Project Jasper is an experiment being done by the Bank of Canada, Payments Canada and R3 to test the viability and feasibility of using Distributed Ledger Technology (“DLT”) as the basis for wholesale interbank payment settlements. This project was launched in March 2016 and has completed two phases. Phase 1 of Project Jasper employed the Ethereum platform as the basis for the DLT, while Phase 2 employed the custom-designed R3 Corda platform. In June 2017, the Bank of Canada issued a report on its preliminary findings from Project Jasper, which were summarized in our previous article. On … Continue Reading
In March 2017, the European Commission issued a public consultation document on Fintech. The goal of the European Commission (EC) document is to further the objective of a digital single market within Europe. This will be done by supporting the development of digital infrastructure, improving access to goods and services, and ensuring rules foster technological development.
The European Banking Authority (EBA) published its response to the public consultation in June 2017. The EBA response is significant because it sheds light on how European banks are approaching the areas of artificial intelligence, roboadvisors, crowdfunding, and big data. Institutions in other countries, … Continue Reading
Electronic terms of service govern billions of relationships worldwide, whether a user is joining a social media service, shopping online or accessing a blog. In each case, a binding contract is formed, the terms of which are usually set out in the website’s “terms of service” . But when a contract is made over the internet and there is later a dispute, whose law governs? What is the “forum” for the resolution of the dispute? What if the contract expressly designates a specific jurisdiction as the appropriate “forum”? In Douez v Facebook, Inc. (“Douez”), the Supreme Court of … Continue Reading
This year was a tremendously active year for Fintech in Canada and internationally, and 2017 promises to be even more so. In the Fall of 2016, we co-authored a comprehensive report together with the Digital Finance Institute, “FinTech in Canada: British Columbia Edition” on the state of the Canadian Fintech ecosystem, highlighting a number of the then-current industry and regulatory developments. As we head into 2017, we provide a brief summary of some of last year’s Fintech regulatory developments in Canada and globally, and some developments to watch for in the upcoming year.… Continue Reading
On June 14, I gave my annual presentation to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covered the period from June 2015 to June 2016. The developments included cases from Canada, the U.S. the U.K., and other Commonwealth countries.
The developments were organized into the broad topics of: Technology Contracting, Online Agreements, Privacy, Online/Intermediary Liability/Responsibility, Copyright, and Trade-marks and Domain names.
The cases referred to are listed below. My slides can be viewed after the case listing. These and many other cases will be added to my 7 volume book … Continue Reading
Following the 2012 decision of Jones v Tsige (“Jones”), there has been judicial debate in Canada over the recognition and adoption of common law privacy torts, such as the tort of intrusion upon seclusion. Recently, the Ontario Superior Court of Justice in Doe v D (“Doe”) expressly recognized the tort of “public disclosure of private facts” to expand the scope of privacy protection in Canadian common law. … Continue Reading
Regular readers of this blog will be aware that, last fall, the Court of Justice of the European Union struck down the Safe Harbour framework which permitted the lawful transfer of personal information from the EU to the US through a self-certification model. Negotiations between the European and US authorities to update or replace the framework were already underway prior to this decision, but the Court’s intervention raised the stakes dramatically. The Article 29 Working Party (WP29) had set a deadline of the end of January after which European Data Protection Authorities (DPAs) might begin coordinated enforcement actions against organizations … Continue Reading
On Friday, October 16, 2015, the Article 29 Working Party (“WP29”) released a statement on the decision of the Court of Justice of the European Union (“CJEU”) in the case Schrems v Data Protection Commissioner (C-362-14), the landmark decision which invalidated the decision of the European Commission underpinning the Safe Harbour framework by which personal information was permitted to move from the EU to the United States.… Continue Reading
On October 6, 2015, the Court of Justice of the European Union (“CJEU”) declared that the US-EU Safe Harbour framework is invalid, striking it down in the highly anticipated case of Schrems v. Data Protection Commissioner. The decision is effective immediately, with far-reaching and widespread implications for entities with multinational data flows.
Since EU data protection laws purport to apply to the processing of personal data regardless of whether the individuals affected are EU citizens or not, or are physically present in the EU or not, the potential impacts of this decision go beyond those organizations with … Continue Reading
In the recent decision of Doe v Her Majesty The Queen, 2015 FC 916 (“Doe”), the Federal Court granted conditional certification of a class action brought on behalf of members of the Marihuana Medical Access Program (“MMAP“). This conditional certification is notable as it, alongside the recent case Evans v. Bank of Nova Scotia (“Evans“), is one of the few class actions certified in Canada relating to breaches of privacy. Particularly of interest is the Plaintiffs’ allegation that the Defendant committed the tort of intrusion upon seclusion and of publicity given to private … Continue Reading
In today’s Internet, advertising is ubiquitous. It is the main source of revenue for many web sites and services. It is also the subject of increasing scrutiny by privacy advocates and regulators, as advertisers and ad networks develop ever-more sophisticated means to track and profile users in the quest to optimize their effectiveness.
In Canada, online behavioural advertising (sometimes referred to as interest-based advertising) has been the subject of significant attention from the Office of the Privacy Commissioner. The Office recently released a research report on the subject, concluding that many organizations and web sites are not fully-compliant with the … Continue Reading
Grant v. Winnipeg Regional Health Authority et al., 2015 MBCA 44 (“Grant”), is a successful appeal of the decision of the motion judge, which upheld the decision of the Master striking parts of an amended statement of claim as disclosing no reasonable cause of action. In doing so, the Manitoba Court of Appeal (the “Court”) held that the tort of intrusion upon seclusion, as set out in Jones v Tsige, may allow family members, who claim to have suffered as a result of a breach of a privacy interest of another member, to advance … Continue Reading
McCarthy Tétrault has just launched its twelfth blog, CyberLex, at http://www.canadiancybersecuritylaw.com. This blog discusses trends and developments in cybersecurity, privacy and data protection law in Canada and internationally; offers practical suggestions and insights on how these issues affect companies in a wide variety of industries; and provides guidance on how to address various challenges and opportunities created by technology and legislative developments.
The Office of the Privacy Commissioner of Canada (‘‘OPC’’) recently published a research paper entitled ‘‘Privacy and Cyber Security: Emphasizing privacy protection in cyber security activities’’ in which are outlined the common interests and tensions between privacy and cyber security. The report sets out key policy indications with a view to generating dialogue on cyber security as an important element of online protection, while acknowledging that cyberspace governance is a global issue.
The OPC bases its report on the following factual premises. As technologies facilitating access to the Internet have become increasingly entrenched in everyday life, … Continue Reading
It is rumoured that Bill 12 that amended the Alberta Health Information Act (“HIA”), passed on May 14, 2014, will come into force this year. Bill 12 made 3 significant changes to the HIA:
- adds mandatory breach notification provisions;
- authorizes the Office of the Information and Privacy Commissioner (“OIPC”) to disclose information about a breach in certain situations; and
- creates new offences and penalties.
We will discuss these 3 amendments in turn.
In its Nov. 14, 2014 decision in Wakeling v. United States of America, 2014 SCC 72, the Supreme Court of Canada (SCC) held that s. 8 of the Canadian Charter of Rights and Freedoms (the Charter) (the right to be free from unreasonable search and seizure) applies to the disclosure of communications obtained through a wiretap to police authorities in a foreign jurisdiction.… Continue Reading
Communicating privacy practices to users of mobile apps can be challenging, especially given small screen sizes and the difficulty of capturing app user attention. The Office of the Privacy Commissioner of Canada (OPC) has acknowledged these challenges and, in September 2014, published Ten Tips for Communicating Privacy Practices to Your App’s Users.
These tips were provided in connection with the findings of the second annual Global Privacy Enforcement Network (GPEN) Privacy Sweep, which the OPC participated in along with twenty-five other privacy enforcement authorities from around the world.
The GPEN Privacy Sweep assessed 1,211 apps with a focus on … Continue Reading
In my blog dated October 17, 2014, titled, “Impending Lapse of PIPA Creates Uncertainty”, I explored the consequences of PIPA being struck had the Alberta government failed to amend PIPA to comply with the Canadian Charter of Rights and Freedom (the “Charter”) and meet the November 15, 2014 deadline.
Since my October 17, 2014 blog, I have had the opportunity to meet Jill Clayton, the Alberta Information and Privacy Commissioner. In my discussion with Jill Clayton, she advised me that, on October 31, 2014, the Alberta government was granted a 6 month extension to amend PIPA and ensure compliance. … Continue Reading
On November 15, 2013, the Supreme Court of Canada struck down the Alberta Personal Information Protection Act (“PIPA”) in Alberta (Information and Privacy Commissioner) v United Food and Commercial Workers, Local 401, 2013 SCC 62 (“United Food”), and despite a one-year stay to allow for necessary amendments, delay on the part of the Alberta government has caused PIPA’s lapse to become an inevitability.
The SCC found that sections of PIPA violated the right to freedom of expression enshrined in s. 2(b) of the Canadian Charter of Rights and Freedoms (the “Charter”). Further, the SCC found … Continue Reading
The ubiquitous and rapidly-evolving nature of technology has recently necessitated serious consideration of our “reasonable expectation of privacy.” This concept is at the core of Canadian privacy law. In particular, the concept is a key part of the Charter test for s. 8, the right to be secure against unreasonable search and seizure. The Supreme Court of Canada (“SCC”) grappled with these questions in R v Cole and R v Vu, and more recently, the British Columbia and Ontario Courts of Appeal applied these Charter principles to couriered packages and USB keys in R … Continue Reading
Recently, my colleagues Sean Griffin and Ann-Elisabeth Simard considered the Evans v Bank of Nova Scotia (“Evans”) decision wherein the Ontario Supreme Court (the “Court”) certified a class action proceeding for allegations concerning a breach of privacy rights through the tort of intrusion upon seclusion first set out in Jones v Tsige (“Jones”). You can access his blog here.
Evans has set a precedent for the low threshold required to be met for certification in class actions concerning breaches of information privacy. In this blog, we will canvass the implications of the Evans… Continue Reading
On June 13, 2014, in a landmark privacy ruling, the Supreme Court of Canada (“SCC”) in R v Spencer (“Spencer”) unanimously recognized that, in addition to confidentiality and control of the use of personal information, there may be a privacy interest in protecting anonymity in the context of internet usage. In this decision, the SCC decided that a person has a reasonable expectation of privacy associated with Internet activities and that the “lawful authority” exemption in PIPEDA does not create a basis to provide such information to the police unless the police actually demonstrate that … Continue Reading
The Government announced today that the notice and notice regime established under C-11 is coming into force. The delay in bringing these provisions into force was a consultations on possible regulations that the regime permitted. The Government announced that the provisions are coming into force without regulations.
The regime permits copyright owners to send notices to internet service providers and other internet intermediaries claiming infringement of copyright. The notices must be passed on by these service providers to their users. Because there are no regulations, the notices must be processed and passed on by the internet intermediaries without any fees … Continue Reading
Last month, in a bombshell decision, the European Union’s Court of Justice (“CJEU”) demanded that Google “forget” certain items. The demand resulted from a CJEU decision that individuals have a right to request that a search engine remove certain webpage links from the search results of a search including the individual’s name. The ruling is, for all intents and purposes, final.
In short, the CJEU decided that Google Inc. is subject to the EU Data Protection Directive 94/46 (“Direction”), even though its servers were located outside the EU. As a result, Google was a data processor and data controller within … Continue Reading