snIP/ITs Insights on Canadian Technology and Intellectual Property Law

Tag Archives: privacy

European Banking Authority Responds to European Commission Public Consultation on Fintech: Potential Takeaways for Canada

Posted in Big Data, Cybersecurity, Financial, Fintech

In March 2017, the European Commission issued a public consultation document on Fintech.  The goal of the European Commission (EC) document is to further the objective of a digital single market within Europe.  This will be done by supporting the development of digital infrastructure,  improving access to goods and services, and ensuring rules foster technological development.

The European Banking Authority (EBA) published its response to the public consultation in June 2017.  The EBA response is significant because it sheds light on how European banks are approaching the areas of artificial intelligence, roboadvisors, crowdfunding, and big data.  Institutions in other countries, … Continue Reading

Few “likes” for Facebook Forum Selection Clause: Supreme Court Finds “Strong Cause” to Not Enforce Forum Selection Clause

Posted in Class Actions, Litigation, Privacy, Social Media

Electronic terms of service govern billions of relationships worldwide, whether a user is joining a social media service, shopping online or accessing a blog. In each case, a binding contract is formed, the terms of which are usually set out in the website’s “terms of service” . But when a contract is made over the internet and there is later a dispute, whose law governs? What is the “forum” for the resolution of the dispute? What if the contract expressly designates a specific jurisdiction as the appropriate “forum”? In Douez v Facebook, Inc. (“Douez”), the Supreme Court of … Continue Reading

Fintech Regulatory Developments: 2016 Year in Review

Posted in Fintech, Regulatory Compliance

This year was a tremendously active year for Fintech in Canada and internationally, and 2017 promises to be even more so.  In the Fall of 2016, we co-authored a comprehensive report together with the Digital Finance Institute, “FinTech in Canada: British Columbia Edition” on the state of the Canadian Fintech ecosystem, highlighting a number of the then-current industry and regulatory developments.  As we head into 2017, we provide a brief summary of some of last year’s Fintech regulatory developments in Canada and globally, and some developments to watch for in the upcoming year.… Continue Reading

The year in review: developments in computer, internet and e-commerce law (2015-2016)

Posted in Defamation, E-Commerce, Intellectual Property

On June 14, I gave my annual presentation to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covered the period from June 2015 to June 2016. The developments included cases from Canada, the U.S. the U.K., and other Commonwealth countries.

The developments were organized into the broad topics of: Technology Contracting, Online Agreements, Privacy, Online/Intermediary Liability/Responsibility, Copyright, and Trade-marks and Domain names.

The cases referred to are listed below. My slides can be viewed after the case listing. These and many other cases will be added to my 7 volume book … Continue Reading

Keep It To Yourself: Ontario Court Introduces Tort of Public Disclosure in Doe v D, 2016 ONSC 541

Posted in Privacy

Following the 2012 decision of Jones v Tsige (“Jones”), there has been judicial debate in Canada over the recognition and adoption of common law privacy torts, such as the tort of intrusion upon seclusion.[1]  Recently, the Ontario Superior Court of Justice in Doe v D (“Doe”) expressly recognized the tort of “public disclosure of private facts” to expand the scope of privacy protection in Canadian common law.[2] … Continue Reading

EU-US Privacy Shield: Agreement in Principle on Framework To Replace Safe Harbour

Posted in Privacy

Regular readers of this blog will be aware that, last fall, the Court of Justice of the European Union struck down the Safe Harbour framework which permitted the lawful transfer of personal information from the EU to the US through a self-certification model.  Negotiations between the European and US authorities to update or replace the framework were already underway prior to this decision, but the Court’s intervention raised the stakes dramatically.  The Article 29 Working Party (WP29) had set a deadline of the end of January after which European Data Protection Authorities (DPAs) might begin coordinated enforcement actions against organizations … Continue Reading

Data Transfers from EU to US “unlawful”; EU Signals Enforcement Actions Possible After January, 2016

Posted in Privacy

On Friday, October 16, 2015, the Article 29 Working Party (“WP29”) released a statement on the decision of the Court of Justice of the European Union (“CJEU”) in the case Schrems v Data Protection Commissioner (C-362-14), the landmark decision which invalidated the decision of the European Commission underpinning the Safe Harbour framework by which personal information was permitted to move from the EU to the United States.… Continue Reading

Europe’s Top Court Invalidates ‘Safe Habour’ Data Transfer Framework

Posted in Privacy, Regulatory Compliance

On October 6, 2015, the Court of Justice of the European Union (“CJEU”) declared that the US-EU Safe Harbour framework is invalid, striking it down in the highly anticipated case of Schrems v. Data Protection Commissioner. The decision is effective immediately, with far-reaching and widespread implications for entities with multinational data flows.

Since EU data protection laws purport to apply to the processing of personal data regardless of whether the individuals affected are EU citizens or not, or are physically present in the EU or not, the potential impacts of this decision go beyond those organizations with … Continue Reading

Federal Court Conditionally Certifies Privacy Breach Class Action

Posted in Data Breach, Privacy

In the recent decision of Doe v Her Majesty The Queen, 2015 FC 916 (“Doe”), the Federal Court granted conditional certification of a class action brought on behalf of members of the Marihuana Medical Access Program (“MMAP“). This conditional certification is notable as it, alongside the recent case Evans v. Bank of Nova Scotia (“Evans“), is one of the few class actions certified in Canada relating to breaches of privacy. Particularly of interest is the Plaintiffs’ allegation that the Defendant committed the tort of intrusion upon seclusion and of publicity given to private … Continue Reading

W3C Releases Draft Do-Not-Track Compliance Standards

Posted in Privacy

In today’s Internet, advertising is ubiquitous. It is the main source of revenue for many web sites and services. It is also the subject of increasing scrutiny by privacy advocates and regulators, as advertisers and ad networks develop ever-more sophisticated means to track and profile users in the quest to optimize their effectiveness.

In Canada, online behavioural advertising (sometimes referred to as interest-based advertising) has been the subject of significant attention from the Office of the Privacy Commissioner. The Office recently released a research report on the subject, concluding that many organizations and web sites are not fully-compliant with the … Continue Reading

Manitoba Court Interprets the Common Law Tort of Intrusion Upon Seclusion

Posted in Privacy

Grant v. Winnipeg Regional Health Authority et al., 2015 MBCA 44 (“Grant”), is a successful appeal of the decision of the motion judge, which upheld the decision of the Master striking parts of an amended statement of claim as disclosing no reasonable cause of action. In doing so, the Manitoba Court of Appeal (the “Court”) held that the tort of intrusion upon seclusion, as set out in Jones v Tsige, may allow family members, who claim to have suffered as a result of a breach of a privacy interest of another member, to advance … Continue Reading

McCarthy Tétrault launches CyberLex blog

Posted in Consumer Protection, Data Breach, Privacy

McCarthy Tétrault has just launched its twelfth blog, CyberLex, at http://www.canadiancybersecuritylaw.com. This blog discusses trends and developments in cybersecurity, privacy and data protection law in Canada and internationally; offers practical suggestions and insights on how these issues affect companies in a wide variety of industries; and provides guidance on how to address various challenges and opportunities created by technology and legislative developments.

Please visit the blog!… Continue Reading

Mere Compliance With Privacy Requirements By Corporations may no Longer be Enough

Posted in Privacy, Technology License Agreement

Introduction

The Office of the Privacy Commissioner of Canada (‘‘OPC’’) recently published a research paper entitled ‘‘Privacy and Cyber Security: Emphasizing privacy protection in cyber security activities’’ in which are outlined the common interests and tensions between privacy and cyber security. The report sets out key policy indications with a view to generating dialogue on cyber security as an important element of online protection, while acknowledging that cyberspace governance is a global issue.

Context

The OPC bases its report on the following factual premises. As technologies facilitating access to the Internet have become increasingly entrenched in everyday life, … Continue Reading

New Year, New Mandatory Breach Reporting

Posted in Data Breach, Privacy

Overview

It is rumoured that Bill 12 that amended the Alberta Health Information Act (“HIA”), passed on May 14, 2014, will come into force this year.  Bill 12 made 3 significant changes to the HIA:

  1. adds mandatory breach notification provisions;
  2. authorizes the Office of the Information and Privacy Commissioner (“OIPC”) to disclose information about a breach in certain situations; and
  3. creates new offences and penalties.

We will discuss these 3 amendments in turn.

Continue Reading

SCC Holds Disclosure of Private Communications Engages Constitutional Rights

Posted in Privacy

In its Nov. 14, 2014 decision in Wakeling v. United States of America, 2014 SCC 72, the Supreme Court of Canada (SCC) held that s. 8 of the Canadian Charter of Rights and Freedoms (the Charter) (the right to be free from unreasonable search and seizure) applies to the disclosure of communications obtained through a wiretap to police authorities in a foreign jurisdiction.… Continue Reading

Mobile App Privacy Practices: The Office of the Privacy Commissioner of Canada Issues Tips For Communicating Privacy Practices to App Users

Posted in Privacy

Communicating privacy practices to users of mobile apps can be challenging, especially given small screen sizes and the difficulty of capturing app user attention.  The Office of the Privacy Commissioner of Canada (OPC) has acknowledged these challenges and, in September 2014, published Ten Tips for Communicating Privacy Practices to Your App’s Users.

These tips were provided in connection with the findings of the second annual Global Privacy Enforcement Network (GPEN) Privacy Sweep, which the OPC participated in along with twenty-five other privacy enforcement authorities from around the world.

The GPEN Privacy Sweep assessed 1,211 apps with a focus on … Continue Reading

Lapse of Alberta PIPA Thwarted

Posted in Privacy

In my blog dated October 17, 2014, titled, “Impending Lapse of PIPA Creates Uncertainty”, I explored the consequences of PIPA being struck had the Alberta government failed to amend PIPA to comply with the Canadian Charter of Rights and Freedom (the “Charter”) and meet the November 15, 2014 deadline.

Since my October 17, 2014 blog, I have had the opportunity to meet Jill Clayton, the Alberta Information and Privacy Commissioner. In my discussion with Jill Clayton, she advised me that, on October 31, 2014, the Alberta government was granted a 6 month extension to amend PIPA and ensure compliance. … Continue Reading

Impending Lapse of PIPA Creates Uncertainty

Posted in Privacy

On November 15, 2013, the Supreme Court of Canada struck down the Alberta Personal Information Protection Act (“PIPA”) in Alberta (Information and Privacy Commissioner) v United Food and Commercial Workers, Local 401, 2013 SCC 62 (“United Food”), and despite a one-year stay to allow for necessary amendments, delay on the part of the Alberta government has caused PIPA’s lapse to become an inevitability.

The SCC found that sections of PIPA violated the right to freedom of expression enshrined in s. 2(b) of the Canadian Charter of Rights and Freedoms (the “Charter”). Further, the SCC found … Continue Reading

“Objectively Reasonable” and Privacy: Recent Developments

Posted in Privacy

The ubiquitous and rapidly-evolving nature of technology has recently necessitated serious consideration of our “reasonable expectation of privacy.”  This concept is at the core of Canadian privacy law. In particular, the concept is a key part of the Charter test for s. 8, the right to be secure against unreasonable search and seizure. The Supreme Court of Canada (“SCC”) grappled with these questions in R v Cole[1] and R v Vu[2], and more recently, the British Columbia and Ontario Courts of Appeal applied these Charter principles to couriered packages and USB keys in R Continue Reading

Intrusion Upon Seclusion Part 2: Implications for Businesses Across Canada

Posted in Privacy

Recently, my colleagues Sean Griffin and Ann-Elisabeth Simard considered the Evans v Bank of Nova Scotia (“Evans”) decision wherein the Ontario Supreme Court (the “Court”) certified a class action proceeding for allegations concerning a breach of privacy rights through the tort of intrusion upon seclusion first set out in Jones v Tsige (“Jones”).  You can access his blog here.

Evans has set a precedent for the low threshold required to be met for certification in class actions concerning breaches of information privacy. In this blog, we will canvass the implications of the EvansContinue Reading

You can stay anonymous: SCC recognizes a privacy interest in protecting anonymity on the Internet

Posted in Privacy

On June 13, 2014, in a landmark privacy ruling, the Supreme Court of Canada (“SCC”) in R v Spencer[1] (“Spencer”) unanimously recognized that, in addition to confidentiality and control of the use of personal information, there may be a privacy interest in protecting anonymity in the context of internet usage. In this decision, the SCC decided that a person has a reasonable expectation of privacy associated with Internet activities and that the “lawful authority” exemption in PIPEDA does not create a basis to provide such information to the police unless the police actually demonstrate that … Continue Reading

Notice and notice regime under C-11 coming into force

Posted in Copyright, Privacy

The Government announced today that the notice and notice regime established under C-11 is coming into force. The delay in bringing these provisions into force was a consultations on possible regulations that the regime permitted. The Government announced that the provisions are coming into force without regulations.

The regime permits copyright owners to send notices to internet service providers and other internet intermediaries claiming infringement of copyright. The notices must be passed on by these service providers to their users. Because there are no regulations, the notices must be processed and passed on by the internet intermediaries without any fees … Continue Reading

What’s the difference between Google and an elephant? An elephant never forgets.

Posted in Privacy, Regulatory Compliance

Last month, in a bombshell decision, the European Union’s Court of Justice (“CJEU”) demanded that Google “forget” certain items. The demand resulted from a CJEU decision that individuals have a right to request that a search engine remove certain webpage links from the search results of a search including the individual’s name. The ruling is, for all intents and purposes, final.

In short, the CJEU decided that Google Inc. is subject to the EU Data Protection Directive 94/46 (“Direction”), even though its servers were located outside the EU. As a result, Google was a data processor and data controller within … Continue Reading

Big Data – Big Problem? The FTC Recommends the US Congress Reign in Data Brokers

Posted in Privacy

Big Data is the term used to describe the enormous datasets that are beyond the ability of most software to process. Statistical analysis of these giant data sets can allow the holder to predict baseball outcomes (think Moneyball), pregnancy  and, apparently, the stock market.

These enormous data sets however, are made up of data pertaining to individuals and the data brokers who amass these data sets have been less than forthcoming about the personal information they hold, raising privacy concerns.

This is the conclusion of a U.S. Federal Trade Commission (“FTC”) report last week which found “data brokers … Continue Reading