The ‘Safari workaround’ has cost Google millions. In 2012, it paid a civil penalty of US$22.5 million to settle charges brought by the US FTC that Google misrepresented to users of the Safari browser that it would not place tracking cookies or serve targeted advertisements to those users. In 2013 it paid US$17 million to settle US state consumer-based actions brought by State AGs.
Archive for the ‘Privacy’ category
Cyber security is top of mind these days in corporate boardrooms, governments, and with consumers. Last week was exemplary with more reports of hacks and governments moving forward with measures attempting to address the growing threats.
The New York Times reported that bank hackers stole millions using malware in a scam that allegedly involved an attack on more than 100 banks and other FIs in 30 nations. This followed a series of seemingly unending reports of attacks against other organizations.
In the landmark ruling in Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (case no. C-131/12, May 13, 2014), the Court of Justice of the European Union (CJEU) recognized that search engines are controllers of the personal information they process and have the obligation, in appropriate cases, to de-list links to personal information in their search results. A recent decision in Mosley v Google Inc & Anor  EWHC 59 (QB) (15 January 2015) has recognized that a right to get a blocking order against a search engine might also exist in the United Kingdom under the UK Data Protection Act 1998. The case also illustrates the challenges individuals have in vindicating their privacy interests in the Internet context.
A divided Supreme Court ruled that individuals cannot be secure that their most personal information will be protected from warrantless searches when arrested. In a 4 to 3 ruling, in R v Fearon, the Court held that if a person is lawfully arrested, a search is conducted that is incidental to the arrest, the search is tailored to its purpose, and the police take detailed notes, police may search the person’s cell phone.
In the landmark ruling in Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (case no. C-131/12, May 13, 2014), the Court of Justice of the European Union (CJEU) recognized that search engines are controllers of the personal information they process. As such, they have the obligation, in appropriate cases, to de-list links to personal information in their search results.
The Gonzales decision left open questions about the scope of the duty and the criteria to be used in determining what links must be delisted, something which Google, data protection authorities, and others had disagreed about. The Article 29 Data Protection Working Party has now released a Guideline addressing these controversial issues.
The Digital Privacy Act (Bill S-4) will make significant changes to Canadian privacy law when it is enacted. The amendments to PIPEDA have been in the making since 2007 following the statutory review of PIPEDA by the Standing Committee on Access to Information, Privacy and Ethics. The Bill has passed the Senate and was referred to the Standing Committee on Industry, Science and Technology. The INDU Committee will begin considering the Bill on November 25, 2014.
Earlier today, the Supreme Court released a landmark decision dealing with privacy on the Internet. The main issue in R v Spencer 2014 SCC 43 was whether a user of the Internet has a reasonable expectation of privacy in his or her basic subscriber information held by the user’s ISP that prevents the police from obtaining this information from the ISP without a warrant or court order. Prior to the decision some courts had ruled that ISPs could turn over subscriber contact details associated with the person’s IP address to police without a warrant or court order. The Court rejected this line of cases ruling that a person has a reasonable expectation of privacy associated with Internet activities and that the “lawful authority” exemption in PIPEDA does not create a basis to turn such information to the police.
Bill S-4, the Digital Privacy Act (An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act,) was given First Reading in the Senate today. The summary of the Bill describes the proposed amendments as follows:
The Supreme Court released a landmark decision today in the Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC 62 case. In short, the Court found that while Alberta’s privacy legislation PIPA plays a vital role in protecting privacy, it violated the Charter right to freedom of expression by precluding the use of personal information in the labour context. The ruling is an appeal from a decision the Alberta Court of Appeal, which is summarized here.
The headnote of the case reads as follows:
Last week I had the pleasure of listening to a great talk titled “Privacy: Getting Accountability Right” at the 2013 Compliance and Consumer Complaints Annual Conference organized by the Canadian Life and Health Insurance Asscoiation Inc. Taking place in sunny Vancouver (see below), the speakers were Barbara Bucknell of the Office of the Privacy Commissioner of Canada, Jill Clayton, Information and Privacy Commissioner, Alberta, and Elizabeth Denham, Information and Privacy Commissioner, British Columba.
Here is a summary of their remarks.
The first question addressed to each panelist was the trends they were seeing in relation to privacy in the insurance industry.