First blood: CRTC imposes $1.1 million fine in first ever finding under anti-spam law

David Elder -

Eight months after Canada’s Anti-Spam Law (CASL) came into force, the Canadian Radio-television and Telecommunications Commission (CRTC) has made public its first ever finding of non-compliance with the Act, issuing an administrative monetary penalty of $1.1 million against Compu-Finder, a firm that provides training and consulting services.

Surprisingly, this much anticipated enforcement action was not against a firm targeting consumers, as many had suspected, but rather was directed at a firm sending email messages to businesses to promote various training courses related to topics such as management, social media and professional development.   It is believed by many that the overwhelming majority of the more than 250,000 complaints received by the CRTC since the law came into force have been from consumers.  In the case at hand, the CRTC indicated that over one quarter of all complaints about the training industry sector received by the Spam Reporting Centre related to Compu-Finder, although it is not known how many complaints were received.

Continue Reading...
Tags: ,

Canada-Europe open new Patent Prosecution Highway pilot program

Justine Johnston -

The Canadian Intellectual Property Office (CIPO) has entered into a new Patent Prosecution Highway (PPH) pilot agreement with the European Patent Office (EPO). The PPH has a three year mandate; it began on January 6, 2015, and will operate until January 5, 2018. CIPO has previously entered into PPH agreements with other patent offices around the world and is a part of the Global Patent Prosecution Highway.

The PPH allows applicants with patent claims in one jurisdiction to accelerate processing in the other jurisdiction for no additional fee. PPH requests at the CIPO can be filed based on EPO national work products and EPO Patent Cooperation Treaty work products. PPH requests at EPO can be filed based on a CIPO application that was filed or entered the national phase at CIPO on or after January 6, 2015. Since applicants must file corresponding patent claims, the PPH accelerated processing is only suitable for applicants seeking similar patent protection in both jurisdictions.

Continue Reading...

FTC report on the Internet of Things urges companies to adopt privacy and data security best practices

Michael Decicco

On January 27, 2015, the United States Federal Trade Commission (FTC) released a report discussing privacy and data security in consumer devices connected to the internet. 

The Internet of Things (IoT)

The FTC defined the IoT to include things such as devices or sensors, other than computers, smartphones or tablets, that connect, communicate or transmit information with or between each other through the internet.  For example, smart thermostat systems or washers and dryers that utilize Wi-Fi for remote monitoring.

Data Security and Privacy Risks

While the FTC acknowledged some benefits of the IoT, it cautioned that the IoT presents a variety of data security and privacy risks.  The risks include: (i) the enabling of unauthorized access to and misuse of personally identifiable information (PII), (ii) the facilitation of attacks on other interconnected systems, and (iii) the creation of safety risks.  While the first two risk factors are common in the traditional computing environment, the third represents a new, physical type of risk.  For example, it may be possible to remotely hack into a connected medical device and change its settings, impeding its therapeutic function.

Continue Reading...

Global privacy authorities urge app marketplaces to make links to privacy policies mandatory

The Privacy Commissioner of Canada and 22 other privacy authorities worldwide recently issued an open letter to the operators of seven leading app marketplaces urging them to make links to privacy policies mandatory for apps that collect personally identifiable information (PII).

The letter was issued following the second annual Global Privacy Enforcement Network privacy sweep, which we discussed in a previous post.  While the letter acknowledges that app developers are responsible for communicating their privacy practices to app users, it emphasizes an app marketplace operator’s unique and integral role in users’ interactions with mobile apps. The letter described app marketplaces as important consumer landing spots where individuals can search for new apps, read reviews and access technical information in order for an individual to make an informed decision about apps in the marketplace.

Accordingly, the letter urges that app marketplaces require privacy practice information, such as privacy policy links for apps that collect PII, to be made available to users to ensure that users are meaningfully informed regarding the collection and use of their PII prior to deciding to download an app.

Tags:

ISO 27018: Data protection standards for the cloud

Michael Decicco

In 2014, the International Standards Organization (ISO) added to its family of information security standards when it published ISO/IEC 27018, a code of practice that sets forth standards for the protection of personally identifiable information (PII) in the public cloud.

ISO/IEC 27018 provides best practices for public cloud service providers and establishes a common set of control objectives, controls, and guidelines for implementing measures to protect PII. 

Continue Reading...

Bill 3 - Personal Information Protection Amendment Act in force

Gloria Moore and Gary Clarke -

On December 17, 2014, the Alberta Government’s proposed amendments to the Personal Information Protection Act (PIPA), found in Bill 3, came into force.

The proposed amendments to PIPA and the motivation for the changes are discussed in our previous blog post.

Continue Reading...
Tags:

The Federal Communications Commission asserts its role as a regulator of data security

The Federal Communications Commission (the FCC) recently took action against two United States telecommunications service providers, TerraCom, Inc. and YourTel America, Inc. (the Companies) in the FCC’s first data security case and largest privacy action in the FCC’s history.  The FCC is fining the Companies US$10 million for allegedly willfully and repeatedly violating the Communications Act of 1934.

Continue Reading...
Tags:

Alberta's proposed amendments to PIPA for labour disputes

Gloria Moore and Gary Clarke -

On November 25, 2014, the Alberta Government’s proposed amendments to the Personal Information Protection Act (PIPA), found in Bill 3, passed the second reading of the legislature.

The proposed amendments are in response to the decision of the Supreme Court of Canada in Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401. In that case, the Supreme Court of Canada declared PIPA to be unconstitutional and invalid, holding that it infringed on the freedom of expression guaranteed by the Canadian Charter of Rights and Freedoms by limiting the ability of the union to video-tape and photograph individuals crossing the picket line. The Supreme Court of Canada held that freedom of expression in the context of labour disputes must be balanced against the government’s objective of providing individuals control over their personal information when crossing a picket line. The declaration of invalidity for PIPA was suspended for 12 months, in order to give the legislature time to consider amendments to make PIPA constitutionally compliant. On October 30, 2014, this deadline was extended for an additional six months.  

For more background, please see our previous blog posts by David Elder regarding the  leave decision and the decision of the Supreme Court.

Continue Reading...

Federal Court rejects inventorship claim: design input does not a co-inventor make

Justine Whitehead and Erica Lindberg

On September 16, 2014, in Drexan Energy Systems Inc. v. Canada (Commissioner of Patents), the Federal Court rejected a claim by Drexan Energy Systems Inc. (“the Applicant”) to have two additional individuals named as co-inventors of the heating cable described in Canadian Patent 2,724,561 (the ‘561 Patent). The decision confirms the test for inventorship, and provides guidance on the distinction between mere helpful involvement in the development of a product, and a contribution to an inventive concept that would be sufficient to allow the contributor to be named a co-inventor.

Heating cables are incorporated into pipes used in cold environments to prevent the transported substances from freezing. In 2006, four individuals decided to work together to create a new type of heating cable that eliminated some of the defects in cables available at the time. By 2010, however, the relationship between the men had broken down, and only two individuals were listed as inventors on the ‘561 Patent, which was issued in 2012.

Continue Reading...

CRTC clarifies that anti-spam law won't apply to self-installation of computer programs - most of the time

David Elder -

CRTC staff has issued important guidance on its interpretation of section 8 of Canada’s Anti-Spam Legislation (CASL), noting that the law would not apply to most installations initiated by users, including the downloading of mobile apps from popular digital distribution platforms like The App Store, Google Play and BlackBerry World.

While much attention has been paid to the core anti-spam provisions of CASL, which came into force on July 1, less attention has been paid to date with respect to section 8, which governs the installation of computer programs in the course of commercial activity.  However, as the January 1, 2015 coming into force date nears for that provision, many businesses have been struggling to understand their legal obligations and take the necessary steps to comply.

Continue Reading...

Overdue legislative action threatens existence of made-in-Alberta privacy laws

Michael Decicco and Daniel Hamson

On November 15, 2013, the Supreme Court of Canada issued its decision in Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401 (United Foods), ruling that Alberta’s Personal Information Protection Act (PIPA) was unconstitutional and declaring it invalid. As noted in a previous post, the Court suspended the declaration of invalidity until November 15, 2014 in order to provide the legislature with sufficient time to decide how to best make the law constitutional.

Continue Reading...
Tags:

Mobile applications - results of global study of privacy practices and tips for increasing transparency

Michael Decicco and Lin Cong

The Global Privacy Enforcement Network recently published the results of its second annual privacy enforcement survey or “sweep” which assessed the transparency of the privacy practices of popular mobile applications. The results of the sweep suggest that the privacy policies of a high proportion of mobile applications do not adequately explain how users’ personal information is collected, used and disclosed. The general conclusion of the sweep was that clear and concise language in privacy policies builds consumer trust and is good for business.

The Office of the Privacy Commissioner of Canada (Commissioner) participated in the sweep and focused on 151 mobile applications that were popular among Canadians. The key findings of the Commissioner are as follows:

  • 28% of the applications surveyed provided a clear explanation of their collection, use and disclosure of personal information practices;
     
  • 26% of the applications surveyed offered either no privacy policy or one that did not explain how users’ personal information would be collected, used or disclosed; and
     
  • among the applications with the best privacy practices were popular applications in the e-marketplace.
Continue Reading...
Tags:

Landmark decision recognizes an individual's right to privacy over his or her online activities

Michael Decicco and Tracy Chen

The Supreme Court of Canada recently released its decision in the landmark case of R. v. Spencer, in which it found that a police request to an Internet service provider for subscriber information constituted a search under the Charter of Rights and Freedoms, and that Internet users have a reasonable expectation of anonymity in their online activities.

Background

In Spencer, police identified the IP address of a computer that an individual had used to access and store child pornography through a file-sharing program. The person had downloaded the offending material into a folder that was accessible to other users using the same program.

Continue Reading...
Tags:

B.C. Supreme Court certifies class action against Facebook

David Spence and Kathleen Elhatton-Lake -

On May 30, 2014, the British Columbia Supreme Court released its decision in Douez v. Facebook, granting the Plaintiff’s motion to certify a claim for statutory breach of British Columbia’s Privacy Act (the Privacy Act) against the defendant, Facebook.

The Plaintiff alleged that Facebook had taken names and images of Facebook users in British Columbia without the knowledge or consent of the user and featured them in “Sponsored Stories”. Sponsored Stories were advertisements, featuring the Facebook user’s name or likeness, that were sent to the user’s contacts without his or her knowledge or consent. Section 3(2) of the Privacy Act provides that:

Continue Reading...
Tags:

Use of English-only Trade-marks on store signs OK'd by Quebec Superior Court

Yury Smagorinsky and Catherine Jenner -

On April 9, 2014, the Quebec Superior Court issued its 55-page decision in Magasins Best Buy ltée c. Québec (Procureur general). The action had been initiated by certain major retailers including Wal-Mart, Best Buy, Guess, Gap, Old Navy, Guess, Walmart, Toys "R" Us and Curves against the Office québecois de la langue française (OQLF), the provincial Quebec government organization that is responsible for ensuring compliance with Quebec’s French language laws. The action sought to recognize the retailers’ right to display English-only trade-marks on public storefront signage in Quebec, a right the OQLF was contesting.

In Quebec, Bill 101, the Charter of the French Language (Charter), requires that the language on public signs be predominantly in French. Another rule in the Charter requires that businesses operating in Quebec use a French version of their firm name whenever the use of French is mandated. A firm name displayed on the sign may include words in a language other than French, provided that the non-French term(s) is accompanied by a generic French term. Examples of generic French terms used are "Magasin" (store) or "Restaurant". 

Continue Reading...