Archive for the ‘Privacy’ category

OPC consultation on artificial intelligence: my submission to the consultation

March 16th, 2020

Here is my submission to the OPC consultation.

______________________________________________

Thank you for the opportunity to provide input into the OPC’s consultation on artificial intelligence (AI) as it relates specifically to the Personal Information Protection and Electronic Documents Act (PIPEDA).

By way of introduction, I am a senior technology lawyer with McCarthy Tétrault. As part of my privacy practice, I regularly advise clients on privacy issues. I also teach privacy at Osgoode Hall Law School as part of an intellectual property law course. I have also written extensively about privacy issues including a major chapter in my eight volume book on Computer, Internet, and ecommerce Law. As such, I respectfully submit I am well positioned to provide both theoretical and practical input into the consultation. This is a personal submission and is not made on behalf of any client.

Privacy Law Reform: the OPC 2018-2019 Annual Report

December 12th, 2019

The Office of the Privacy Commissioner of Canada just published the 2018-2019 Annual Report to Parliament on the Privacy Act and the Personal Information Protection and Electronic Documents Act. Unlike other reports, this report’s focus was on privacy law reform. In fact, it was so titled as Privacy Law Reform – A Pathway to Respecting Rights and Restoring Trust in Government and the Digital Economy.

The Annual Report is a must read for everyone concerned about privacy including members of the general public and organizations whose privacy practices and compliance burdens would be significantly affected if some or all of the proposals were accepted and enacted into law.

OPC drops transborder transfer of data consultation

September 24th, 2019

Earlier this year the Privacy Commissioner launched and then relaunched a consultation that caused shockwaves among privacy lawyers, the tech community, and just about every organization that has third parties process data for them. The OPC sought to change its longstanding interpretation of Canada’s privacy law, PIPEDA, to require the consent of individuals to transfer personal information to a third party for processing.

The OPC received numerous submissions opposing the change including from the CLHIA, Centre for Information Policy Leadership, PMAC, and Canadian Chamber of Commerce. I also wrote a personal submission opposing it and explaining why such a change could not be justified under the wording of PIPEDA or as a matter of policy.

OPC consultation on trans-border data flows: my submission to the consultation

August 6th, 2019

Dear M. Therrien:

Thank you for the opportunity to provide input into the consultation on whether consent is or should be required for transborder data flows for processing.

Introduction

By way of introduction, I am a senior technology lawyer with McCarthy Tétrault. I have significant experience in outsourcings of all types, both domestic and trans-national. I have been involved in some of Canada largest and most complex outsourcing transactions. In this connection, and as part of my privacy practice, I regularly advise clients on privacy issues associated with transfers and disclosures of personal information. I also teach privacy at Osgoode Hall Law School as part of an intellectual property law course. I also have written extensively about privacy issues including a major chapter in my eight volume book on Computer, Internet, and ecommerce Law. As such, I respectfully submit I am well positioned to provide both theoretical and practical input into the consultation.

Developments in computer, Internet and e-commerce law: the year in review (2018-2019)

June 14th, 2019

I gave my annual presentation yesterday to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covers the period from June 2018 to June 2019. The developments include cases from Canada, the U.S. the U.K., EU, Australia, South Africa, India and other countries.

The developments are organized into the broad topics of:

  • Privacy / Big Data / AI
  • Employee / HR
  • E-commerce / Online Agreements
  • Online Remedies / Governance / Jurisdiction
  • Copyright

The cases and other documents referred to are below.

Privacy / Big Data / AI

OPC position on online reputation: search engines must de-index privacy violating personal information

January 27th, 2018

Are search engines subject to PIPEDA? Should they be required to de-index web pages such as when information about an individual is inaccurate, incomplete or outdated, ;or when the linked to information is illegal? Should search engines be subject to a notice and de-indexing or demotion regime? And, should search engines be required to geo-fence to ensure that search results containing personal information about Canadians that violates PIPEDA  is not made accessible in Canada regardless of which domain a Canadian searches on? In a Draft OPC Position on Online Reputation released yesterday in response to a public consultation, the answer to each of those questions was YES.

Digital Privacy Act Security Breach Regulations: my representations

October 1st, 2017

Here are my representations sent to Jill Paterson, Senior Policy Analyst, Digital Policy Branch, Spectrum, Information Technologies and Telecommunications (SITT) Sector, Innovation, Science and Economic Development Canada, CD Howe Building, 235 Queen Street, Room 162D, Ottawa, Ontario K1A 0H5.

________________________________________________________

These are my representations on the draft Breach of Security Safeguards Regulations published in the Canada Gazette, Part I, August 14, 2017.

I am Barry Sookman, a senior Partner with the law firm McCarthy Tétrault. I am also an Adjunct professor of intellectual property law at Osgoode Hall law School where I teach, among other things, privacy law. My firm acts for clients that have important concerns about the draft Regulations. However, I make these representations solely on my own behalf.

PIPEDA privacy law given business friendly interpretation by Supreme Court: RBC v Trang

November 18th, 2016

Canada’s federal privacy law, PIPEDA, was enacted to be one of our framework laws that would underpin our digital economy. It’s goal was to recognize the privacy rights of individuals and at the same time to recognize the legitimate needs of organizations to collect, use, and disclose personal information. That balance between privacy and  uses of personal information for appropriate purposes was underscored by the Supreme Court in a decision released yesterday in Royal Bank of Canada v. Trang 2016 SCC 50.  .

Microsoft wins big in warrant fight to protect privacy of user data

July 15th, 2016

Microsoft scored a major victory for the privacy of its cloud computing users yesterday winning a closely watched case against U.S. Government. In Microsoft Corporation v USA (2nd.Cir. Jul. 14, 2016), the U.S. Second Circuit Court of Appeals held that a warrant issued under Section 2703 of the Stored Communications Act (ECA) did not have extra-territorial effect to require U.S. based Microsoft to access and provide the government with user data stored on servers operated by a subsidiary in Dublin Ireland.

The year in review: developments in computer, internet and e-commerce law (2015-2016)

June 14th, 2016

I gave my annual presentation today to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covered the period from June 2015 to June 2016. The developments included cases from Canada, the U.S. the U.K., and other Commonwealth countries.

The developments were organized into the broad topics of: Technology Contracting, Online Agreements, Privacy, Online/Intermediary Liability/Responsibility, Copyright, and Trade-marks and Domain names.

The cases referred to are listed below. My slides can be viewed after the case listing. These and many other cases will be added to my 7 volume book on Computer, Internet and E-Commerce Law (1988-2015).