam, Regulatory Compliance

On February 10, 2016, Lynne Perrault and Dana-Lynn Wood of the CRTC provided the latest in what is becoming a series of CASL briefings, which the presenters described as part of an “on-going dialogue” with industry. The CRTC now has a year and a half of enforcement experience under its belt for the Commercial Electronic Messages (CEMs) provisions of CASL, so this presentation focused on patterns and issues that have emerged in that period, and some guidance in response to those issues.  However, the presenters took some pains to note that the guidance offered was not intended to be prescriptive … Continue Reading

Online Trust Alliance IoT Trust Framework Nears Release

Posted in Privacy, Regulatory Compliance

Throughout 2015, the Online Trust Alliance (“OTA”) (a U.S.-based non-profit organization which originated in 2005 as an informal industry working group drawn largely from the technology and marketing communities) has been working on a so-called “Trust Framework” for the Internet of Things. An earlier post covered the release of the first discussion draft in August.

After a public comment period, the OTA issued a “last call” draft in October, and followed up with a “pre-release” draft on December 3, 2015.

Although this draft is described as “pre-release”, the OTA’s consultation process for the framework appears to be over now. … Continue Reading

The Fintech Frontier: Insights from Money20/20

Posted in M&A/Finance, Regulatory Compliance

We recently had the pleasure of attending the Money20/20 fintech conference in Las Vegas. It was an immersive and incredibly informative event, featuring speakers and thought leaders from many of the major U.S. and Canadian financial institutions, fintech innovators, major retailers, e-commerce and social media platforms and investors. Money20/20 is described as the largest global event focused on payments and financial services innovation for connected commerce at the intersection of mobile, retail, marketing services, data and technology.… Continue Reading

EU Parliament Adopts New Net Neutrality Rules Allowing Content Optimized Services

Posted in Regulatory Compliance

European Union member states have a new net neutrality framework that will allow service providers to offer specialized services – such as improved internet quality for IPTV – where the upgrades do not impact general Internet quality for other end-users.

On October 27 the European Parliament passed a new electronic communications Regulation, with a view to protecting net neutrality. Broadly speaking, net neutrality is the principle that all Internet traffic should be treated equally regardless of content or volume. The European Parliament adopted a Regulation laying down measures concerning open access. The new Regulation also amends Directive 2002/22/EC on universal … Continue Reading

Europe’s Top Court Invalidates ‘Safe Habour’ Data Transfer Framework

Posted in Privacy, Regulatory Compliance

On October 6, 2015, the Court of Justice of the European Union (“CJEU”) declared that the US-EU Safe Harbour framework is invalid, striking it down in the highly anticipated case of Schrems v. Data Protection Commissioner. The decision is effective immediately, with far-reaching and widespread implications for entities with multinational data flows.

Since EU data protection laws purport to apply to the processing of personal data regardless of whether the individuals affected are EU citizens or not, or are physically present in the EU or not, the potential impacts of this decision go beyond those organizations with … Continue Reading

Law Society of British Columbia Rule Change Re: Cloud Computing in the Legal Industry

Posted in Regulatory Compliance


Many businesses have harnessed cloud computing to improve the way they manage and deliver computing resources. The benefits of cloud computing include cost effectiveness, scalability and accessibility. However, since cloud computing services are provided through a shared pool of computing resources, which often includes the storage and processing of data in third-party data centres, the cloud computing model has inherent risks related to service uptime, records retention, and data privacy and security. Lawyers should approach cloud computing with caution because of these risks, the highly confidential information they hold on behalf of their clients, and their professional responsibilities.

This … Continue Reading

Online Trust Alliance releases draft “Trust Framework” for the Internet of Things

Posted in Privacy, Regulatory Compliance

By some estimates, there were more than 2 wireless networked devices for every person on the planet in 2014. The multiplier is expected to reach 5 by the year 2020.

This explosive proliferation of networked technology offers remarkable opportunities, but also inspires concern that the connected future may result in ubiquitous, inescapable, surveillance of every aspect of our lives. Legislators and regulators around the world are grappling with the implications of this technology for the ability to protect personal privacy interests and the practical problems of applying legal regimes originally developed in a very different era.

Against this backdrop, … Continue Reading

Crowdfunding: New Financing Opportunities for Start-Up Companies

Posted in M&A/Finance, Regulatory Compliance

Companies in early and growth stages often need significant funding to achieve their business goals but can have difficulties finding potential investors. Until recently, Canadian regulatory rules prohibited companies in Canada from raising financing by issuing shares and other securities to the general public unless they either (i) filed a qualifying prospectus; or (ii) relied on an exemption from the requirement to file a prospectus under securities laws, which limited the pool of potential investors to people such as friends & family, business associates and accredited investors.

Recently, certain Canadian Securities Administrators introduced a new prospectus exemption, known as the … Continue Reading

“Not Necessarily Regulation, but Regulation as Necessary”: Canadian Senate Committee Weighs in on Regulation of Digital Currency

Posted in Regulatory Compliance, Virtual Currency

In March of 2014, the Minister of Finance tasked the Standing Senate Committee on Banking, Trade and Commerce to examine the use of digital currencies. The Committee pursued an extensive fact-finding mission in Canada and in the United States, speaking with, amongst others, representatives from regulatory bodies, financial institutions, digital currency interest groups, law enforcement, and universities. The long-anticipated, 64-page report was published this month with a clear message: while there are steps to take to address the risks digital currencies could pose in money laundering, terrorist financing, and tax evasion, the federal government should tread carefully in developing regulations … Continue Reading

U.S. regulators review brokerage cybersecurity, provide guidance

Posted in Data Breach, Regulatory Compliance

Earlier this month, the U.S. Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) each released reports addressing cybersecurity. FINRA’s report targeted its broker-dealer members, and the SEC’s report targeted broker-dealers and investment advisers, but the twin reports provide a roadmap to cybersecurity for financial market participants generally, both in the US and Canada.

There can be no doubt that cybersecurity is top-of-mind for those regulating the Canadian financial market. For example, the Canadian Securities Administrators recently published CSA Staff Notice 11-326 – Cyber Security in which it stated “[s]trong and tailored cyber security measures are an … Continue Reading

What’s the difference between Google and an elephant? An elephant never forgets.

Posted in Privacy, Regulatory Compliance

Last month, in a bombshell decision, the European Union’s Court of Justice (“CJEU”) demanded that Google “forget” certain items. The demand resulted from a CJEU decision that individuals have a right to request that a search engine remove certain webpage links from the search results of a search including the individual’s name. The ruling is, for all intents and purposes, final.

In short, the CJEU decided that Google Inc. is subject to the EU Data Protection Directive 94/46 (“Direction”), even though its servers were located outside the EU. As a result, Google was a data processor and data controller within … Continue Reading

Privacy Breaches: Statutory Torts of the British Columbia’s Privacy Act Override Forum Selection Clauses

Posted in Privacy, Regulatory Compliance

On May 30, 2014, the Supreme Court of British Columbia rendered a judgment certifying a class action against Facebook Inc. (“Facebook”). In Douez v. Facebook Inc.[1], the plaintiff alleges that Facebook used the names or portraits of Facebook users without their consent in advertisements called Sponsored Stories in breach of section 3(2) of the British Columbia’s Privacy Act[2] which creates a statutory tort. This case, in a pre-certification stage, also dealt with the question of whether a court should decline its jurisdiction in presence of a forum selection clause or pursuant to the forum non Continue Reading

CRTC updates FAQs – some clarity, along with some contradictions

Posted in Anti-Spam, Consumer Protection, E-Commerce, Regulatory Compliance

The CRTC just released a new FAQ on CASL, replacing the old one that it released in December 2013 (“December FAQ”). Those hoping the CRTC would take this opportunity to clarify some of the more vexing aspects of CASL and the accompanying Guidelines will be disappointed, as the new FAQ largely incorporates and reiterates material found in the Guidelines and the Regulatory Impact Assessment Statement.

While there are few new tidbits, in some key respects the new FAQ only further muddies the waters. Below are some select issues.… Continue Reading

Clotting Heartbleed: Guidance on Privacy Breaches, Notification Obligations and Proposed Amendments to Privacy Legislation

Posted in E-Commerce, Privacy, Regulatory Compliance

Canadian organizations with control over personal information should be aware of the privacy vulnerabilities of Heartbleed and their related legal obligations. Below, we have summarized: (1) the risks of Heartbleed; (2) the notification obligations of organizations that have experienced a privacy breach; (3) amendments to those obligations, as proposed by the federal government; and (4) recommendations  to protect your organization from privacy breaches and legal liability.


Heartbleed is a serious security vulnerability that exists in certain versions of the OpenSSL software. OpenSSL is an open source software module created to implement certain cryptographic functions and provide various utility functions. … Continue Reading

Permitted Exclusive Use of English Trademarks in Québec: Magasins Best Buy Ltée, Costco Wholesale Canada Ltd. et al v. Québec

Posted in Regulatory Compliance

For any business seeking to sell its products or offer its services in the Province of Québec, the carrying out of such activities and the way in which such businesses operate generally are profoundly affected by the enduring linguistic restrictions imposed by the Québec Charter of the French Language[1] (the “Charter”). Adopted by the Québec National Assembly in 1977, the Charter’s stated objective is to safeguard the quality and influence of the French language in both the workplace and as the language of commerce. In the area of business and commerce, the Charter requires that business names, … Continue Reading

CASL Applies To You Even If You Aren’t In Canada

Posted in Anti-Spam, Consumer Protection, Regulatory Compliance

CASL is the toughest law of its kind in the world and Canadian organizations are awakening to many major challenges they will face when trying to comply with this legislation.  However, non-Canadian organizations should not overlook the Act’s extra-territorial application and its effect on their respective operations.

CASL’s requirements far exceed those in other countries. Rather than targeting false and misleading e-mails or those sent in violation of an opt-out request such as in the U.S., or limiting the restrictions to direct marketing messages as in the EU, CASL goes much farther. It does the same thing with its “ban … Continue Reading

Legal Implications of Accepting Bitcoin as Payment

Posted in Consumer Protection, Regulatory Compliance

The number of Canadian businesses accepting virtual currencies as a form of payment is growing. Bitcoin is emerging as the most popular of these new currencies – none of which are subject to a central authority. Governments, including Canada’s federal government, are starting to take note, expressing opinions on the applicability of domestic laws and proposing new regulations. It is still early days for virtual currencies, however, and uncertainty remains. Before your business decides to accept Bitcoin as a form of payment, consider the practical and legal risks outlined below.

Complying with Anti-Money Laundering and Anti-Terrorist Financing Regulations

Compliance with … Continue Reading