Archive for the ‘Privacy’ category

Cyber threats, information sharing and The Digital Privacy Act

February 16th, 2015

Cyber security is top of mind these days in corporate boardrooms, governments, and with consumers. Last week was exemplary with more reports of hacks and governments moving forward with measures attempting to address the growing threats.

The New York Times reported that bank hackers stole millions using malware in a scam that allegedly involved an attack on more than 100 banks and other FIs in 30 nations. This followed a series of seemingly unending reports of attacks against other organizations.

Internet justice: Mosley v Google

February 2nd, 2015

In the landmark ruling in Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (case no. C-131/12, May 13, 2014), the Court of Justice of the European Union (CJEU) recognized that search engines are controllers of the personal information they process and have the obligation, in appropriate cases, to de-list links to personal information in their search results. A recent decision in  Mosley v Google Inc & Anor [2015] EWHC 59 (QB) (15 January 2015) has recognized that a right to get a blocking order against a search engine might also exist in the United Kingdom under the UK Data Protection Act 1998. The case also illustrates the challenges individuals have in vindicating their privacy interests in the Internet context.

Cell phone searches legal say SCOC: R v Fearon

December 11th, 2014

A divided Supreme Court ruled that individuals cannot be secure that their most personal information will be protected from warrantless searches when arrested. In a 4 to 3 ruling, in R v Fearon, the Court held that if a person is lawfully arrested, a search is conducted that is incidental to the arrest, the search is tailored to its purpose, and the police take detailed notes, police may search the person’s cell phone.

The “Right to be Forgotten” Guideline from the Article 29 Working Party

December 1st, 2014

In the landmark ruling in Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (case no. C-131/12, May 13, 2014), the Court of Justice of the European Union (CJEU) recognized that search engines are controllers of the personal information they process. As such, they have the obligation, in appropriate cases, to de-list links to personal information in their search results.

The Gonzales decision left open questions about the scope of the duty and the criteria to be used in determining what links must be delisted, something which Google, data protection authorities, and others had disagreed about. The Article 29 Data Protection Working Party has now released a Guideline addressing these controversial issues.

Digital Privacy Act: Important work still to be done by the INDU Committee

November 10th, 2014

The Digital Privacy Act (Bill S-4) will make significant changes to Canadian privacy law when it is enacted. The amendments to PIPEDA have been in the making since 2007 following the statutory review of PIPEDA by the Standing Committee on Access to Information, Privacy and Ethics. The Bill has passed the Senate and was referred to the Standing Committee on Industry, Science and Technology. The INDU Committee will begin considering the Bill on November 25, 2014.

Internet users’ privacy and anonymity protected by Supreme Court: R v Spencer

June 13th, 2014

Earlier today, the Supreme Court released a landmark decision dealing with privacy on the Internet. The main issue in R v Spencer 2014 SCC 43 was whether a user of the Internet has a reasonable expectation of privacy in his or her basic subscriber information held by the user’s ISP that prevents the police from obtaining this information from the ISP without a warrant or court order. Prior to the decision some courts had ruled that ISPs could turn over subscriber contact details associated with the person’s IP address to police without  a warrant or court order. The Court rejected this line of cases ruling that a person has a reasonable expectation of privacy associated with Internet activities and that the “lawful authority” exemption in PIPEDA does not create a basis to turn such information to the police.

Canada to amend PIPEDA with the Digital Privacy Act

April 8th, 2014

Bill S-4, the Digital Privacy Act (An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act,) was given First Reading in the Senate today.  The summary of the Bill describes the proposed amendments as follows:

Alberta PIPA violates Charter says Supreme Court in IPC v United Food and Commercial Workers

November 15th, 2013

The Supreme Court released a landmark decision today in the  Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC 62 case. In short, the Court found that while Alberta’s privacy legislation PIPA plays a vital role in protecting privacy, it violated the Charter right to freedom of expression by precluding the use of personal information in the labour context. The ruling is an appeal from a decision the Alberta Court of Appeal, which is summarized here.

The headnote of the case reads as follows:

Privacy Commissioners speak about Getting Accountability Right at CLHIA Conference

May 14th, 2013

Last week I had the pleasure of listening to a great talk titled “Privacy: Getting Accountability Right” at the 2013 Compliance and Consumer Complaints Annual Conference organized by the Canadian Life and Health Insurance Asscoiation Inc. Taking place in sunny Vancouver (see below), the speakers were Barbara Bucknell of the Office of the Privacy Commissioner of Canada, Jill Clayton, Information and Privacy Commissioner, Alberta, and Elizabeth Denham, Information and Privacy Commissioner, British Columba.

 

Vancouver Harbor

 

Here is a summary of their remarks.

The first question addressed to each panelist was the trends they were seeing in relation to privacy in the insurance industry.

Wiretap intercept rules apply to mobile text messages says Supreme Court: R v TELUS

March 28th, 2013

The Supreme Court decided yesterday that police are required to comply with Part VI of the Criminal Code if they want to secure the prospective and continuous production of text messages from a mobile carrier like TELUS. In R. v. TELUS Communications Co., 2013 SCC 16, the Court ruled that police cannot merely obtain a general warrant. Rather to obtain copies of text messages in these circumstances, they must obtain an intercept order and comply with the conditions needed to intercept voice communications.