Archive for the ‘Privacy’ category

OPC drops transborder transfer of data consultation

September 24th, 2019

Earlier this year the Privacy Commissioner launched and then relaunched a consultation that caused shockwaves among privacy lawyers, the tech community, and just about every organization that has third parties process data for them. The OPC sought to change its longstanding interpretation of Canada’s privacy law, PIPEDA, to require the consent of individuals to transfer personal information to a third party for processing.

The OPC received numerous submissions opposing the change including from the CLHIA, Centre for Information Policy Leadership, PMAC, and Canadian Chamber of Commerce. I also wrote a personal submission opposing it and explaining why such a change could not be justified under the wording of PIPEDA or as a matter of policy.

OPC consultation on trans-border data flows: my submission to the consultation

August 6th, 2019

Dear M. Therrien:

Thank you for the opportunity to provide input into the consultation on whether consent is or should be required for transborder data flows for processing.

Introduction

By way of introduction, I am a senior technology lawyer with McCarthy Tétrault. I have significant experience in outsourcings of all types, both domestic and trans-national. I have been involved in some of Canada largest and most complex outsourcing transactions. In this connection, and as part of my privacy practice, I regularly advise clients on privacy issues associated with transfers and disclosures of personal information. I also teach privacy at Osgoode Hall Law School as part of an intellectual property law course. I also have written extensively about privacy issues including a major chapter in my eight volume book on Computer, Internet, and ecommerce Law. As such, I respectfully submit I am well positioned to provide both theoretical and practical input into the consultation.

Developments in computer, Internet and e-commerce law: the year in review (2018-2019)

June 14th, 2019

I gave my annual presentation yesterday to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covers the period from June 2018 to June 2019. The developments include cases from Canada, the U.S. the U.K., EU, Australia, South Africa, India and other countries.

The developments are organized into the broad topics of:

  • Privacy / Big Data / AI
  • Employee / HR
  • E-commerce / Online Agreements
  • Online Remedies / Governance / Jurisdiction
  • Copyright

The cases and other documents referred to are below.

Privacy / Big Data / AI

OPC position on online reputation: search engines must de-index privacy violating personal information

January 27th, 2018

Are search engines subject to PIPEDA? Should they be required to de-index web pages such as when information about an individual is inaccurate, incomplete or outdated, ;or when the linked to information is illegal? Should search engines be subject to a notice and de-indexing or demotion regime? And, should search engines be required to geo-fence to ensure that search results containing personal information about Canadians that violates PIPEDA  is not made accessible in Canada regardless of which domain a Canadian searches on? In a Draft OPC Position on Online Reputation released yesterday in response to a public consultation, the answer to each of those questions was YES.

Digital Privacy Act Security Breach Regulations: my representations

October 1st, 2017

Here are my representations sent to Jill Paterson, Senior Policy Analyst, Digital Policy Branch, Spectrum, Information Technologies and Telecommunications (SITT) Sector, Innovation, Science and Economic Development Canada, CD Howe Building, 235 Queen Street, Room 162D, Ottawa, Ontario K1A 0H5.

________________________________________________________

These are my representations on the draft Breach of Security Safeguards Regulations published in the Canada Gazette, Part I, August 14, 2017.

I am Barry Sookman, a senior Partner with the law firm McCarthy Tétrault. I am also an Adjunct professor of intellectual property law at Osgoode Hall law School where I teach, among other things, privacy law. My firm acts for clients that have important concerns about the draft Regulations. However, I make these representations solely on my own behalf.

PIPEDA’s global extra-territorial jurisdiction and right to be forgotten: A.T. v. Globe24h.com

February 1st, 2017

The Federal Court of Canada released a landmark decision finding that the court has the jurisdiction to make an extra-territorial order with world-wide effects against a foreign resident requiring the foreign person to remove documents containing personal information about a Canadian citizen that violates the person’s rights under Canada’s privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). In A.T. v. Globe24h.com, 2017 FC 114 the Honourable  Mr Justice Mosely ordered the individual operator of the website Globe24h.com to remove all Canadian tribunal and court decisions  posted on the site that contain personal information and to take all necessary steps to remove the decisions from search engines caches.

PIPEDA privacy law given business friendly interpretation by Supreme Court: RBC v Trang

November 18th, 2016

Canada’s federal privacy law, PIPEDA, was enacted to be one of our framework laws that would underpin our digital economy. It’s goal was to recognize the privacy rights of individuals and at the same time to recognize the legitimate needs of organizations to collect, use, and disclose personal information. That balance between privacy and  uses of personal information for appropriate purposes was underscored by the Supreme Court in a decision released yesterday in Royal Bank of Canada v. Trang 2016 SCC 50.  .

Microsoft wins big in warrant fight to protect privacy of user data

July 15th, 2016

Microsoft scored a major victory for the privacy of its cloud computing users yesterday winning a closely watched case against U.S. Government. In Microsoft Corporation v USA (2nd.Cir. Jul. 14, 2016), the U.S. Second Circuit Court of Appeals held that a warrant issued under Section 2703 of the Stored Communications Act (ECA) did not have extra-territorial effect to require U.S. based Microsoft to access and provide the government with user data stored on servers operated by a subsidiary in Dublin Ireland.

The year in review: developments in computer, internet and e-commerce law (2015-2016)

June 14th, 2016

I gave my annual presentation today to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covered the period from June 2015 to June 2016. The developments included cases from Canada, the U.S. the U.K., and other Commonwealth countries.

The developments were organized into the broad topics of: Technology Contracting, Online Agreements, Privacy, Online/Intermediary Liability/Responsibility, Copyright, and Trade-marks and Domain names.

The cases referred to are listed below. My slides can be viewed after the case listing. These and many other cases will be added to my 7 volume book on Computer, Internet and E-Commerce Law (1988-2015).

Privacy injunctions in the age of the Internet and social media: PJS v News Group Newspapers

May 24th, 2016

You’re a celebrity and had a threesome. Your partner wasn’t one of them. You want the affair to remain private. You go to a court in England where your family resides and get an interim injunction. It prevents the English press from publishing the tawdry details to protect your privacy and the privacy of your family. The affair becomes widely known in other countries including the US, Canada, and Scotland. The English public finds out about it through foreign web sites. They also find the story when using search engines, even when not looking for it. The English public is incited to access websites where details about the encounter can be found by the tabloids which thrive on selling papers filled with salacious details of sexual encounters. The tabloids create a frenzy working up the public claiming they are being censored when their foreign counterparts are not, then move to set aside the injunction.