Privacy Archives - Dentons Data

At What Point Does the Failure of an Organization’s Security Safeguards Amount to Recklessness?

Posted on January 30, 2020 By Luca Lucarini
Categories: Class Actions, Data, Intrusion upon Seclusion, Litigation, Privacy

The tort of intrusion upon seclusion, as set out by the Ontario Court of Appeal in Jones v Tsige, requires the defendant’s conduct to be intentional, or, at a minimum, reckless. The question is: at what point does the failure of an organization’s security safeguards amount to recklessness? This was the question addressed by the Ontario Superior Court of Justice in the recent case, Wilson-Flewelling v Queensway Carleton Hospital, 2019 CanLII 65155 (ON SCSM) (“Queensway Carleton Hospital”).

The facts

The court heard that the Plaintiff, Ms. Wilson-Flewelling, had attended the defendant hospital (“Hospital”) to book a surgical procedure, that the Hospital’s medical office administrator had left a completed surgical booking package in the Hospital’s dedicated, locked drop box, and that the Plaintiff had unexpectedly received the package in the mail a week later.

Privacy Commissioner Issues Notice of Consultation on Artificial Intelligence

Posted on January 29, 2020 By Kirsten Thompson
Categories: Artificial Intelligence, Data, Privacy

The Office of the Privacy Commissioner of Canada (“OPC“) has released a Consultation Paper on artificial intelligence (“AI“), saying that it is of the opinion that “responsible innovation involving AI systems must take place in a regulatory environment that respects fundamental rights and creates the conditions for trust in the digital economy to flourish. “

The OPC intends to examine AI in the context of the legislative reform policy analysis as it relates specifically to the Personal Information Protection and Electronic Documents Act (“PIPEDA“). The OPC is clear that it has concerns about AI, stating:

“In our view, AI presents fundamental challenges to all PIPEDA principles and we have identified several areas where the Act could be enhanced.”

Privacy Commissioner Backs Down on Changes to Cross Border Transfers

Posted on September 24, 2019 By Kirsten Thompson
Categories: Privacy

The Office of the Privacy Commissioner of Canada (“OPC“) has backed away from attempting to reverse its position on cross border transfers of personal information, saying that at least for now, its guideline for processing data across borders remains unchanged.

The Reversal

The OPC created controversy in its Equifax Finding, wherein it declared that consent was necessary for transfers for processing, a wholesale departure from its previous position. The OPC simultaneously announced it would be holding a stakeholder consultation on transborder data flows. The consultation paper (“Consultation Paper”) proposed a reversal of the two-decades old existing policy on consent.

Ontario Adopts Digital Insurance Certificates

Posted on September 20, 2019 By Hartley Lefton
Categories: E-Commerce, Privacy

An annual tradition in Ontario is an insured driver opening a letter from their insurer with their new or renewed automobile insurance policy, which includes their new “pink card” certificate evidencing their automobile insurance. This certificate is often requested by police officers during a roadside stop, and shown to other drivers in the event of an automobile accident.

The Ontario government recently approved changes to the “pink card” process which acknowledges the reality of 21^st century data storage and sets the stage for further changes to automobile insurance.

What are the changes?

Motorists now have the option of carrying proof of automobile insurance on their smart phones or other mobile devices and this electronic certificate is required to have the same data fields, text, and overall appearance as the paper certificate.

Claims for Both Punitive Damages and Damages for Intrusion Upon Seclusion Survive

Posted on August 30, 2019 By Luca Lucarini
Categories: Intrusion upon Seclusion, Litigation, Privacy

The Issue

Does entering someone’s house while he is out of the country and stealing his personal documents amount to conduct that is so reprehensible that it might warrant an award for punitive damages on top of damages for breach of privacy? This was the question addressed by the Ontario Superior Court of Justice in Furfari v Pedias, 2019 ONSC 4278 (“Furfari”).

The Facts

The Plaintiff, Mr. Furfari, had previously been friends with the Defendant, Mr. Pedias, and his brother Mario, who was the vice-president of the company that the Plaintiff had previously worked for, and which was now suing him in unrelated action.

UK Privacy Regulator Publishes Report Critical of AdTech and Real Time Bidding

Posted on July 15, 2019 By David Konkin
Categories: Privacy

The rapid development of the online advertising industry and advances in advertising technology have resulted in automated and nearly instantaneous auctions of ad space on websites and other digital environments. This process, known as “Real Time Bidding” (“RTB”), is currently an area of concern for the United Kingdom Information Commissioner’s Office (“ICO”), which recently published an update report (“Update Report”) criticizing the online advertising industry’s handling of data and concluding that standard industry practices are non-compliant with European Union privacy laws.

How Real Time Bidding Works

Sophisticated RTB can be a complex series of processes and interactions, but at its most basic, it refers to a process by which online advertisers compete for an audience.

Court Finds Language of Privacy Act Precludes Arbitration of Privacy Disputes

Posted on By Chloe Snider
Categories: Litigation, Privacy

Overview

There have been a number of recent decisions in the arbitration space regarding when it is appropriate to stay litigation in favour of arbitration and where it is not. In particular, recent appellate case law (e.g., Wellman, and Heller) discusses and interprets the principle set out in Seidel v. TELUS Communications Inc., 2011 SCC 15 that arbitration clauses will generally be enforced “absent legislative language to the contrary.”

In particular, these cases address whether statutory language in consumer protection and employment legislation constitutes “legislative language to the contrary” that precludes parties from agreeing to arbitrate. However, there was no case law that considered this issue in the context of the various privacy statutes that exist across Canada – until now.