CyberLex
CyberLex Insights on cybersecurity, privacy and data protection law

Tag Archives: privacy

Supreme Court of Canada Rules Text Messages Can Attract a Reasonable Expectation of Privacy

Posted in Privacy

On December 8, 2017, the Supreme Court of Canada (“SCC”) released two decisions dealing with privacy interests in text messages: R v Marakah, 2017 SCC 59  and R v Jones, 2007 SCC 60.   At issue in both cases was whether there is reasonable expectation of privacy in text messages, even after they have been sent… → Read More

When Employees Go Rogue: Are Employers Vicariously Liable for the Privacy Breaches of Their Employees?

Posted in Class Actions, Data Breach, Privacy

Although there has not yet been a definitive answer to this question in Canada, based on recent UK case law, it appears increasingly likely that, at least in some circumstances, the answer may be “yes”. In Various Claimants v WM Morrisons Supermarket Plc, (Rev 1) [2017] EWHC 3113 (QB) (“Morrisons”), the High Court said that the supermarket chain… → Read More

In the Future, Everyone Will Have Their Personality Misappropriated for 15 Minutes

Posted in Privacy

At the same time Andy Warhol was predicting the intense, short-lived  “15 minutes of fame” that has now manifest as viral videos, legal scholars were pondering the implications of technology on our private lives.[1] While nobody got as close as predicting that a social media website would get sued for using photos people voluntarily uploaded… → Read More

Basel Committee on Banking Supervision Issues Consultative Document Highlighting Implications of Fintech on Banks

Posted in AI and Machine Learning, Big Data, Cybersecurity, FinTech, Payments, Privacy

On August 31, the Basel Committee on Banking Supervision (the “BCBS”) published a consultative document on the implications of Fintech for the financial sector. The consultative document was produced by BCBS’s task force mandated with identifying trends in Fintech developments and assessing the implication of those developments on the financial sector. Parts I and II… → Read More

Project Jasper Update: White Paper Release and Phase 3 Announcement

Posted in Authentication, Blockchain, Financial, FinTech, Identity, Payments, Privacy

Project Jasper is an experiment being done by the Bank of Canada, Payments Canada and R3 to test the viability and feasibility of using Distributed Ledger Technology (“DLT”) as the basis for wholesale interbank payment settlements. This project was launched in March 2016 and has completed two phases. Phase 1 of Project Jasper employed the… → Read More

Here We Go Again: Schrems 2 Puts the Model Clauses for Transfer of EU Personal Data in Doubt

Posted in European Union, Privacy

On October 3, 2017, the High Court of Ireland rendered a decision in The Data Protection Commissioner v. Facebook Ireland Limited & anor, [2017] IEHC 545.  This decision, which could well be labeled Schrems 2,  is effectively a sequel to the original Schrems decision, based on the same underlying facts and issues.  In this most… → Read More

Europeans Express Positive Views on AI and Robotics: Report on Preliminary Results from Public Consultations

Posted in AI and Machine Learning, Big Data, European Union, Privacy

On October 6, 2017, the European Parliament released its preliminary findings on its public consultation on robotics and artificial intelligence. The consultations resulted in 298 responses reflecting public perceptions about the risks and benefits of AI technology. According to the EU Committee website, the results of the consultation will inform the Parliament’s position on ethical,… → Read More

McCarthy Tétrault Event: Big Data Seminar – October 18th, 2017

Posted in Big Data, Competition, Privacy

The second part of McCarthy Tétraults Transformative Technologies Series explores the asset that underpins many of today’s transformative technologies: big data. This seminar will provide an overview of some of the pressing legal questions businesses are facing as big data takes centre stage. Businesses are increasingly harnessing big data in ways that drive innovation and… → Read More

Estonian Blockchain-Based ID Card Security Flaw Raises Issues About Identity

Posted in Cybersecurity, Data Breach, Identity

On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital use of Estonian ID cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to… → Read More

Privacy Commissioner’s Report on Public Perception of Companies’ Privacy Practices Holds Lessons for Business

Posted in Privacy

The Office of the Privacy Commissioner of Canada (“OPC”) recently released a preliminary report outlining the results of a series of focus groups conducted with Canadians about privacy and the protection of personal information.[1] Predictably, participants in the focus groups (which represented a small and restricted sample of Canadians) were concerned by the collection and… → Read More

Searches of Electronic Devices at the Canada/US Border

Posted in Legislation, Privacy

The possibility of arbitrary searches of the electronic devices of persons crossing into the US continues to raise concerns among Canadians and, in particular, privacy regulators. Recent statements (and subsequent legislative amendments) are attempting to address some of the legal issues. On June 8, 2017, Daniel Therrien, the Privacy Commissioner of Canada,  sent a follow up… → Read More

European Banking Authority Responds to European Commission Public Consultation on Fintech: Potential Takeaways for Canada

Posted in AI and Machine Learning, Big Data, Cybersecurity, Financial, FinTech

In March 2017, the European Commission issued a public consultation document on Fintech.  The goal of the European Commission (EC) document is to further the objective of a digital single market within Europe.  This will be done by supporting the development of digital infrastructure,  improving access to goods and services, and ensuring rules foster technological… → Read More

Few “likes” for Facebook Forum Selection Clause: Supreme Court Finds “Strong Cause” to Not Enforce Forum Selection Clause

Posted in Class Actions, Privacy, Privacy Act, Social Media, Uncategorized

Electronic terms of service govern billions of relationships worldwide, whether a user is joining a social media service, shopping online or accessing a blog. In each case, a binding contract is formed, the terms of which are usually set out in the website’s “terms of service” . But when a contract is made over the… → Read More

“Not There Yet”: Bank of Canada Experiments with Blockchain Wholesale Payment System

Posted in FinTech

The Bank of Canada has issued a report on Project Jasper, its recently completed experiment testing the viability of distributed ledger technology (DLT) as the basis for a wholesale payment system. The experiment was a combined effort by the Bank of Canada and Payments Canada, along with Bank of Montreal, Canadian Imperial Bank of Commerce,… → Read More

A Glimpse into a Tangled Future: Implications of an Increasingly Connected World

Posted in AI and Machine Learning, Big Data, Internet of Things

Looking forward to living in a house that reduces your workload by mowing your lawn? What about having your front door beam you photographs of everyone your adolescent children let into your home while you are at work? Or, even better, a door that will only open for certain people at specific times during the… → Read More

Why Autonomous Vehicle Providers Should Consider Their Stance on Privacy

Posted in Connected Cars, Privacy

Autonomous vehicles are coming fast. It is now believed that autonomous vehicles will be widely available to consumers by 2020. Many futurists predict that one day owning and driving a car will be a hobby, much like horseback riding, and that most consumers will simply press a button on their mobile devices to have a… → Read More

Lawful Access: The Privacy Commissioner Reiterates its Position

Posted in Criminal, Legislation, Privacy

One of the challenging aspects of PIPEDA in recent years has been the new section 7(3)(c.1)(ii), which permits organisations to disclosure personal information to a government institution that has requested the disclosure for the purpose of law enforcement and has stated its “lawful authority” for the request. Organizations faced with such a request almost always… → Read More

Defending a Lawsuit is Not a “Commercial Activity” Under Privacy Legislation

Posted in Privacy

In a case dating back to 2016 but just recently published, the Office of the Privacy Commissioner of Canada has ruled that the collection and use of a plaintiff’s personal information for the purpose of defending against a civil lawsuit is not a “commercial activity” and, as such, the Personal Information Protection and Electronic Documents Act,… → Read More

Lenovo and Superfish: Proposed Class Action Proceeds on Privacy Tort and Statutes

Posted in Cybersecurity, Internet of Things, Privacy

A recent privacy decision regarding pre-installed software on laptops may have implications for companies operating not only in the traditional hardware space, but for those companies venturing into the burgeoning “Internet of Things” ecosystem. In short, an Ontario court declined to strike the common law and statutory privacy claims, suggesting that courts are at least… → Read More

Health Record Snooping Nets Hefty Fine

Posted in PHIPA

In a recent case out of Goderich, Ontario a $20,000 fine, the highest of its kind in Canada, was handed out for a health privacy violation. Between September 9, 2014 and March 5, 2015, a Masters of Social Work student accessed the personal health information of 139 individuals including family, friends, and local politicians, among… → Read More

U.S. Consumer Protection Regulator Consults on Use of Alternative Credit Data

Posted in Big Data, Financial, FinTech

On February 16, 2017, the U.S. Consumer Financial Protection Bureau (the “CFPB”) issued a Request for Information (“RFI”) seeking feedback from the public on the use or potential use of alternative data and methodologies to assess consumer credit risk, thereby expanding access to credit for credit invisible segments of the population. Presently, most lenders make… → Read More

Genetic Discrimination Bill One Step Closer to Becoming Law

Posted in Legislation, Privacy

On March 8, 2017 Liberal backbench MPs united with opposition parties to pass Bill S-201, an act to prohibit and prevent genetic discrimination. As noted in this prior Cyberlex post, Bill S-201 follows the enactment of legislation in the United States and adoption in the United Kingdom of a voluntary code and protects individuals from… → Read More

Cyberbullying & Revenge Porn: An Update on Canadian Law

Posted in Privacy

The current nature of social media and, more broadly, the Digital Age, continues to create challenges for legislators and law enforcement officials alike. One such challenge arises in the cyberbullying context, where intimate (or otherwise private) images are uploaded to the Internet. These files can be copied, forwarded and shared instantaneously, making them seemingly impossible… → Read More