Tag: Privacy

Using privacy laws to regulate automated decision makingUsing privacy laws to regulate automated decision making

April 30, 2021 Barry Sookman Charles Morgan Adam Goldenberg 0 Comments

Making decisions about individuals using computers and computer algorithms is now commonplace. There are now also increasing proposals to use privacy laws to regulate automated decision making. One of the first explicit attempts to regulate automated decision-making using privacy laws is the European Union General Data Protection Regulation (GDPR). More recently (and locally), both the Consumer Privacy Protection Act (CPPA), Canada’s proposed controversial new privacy law, and Bill 64, Quebec’s proposed privacy amendments, would enact new transparency and explainability obligations for automated decision making.…

Read Full

Liability under the CPPALiability under the CPPA

January 28, 2021 Barry Sookman 0 Comments

The headlines about the new proposed federal privacy law, the Consumer Privacy Protection Act (“CPPA”), frequently focus on the extremely high penalties and fines for non-compliance. But, these headline miss by a wide margin how onerous liability under the CPPA will be.

The liability under the CPPA will be a major departure from the PIPEDA regime. The changes are explained in the detailed blog post, The CPPA’s Privacy Law Enforcement Regime published by McCarthy Tetrault lawyers Gillian Kerr, Nikiforos Iatrou, Pippa Leslie and I (with help from Daanish Pasricha).…

Read Full

OPC consultation on artificial intelligence: my submission to the consultationOPC consultation on artificial intelligence: my submission to the consultation

March 16, 2020 Barry Sookman 0 Comments

Here is my submission to the OPC consultation.

______________________________________________

Thank you for the opportunity to provide input into the OPC’s consultation on artificial intelligence (AI) as it relates specifically to the Personal Information Protection and Electronic Documents Act (PIPEDA).

By way of introduction, I am a senior technology lawyer with McCarthy Tétrault. As part of my privacy practice, I regularly advise clients on privacy issues. I also teach privacy at Osgoode Hall Law School as part of an intellectual property law course.…

Read Full

OPC position on online reputation: search engines must de-index privacy violating personal informationOPC position on online reputation: search engines must de-index privacy violating personal information

January 27, 2018 Barry Sookman 0 Comments

Are search engines subject to PIPEDA? Should they be required to de-index web pages such as when information about an individual is inaccurate, incomplete or outdated, ;or when the linked to information is illegal? Should search engines be subject to a notice and de-indexing or demotion regime? And, should search engines be required to geo-fence to ensure that search results containing personal information about Canadians that violates PIPEDA is not made accessible in Canada regardless of which domain a Canadian searches on?…

Read Full

PIPEDA privacy law given business friendly interpretation by Supreme Court: RBC v TrangPIPEDA privacy law given business friendly interpretation by Supreme Court: RBC v Trang

November 18, 2016 Barry Sookman 0 Comments

Canada’s federal privacy law, PIPEDA, was enacted to be one of our framework laws that would underpin our digital economy. It’s goal was to recognize the privacy rights of individuals and at the same time to recognize the legitimate needs of organizations to collect, use, and disclose personal information. That balance between privacy and uses of personal information for appropriate purposes was underscored by the Supreme Court in a decision released yesterday in Royal Bank of Canada v. Trang 2016 SCC 50. …

Read Full

Long arm of EU privacy law: CJEU judgment in Weltimmo v HatóságLong arm of EU privacy law: CJEU judgment in Weltimmo v Hatóság

October 15, 2015 Barry Sookman 0 Comments

The territorial reach and enforcement jurisdiction of European Union’s data protection law has become a lot more important these days following the decision of the Court of Justice in the Schrems case. In a case decided just a few days before Schrems, the same court gave Directive 95/46/EC a broad reading holding that the laws of a Member State apply to data controllers in another Member State who operate a website that processes data of residents of the first Member State.…

Read Full

Schrems, what the CJEU decided and why it is a problem for Canadian and other non-EU businesses (updated)Schrems, what the CJEU decided and why it is a problem for Canadian and other non-EU businesses (updated)

October 12, 2015 Barry Sookman 0 Comments

On October 6, 2015 the Court of Justice of the European Union (CJEU) released a bombshell, but not completely unexpected judgment, invalidating a decision of the European Commission that underpinned the EU-US privacy safe harbor. In Schrems v. Data Protection Commissioner [2015] EUECJ C-362/14 (06 October 2015), the CJEU held that supervisory data authorities in Member States have the joint right with the EU Commission to review whether non-EU countries provide adequate protection to personal data transferred to them from the EU despite a decision by the EU Commission that such protection is provided.…

Read Full

Schrems brings down EU-US safe harbourSchrems brings down EU-US safe harbour

October 6, 2015 Barry Sookman 0 Comments

EU’s highest court struck a major blow to the EU-US safe harbour earlier today in the closely watched case, Schrems v. Data Protection Commissioner [2015] EUECJ C-362/14 (06 October 2015). The decision of the CJEU, which followed the earlier opinion of the Advocate General, is the worst privacy nightmare that could have been imagined by the thousands of US and EU based companies that rely on the safe harbour to transfer personal data to the US for processing. It affects giant social networks like Facebook, search engines like Google, cloud hosting providers, and thousands of other companies that do business in the EU and that transfer personal data to the US.…

Read Full

Cell phone searches legal say SCOC: R v FearonCell phone searches legal say SCOC: R v Fearon

December 11, 2014 Barry Sookman 0 Comments

A divided Supreme Court ruled that individuals cannot be secure that their most personal information will be protected from warrantless searches when arrested. In a 4 to 3 ruling, in R v Fearon, the Court held that if a person is lawfully arrested, a search is conducted that is incidental to the arrest, the search is tailored to its purpose, and the police take detailed notes, police may search the person’s cell phone.

The three dissenting judges wrote a powerful defence of privacy rights that recognized the invasions of privacy that could result from warrantless searches of cell phones,.…

Read Full

Digital Privacy Act: Important work still to be done by the INDU CommitteeDigital Privacy Act: Important work still to be done by the INDU Committee

November 10, 2014 Barry Sookman 0 Comments

The Digital Privacy Act (Bill S-4) will make significant changes to Canadian privacy law when it is enacted. The amendments to PIPEDA have been in the making since 2007 following the statutory review of PIPEDA by the Standing Committee on Access to Information, Privacy and Ethics. The Bill has passed the Senate and was referred to the Standing Committee on Industry, Science and Technology. The INDU Committee will begin considering the Bill on November 25, 2014.

The Government of Canada Backgrounder says that “Canada’s Digital Privacy Act provides important improvements to Canada’s private sector privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA)” and that it “will ensure that Canadians are safer and more secure when they surf the web or shop online”.…

Read Full