CyberLex
CyberLex Insights on cybersecurity, privacy and data protection law

Category Archives: Privacy

Subscribe to Privacy RSS Feed

Privacy Commissioner’s Report on Public Perception of Companies’ Privacy Practices Holds Lessons for Business

Posted in Privacy

The Office of the Privacy Commissioner of Canada (“OPC”) recently released a preliminary report outlining the results of a series of focus groups conducted with Canadians about privacy and the protection of personal information.[1] Predictably, participants in the focus groups (which represented a small and restricted sample of Canadians) were concerned by the collection and… → Read More

Department of Finance Releases Consultation Paper on New Retail Payments Oversight Framework Providing for Functional Regulation of Payment Service Providers

Posted in FinTech, Payments, Privacy

On July 7, 2017, the Department of Finance issued the consultation paper “A New Retail Payments Oversight Framework” (the “Consultation Paper”) proposing a federal oversight framework for retail payments. Comments on the Consultation Paper are due October 6, 2017. Summary of Proposed Oversight Framework The Consultation Paper is discussed in more detail below, but the… → Read More

Searches of Electronic Devices at the Canada/US Border

Posted in Legislation, Privacy

The possibility of arbitrary searches of the electronic devices of persons crossing into the US continues to raise concerns among Canadians and, in particular, privacy regulators. Recent statements (and subsequent legislative amendments) are attempting to address some of the legal issues. On June 8, 2017, Daniel Therrien, the Privacy Commissioner of Canada,  sent a follow up… → Read More

Few “likes” for Facebook Forum Selection Clause: Supreme Court Finds “Strong Cause” to Not Enforce Forum Selection Clause

Posted in Class Actions, Privacy, Privacy Act, Social Media, Uncategorized

Electronic terms of service govern billions of relationships worldwide, whether a user is joining a social media service, shopping online or accessing a blog. In each case, a binding contract is formed, the terms of which are usually set out in the website’s “terms of service” . But when a contract is made over the… → Read More

Why Autonomous Vehicle Providers Should Consider Their Stance on Privacy

Posted in Connected Cars, Privacy

Autonomous vehicles are coming fast. It is now believed that autonomous vehicles will be widely available to consumers by 2020. Many futurists predict that one day owning and driving a car will be a hobby, much like horseback riding, and that most consumers will simply press a button on their mobile devices to have a… → Read More

Lawful Access: The Privacy Commissioner Reiterates its Position

Posted in Criminal, Legislation, Privacy

One of the challenging aspects of PIPEDA in recent years has been the new section 7(3)(c.1)(ii), which permits organisations to disclosure personal information to a government institution that has requested the disclosure for the purpose of law enforcement and has stated its “lawful authority” for the request. Organizations faced with such a request almost always… → Read More

Defending a Lawsuit is Not a “Commercial Activity” Under Privacy Legislation

Posted in Privacy

In a case dating back to 2016 but just recently published, the Office of the Privacy Commissioner of Canada has ruled that the collection and use of a plaintiff’s personal information for the purpose of defending against a civil lawsuit is not a “commercial activity” and, as such, the Personal Information Protection and Electronic Documents Act,… → Read More

Lenovo and Superfish: Proposed Class Action Proceeds on Privacy Tort and Statutes

Posted in Cybersecurity, Internet of Things, Privacy

A recent privacy decision regarding pre-installed software on laptops may have implications for companies operating not only in the traditional hardware space, but for those companies venturing into the burgeoning “Internet of Things” ecosystem. In short, an Ontario court declined to strike the common law and statutory privacy claims, suggesting that courts are at least… → Read More

Genetic Discrimination Bill One Step Closer to Becoming Law

Posted in Legislation, Privacy

On March 8, 2017 Liberal backbench MPs united with opposition parties to pass Bill S-201, an act to prohibit and prevent genetic discrimination. As noted in this prior Cyberlex post, Bill S-201 follows the enactment of legislation in the United States and adoption in the United Kingdom of a voluntary code and protects individuals from… → Read More

Cyberbullying & Revenge Porn: An Update on Canadian Law

Posted in Privacy

The current nature of social media and, more broadly, the Digital Age, continues to create challenges for legislators and law enforcement officials alike. One such challenge arises in the cyberbullying context, where intimate (or otherwise private) images are uploaded to the Internet. These files can be copied, forwarded and shared instantaneously, making them seemingly impossible… → Read More

Bill S-201 and the Protection Against Genetic Discrimination.

Posted in Discrimination, Employment, Legislation, Privacy

You have done testing to determine whether you have a genetic predisposition to certain medical conditions. The results come back: You do. This is important information for you and your doctor to make more informed decisions about your health care.  But now that you know, are there circumstances in which you should be required to… → Read More

The New U.S. Executive Order: Effects on Canadian Privacy Laws and Cross Border Data Transfers

Posted in Privacy

President Donald J. Trump’s executive order issued January 25, 2017, contained one little paragraph with big words about Canadians’—and other non-U.S. citizens’—privacy: Sec. 14.  Privacy Act.  Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections… → Read More

PIPEDA’s global extra-territorial jurisdiction: A.T. v. Globe24h.com

Posted in Privacy

The Federal Court of Canada released a landmark decision finding that the court has the jurisdiction to make an extra-territorial order with world-wide effects against a foreign resident requiring the foreign person to remove documents containing personal information about a Canadian citizen that violates the person’s rights under Canada’s privacy law, the Personal Information Protection… → Read More

Is There a Duty of Device Security? U.S. Regulator Fires Warning Shot Over Obligations of IoT Manufacturers

Posted in Internet of Things, Privacy

A complaint filed by the U.S. Federal Trade Commission (the “FTC”) against D-Link Corporation, a Taiwanese computer networking equipment manufacturer, and its U.S. subsidiary (collectively, “D-Link”) is raising questions about the extent of responsibility that networking equipment manufacturers may have for the security of their products, and how much of that responsibility rests with consumers… → Read More

McCarthy Tétrault Celebrates Data Privacy Day, 2017 With New Cybersecurity Risk Guide

Posted in Cybersecurity, Privacy

In celebration of Data Privacy Day, McCarthy Tétrault is pleased to launch the 2017 edition of our newly designed online Cybersecurity Risk Management Guide, to help clients manage data risks in a quickly evolving business environment.  Data Privacy Day, celebrated on January 28, 2017, is an opportunity for businesses to review privacy and data protection policies,… → Read More

Blockchain And Privacy: Transparency And Innovation Pose Challenges for Data Protection

Posted in FinTech, Privacy

A blockchain is a peer network of nodes that use a distributed ledger that can be used to track transactions involving value including money, votes, property, etc. The most well-known application of blockchain technology is bitcoin. Transactions on a blockchain are not regulated by any central counterparty: the individuals involved in a given transaction provide… → Read More

Supreme Court Renders Landmark Privacy decision in Royal Bank of Canada v. Trang

Posted in Privacy

The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada’s federal privacy law, the Personal Information Protection and Electronic Documents Act (“PIPEDA”), should be interpreted. In Royal Bank of Canada v. Trang, 2016 SCC 50, the Court ruled that courts can use their inherent jurisdiction to make orders permitting… → Read More

Chatbots, Open Data and Sandboxes: Trending Topics from the 2016 Money20/20 Conference

Posted in AI and Machine Learning, Financial, FinTech, Mobile Payments, Privacy

With 10,000+ attendees, including more than three thousand companies from seventy-five countries, Money20/20 is the largest annual global event focusing on payments and financial services innovation. The 2016 conference in Las Vegas this October featured a packed agenda of talks by industry and thought leaders on a broad range of current and emerging Fintech issues,… → Read More

Impacts of Artificial Intelligence Remain Grey Areas, says White House Report

Posted in AI and Machine Learning, Cybersecurity, Privacy

Earlier this month the Executive Office of the President’s National Science and Technology Council (the “NTSC”) released a report entitled Preparing for the Future of Artificial Intelligence. The report surveys the current state of artificial intelligence (“AI”). The NTSC foretells of a future where AI technologies play a growing role in society – opening up… → Read More

McCarthy Tétrault Advance™: 6th Annual Privacy Law Update (Nov. 2, 2016)

Posted in Cybersecurity, Data Breach, Privacy

Returning for a 6th year, our Annual Privacy Law Update will review what’s new in privacy law. This year’s focus is on the ‘hot button’ issue of employees – snooping, unauthorized access, misconduct and employee-caused breaches. As you have come to expect, this session will provide practical advice for navigating both common and complex privacy… → Read More

Still Good Enough? Amendment to EC Decision on “adequacy” of Canadian Privacy Law in the Works

Posted in European Union, Legislation, Privacy

Potential amendments could mean Canadian businesses receiving personal information from Europe will have more exposure to the differences in the data protection laws and enforcement regimes in the EU member states. Readers of this blog will be aware that European privacy law has been in flux in the wake of the Schrems decision, which struck down… → Read More

Deletion of Browser History to Prevent Embarrassment Not Spoliation

Posted in E-Discovery, Privacy

In Catalyst Capital Group Inc v Moyse, 2016 ONSC 5271 the Ontario Superior Court considered whether the defendant, Brandon Moyse, who deleted his Internet browsing history from his personal computer in the face of a preservation order, had intentionally destroyed relevant evidence, giving rise to spoliation.  Spoliation is an evidentiary rule that gives rise to a rebuttable… → Read More