The Competition Bureau Reviews Privacy Statements for “false or misleading” Representations, Levies $9 Million Fine

The worlds of competition law and privacy law have been spinning closer together in Canada for the past several years. In the Competition Bureau’s Big Data and Innovation paper released in February 2018, the Bureau stated that its “mandate to ensure truth in advertising may overlap with the OPC’s [Office of the Privacy Commissioner’s] mandate to protect privacy rights. Both mandates are important to protect consumers in the digital economy. The Bureau will continue to enforce provisions of the Act even if the offending actions may be subject to enforcement under PIPEDA.” 

The Bureau has reiterated this statement (and approach) in a series of speeches, reports and guidance, in which the Bureau has signalled that it would aggressively pursue its goal of enforcing competition law in the digital economy.

Read More

Dentons Data In Conversation Podcast Series

Dentons Data in Conversation is brought to you by the Firm’s Transformative Technologies and Data Strategy group. In the past weeks, we have seen unprecedented public health measures taken by countries and governments, forcing companies to conform quickly and embrace new ways of doing business. In a series of podcasts, we will give timely updates on the digital and privacy implications surrounding COVID-19, and the implications for businesses that are adopting transformative technologies to keep the workforce moving. 

If you require any assistance regarding specific legal issues, please reach out to a member of Dentons’ Transformative Technology and Data Strategy group, Dentons’ Cybersecurity and Privacy group, or other legal counsel.

Read More

No Vicarious Liability of Employers for Data Breach – A Good News Story from the UK

A continuing anxiety for Canadian business is their liability for the deliberate wrongdoing of an employee, who for reasons of his or her own, steals personal information and releases it publically. Employers with even the most robust of cybersecurity and privacy protections can still fall victim to a rogue employee.

There is currently no final decision in Canada on whether a corporation can be vicariously liable for the actions of a rogue employee who breaches the privacy of the company’s employees or customers. To date, that issue has been addressed only at the certification stage of class proceedings on a preliminary basis.

Read More

British Columbia Modifies Data Residency Requirements in Response to COVID-19

British Columbia has temporarily modified its Freedom of Information and Protection of Privacy Act, R.S.B.C. 1996, c.165 (“FIPPA“) to lift a requirement that personal information handled by public sector agencies, and service providers to those public sector agencies, be kept in Canada.

Under the Order, made on March 26, 2020, “health care bodies”, the Province and certain provincial health-related authorities and ministries may now disclose personal information inside or outside of Canada in accordance with s. 33.2(a) and (c) of FIPPA on the condition that the disclosure is necessary:

a. for the purposes of communicating with individuals respecting COVID-19,

Read More

Privacy During a Pandemic: Privacy Commissioners Issue Guidance

On March 20, 2020 the Office of the Privacy Commissioner of Canada (“OPC“) issued its guidance for privacy during a pandemic. The guidance, Privacy and the COVID-19 outbreak, deals primarily with the ability of an organization to handle personal information during a health emergency. Similar guidance was issued by the Privacy Commissioners in seven other provinces and is linked to within the OPC’s guidance.

Businesses hopeful that there would be some flexibility in the interpretation of the privacy laws during the COVID-19 pandemic will be disappointed. The OPC’s guidance does not offer any information on how businesses – many of which are being forced to rapidly retool existing processes or adopt new digital ones – can think differently about privacy or indicate that the OPC may interpret privacy laws more leniently in the context of an emergency.

Read More

Four of a kind: Ontario Recognizes the Fourth Privacy Tort – False Light

In late 2019, the Ontario Superior Court recognized the tort of placing a person in a false light for the first time. This landmark decision completes the set of four privacy torts, which are now all recognized in Ontario, and has implications for businesses.

For background on the three other privacy torts, intrusion upon seclusion was recognized by the Ontario Court of Appeal in Jones v Tsige in 2012. Following this landmark ruling, in 2016 and again in 2018, the Ontario Superior Court recognized the tort of public disclosure of private facts.[1] Misappropriation of personality has been recognized in Ontario since the 1970s.[2]

Read More

Changes Coming to British Columbia’s Privacy Law

On February 18, 2020, the British Columbia Legislature appointed a special committee to review that province’s Personal Information Protection Act (“PIPA“), the private sector privacy law applicable to British Columbia organizations.

PIPA came into effect in January 2004, and pursuant to s. 59, a special committee must review the Act every 6 years and submit a report. The report may include recommended amendments. In a period in which numerous privacy laws, both domestic and international are being revised, the move by the province comes as no surprise.

Also under review in a separate process is the federal private sector legislation, the Personal Information Protection and Electronic Documents Act (“PIPEDA“).

Read More