Liability under the CPPA

Liability under the CPPALiability under the CPPA



The headlines about the new proposed federal privacy law, the Consumer Privacy Protection Act (“CPPA”), frequently focus on the extremely high penalties and fines for non-compliance. But, these headline miss by a wide margin how onerous liability under the CPPA will be.

The liability under the CPPA will be a major departure from the PIPEDA regime. The changes are explained in the detailed blog post, The CPPA’s Privacy Law Enforcement Regime published by McCarthy Tetrault lawyers Gillian Kerr, Nikiforos Iatrou, Pippa Leslie and I (with help from Daanish Pasricha).…

Liability for defamation

Social media liability for defamation: Giustra v TwitterSocial media liability for defamation: Giustra v Twitter



“Tweets span international boundaries, making for jurisdictional issues with respect to the adjudication of legal claims relating to them.” This is opening line in a lengthy decision of a British Columbia court in Giustra v Twitter, Inc.,[1] holding that the court had territorial competence over Twitter to adjudicate claims arising from defamatory tweets disseminated by users and relayed on Twitter’s social media platform.

The case is significant. First, because of Justice Myers’ holding that the B.C. court had jurisdiction over Twitter to rule on its liability.…

Top legal developments in e-commerce, privacy and intellectual propertyTop legal developments in e-commerce, privacy and intellectual property



Despite COVID-19, 2020 was an eventful year, chock full of impactful legal developments in e-commerce, technology, privacy, anti-spam, and intellectual property law. Here is a summary of my picks for the top legal developments.

e-commerce

Standard form online agreements and unconscionability

Online and in-App agreements are typically presented to users as “standard form”, “take it or leave it”, “boiler plate” forms. Most common are some variation of a “click-wrap”, “sign-in wrap”, or “browsewrap” agreement. They are used pervasively on websites and on Apps, among other locations.…

Trade in Intangibles and impacts of the CPPA on small businessTrade in Intangibles and impacts of the CPPA on small business



I had the pleasure of participating in a virtual roundtable earlier today hosted by The Center for International Governance Innovation (CIGI), an independent, non-partisan think tank. It was organized at the request of Minister Mary Ng, the Federal Minister of Small Business, Export Promotion and International Trade and moderated by Rohinton Medhora, CIGI’s President. One major focus of my remarks was on the impacts of the CPPA on small business.

The roundtable had three main topics:

1. Digital trade: Covid-19 economic recovery and Canadian businesses

2.…

CPPA: identifying the inscrutable meaning and policy behind the de-identifying provisionsCPPA: identifying the inscrutable meaning and policy behind the de-identifying provisions



The Consumer Privacy Protection Act (CPPA) will make substantial changes to Canada’s privacy law. As noted previously, the bill includes many of the provisions in the Personal Information Protection and Electronic Documents Act (PIPEDA), plus a lot more. In a prior post, CPPA: transfers of personal information to service providers, I examined the new provisions dealing with transfers of personal information to service providers. In this post I examine the significant proposed changes to the law as they relate to personal information that has been “de-identified”.…

CPPA: transfers of personal information to service providersCPPA: transfers of personal information to service providers



The Consumer Privacy Protection Act (CPPA) will make substantial changes to Canada’s privacy law. As noted previously, the bill includes many of the provisions in the Personal Information Protection and Electronic Documents Act (PIPEDA), plus a lot more. In some cases, it builds on the provisions of PIPEDA, on the guidance and decisions of the Commissioner, but includes changes designed either to clarify or change the law. A case in point are the very important new provisions which address transfers of personal information to service providers.…

Canada’s Digital Charter privacy lawCanada’s Digital Charter privacy law



Personal data is the new oil. Yet, the commoditization and uses of personal data in innovative and other ways often collides with the individual and public interest in observing reasonable expectations of privacy. Privacy has been at the crossroads in Canada; our existing privacy law is over 20 years old –  in digital terms – over 140 years old. After much consultation the government introduced a new bill to catch us up with the somewhat long name An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts.…

PIPEDA by the numbers: lessons for privacy law reform in Canada?PIPEDA by the numbers: lessons for privacy law reform in Canada?



The Federal Privacy Commissioner (OPC) just released the 2019-2020 Annual Report to Parliament on the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA). In the report the OPC repeated the plea for reform of PIPEDA arguing that PIPEDA “is outdated and does not sufficiently deal with the digital environment to ensure appropriate regulation of new technologies.” The report also proposed major new remedial powers for the OPC. Interestingly, however, statistical data in the Annual Report illustrates how well PIPEDA appears to be working despite the lack of these remedial powers.…

Alert: OSFI consultation on technologyAlert: OSFI consultation on technology



OSFI, the federal regulator of financial institutions such banks and insurance companies (FI’s), just released a discussion paper Developing financial sector resilience in a digital world: Selected themes in technology and related risks. The paper signals that the Office of the Superintendent of Financial Institutions may eventually develop guidance to regulate digital risks such as cybersecurity, data analytics, artificial intelligence (AI), quantum computing, third party ecosystems and data.

OSFI’s decision to even study regulating the use of technologies by Canadian FIs is something that needs to be on people’s radar.…

Privacy developments: OPC Privacy Guide for Businesses and Ontario privacy consultationPrivacy developments: OPC Privacy Guide for Businesses and Ontario privacy consultation




Unquestionably, personal data is the economy’s “new oil” and Canadian organizations face compliance challenges like never before. It is noteworthy, therefore, that last week the federal Office of the Privacy Commissioner (OPC) released a new Privacy Guide for Businesses (the Privacy Guide) and the Ontario Ministry of Government and Consumer Services released a public consultation on Reforming Privacy in Ontario’s Private Sector.

The Privacy Guide provides a high level overview of PIPEDA including the fair information principles.

The Privacy Guide has some interesting interpretations of PIPEDA.…