Archive for the ‘Privacy’ category

The year in review: developments in computer, internet and e-commerce law (2015-2016)

June 14th, 2016

I gave my annual presentation today to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covered the period from June 2015 to June 2016. The developments included cases from Canada, the U.S. the U.K., and other Commonwealth countries.

The developments were organized into the broad topics of: Technology Contracting, Online Agreements, Privacy, Online/Intermediary Liability/Responsibility, Copyright, and Trade-marks and Domain names.

The cases referred to are listed below. My slides can be viewed after the case listing. These and many other cases will be added to my 7 volume book on Computer, Internet and E-Commerce Law (1988-2015).

Privacy injunctions in the age of the Internet and social media: PJS v News Group Newspapers

May 24th, 2016

You’re a celebrity and had a threesome. Your partner wasn’t one of them. You want the affair to remain private. You go to a court in England where your family resides and get an interim injunction. It prevents the English press from publishing the tawdry details to protect your privacy and the privacy of your family. The affair becomes widely known in other countries including the US, Canada, and Scotland. The English public finds out about it through foreign web sites. They also find the story when using search engines, even when not looking for it. The English public is incited to access websites where details about the encounter can be found by the tabloids which thrive on selling papers filled with salacious details of sexual encounters. The tabloids create a frenzy working up the public claiming they are being censored when their foreign counterparts are not, then move to set aside the injunction.

Long arm of EU privacy law: CJEU judgment in Weltimmo v Hatóság

October 15th, 2015

The territorial reach and enforcement jurisdiction of European Union’s data protection law has become a lot more important these days following the decision of the Court of Justice in the Schrems case. In a case decided just a few days before Schrems, the same court gave Directive 95/46/EC a broad reading holding that the laws of a Member State apply to data controllers in another Member State who operate a website that processes data of residents of the first Member State. The Court, however, construed the enforcement jurisdiction of supervisory authorities narrowly ruling they do not have the ability to impose penalties on controllers not established in the Member State. The judgment of the Court in Weltimmo s.r.o. v Nemzeti Adatvédelmi és Információszabadság Hatóság, Case C‑230/14, October 1, 2015 has significant repercussions for EU and non-EU businesses that operate websites that target residents of a Member State and potentially for the territorial reach of the “right to be forgotten”.

Schrems, what the CJEU decided and why it is a problem for Canadian and other non-EU businesses (updated)

October 12th, 2015

On October 6, 2015 the Court of Justice of the European Union (CJEU) released a bombshell, but not completely unexpected judgment, invalidating a decision of the European Commission that underpinned the EU-US privacy safe harbor. In Schrems v. Data Protection Commissioner [2015] EUECJ C-362/14 (06 October 2015), the CJEU held that supervisory data authorities in Member States have the joint right with the EU Commission to review whether non-EU countries provide adequate protection to personal data transferred to them from the EU despite a decision by the EU Commission that such protection is provided. It also invalided Commission Decision 2000/520 which had found that transfers of personal data to the US from the EU provided adequate protection where the recipient complied with the EU-US Safe Harbour Principles.

Schrems brings down EU-US safe harbour

October 6th, 2015

EU’s highest court struck a major blow to the EU-US safe harbour earlier today in the closely watched case, Schrems v. Data Protection Commissioner [2015] EUECJ C-362/14 (06 October 2015). The decision of the CJEU, which followed the earlier opinion of the Advocate General, is the worst privacy nightmare that could have been imagined by the thousands of US and EU based companies that rely on the safe harbour to transfer personal data to the US for processing. It affects giant social networks like Facebook, search engines like Google, cloud hosting providers, and thousands of other companies that do business in the EU and that transfer personal data to the US.

Digital Privacy Act (Bill S-4) now law

June 18th, 2015

The Digital Privacy Act was given a quick third reading in the House yesterday and was speedily given royal assent to become law earlier today. This law, which has been in the making since 2007, updates Canada’s comprehensive federal privacy legislation PIPEDA in quite significant ways. I previously summarized salient aspects of the law in my blog posts, Digital Privacy Act: Important work still to be done by the INDU Committee and Cyber threats, information sharing and The Digital Privacy Act.

The year in review: developments in computer, internet and e-commerce law (2014-2015)

June 10th, 2015

I gave my annual presentation today to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covered the period from June 2014 to June 2015. The developments included cases from Canada, the U.S. the U.K. and other Commonwealth countries.

The developments were organized into the broad topics of: Online Agreements, Licensing/Technology Contracting, Privacy, Online Liability, Cyber-security and Copyright.

The cases referred to are listed below. My slides can be viewed after the case listing.

Online Agreements

Nguyen v. Barnes & Noble, Inc., 763 F. 3d 1171 (9th.Cir. 2014)

Privacy by Design certification framework launched by Ryerson and Deloitte

May 25th, 2015

This morning, Ryerson University and Deloitte announced a new certification framework based on Privacy by Design principles. Privacy by Design is a set of principles that builds privacy into the design, operation and management of a given system, business process or design specification. It is based on 7 Foundational Principles developed by Dr Ann Cavoukian, Executive Director of Ryerson’s Privacy and Big Data Institute and the former Information and Privacy Commissioner of Ontario.

Under the Privacy by Design framework, Ryerson will be responsible for certifying organizations that meet the necessary privacy criteria. Organizations must first undergo an assessment by Deloitte, Ryerson’s exclusive assessment arm for the certification framework, against the 7 Foundational Principles.

Safari workaround claimants to get their day in UK court against Google: Google Inc v Vidal-Hall

March 30th, 2015

The ‘Safari workaround’ has cost Google millions. In 2012, it paid a civil penalty of US$22.5 million to settle charges brought by the US FTC that Google misrepresented to users of the Safari browser that it would not place tracking cookies or serve targeted advertisements to those users. In 2013 it paid US$17 million to settle US state consumer-based actions brought by State AGs.

Cyber threats, information sharing and The Digital Privacy Act

February 16th, 2015

Cyber security is top of mind these days in corporate boardrooms, governments, and with consumers. Last week was exemplary with more reports of hacks and governments moving forward with measures attempting to address the growing threats.

The New York Times reported that bank hackers stole millions using malware in a scam that allegedly involved an attack on more than 100 banks and other FIs in 30 nations. This followed a series of seemingly unending reports of attacks against other organizations.