Use of AI Algorithm Triggers Lawsuit and Countersuit

As artificial intelligence (AI) becomes less of a curiosity and more of an everyday tool, disputes are increasingly arising over its operation and, when things go wrong, the question inevitably arises: whose fault is this and who’s liable? One high-profile example is the ongoing dispute between Hong Kong businessman Samathur Li Kin-kan and London-based Tyndaris Investments, in which Tyndaris is suing its client for $3 million in allegedly unpaid fees. In a countersuit, Mr. Li is claiming $23 million in damages allegedly resulting from Tyndaris’ use of algorithmic trading in managing his portfolio.

Tyndaris Case

The dispute centers around whether Tyndaris misled its client as to the AI’s capabilities, which means that the AI’s performance itself will be adjudicated.

Read More

Defendants Awarded Costs Where Bringing Breach Class Action Was “Questionable”

In the costs motion (Kaplan v. Casino Rama, 2019 ONSC 3310) arising from the litigation regarding the Casino Rama breach, Justice Belobaba awarded costs to the defendant, saying there was neither public interest nor a novel issue sufficient to warrant costs being awarded to the plaintiffs. Justice Belobaba was of the view that the very basis for bringing the class action was questionable, a fact which played a role in the plaintiffs having to pay. This decision may have class counsel more closely scrutinizing the merits of bringing data breach class actions.

Background

In an earlier decision released on May 7, 2019, Justice Belobaba dismissed the plaintiffs’ motion for certification, finding that the proposed class action “collapsed in its entirety” at the common issues stage.

Read More

Privacy Commmissioner Announces New “Re-Framed” Consultation on Transborder Data Flows

In a further development in the on again/off again transborder data flows consultation, the Office of the Privacy Commissioner of Canada (“OPC”) has announced it is on again.

The OPC made the announcement on June 11, 2019 and characterized this new consultation as a “re-framing” of the prior, withdrawn one. Our commentary on the on again/off again process can be found here, here and here.

The OPC said it had decided to change its approach to consultation in light of the publication by the federal government of its Digital Charter on May 21, 2019 which suggested to the OPC that “transborder data flows may be dealt with in an eventual new federal privacy law.”

The OPC is inviting stakeholder views both on how the current law should be interpreted and applied in these contexts, and on how a future law should provide effective privacy protection in the context of transfers for processing.

Read More

New “Digital Charter” Hints at Data Portability, Digital Identity, and Penalties

The federal government announced a new “digital charter” today, emphasizing Canadians’ control over their own personal information and hinting at a “strong enforcement” regime aimed at global internet companies that violate privacy laws.

The digital charter does not have the power of law, but is rather “set of principles that all government policy and legislation will be measured against.” There is no time left in the current federal government’s mandate to reform existing privacy laws and the charter is a halfway measure, signalling to Canadians, and to social media and internet companies especially, that change is coming and what that change might look like.

Read More

Privacy Commissioner Extends Deadline for Transborder Data Flow Consultation

The Office of the Privacy Commissioner of Canada (“OPC”) has announced it will now be accepting comments related to its consultation on transborder data flows until Friday, June 28, 2019.

The discussion document, which was released on April 9, 2019 (see our blog post here, and our blog post about the OPC’s supplemental consultation paper here) reflected a reversal in the OPC’s twenty-year-old policy position on transborder data flows under the Personal Information Protection and Electronic Documents Act (“PIPEDA“).

The OPC has indicated that it intends to provide guidance on disclosures for processing and related consent and accountability requirements.

Read More

Certification of Breach Class Action Denied in Absence of Provable Losses, Commonality

On May 7, 2019, Justice Belobaba denied the motion for certification in the class action brought against Casino Rama relating to a 2016 data breach (Kaplan v. Casino Rama, 2019 ONSC 2025). Despite having five representatives, the plaintiffs were unable to show provable losses, which significantly hampered their case. What was ultimately fatal to the motion, however, was the lack of commonality, leading Justice Belobaba to remark:

The problem here, with almost all of the [proposed common issues (“PCI”)], is that there is no basis in fact for either the existence of the PCI or its overall commonality or both.

Read More

CRTC Finds Director Vicariously Liable for Company’s Violation of CASL

On April 23, 2019, the Canadian Radio-television and Telecommunications Commission (“CRTC”) imposed a $100,000 penalty on a corporate director for violations of Canada’s anti-spam legislation[1] (“CASL”) committed by the company. This is the first time an individual has been held liable under CASL for violations committed by a corporation.

Background

Operating under multiple business names (notably nCrowd, Teambuy, DealFind, and Dealathons – collectively, “nCrowd”), nCrowd sent unsolicited commercial emails to Canadians. nCrowd offered promotional vouchers for discounted rates on products, such as electronics, or services, such as beauty treatments, to be redeemed by consumers from third-party suppliers.

Read More