Privacy Commmissioner Announces New “Re-Framed” Consultation on Transborder Data Flows

In a further development in the on again/off again transborder data flows consultation, the Office of the Privacy Commissioner of Canada (“OPC”) has announced it is on again.

The OPC made the announcement on June 11, 2019 and characterized this new consultation as a “re-framing” of the prior, withdrawn one. Our commentary on the on again/off again process can be found here, here and here.

The OPC said it had decided to change its approach to consultation in light of the publication by the federal government of its Digital Charter on May 21, 2019 which suggested to the OPC that “transborder data flows may be dealt with in an eventual new federal privacy law.”

The OPC is inviting stakeholder views both on how the current law should be interpreted and applied in these contexts, and on how a future law should provide effective privacy protection in the context of transfers for processing.

Read More

The Cryptopia Exchange Insolvency and the Importance of Data Assets

It will come as no surprise that the insolvency of a cryptocurrency exchange can lead to concerns about the recovery of assets (just think about the recent insolvency of the Canadian exchange, QuadrigaCX). The recent insolvency of Cryptopia Limited (“Cryptopia”), a New Zealand-based cryptocurrency exchange, is a good example of how these concerns can play out.  It demonstrates the importance of taking steps (both in advance of insolvency, and afterwards) to protect the assets of an insolvent exchange – in this case, to preserve data assets consisting of user account information held by a third party in another jurisdiction that the liquidator needed  to determine the owners/potential creditors of millions of cryptocurrency tokens held by the insolvent company.

Read More

UK Draft Code for Children’s Privacy has Broad Scope, Could Influence Canadian Approach

Children’s privacy is increasingly in the regulatory spotlight, and a new consultation paper from the UK suggests that even organizations which do not specifically target children may have regulatory obligations. Canada doesn’t currently specifically regulate children’s privacy, but in light of the Office of the Privacy Commissioner of Canada’s (“OPC”) recent Guidelines for Obtaining Meaningful Consent (“Meaningful Consent Guidelines”), the OPC may take a similarly broad approach to the interpretation and application of privacy laws.

UK Information Commissioner’s Approach

On May 31, 2019, the UK’s Information Commissioner’s Office (“ICO”) wrapped up a month and a half long public consultation on its draft Age appropriate design code of practice (“Code of Practice”).

Read More

Court of Appeal Clarifies Limitations Period in Alberta Privacy Actions

On May 12, 2019, the Alberta Court of Appeal released a decision from a summary dismissal application that should resolve any confusion that may have arisen at the crossroads of that province’s limitations act and its privacy legislation, the Personal Information Protection Act, SA 2003, c P-6.5 (“PIPA”).

In Alberta, in order to have a cause of action related to a privacy breach claim, claimants must first go before the Office of the Information  and Privacy Commissioner of Alberta (“AB OIPC”) and obtain a final order against an organization. Only then does a claimant have a cause of action against the organization for damages for loss or injury that the individual has suffered as a result of the breach by the organization.

Read More

NextBlock Global Limited and CEO to Pay $1M for Misleading Investors

On May 13, 2019, the Ontario Securities Commission approved a settlement agreement in the matter of NextBlock Global Limited (“NextBlock”) and its Co-Founder and CEO, Alex Tapscott. The settlement agreement acknowledged that Mr. Tapscott and NextBlock violated subsection 122(1)(b) of the Securities Act by making false representations in an offering memorandum used to solicit investors.

Background

NextBlock was launched in 2017, and raised $20 million via convertible debentures – a type of debt instrument – to invest in blockchain companies. In order to solicit funds from investors, Mr. Tapscott and other NextBlock principals claimed that as many as four prominent individuals in the blockchain industry were serving as advisors to the firm.

Read More

Privacy Commissioner Withdraws Transborder Consultation, Suggests Proactive Audits

On May 22, 2019, the Office of the Privacy Commissioner of Canada (“OPC”) held its annual forum in Toronto, Ontario. Federal Commissioner Daniel Therrien headed the annual forum along with his provincial counterparts Jill Clayton, the Information and Privacy Commissioner of Alberta, and Michael McEvoy, the Information and Privacy Commissioner of British Columbia.

The forum provides the OPC with an opportunity to update practitioners and stakeholders on current and upcoming privacy matters as well provides an opportunity to discuss and share perspectives. Not surprisingly, the topic of transborder data flows dominated the discussion. Here are three key takeaways from the forum.

Read More

New “Digital Charter” Hints at Data Portability, Digital Identity, and Penalties

The federal government announced a new “digital charter” today, emphasizing Canadians’ control over their own personal information and hinting at a “strong enforcement” regime aimed at global internet companies that violate privacy laws.

The digital charter does not have the power of law, but is rather “set of principles that all government policy and legislation will be measured against.” There is no time left in the current federal government’s mandate to reform existing privacy laws and the charter is a halfway measure, signalling to Canadians, and to social media and internet companies especially, that change is coming and what that change might look like.

Read More