Insights on cybersecurity, privacy and data protection law

Disclosing a Litigant’s Private Information during Judicial Proceedings is not a Privacy Breach

Posted in Legislation, Privacy, Privacy Act
Gabriel QuerryJustine Blair

It has long been settled that in civil actions, the public interest in getting at the truth will, absent special circumstances, trump the litigants’ right to privacy. In fact, the introduction of legal proceedings allows the parties, at the discovery stage, to probe into each other’s files and force the disclosure of otherwise confidential information, including private information, for the purpose of verifying the allegations of the parties. Relevant evidence thusly compelled is a permissible invasion of privacy based on the condition that it is solely used in the ongoing matter, for instance, as evidence at trial.

But what about a litigant’s private information acquired by an opponent outside pre-trial discovery? Would the disclosure of this information by the opponent in support of their pleadings amount to an actionable breach of privacy against themselves or their counsel? Not under the Privacy Act of British Columbia, according to the BC Court of Appeal in Duncan v. Lessing, 2018 BCCA 9.


In the course of a family law dispute, the wife applied for the disclosure of information regarding the husband’s ties in a number of companies. Included in the application materials were copies of the husband’s personal tax returns. The application materials were filed and sent out for service on the husband’ counsel and the companies named in the application. Five of the companies were properly served, but in two cases, the service agent left the materials with another company wholly unconnected with the litigation. The husband took issue with the disclosure of his financial information to these non-parties, alleging a violation of his privacy, and moved to sue his wife’s counsel under the BC Privacy Act’s statutory tort.

Both the trial judge and the Court of Appeal dismissed the claim, concluding that the disclosure fell outside the purview of the BC Privacy Act’s statutory tort.

Incorporation of Lawyers’ Absolute Privilege into the BC Privacy Act

The Court of Appeal found that the disclosure of private information by a lawyer in the course of judicial proceedings is specifically carved out from the statutory tort of privacy. It based its finding on subsection 2(3)(b) of the Privacy Act, which provides that “[a] publication of a matter is not a violation of privacy if […] the publication was privileged in accordance with the rules of law relating to defamation.”

To the extent that the law of defamation attaches an absolute privilege to all statements made by lawyers in the course of judicial proceedings, the Court found that the disclosure of the husband’s private financial information by the wife’s counsel was privileged and, therefore, excluded from the Privacy Act.

As explained by the Court:

[59]      The effect of s. 2(3)(b) of the Privacy Act is to incorporate the absolute privilege that applies in the law of defamation to breach of privacy claims by creating a statutory exception to the tort.

[60]      Whether the exception applies in this case depends on the answer to the following question: would the publication at issue be protected by absolute privilege if the claim were in defamation?

[61]        In this case, there is no dispute the respondents were acting in the course of their duties to their client as part of a judicial proceeding when the alleged violation of privacy occurred. The alleged violation was serving the materials that contained Mr. Duncan’s private information on the companies.

[62]        In my opinion, absolute privilege would have protected the respondents from suit had the materials contained defamatory statements because the occasion was protected. Since, according to the rules of law relating to defamation, the occasion was one to which absolute privilege attaches, the statutory exception in the Privacy Act applies. As such, there was no violation of privacy.

The Court of Appeal left for another day the question of whether absolute privilege, were it not for its incorporation in the Privacy Act, applies to breaches of privacy generally. Without closing the door to the application of absolute privilege to causes of action other than in defamation, the Court stressed that it cannot apply “to shelter counsel from all causes of action arising out of the conduct of judicial proceedings” (para. 68, emphasis from the Court), such as an action for professional negligence or malicious prosecution.

Exemption of Judicial Proceedings from the BC Privacy Act

Moreover, the Court of Appeal found that any act taken in a judicial proceeding, whether by counsel or not, was excluded from the operation of the BC Privacy Act. It based this conclusion on subpara. 2(2)(c) of the Act, which states that there is no violation of privacy when “the act or conduct was authorized or required under a law in force in British Columbia, by a court or by any process of a court”. The Court also hinted that other provisions in the Act support the conclusion that the statutory privacy tort was not intended to apply to disclosure of private information during the litigation process.


The immediate implication of Duncan is to relieve counsels and litigants, at least in BC, from the fear that, in advocating their cause and mounting their case, they expose themselves to privacy breach claims from their opponent or third parties. Although not binding in the rest of the country, Duncan will most likely be taken into account in jurisdictions whose privacy legislation contains similar provisions or jurisdictions like Québec that already witness a trend towards limiting the scope of application of privacy legislation and confidentiality obligations in the context of judicial proceedings.[1] Behind this trend is the rationale that privacy and confidentiality interests in the context of judicial proceedings are best handled by courts, which retain the power to cloak certain pieces of evidence with confidentiality orders where doing so would not unreasonably impinge upon the interest of the public in the publicity of the matter or in the search for the truth.

[1]       See for eg. 9083-2957 Québec Inc. c. Caisse populaire de Rivière-des-Prairies, 2004 CanLII 32390 (QCCA), and Société financière Manuvie c. D’Alessandro, 2014 QCCA 2332.

Bureau Releases Key Competition Policy Themes for Big Data

Posted in Big Data, Competition
Jonathan BitranDonald Houston

On February 19, 2018, the Competition Bureau (the “Bureau”) released “Big data and innovation: key themes for competition policy in Canada”. This report is a concise reiteration of the analysis in “Big data and Innovation: Implications for competition policy in Canada”, the white paper the Bureau released for consultation on September 18, 2017. In short, while big data is precipitating rapid change, the Bureau is of the view that its existing analytical principles and enforcement tools are appropriate for dealing with competition issues regarding big data.

In a prior article, we reported on the highlights of the white paper. This summary report reiterates the same themes, with its focus on (i) mergers and monopolistic practices, (ii) cartels, and (iii) deceptive marketing practices.

1.  Mergers and Monopolistic Practices

The Bureau recognizes that different types of businesses have become popular in the big data era, such as multi-sided platforms (e.g., Uber, which has riders on one side and drivers on the other) and products that rely on network effects (e.g., Facebook, which becomes more useful as more members join). This fact means that merger reviews for such businesses may not play out in the customary way.

For example, a business may be found to have market power because it owns valuable data, despite having a low market share. Also, the anticompetitive effects of a merger are typically evaluated by looking to predicted price increases or the lack thereof. That doesn’t work for free products, such as Google or Twitter, where non-price effects, such as service levels, take centre stage.

Nonetheless, these variations to the typical merger review process still fit within the existing merger review framework; the Bureau’s Merger Enforcement Guidelinescontemplate that market power does not necessarily require high shares and may include non-price effects.

Interestingly, the Bureau probed the nexus between competition law and privacy law in stating that the way a business deals with privacy matters may affect the perceived quality of its products and, therefore, privacy can be a non-price effect to be evaluated.

2.  Cartels

The Bureau clarified that its usual approach still applies where big data is involved:

  1. Hard-core cartels will be subject to criminal investigation and prosecution.
  2. Conscious parallelism, while it may reduce competitive vigour, is not prohibited by the cartel provisions of the Competition Act (the “Act”). Conscious parallelism occurs where competitors unilaterally mirror each other’s practices, but where there is no agreement between them.
  3. Facilitating practices are not in and of themselves prohibited, but maybe evidence of an agreement. Examples include pre-announcing or sharing price lists and, in the big data era, sharing pricing algorithms.

The takeaway is that while big data can lead to novel ways in which to engage in cartel behaviour, the traditional principles apply in assessing whether there has been a breach of the Act. Curiously, the Bureau flagged predictions that in the future, artificially intelligent technologies may collude without human involvement, but declined to provide guidance because such a scenario is too speculative.

3.  Deceptive Marketing Practices

Here, the Bureau continues to focus on privacy, advising that if businesses deceptively collect data from consumers, that could constitute a materially false or misleading representation, contrary to the Act.

On the other hand, the Bureau warns businesses not to use big data to deceive consumers and provides a few examples:

  • Engaging in astroturfing (i.e., fake positive reviews) or native advertising (i.e., disguising an advertisement to make it appear as if it is not advertising, but is rather a news article, for example).
  • Making ordinary selling price claims based on inaccurate data.
  • Creating personalized advertisements that are targeted to “vulnerable” consumers.
  • Making performance claims based on data from third parties that has not been substantiated.

* * *

The overall message is that, at this stage, the Bureau sees no reason to change its policy and enforcement approach in cases involving big data. The Bureau’s view is that big data is changing the landscape, but that these changes can be accommodated by the existing framework. Nonetheless, the Bureau will continue to actively monitor big data’s impact and we may see a different approach in the future.

To date, the Bureau has taken a cautious approach to enforcement action under the existing framework in cases involving big data. For example, the European Commission fined Google €2.42 billion for abuse of dominance, alleging that Google favoured its own comparison shopping service and demoted rival comparison shopping services in its search results. In contrast, the Bureau discontinued its abuse of dominance investigation into Google in 2016. In so doing, the Bureau gave notice that it will continue to monitor developments in the big data economy.

For more information about our Firm’s Competition expertise, please see our Competition group’s page.

2018 Federal Budget: Focus on Data and Data-Driven Technologies

Posted in AI and Machine Learning, Big Data, Cybersecurity, Open Banking
Kirsten ThompsonCarole Piovesan

A strong theme in the 2018 federal budget (“Budget”) released last week was its emphasis on data and data-driven technologies…and the corollary theme, keeping data and data-driven technologies secure.

Below are some of the data-focused highlights of the Budget.

Open Banking

“Open Banking” refers to an emerging financial services business model that focuses on the portability and open availability of customer data, including transactional information.  The open banking model has been mandated in the European Union and the United Kingdom, and is being reviewed in Australia. The Canadian Government first noted the potential benefits of reviewing the merits of “open banking” in Canada in the second consultation paper respecting the review of the federal financial sector framework which was released in August 2017.  More recently, the Competition Bureau has expressed support for open banking in its final report on its market study into technology-led innovation in the Canadian Fintech sector.

The Budget confirms that the Government proposes to undertake a review of the merits of open banking in order to assess whether open banking would deliver positive results for Canadians with the highest regard for consumer privacy, data security and financial stability.

As in other jurisdictions, open banking is positioned in the Budget as having the potential to increase innovation and competition, and increasing financial inclusion as specific customers or markets (e.g. small and medium sized businesses) are better served.

A key theme is also “empowering consumers” to share their financial data between their financial institution and other third party providers through secure data sharing platforms. In this manner, financial service providers will be enabled to offer more tailored products and services, on a more competitive and innovative basis.

Open banking is also touted as having the potential to provide consumers with greater transparency on the products and services offered by financial institutions, thus allowing them to make more informed decisions, and makes it easier for consumers to move and manage their money.

Big Data

With the rise of data-driven technology such as predictive analytics and artificial intelligence, the Budget recognizes the need to invest in both the technologies and skills required to capitalize on the opportunities in the area of big data. Big data has become an essential tool for progress in science, underpinning world-class research across all disciplines. Improved technologies, such as cloud computing and faster networking, allow for new opportunities to address scientific challenges.

The Budget proposes investment in support for researchers, in big data and in the equipment Canadian researchers need to succeed and lead.

This includes more than $1.7 billion over five years to support the next generation of Canadian researchers through Canada’s granting councils and research institutes. It also includes over $1.3 billion over five years for investments in the laboratories, equipment and necessary infrastructure.

Digital research infrastructure is the collection of connectivity, computing power and storage services needed to support data-intensive and computationally-intensive research.

The Budget proposes to provide $572.5 million over five years, with $52 million per year ongoing, to implement a Digital Research Infrastructure Strategy that will deliver more open and equitable access to advanced computing and big data resources to researchers across Canada. The Government intends to work with stakeholders to develop a strategy to provide more streamlined access for Canadian researchers, including how to incorporate the roles currently played by the Canada Foundation for Innovation, Compute Canada and CANARIE,

Artificial Intelligence

Last year’s Budget made several specific commitments to advancing research and innovation in the area of artificial intelligence (AI), including investments in a Pan-Canadian Artificial Intelligence Strategy.

This year’s Budget proposes a number of investments that are likely to fuel AI research and innovation, without naming AI specifically. The Budget seeks to “transform Canada’s innovation programs—making them easier to access and to use, and expanding support for Canadian companies that want to scale up and sell their innovations in the global marketplace.” It also aims to “make business regulations more efficient, and seeks to promote greater awareness and use by Canadian entrepreneurs of intellectual property, important assets that can fuel the growth of innovative businesses in the modern economy.” Below are some examples of how the Government seeks to achieve these goals under the Budget.

First, the Budget proposes heavy investment in research. Some of these investments include $925 million over five years as follows:

  • $354.7 million over five years ($90.1 million per year ongoing) to the Natural Sciences and Engineering Research Council (NSERC).
  • $354.7 million over five years ($90.1 million per year ongoing) to the Canadian Institutes of Health Research (CIHR).
  • $215.5 million over five years ($54.8 million per year ongoing) to the Social Sciences and Humanities Research Council (SSHRC).

The Budget also announces $275 million to create a new tri-council fund to support research that is international, interdisciplinary, fast-breaking and higher-risk. This fund will be administered by SSHRC.

Colleges and polytechnics will receive $140 million over five years to increase support for collaborative innovation projects involving businesses, colleges and polytechnics through the College and Community Innovation Program.

The Budget proposes investing in technologies that will advance AI innovation. Specifically, The Institute for Quantum Computing in Waterloo will receive renewed funding of $15 million over three years to continue undertaking high-calibre quantum research.

The Budget is also targeting investment in simplifying programs and regulations impacting entrepreneurs. For example, the Budget proposes consolidating the total number of business innovation programs by up to two-thirds, but is increasing the total overall funding available to entrepreneurs, small business owners and other enterprise. The goal of this reform is “to create a suite of programs that is easy to navigate and will respond to the challenges and opportunities facing Canadian businesses today and into the future.”

The Budget has earmarked $4.6 million over five years to enhance the Start-up Visa Program. These monies will focus on the client-service experience by ensuring applicants, private sector partners and immigration officials are able to process applications electronically and more efficiently.

The Government will also propose measures to support a new Intellectual Property Strategy to “help Canadian entrepreneurs better understand and protect intellectual property, and get better access to shared intellectual property.”

Finally, the Budget proposes providing $11.5 million over three years to pursue a regulatory reform agenda focused on supporting innovation and business investment. The stated goal is to “make the Canadian regulatory system more agile, transparent and responsive, so that businesses across the country can explore and act on new opportunities, resulting in benefits for all Canadians.”


New Cyber Security Strategy

With data comes data security. The Budget proposes implementing a comprehensive cybersecurity plan for Canada, consisting of investments of $507.7 million over five years, and $108.8 million per year thereafter, to fund a new National Cyber Security Strategy. The Strategy focuses on three principal goals:

  • Ensure secure and resilient Canadian systems.
  • Build an innovative and adaptive cyber ecosystem.
  • Support effective leadership and collaboration between different levels of Canadian government, and partners around the world.

New Canadian Centre for Cyber Security

They Budget also proposes a strong federal cyber governance system to protect Canadians and their sensitive personal information, and proposes to commit $155.2 million over five years, and $44.5 million per year ongoing, to the Communications Security Establishment to create a new Canadian Centre for Cyber Security.

This new Canadian Centre for Cyber Security is envisioned to establish a single, unified Government of Canada source of unique expert advice, guidance, services and support on cyber security operational matters. To establish the Canadian Centre for Cyber Security, the Budget notes that the Government will need to introduce legislation to allow various Government cyber security functions to consolidate into the new Centre (although federal responsibility to investigate criminal matters will remain with the RCMP).


The Budget proposes to provide $116.0 million over five years, and $23.2 million per year ongoing, to the RCMP to support the creation of the National Cybercrime Coordination Unit. The National Cybercrime Coordination Unit is envisioned as creating a coordination hub for cybercrime investigations in Canada and working with international partners on cybercrime. The Budget also proposes that the Unit establish a national public reporting mechanism for Canadian citizens and businesses to report cybercrime incidents to law enforcement.

Other Measures

The Budget also proposes investments in Shared Services Canada and the Communications Security Establishment to ensure that these organizations are properly resourced to address evolving IT needs and opportunities, and proactively address cyber security threats. This includes:

  • $2.2 billion over six years, starting in 2018–19, with $349.8 million per year thereafter, to improve the management and provision of IT services and infrastructure within the Government of Canada, and to support related cyber security measures.
  • $110 million over six years, starting in 2018–19, to be accessed by Shared Services Canada’s partner departments and agencies to help them migrate their applications from older data centres into more secure modern data centres or cloud solutions.

The Budget also proposed enhancing the security of taxpayer information held by the Canada Revenue Agency, and proposed providing the CRA with $30.0 million over five years to enhance the security measures that protect this information.

The Budget proposes to provide Public Safety Canada with $1.4 million in 2018–19 to continue operations of the Regional Resilience Assessment Program and the Virtual Risk Analysis Cell, programs which support assessments of critical infrastructure facilities, such as energy grids, information and communication technology networks and hospitals. The Virtual Risk Analysis Cell also promotes online information sharing across the critical infrastructure community.

Parliamentary Committee Recommends Substantial Revisions to PIPEDA

Posted in European Union, Privacy
Kirsten Thompson

On February 28, 2018, the House of Commons Standing Committee on Access to Information, Privacy and Ethics tabled in the House of Commons a report entitled “Towards Privacy by Design: Review of the Personal Information Protection and Electronic Documents Act“.

The statutory review of Canada’s federal privacy legislation has been underway for a year, and the Report addresses many of the challenging issues raised by the development of new technologies for the use and dissemination of information. The recommendations in the Committee’s Report are also heavily influenced by the direction set in the European Union General Data Protection Regulation, (“GDPR”) which comes into force this year.

The Committee’s Report makes 19 recommendations to update the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and to take other measures in respect of individuals’ privacy  in their relation with private sector organizations.

An overriding theme and key recommendation is to make privacy by design a central tenet of PIPEDA.  “Privacy by design” is meant to ensure that privacy considerations are taken into account at all stages of development, including the design, marketing and retirement of a product. The Report recommends the inclusion of the seven foundational privacy by design principles in PIPEDA.

The Committee also recommends amending PIPEDA to provide the Privacy Commissioner of Canada with enforcement powers as well as broad audit powers, including the ability to choose which complaints to investigate.

The other recommendations of the Committee include:

  • ensure that consent remains the core element of the privacy regime, while enhancing and clarifying consent by additional means, when possible or necessary;
  • explicitly provide for opt-in consent as the default for any use of personal information for secondary purposes, with a view to also implementing a default opt-in system regardless of purpose;
  • consider implementing measures to improve algorithmic transparency;
  • study the issue of revocation of consent in order to clarify the form of revocation of consent required and its legal and practical implications;
  • modernize the Regulations Specifying Publicly Available Information in order to take into account situations in which individuals post personal information on a public website and in order to make the Regulations technology-neutral;
  • consider amending PIPEDA in order to clarify the terms under which personal information can be used to satisfy legitimate business interests;
  • examine the best ways of protecting depersonalized data;
  • consider implementing specific rules of consent for minors, as well as regulations governing the collection, use and disclosure of minors’ personal information;
  • amend PIPEDA to provide for a right to data portability;
  • consider including in PIPEDA a framework for a right to erasure based on the model developed by the European Union (EU) that would, at a minimum, include a right for young people to have information posted online, either by themselves or through an organization, taken down;
  • consider including a framework for the right to de-indexing in PIPEDA and that this right be expressly recognized in the case of personal information posted online by individuals when they were minors;
  • consider amending PIPEDA to strengthen and clarify organizations’ obligations with respect to the destruction of personal information; and
  • amend PIPEDA to replace the term “fraud” with “financial crime” (and propose a definition for that term).

There are additional recommendations focused on Canada working  with its EU counterparts to determine what would constitute adequacy status for PIPEDA in the context of the GDPR, and making appropriate changes to PIPEDA to permit the transfer of personal information between the EU and Canada.

Members of the firm’s Cybersecurity, Privacy and Data Management Group are reviewing the Report and future posts will contain more in-depth analysis of specific recommendations.

Department of Finance Releases Consultation Paper on Canada’s Anti-Money Laundering and Anti-Terrorist Financing Regime

Posted in Cybersecurity, Financial, FinTech
Ana BadourKirsten ThompsonDilara Alpli


The Department of Finance Canada released a consultation paper (the “Paper”) on reviewing Canada’s anti-money laundering (“AML”) and anti-terrorist financing (“ATF”) regime on February 7, 2018. Comments on the Paper are due April 30, 2018.  This Paper comes following the recent 2016 Financial Action Task Force (FATF) mutual evaluation report for Canada which generally stated that Canada had a strong AML/ ATF regime but identified certain gaps in the regime.

The Paper contemplates the potential extension of obligations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the “PCMLTFA”) and its regulations (the “Regulations”) to several new sectors and activities within financial services. The Paper also considers how to better achieve information sharing, and puts forward for consultation certain administrative and technical measures intended to modernize and improve the AML/ATF regime.

Addressing Legislative and Regulatory Gaps: Expanding the Scope of PCMLTFA Obligations

New Entities Proposed to be Subject to the PCMLTFA

The Paper contemplates expanding the scope of PCMLTFA obligations to a number of additional entities:

  • White Label Automated Teller Machines (“WLATMs”): The Paper contemplates including this sector in Canada’s AML/ATF regime as WLATMs can generally be owned and operated by any person or entity, thereby posing money laundering and terrorist financing risk.
  • Pari-Mutuel Betting and Horse Racing: The Paper notes this sector presents similar money laundering vulnerabilities as casinos that are regulated under the PCMLTFA and therefore contemplates subjecting this sector to the regime.
  • Real Estate Sector and Non-Federally Regulated Mortgage Lenders: The Paper recommends expanding the scope of the PCMLTFA to mortgage insurers, land registries and title insurance companies, especially to the extent such entities are engaged in high-risk activities including assisting or performing the purchase or sale of properties and facilitating access to financial institutions, mortgages and loans. The Paper also emphasizes the money laundering risk inherent in mortgages and complex loan schemes and acknowledges the fragmented nature of obligations currently applicable to non-federally regulated mortgage lenders. To address these risks, the Paper contemplates a consolidation of obligations by the PCMLTFA to mortgage lenders including mortgage finance firms, real estate investment trusts, mutual fund trusts, mortgage investment corporations, syndicated mortgages and individuals acting as private lenders.
  • Non Transactional Activities of Designated Non-Financial Businesses and Professions (“DNFBPs”): The Paper classifies as DNFBPs “accountants and accounting firms, real estate brokers, sales representatives, real estate developers, casinos, dealers in precious metals and stones and British Columbia notaries public and notary Corporations”. While the PCMLTFA regulates financial activities of DNFBPs, the Paper notes DNFBPs engage in other high-risk activities, including the management of client assets and the creation, operation and management of legal arrangements.
  • Company Service Providers: The Paper recognizes that service providers may be used to facilitate the misuse of corporations for money laundering and terrorist financing. It therefore contemplates that PCMLTFA obligations should extend to service providers engaged for the purposes of business formation and management, acting as a director or shareholder and completing corporate filings for a company. In particular, the Paper emphasizes the high degree of money laundering and terrorist financing risk posed by legal professionals who perform financial transactions on behalf of clients and thereby act as gatekeepers to the financial system. The Paper recommends subjecting lawyers, within constitutional boundaries, to the AML/ATF framework.
  • Finance, Lease and Factoring Companies: The Paper identifies that various means of repayment accepted by finance, lease and factoring companies can facilitate the laundering of proceeds. In response, the Paper contemplates imposing PCMLTFA obligations upon entities of all sizes operating in these sectors.
  • Armoured Cars: Consistent with the United States, the Paper contemplates subjecting this sector to the PCMLTFA to mitigate the risk associated with the anonymous movement of bulk cash.
  • High-Value Goods Dealers: The Paper contemplates including these dealers in the regime as a result of the risk stemming from the ease of storing value and laundering proceeds of crime in luxury goods.
  • Jewellery Auction Houses: The Paper contemplates subjecting this sector to the PCMLTFA as it presents similar money laundering risks to dealers in precious metals and stones which are subject to the regime.

Beneficial Ownership

The Paper recognizes the importance of ensuring corporate ownership transparency to prevent the use of complex corporate vehicles for money laundering and terrorist financing. Presently, only four reporting entity sectors – financial entities, securities dealers, money service businesses and life insurance companies – are obliged to collect beneficial ownership information on corporations or other complex legal entities. The Paper notes the difficulty of accessing beneficial ownership information in Canada. In response, the Paper seeks input on ways to improve corporate ownership transparency and timely access to beneficial ownership information.The Paper also seeks views on risks associated with legal entities that are not corporations, such as partnerships and trusts.

The Paper references the 2017 federal budget which announced that the Government of Canada is working to establish a national strategy to enhance the transparency of legal arrangements and strengthen the availability of beneficial ownership information. In December 2017, Canada’s Finance Ministers agreed to pursue legislative amendments to corporate statutes at federal, provincial and territorial levels. The amendments are intended to come into force by July 2019 and are designed to ensure corporations maintain appropriate beneficial ownership information available to relevant authorities and to eliminate usage of bearer shares and bearer share warrants and options.

Structuring of Transactions

The Paper identifies as a potential deficiency the current lack of a prohibition against arranging business models and transactions to avoid triggering reporting requirements under the PCMLTFA. Therefore, the Paper proposes implementing an explicit prohibition on structuring of transactions to avoid reporting requirements and the creation of a criminal offence for breach of such prohibition.

Politically Exposed Persons (“PEPs”) and Head of International Organizations (“HIOs”)

As a result of holding influential positions, PEPs and HIOs are especially vulnerable to corruption and money laundering risk. Only four reporting entity sectors – financial entities, securities dealers, money service businesses and life insurance companies – are presently subject to obligations to identify PEPs and HIOs in certain situations.  The Paper proposes extending the requirement to make PEP and HIO determinations to a broader set of regulated sectors.

The Paper also recommends adding more precision to the list of individuals and entities covered by the definition of PEP, including for example First Nation Chiefs, and broadening the definition of HIO to include the heads of certain international organizations not established by governments but that may hold considerable influence, such as the International Olympic Committee (IOC) and the Fédération Internationale de Football Association (FIFA).

Enhancing Information Sharing

The Paper emphasizes that information sharing, both within the private sector and between the public and private sectors, is critical to detect and deter money laundering and terrorist financing. The Paper makes several recommendations to improve information sharing, including:

  • Broadening Disclosure of Financial Intelligence Information

The Paper notes that currently the Financial Transactions and Reports Analysis Centre of Canada (“FINTRAC”) is authorized to disclose certain information to Canadian law enforcement agencies, the Canada Border Services Agency, the Canada Revenue Agency and the Canadian Security Intelligence Service. The Paper proposes to expand FINTRAC’s authority to disclose “financial intelligence” to additional recipients, namely, the Competition Bureau (to assist combating “mass marketing fraud”) and Revenu Québec (to aid Revenu Québec in combatting tax fraud).

  • Information Sharing with the Private Sector

The Paper notes that the federal Personal Information Protection and Electronic Documents Act (PIPEDA) protects personal information collected, used and disclosed by private sector organizations in the course of their commercial activities. The main mechanisms used to empower individuals to control their own information are knowledge and consent. In certain circumstances, however, PIPEDA allows for the disclosure of certain personal information without either knowledge or consent (for instance, in cases of suspected fraud). However, the language of PIPEDA that permits such disclosures is vague, and many organizations decline to rely on this PIPEDA exemption because they fear civil or regulatory liability. The Paper calls for “circumstances and protocols surrounding the effective and appropriate exchange of information” not only between private sector organizations and government institutions but also between private sector organizations.

PIPEDA is the federal private-sector privacy legislation. However, three Canadian provinces also have private-sector privacy legislation (British Columbia, Alberta and Québec) which applies, generally speaking, to provincially-regulated businesses and businesses operating wholly within provincial borders. The proposed expansion of the application of the PCMLTFA to new entities may capture organizations subject to provincial privacy legislation, an area not specifically addressed by the Paper.

  • Enhancing Information Sharing on Methods and Trends of Money Laundering and Terrorist Financing

To support partners in AML/ATF related investigation and prosecution, the Paper advocates for more effective information sharing both within government and with the private sector on methods, trends and transactions related to money laundering and terrorist financing. To achieve this, the Paper encourages collaboration between reporting entities, FINTRAC, national security agencies and law enforcement.

  • Privacy Review of the PCMLTFA

The Privacy Commissioner is granted the authority to review the personal information handling practices of federal departments and agencies; under the Privacy Act, FINTRAC is to be reviewed every two years. The Paper proposes that such reviews be conducted every four years instead.

Strengthening Intelligence Capacity and Enforcement

To improve financial intelligence in a rapidly evolving environment, the Paper makes the following recommendations that are grounded in international policy trends.

  • Electronic Funds Transfers (“EFTs”)

The Paper notes that EFTs passing through Canadian financial institutions where Canada is not the originating nor recipient source are not currently subject to reporting requirements under the PCMLTFA. The Paper contemplates subjecting non-client initiated EFTs and other types of transfers that relate to new and evolving payment methods (such as letters of credit, precious metals and securities) to reporting requirements under the regime.

  • Bulk Cash

The Paper recognizes the connection between possessing bulk cash and involvement in criminal activity. The Paper queries: (i) whether a limit should exist on the amount of bulk cash permitted to be carried by a person in Canada in the absence of a legitimate reason; and (ii) whether Canada should establish a registry for businesses dealing in high volumes of cash and whether a limit should be imposed on the amount of cash Canadian businesses could accept and/or report on.

  • Geographic Targeting Orders

The Paper suggests that geographic targeting orders, imposing specific obligations in respect of certain transactions in higher-risk geographic areas, may improve financial intelligence on money laundering and terrorist financing activities. The imposition of such orders, as currently used in the United States, would target popular destinations for transactions in high-value goods, real estate and bulk cash.

  • Border Enforcement – Definition of “Monetary Instrument”

The Paper notes that the PCMLTFA currently requires reporting by persons and entities importing or exporting currency or “monetary instruments” of $10,000 or more. The Paper suggests that the existing definition of “monetary instrument”, which includes stocks, bonds, bank drafts, treasury bills, promissory notes, endorsed and travellers’ cheques and money orders, may be too narrow. The Paper contemplates expanding the definition to include, among others, prepaid payment products.

Modernizing the Framework and its Supervision

The Paper raises the following considerations in pursuit of modernizing and effectively managing the AML/ATF regime.

  • Addressing De-Risking of Money Services Businesses (“MSBs”)

The Paper recognizes that, consistent with a global trend, certain MSBs in Canada have been facing challenges in obtaining and/or maintaining access to banking services as a result of “de-risking” (which the Paper defines as “the practice of financial institutions (or other businesses) exiting relationships with and closing the accounts of clients, either individuals or institutions, because the financial institution perceives the client to be high-risk.”).

The Paper emphasizes that “reporting entities are expected to manage (but not necessarily eliminate) their exposure by taking a risk-based approach with respect to their clients.” and that such “assessment is expected to take place on a case-by-case basis and not impact an entire industry.”  De-risking of the MSB industry as a whole can have significant impacts as it affects the ability of the industry to operate and can result in MSBs using alternate banking channels which are less accessible to regulators. These comments echo similar comments made in the Competition Bureau’s Fintech report.

  • Strengthening Registration of MSBs

The Paper notes that registration procedures for MSBs could be improved to strengthen the integrity of the MSB registry and MSBs operating in Canada, including for example by expanding the list of offences that would make an applicant ineligible for registration, and by providing for the option to suspend the registration of a MSB on a discretionary basis when the owners/operators of the MSB are subject to criminal court proceedings.

  • Enhancing and Strengthening Identification Methods

The Paper notes that recent amendments to the Regulations have provided further flexibility in methods that can be used to ascertain identity. However, given the increasing availability of reliable and effective digital identification methods, such as those leveraging blockchain and biometrics (including facial recognition), the Paper recommends that Regulations continue to remain flexible and progress towards a principles-based approach that facilitates risk-based approaches to verifying identity while leveraging technology solutions (including “digital ID” solutions) to the extent possible.

  • Regulatory Sandboxes (Exemptive Relief and Administrative Forbearance)

The Paper notes the establishment of regulatory sandboxes, both in various foreign jurisdictions and in Canada in the securities context by the Canadian Securities Administrators, and notes the potential for such approach to foster innovation in Canadian financial services. Granting flexibility to such entities to conduct regulatory pilots (by way of exemptive relief and/ or administrative forbearance), while protecting the integrity of the AML/ATF regime, could facilitate greater innovation, including the greater use of RegTech solutions.  The Paper however notes that careful attention should be paid to considerations surrounding the approval of any such regulatory pilots.

  • Whistleblowing

The Paper seeks views on whether the whistleblowing framework in the PCMLTFA should be strengthened, in particular with respect to issues related to MSBs, ID methods, and oversight.

Administrative and Technical Considerations

The Paper puts forward the following administrative and technical considerations to improve the operation of the AML/ATF regime.

  • Public Naming of Administrative Monetary Penalty (“AMP”) Recipients

The Paper recognizes that public naming of an AMP recipient can serve as a highly effective deterrent in furtherance of AML/ATF. Nevertheless, the Paper emphasizes that prior to FINTRAC making public AMP-related information, regard should be had to circumstances in which it would be inappropriate to name an AMP recipient, for example, where it may jeopardize the stability of Canada’s financial system.

The Paper also highlights a limitation of public naming as a means of deterrence as FINTRAC is not permitted to disclose AMP-related information until all proceedings with respect to a violation, including appeals, have concluded. This allows considerable time to elapse between the occurrence of the violation and public disclosure of the violation, and may incentivize prolonged litigation.

  • Confidentiality in Court Proceedings

The Paper reinforces that the purpose behind granting confidentiality orders in AMP appeal procedures is to avoid disclosure of sensitive financial intelligence. These orders should not be granted simply to protect any information in respect of a reporting entity.

  • Calculation of AMPs

In response to criticism (in particular the decision of the Federal Court of Appeal in Kabul Farms Inc. v Canada) that the formula to calculate AMP is vague and lacks transparency, the Paper recommends incorporating a formula into the Regulations specifying how AMPs should be calculated. Any such formula should allow for consideration of the specific harm caused by the violation in each case.

  • Clarifying the “Travel Rule” on Electronic Funds Transfer (“EFT”)

The Paper suggests the “travel rule”, which provides that every reporting entity include with the EFT certain prescribed information and that they take reasonable measures to ensure that any transfer that it receives includes such  information, be clarified.  Currently, certain financial intermediaries are not passing along the originating client’s information and instead treating the originating financial institution or another financial institution as the client who requested the EFT.

  • Evaluating Correspondent Relationships

The Paper identifies as a potential deficiency that, upon establishing a correspondent banking relationship, the PCMLTFA presently only requires that financial institutions conduct an initial evaluation of such relationship. The Paper suggests that this requirement be made consistent with international standards that require: (i) financial institutions to evaluate such relationships on a continuous basis; and (ii) upon entering such a relationship, correspondent entities are required to identify and take reasonable measures to verify the identity of beneficial owners of a respondent institution.

  • Establishing a Uniform Reporting Schedule

To reduce regulatory burden and complexity, the Paper recommends the creation of a uniform reporting schedule to encompass all information required to be reported upon by reporting entities.

  • Eliminating the Alternative to Large Cash Transaction Reports

As a result of low adoption, the Paper recommends the elimination of the Alternate Large Cash Transaction Record.


The Paper contains a wide-ranging set of potential measures that, should they be implemented, could result in a significantly expanded AML/ ATF regime in Canada.  In addition to the longer-ranging potential changes set out in the Paper, in the nearer term, amendments to the Regulations are anticipated to be released setting out, among other things, additional obligations relating to foreign MSBs operating in Canada, prepaid cards and virtual currencies.

Budget 2018: Financial Institutions Update

Posted in Financial, Open Banking
Ana BadourKirsten ThompsonNancy Carroll

The 2018 federal budget (the “Budget”) announced a number of measures directed to the financial services sector, including plans to modernize the deposit insurance framework, to implement a resolution framework for Canada’s systemically important financial market infrastructures (“FMIs”), to undertake a review of open banking, to introduce legislative amendments to implement a new framework for the oversight of retail payments and a review of the Canadian Payments Act, to modernize the financial sector framework and to introduce legislation broadening the powers of the Financial Consumer Agency of Canada (“FCAC”).

Deposit Insurance Review

Consistent with last year’s budget, the Government announced plans to introduce amendments to the relevant legislation to update and modernize the deposit insurance framework in Canada, including by modernizing the scope of deposit insurance coverage to better reflect products currently offered, to address trust deposits, and generally to better protect depositors and support financial stability.

Oversight of Financial Market Infrastructures

Again, consistent with last year’s budget, the Government announced that it intended to introduce legislative amendments to implement a resolution framework for Canada’s systemically important FMIs, with the goals of maintaining the availability of critical services provided by FMIs, promoting financial stability and minimizing potential public exposure to losses. Examples of candidates for potential inclusion in the resolution framework include CLS Bank, Swap Clear and the Large Value Transfer System (LVTS).

Open Banking

“Open Banking” refers to an emerging financial services business model that focuses on the portability and open availability of customer data, including transactional information.  The open banking model has been mandated in the European Union and the United Kingdom, and is being reviewed in Australia. The Canadian Government first noted the potential benefits of reviewing the merits of “open banking” in Canada in the second consultation paper respecting the review of the federal financial sector framework which was released in August 2017.  More recently, the Competition Bureau has expressed support for open banking in its final report on its market study into technology-led innovation in the Canadian Fintech sector.

The Budget confirms that the Government proposes to undertake a formal review of the merits of open banking in Canada.

Payments Reform

The Government confirmed that it intends to introduce legislative amendments to implement a new framework for the oversight of retail payments following the recent consultation process triggered by the consultation paper “A New Retail Payments Oversight Framework”  issued last July.

In addition, the Government announced its intent to undertake a review of the Canadian Payments Act to ensure that Payments Canada is well positioned to continue to meet its public policy objectives.  The Government noted these consultation processes will include consultation with the provinces and territories.

Financial Sector Framework Review

In connection with the current 2019 Bank Act review, the Budget announces intentions to introduce legislative amendments to implement targeted proposals resulting from the recent review of the federal financial sector framework, including amendments providing greater flexibility for financial institutions to undertake Fintech activities (expanding the business of banking), providing prudentially regulated deposit-taking institutions (such as credit unions) with the right to use generic banking terms (“bank”, “banking”), and permitting life and health insurance companies to make long term investments in infrastructure.

Consumer Protection

The Budget notes that the Government has undertaken over the last year a comprehensive review of the federal consumer protection framework, and proposes to introduce legislation expanding the FCAC’s tools and mandates, to be implemented through legislation to be developed in consultation with relevant stakeholders, including the provinces and territories.

Anti-Money Laundering

The Budget proposes to introduce amendments to income tax reporting requirements to provide additional beneficial ownership information for trusts and to amend the Canada Business Corporations Act to increase the availability of beneficial ownership information for corporations.

In addition, the Budget announces intentions to propose amendments to modernize legislation requiring the declaration of currency and monetary instruments.


As the Government takes steps to implement the various initiatives outlined in this Budget, financial institutions can expect a number of important regulatory and legislative changes to follow in the near future.

For a discussion of the tax measures in the Budget, please see McCarthy Tétrault’s Budget 2018 Commentary.

IIROC Provides Additional Guidance on Proactive Management of Cyber-related Risks

Posted in Cybersecurity, Financial, Regulatory Compliance
Shane C. D'Souza

On January 18, 2018, the Investment Industry Regulatory Organization of Canada (IIROC) released its Compliance Priorities Report for 2017/2018, identifying cybersecurity as a “high priority” issue that IIROC dealer members should address to improve investor protection and foster market integrity. The report also provides specific guidance on initiatives that dealers may undertake in 2018-19 to proactively manage cyber-related risks.

IIROC’s 2016/2017 Feedback

In 2017, IIROC followed up with small and mid-sized dealers to discuss how they had considered IIROC’s previous feedback that dealers should:

  • maintain “adequate” policies and procedures to safeguard the confidentiality, integrity and availability of the dealer’s data (including clients’ personal information);
  • conduct “regular due-diligence” of third-party IT vendors and service providers to evaluate the adequacy of safeguards against cybersecurity incidents;
  • use encryption and strong passwords to protect “data and sensitive information” stored on all computers, storage servers, web server portals and mobile electronic devices;
  • fix identified security vulnerabilities on a “timely basis”;
  • “develop a cybersecurity incident-response plan that includes: a description of the different types of possible incidents; procedures to stop an incident and eliminate the threat; procedures for recovery of data; investigation of an incident; and incident notification and reporting obligations”.

IIROC Guidance for 2018/19

Building on the foregoing recommendations, IIROC has recommended that dealers:

  • conduct “table-top simulations” of cyber-incident scenarios that may occur to help participants develop and improve their cyber-incident response plans; and
  • complete another self-assessment survey to assess the dealer’s and overall industry’s preparedness in response to cyber-incident risks.

IIROC will continue its partnership with the Investment Industry Association of Canada (IIAC) to support and provide best-practice guidance to improve dealers’ cybersecurity preparedness, and directed dealers to IIAC’s Due Diligence Procedures on Data Security by Third-Party Service Providers publication dated July 2017. The IIAC also has a Cybersecurity Guidebook dated June 2015.

The members of McCarthy Tetrault’s Cybersecurity, Privacy and Data Management Group regularly assist organizations in meeting their compliance obligations and managing cyber-risk. For more information, please contact  the author.

UK Financial Conduct Authority Proposes Global Fintech Regulatory Sandbox

Posted in FinTech, Regulatory Compliance
Ana BadourArie van Wijngaarden

On February 14, 2018, the United Kingdom Financial Conduct Authority (FCA) published a proposal for a global regulatory sandbox.  The goal of a regulatory sandbox is to encourage innovation by allowing carefully-selected firms to test their concepts on a controlled subset of consumers without triggering full regulatory requirements at the outset.  This can be particularly useful to Fintech start-ups that often face a complex regulatory structure.

The concept of a regulatory sandbox has been popular to date in the UK.  Since the FCA launched the first regulatory sandbox in 2016, more than 60 firms have tested their innovations.  Over 40% of the first cohort of sandbox firms received investment funding during or following sandbox testing.  Other countries, including  Canada (with respect to securities regulation) Australia, Hong Kong, Singapore and the Netherlands have also created their own sandboxes.

Currently, the FCA has nine different bilateral Fintech cooperation agreements with regulators in other jurisdictions (including an agreement with the Ontario Securities Commission).  A global sandbox could be a useful one stop shop and more efficient way for Fintechs to scale globally.

Designing a Global Sandbox

A global sandbox would be a much larger regulatory “safe-space” in which Fintechs could test their ideas in multiple jurisdictions. Participating jurisdictions would have to agree upon a common protocol for firms wanting to enter the sandbox, as well as common supports for start-ups with global ambitions.

The proposed global sandbox would be focused on cross-jurisdictional issues, such as Anti-Money Laundering (AML)/ Know Your Customer (KYC) requirements.  Testing in a global sandbox could involve two or more jurisdictions at the same time, meaning that multiple regulators would be giving their feedback.  A global sandbox could bring together the diverse perspectives of multiple regulators together on cross-border issues and allow for common reporting and policy coordination.

The concept of a global sandbox could benefit entities wishing to participate in such sandbox in a number of manners.  First, it could provide those entities with access to a larger customer base, a concept especially attractive for businesses based in smaller markets such as Canada.  This would allow such businesses to more quickly achieve economies of scale and network effects.  Second, as a related point, certain Fintech business models can be very data-intensive (such as businesses focused on credit analysis or fraud analysis).  Generating significant amounts of data with a customer base in one country can be challenging, and a global sandbox could provide the opportunity to create and leverage larger (and therefore more helpful) data sets.   Third, entities may spend significant resources undergoing the application process to participate in a sandbox in any single jurisdiction, and would therefore benefit from a more efficient coordinated process across jurisdictions.

A global sandbox could also potentially help Fintechs test their concepts in jurisdictions where sandboxes have not progressed as quickly as the UK, such as continental Europe (potentially limiting the impact of Brexit on the UK Fintech market) and the United States.  A global sandbox could also provide benefit to countries who choose to participate, as they would gain access to best practices learned from the UK’s sandbox experience.

Implications for Canada

A global Fintech  regulatory sandbox would likely be attractive to Canadian Fintechs seeking to expand globally. The UK has been a market of interest for a Canadian Fintechs.   Several Canadian Fintechs have been part of  trade missions to the UK  and, as noted above, the FCA and the Ontario Securities Commission (OSC) previously entered into a  Fintech cooperation agreement.  A global sandbox could make cooperation with the UK even easier.

However, a global sandbox remains a challenging proposition.  Coordinating regulatory policy between different jurisdictions with different interests and regulatory cultures can be very difficult. For this reason, the FCA has acknowledged that “a full multilateral sandbox, which allows concurrent testing and launch across multiple jurisdictions, is an ambitious goal”.  While ambitious, the concept is nonetheless an attractive one for many stakeholders.

For more information about our firm’s Fintech expertise, please see our Fintech group’s page.


Privacy Damages Awarded for Commercial Use of a Person’s Image in a Public Setting

Posted in Privacy
Leah OstlerKirsten Thompson

Organizations which use images of persons engaged in activities in public settings may want to revisit their use of such images in light of a recent Ontario decision which found such use to constitute an invasion of privacy that warranted a $4,000 damages award.

In Vanderveen v Waterbridge Media Inc., 2017 CanLII 77435, the Ontario Superior Court  awarded privacy damages to a plaintiff who took offence to a photo in which she appeared being used in commercial marketing materials without her consent. What is notable about this case is that the plaintiff was in a public area which was open to view by all, the video in she appeared showcased the area instead of her in particular, the fact that damages were awarded, and the rather remarkable amount of damages in light of the harm alleged.

Intrusion Upon Seclusion and the Issue of Damages

It has been five years since the tort of “intrusion upon seclusion” was recognized in Ontario and courts are still working out the nuances of the tort, particularly in respect of damages. First introduced in the Ontario Court of Appeal case Jones v Tsige, this tort has gained considerable traction for claimants seeking to protect their personal information and likeness. The Vanderveen v Waterbridge case appears to have further muddied already unclear waters.

In Jones v Tsige, Justice Sharpe outlined the test for this tort: the defendant’s conduct must be intentional; the defendant must have invaded, without lawful justification, on the plaintiff’s private affairs or concerns; and a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. This third element, along with a suggested damages limit of $20,000 in circumstances where there has been no pecuniary loss, has typically served to prevent a flood of privacy class actions seeking high amounts of damages for purely subjective harm.

Vanderveen v Waterbridge appears to have altered this third element, introducing a subjective harm analysis which may make it easier for claimants to establish the tort.


The Defendant, Waterbridge Media Inc. (“Waterbridge”) was contracted to create a sales video for a real estate developer in the Westboro area in Ottawa. The video was intended to showcase the “Westboro lifestyle”, including activities and amenities enjoyed by its residents. The company filmed in a number of public areas, capturing local residents carrying out daily activities, including the Plaintiff, Ms.Vanderveen, who was jogging on a public trail. The video was posted on the developer’s website, and on the developer’s YouTube channel.

The Plaintiff appeared in the promotional video for approximately 2 seconds, on the right hand side of a split screen shared with images of two other residents. When the video came to the Plaintiff’s attention, she contacted the real estate developer to request that her image be removed. A series of heated email exchanges ensued between the Plaintiff and Defendant. The video was ultimately discontinued and removed from website and YouTube within one week.

Ms.Vanderveen brought a claim against Waterbridge for breach of privacy (intrusion upon seclusion), pecuniary damages for appropriation of personality, and sought punitive damages.

Ms.Vanderveen testified that she experienced shock and humiliation over the version of herself that was publicly displayed without her consent. She had since lost a considerable amount of weight and felt that the image was not an accurate reflection of her person. Waterbridge argued that consent was not required from individuals in public spaces, and if it was, that if an individual saw the camera (as Ms. Vanderveen stated she had) and continued moving consent was implied.

The Court found that in capturing the image of the Plaintiff and publishing it in a commercial video without her consent, Waterbridge had committed the tort of intrusion upon seclusion. The Court reasoned that the conduct was intentional and there was no legal justification. The Court further found “that a reasonable person, this legally fictitious person who plays an important role in legal determinations, would regard the privacy invasion as highly offensive and the plaintiff testified as to the distress, humiliation or anguish that it caused her.” Damages of $4000 were awarded.


This case muddies the waters on issues of expectations for personal privacy in the public sphere, whether a reasonableness or subjective analysis is applied, and appropriate damage awards for this tort.

Privacy in the Public Sphere and Commercial Interest

The weight given to individual privacy rights in public spaces is a contentious issue. As a general rule, a person engaging in activities in public will have a substantially reduced expectation of privacy.  However, this decision suggests that intrusion upon seclusion claims may now be properly commenced for images collected or filming undertaken in the public sphere. The Defendant had argued that “obtaining consent in such situations is impractical” but the Court decided that an individual’s privacy right prevails over a commercially motivated interest.

It is unclear whether this approach to the tort applies only when the person’s likeness is used for a commercial purpose or to all instances of public filming. Certainly, the commercial motivation of Waterbridge seemed be a significant factor in the mind of the judge. Until ironed out by the courts, both profit and not-for-profit companies that capture and utilize public images should be aware that they could be subject to a claim if the imagery was intentionally captured without legal justification. That being said, the claimant must still meet the third element of the tort.

Reasonable or Subjective Standard

The third element of the tort requires a reasonableness assessment to determine whether the conduct was highly offensive causing distress, humiliation or anguish. Sharpe provided some guidance for this analysis in Jones: “A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.”

This implies a high threshold, and Sharpe was cognizant of the possibility that the tort had the potential for abuse if not narrowly circumscribed.  However, Leclaire J. undertakes little if any analysis as to whether a reasonable person would find the circumstances of this case to be highly offensive and whether the result would be distress, humiliation or anguish. The conclusion seems to be based on the Plaintiff’s subjective evidence alone, which would not meet any of Sharpe’s guiding considerations. General upset regarding a two-second clip in two-minute video where the complainant believes the image did not portray her in the most flattering light because she was overweight seems to suggest circumstances that, while unfortunate, most reasonable persons would not regard as “highly offensive”.

A fully subjective analysis of the harm experienced has problematic outcomes. It opens the courts for all kinds of invasion of privacy claims by particularly sensitive plaintiffs. An unclear standard is left for all involved parties, including legal representatives advising clients on what behaviour crosses the line (or where the line is, for that matter).

Damages Award

While $4000 may seem insignificant, it is a relatively high damages award for this tort, particularly in the face of other successful privacy breach claims that are on their face far more egregious. For instance, in John Stevens v Glennis Walsh, 2016 ONSC 2418 the defendant accessed the plaintiff’s employment information, which she gave to his ex-wife for use against him in divorce proceedings. The invasion of personal privacy was found to be “significant”, and yet the plaintiff was only awarded $1500.

In McIntosh v Legal Aid Ontario, 2014 ONSC 6136 the defendant accessed the plaintiff’s Legal Aid Ontario file, which she then provided to the plaintiff’s ex-boyfriend (the defendant’s current boyfriend). The boyfriend used the information to threaten the plaintiff with involving the Children’s Aid Society to remove her children. The court found the invasion of personal privacy to be intentional and significant. Interestingly, the court applied a subjective analysis and found that the breach caused the plaintiff annoyance, anxiety and distress. The plaintiff was awarded $7500.

As evidenced by these cases, damage awards are all over the map. In the present case, it is also possible that the damages were influenced by what Leclaire referred to as “disparaging” email remarks. Regardless, the small claims court has work to do in establishing a clear framework to assess and ground damage awards in this tort.

Lessons for Business

In light of this decision, organizations which use images for commercial purposes would be wise to seek the consent of all persons appearing in such images, even where the images are made in a public setting. For larger areas where individual consent may not be practicable, organizations may want to consider posting clear and obvious signage that recording is occurring and people’s images may be used.

This recent decision does not clarify the law on privacy damages. It does, however, introduce a great deal of uncertainty into the environment for businesses.

Artificial Intelligence: The Year in Review

Posted in AI and Machine Learning
Carole PiovesanKirsten ThompsonSuzie Cusson

By all accounts, “Maple Valley” is thriving.

2017 saw Canada, home to the second largest tech sector outside Silicon Valley,[i] solidify its position as a leader in the field of artificial intelligence (“AI”).

Based on available data to date, it is estimated that funding raised by Canadian AI companies in 2017 will exceed US$250 million, representing an almost two-fold increase from the previous record historical high of US$143 million in 2015.[ii] This healthy injection of private-sector funding has been accompanied by significant public investment. Notably, the 2017 federal budget provided for C$125 million in research and development funds earmarked for AI initiatives and nearly C$1 billion over 5 years to promote innovation superclusters.[iii]

Access to unprecedented levels of capital, a strong network of academic institutions, improving infrastructure and availability of talent facilitated by open immigration rules have fuelled the development of a burgeoning industry north of the border. Joining dozens of growing start-ups in AI cluster cities such as Toronto or Montreal, global tech giants such as Google, Facebook and Samsung have invested in or opened Canadian AI labs in 2017.[iv]

The regulatory landscape impacting AI continues to evolve both domestically and abroad. As we begin the new year, we pause to reflect on some of 2017’s most notable developments in AI and prepare for new trends to watch out for in 2018.

What we saw in 2017:

  • New federal support and plan for AI: Budget 2017 signalled the Government of Canada’s clear priority to foster innovation in a number of key industries, including AI. The Pan-Canadian Artificial Intelligence Strategy was launched in March 2017 with a view to increase and support our national research community on AI, connect Canada’s major centres for AI development and lead the global discussion on the economic, ethical, policy and legal implications of advances in AI.[v] More broadly, the federal government announced funding for innovation superclusters, began a review of its business innovation initiatives to better align them with client needs, and established Innovation Canada, a new platform created to coordinate the public programs made available across several departments in support of Canada’s innovative companies, including AI companies.[vi]
  • A survey of AI policy, innovation and regulations abroad:
    • United States: In May 2017, the US Congress established the Artificial Intelligence Congressional Caucus, tasked with informing policy decisions with respect to AI and ensuring rapid growth and innovation in this industry. This signals American lawmakers’ continued support for developing a national AI policy roadmap despite the change in administration since the publication of the Obama-era White House National Artificial Intelligence Research and Development Strategic Plan.[vii] Additional policy discussions of note have emanated from the United States Government Accountability Office, which released a technology assessment of the Internet of Things respecting the status and implications of an increasingly connected world.[viii]
    • United Kingdom: In January 2017, the Science and Technology Committee of the UK House of Commons released its report on robotics and AI with recommendations for supporting AI research. Chief among its recommendations is the creation of a national council on AI with membership drawn from academia, industry and government to produce a government-backed “National Robotics and Autonomous Systems Strategy”.[ix] The Committee is holding ongoing consultations to better understand issues related to the proliferation of advanced AI systems. In fall 2017, the UK government announced it will invest £75m into delivering recommendations from an independent review on AI, and will open a Centre for Data Ethics and Innovation.
    • European Union: In February 2017, the European Parliament passed a resolution titled “Civil Law Rules on Robotics”, pursuant to which the European Commission is to propose rules on robotics and AI, in order to fully exploit their economic potential and to guarantee a standard level of safety and security.[x] In October 2017, the European Parliament released its preliminary findings on its public consultation on robotics and AI. Meant to inform the EU’s position on ethical, economic, legal, and social issues, the consultations revealed support for the creation of a central EU regulatory body on AI. The European Commission published a preliminary response to some of the European Parliament’s recommendations and has committed to working on a EU response on AI following its own public consultation and stakeholder dialogue.
    • Estonia: The small country of Estonia, with a population of around 1.3 million people, is outlining options for extending legal representative rights to AI.
    • China: The Chinese government announced an ambitious goal of becoming a leader in AI innovation and regulation by 2030. In December 2017, the Ministry of Industry and Information Technology published a document outlining its goals to lead in AI.
    • South Korea: In February 2017, the Ministry of Science, ICT and Future Planning released a plan to prepare South Korea for advancements in AI-enabled technologies. The plan identifies policy goals relating to workforce preparedness, education and social welfare as well as a number of targeted measures to manage the development of AI in South Korea. These reforms include an overhaul of the country’s Framework Act on National Informatization and the establishment of a Charter of Ethics for AI (by 2018) and protocols to guide developers and users.[xi]
  • Privacy continues to be a concern: In his remarks delivered in May 2017 at the IAPP Canada Privacy Symposium, the Privacy Commissioner of Canada emphasized the need to proactively engage with organizations that use AI and other cutting edge-innovations to ensure accountability in this rapidly evolving area.[xii] From an automotive industry-specific perspective, the Privacy Commissioner signed the Resolution on Data Protection in Automated and Connected Vehicles during the 39th International Conference of Data Protection and Privacy Commissioners in September 2017. This non-binding document acknowledges the rapid advancement of vehicle automation and connected vehicle technologies and expresses concern about the possible lack of available information, user choice, data control and valid consent mechanisms for vehicle owners, drivers, passengers, other road users and pedestrians.[xiii]
  • Competition law is a hot topic: In September 2017, the Competition Bureau released its consultation paper entitled “Big data and Innovation: Implications for competition policy in Canada”.[xiv] The report canvasses how the acquisition and use of Big Data, which is essential to AI systems, can raise competition issues. Competition and privacy issues affecting Big Data were considered by the Federal Court of Appeal in its decision in Toronto Real Estate Board v. Commissioner of Competition,[xv] released on December 1, 2017. The decision has profound implications as it relates to risks of non-compliance with the civil prohibitions against abuse of dominance under the Competition Act stemming from allegations of data monopoly.
  • Continued dialogue between non-governmental actors: The 2017 Asilomar Conference, involving some of the leading thinkers in AI, released a list of 23 principles ranging from research strategies to data rights to future issues including potential super-intelligence. These principles, which underscore ethical and societal values for beneficial AI development, were endorsed by a total of 3,814 signatories, including over 1,250 AI/Robotics Researchers and twice as many thought leaders such as Stephen Hawking and Elon Musk.[xvi]
  • AI in Fintech is an area of focus: A number of public consultations and reports in 2018 have centered on the opportunities and challenges related to the integration of AI in the delivery of financial services. Of note is the European Commission’s public consultation document on Fintech and the European Banking Authority’s response, published in March and June 2017, respectively.[xvii] Access to information, transparency, cybersecurity risk, market distortions caused by widespread automation and limited data portability are identified as areas of concern. Similar issues were raised by the Basel Committee on Banking Supervision in its August consultative document on Fintech[xviii] and by the Financial Stability Board in its November 2017 report on the implications of AI for financial services.[xix]

What to watch for in 2018:

  • The AI industry will continue to experience rapid growth: Building on the success of 2017, the AI industry in Canada and globally is expected to continue to experience rapid growth in 2018 and beyond. By 2020, the worldwide market for AI-related products is predicted to reach US$47 billion, up from US$8.0 billion in 2016.[xx] Industries such as healthcare and financial services, which have traditionally been particularly proactive in integrating AI technologies to improve business models in various capacities, will continue to drive the market. Over the coming years, AI is also likely to progressively make its mark in traditionally more conservative industries – including the legal practice – as parties become more exposed to transformative technologies and weigh the opportunities and challenges associated with the deployment of AI.
  • Expect developments in respect of privacy requirements: In late 2017, the Privacy Commissioner invited stakeholders across Canada to comment on draft guidelines in respect of consent and data practices under the Personal Information Protection and Electronic Documents Act (PIPEDA), which is currently under review. The final form of these guidance documents, likely to be released this year, will assist those organizations relying big data analytics and AI that such uses are appropriately disclosed. Canadian businesses should also take note of the forthcoming entry into force of the European Union’s General Data Protection Regulation (“GDPR”) in May 2018. The GDPR will apply to any company offering goods or services to EU residents. Discrepancies between the GDPR and Canadian privacy law requirements may pose new challenges to businesses who come within the purview of both regimes
  • .
  • Intersection between AI and other transformative technologies: The intersection between AI and other technologies, including blockchain, is gaining attention from theoretical and applied perspectives. We expect to see growth in the areas of AI and blockchain, quantum computing and Internet of Things (IoT), among others.
  • Strategic acquisitions and competition for talent: The acquisition of AI start-ups, particularly in our innovation hubs of Toronto, Montreal and Edmonton, is expected to heat up. The most recent announcement of TD Bank’s acquisition of Layer 6, and AI start-up based in Toronto, is the beginning of what we expect to be one of many this year. Not only will such acquisitions fuel innovation but it will also propel the competition for talent in applied AI.

McCarthy Tétrault and AI

In this environment ripe for opportunities and challenges, legal counsel must keep up with AI to marry legislative compliance and the application of industry best practices in various jurisdictions with a practical knowledge of commercial and technical outcomes. McCarthy Tétrault, named Law Firm of the Year at the 3rd Annual Canadian Fintech & AI Awards presented by the Digital Finance Institute in November 2017, is thinking ahead to cross-disciplinary ways in which AI and the law will intersect, to provide comprehensive advice to our clients.

Our 2017 Transformative Technologies and the Law series explored the conceptual and practical legal issues arising from the integration of AI into organizational processes, operations and business models. Consult our first White Paper entitled “From Chatbots to Self-Driving Cars: The Legal Risks of Adopting Artificial Intelligence in Your Business”, published in October 2017. Our series of seminars will continue this Spring 2018 with a focus on Managing Privacy Litigation Risk.

AI will also continue to feature prominently in our 2018 McCarthy Tétrault Advance Continuing Professional Development program, with seminars focusing on Open Banking, Cyber Insurance, Automated Cars as well as in the context of our 7th Annual Technology Summit.

For more on AI and the law, see our blogs on all things related to Fintech generally and AI and Machine Learning specifically.




[i] Jack Derricourt, “Understanding the legal risks of deploying AI in businesses – An interview with Carole Piovesan”, DX Journal (2 December 2017), online: <>.

[ii] PwC & CB Insights, MoneyTree Canada Report (Q3 2017), online: <>.

[iii] Government of Canada, “Innovation superclusters initiative (ISI): Program guide”, online: <>.

[iv] Denise Deveau, “Here’s what the AI map in Canada looks like (at least today)”, Financial Post (14 June 2017), online: <>.

[v] Canadian Institute for Advanced Research, “Pan-Canadian Artificial Intelligence Strategy Overview” (30 March 2017), online: <>.

[vi] Government of Canada, “Canada’s Innovation And Skills Plan”, online: <>; Government of Canada, “Innovation superclusters initiative (ISI): Program guide”, online: <>; Treasury Board of Canada Secretariat, News Release, “Government of Canada review will ensure that innovation and clean technology programs deliver results for Canada’s innovators” (6 September 2017), online: <>.

[vii] Congressman John Delaney, “Delaney Launches Bipartisan Artificial Intelligence (AI) Caucus for 115th Congress” (24 May 2017), online: <>.

[viii] United States Government Accountability Office, Technology Assessment: Internet of Things (May 2017), online: <>.

[ix] United Kingdom, House of Commons Science and Technology Committee, Robotics and artificial intelligence: Government Response to the Committee’s Fifth Report of Session 2016–17 (London: House of Commons, 2017), online: <>.

[x] EC, European Parliament resolution of 16 February 2017 with recommendations to the Commission on Civil Law Rules on Robotics (2015/2103(INL)), online: <>.

[xi] South Korea Ministry of Science and ICT, “Long-term Service R&D Strategy Road-map and Investment Plan Announced ” (27 February 2017), online: <>.

[xii] Office of the Privacy Commissioner of Canada, “Course correction for improved outcomes for Canadians: Remarks at the IAPP Canada Privacy Symposium 2017” (17 May 2017), online: <>.

[xiii] International Data Protection and Privacy Commissioners Conference, “Resolution on Data Protection in Automated and Connected Vehicles” (25-29 September 2017), online: <>.

[xiv] Competition Bureau, Big data and Innovation: Implications for competition policy in Canada, online: <>.

[xv] Toronto Real Estate Board v Commissioner of Competition, 2017 FCA 236.

[xvi] Future of Life Institute, “A Principled AI Discussion in Asilomar” (17 January 2017), online: <>

[xvii] EC, Consultation Document: Fintech: A More Competitive And Innovative European Financial Sector, online: <> ; European Banking Authority, EBA Response, online: <>.

[xviii] Basel Committee on Banking Supervision, Sound Practices: Implications of fintech developments for banks and bank supervisors (August 2017), online: <>.

[xix] Financial Stability Board, Artificial intelligence and machine learning in financial services, online: <>.

[xx] International Data Corporation, “Worldwide Cognitive Systems and Artificial Intelligence Revenues Forecast to Surge Past $47 Billion in 2020, According to New IDC Spending Guide” (26 October 2016), online: <>.