UK Privacy Regulator Publishes Report Critical of AdTech and Real Time Bidding

The rapid development of the online advertising industry and advances in advertising technology have resulted in automated and nearly instantaneous auctions of ad space on websites and other digital environments. This process, known as “Real Time Bidding” (“RTB”), is currently an area of concern for the United Kingdom Information Commissioner’s Office (“ICO”), which recently published an update report (“Update Report”) criticizing the online advertising industry’s handling of data and concluding that standard industry practices are non-compliant with European Union privacy laws.

How Real Time Bidding Works

Sophisticated RTB can be a complex series of processes and interactions, but at its most basic, it refers to a process by which online advertisers compete for an audience.

Read More

Court Finds Language of Privacy Act Precludes Arbitration of Privacy Disputes

Overview

There have been a number of recent decisions in the arbitration space regarding when it is appropriate to stay litigation in favour of arbitration and where it is not. In particular, recent appellate case law (e.g., Wellman, and Heller) discusses and interprets the principle set out in Seidel v. TELUS Communications Inc., 2011 SCC 15 that arbitration clauses will generally be enforced “absent legislative language to the contrary.”

In particular, these cases address whether statutory language in consumer protection and employment legislation constitutes “legislative language to the contrary” that precludes parties from agreeing to arbitrate. However, there was no case law that considered this issue in the context of the various privacy statutes that exist across Canada – until now.

Read More

The Privacy Commissioner, Search Engines and the Media – a Battle Over the “Right to be Forgotten”

In 2018, the Office of the Privacy Commissioner of Canada (“OPC”) began a reference to the Federal Court under subsection 18.3(1) of the Federal Courts Act (the “Reference”) in the context of an OPC investigation into a complaint made by an individual against Google. The complainant alleges that Google is contravening the Personal Information Protection and Electronic Documents Act (“PIPEDA”) by continuing to display links to news articles concerning the complainant when his name is searched using Google’s search engine. He requested that Google remove the articles from search results using his name (otherwise known as de-indexing).

Read More

Defendants Awarded Costs Where Bringing Breach Class Action Was “Questionable”

In the costs motion (Kaplan v. Casino Rama, 2019 ONSC 3310) arising from the litigation regarding the Casino Rama breach, Justice Belobaba awarded costs to the defendant, saying there was neither public interest nor a novel issue sufficient to warrant costs being awarded to the plaintiffs. Justice Belobaba was of the view that the very basis for bringing the class action was questionable, a fact which played a role in the plaintiffs having to pay. This decision may have class counsel more closely scrutinizing the merits of bringing data breach class actions.

Background

In an earlier decision released on May 7, 2019, Justice Belobaba dismissed the plaintiffs’ motion for certification, finding that the proposed class action “collapsed in its entirety” at the common issues stage.

Read More

Privacy Commmissioner Announces New “Re-Framed” Consultation on Transborder Data Flows

In a further development in the on again/off again transborder data flows consultation, the Office of the Privacy Commissioner of Canada (“OPC”) has announced it is on again.

The OPC made the announcement on June 11, 2019 and characterized this new consultation as a “re-framing” of the prior, withdrawn one. Our commentary on the on again/off again process can be found here, here and here.

The OPC said it had decided to change its approach to consultation in light of the publication by the federal government of its Digital Charter on May 21, 2019 which suggested to the OPC that “transborder data flows may be dealt with in an eventual new federal privacy law.”

The OPC is inviting stakeholder views both on how the current law should be interpreted and applied in these contexts, and on how a future law should provide effective privacy protection in the context of transfers for processing.

Read More

Privacy Commissioner Withdraws Transborder Consultation, Suggests Proactive Audits

On May 22, 2019, the Office of the Privacy Commissioner of Canada (“OPC”) held its annual forum in Toronto, Ontario. Federal Commissioner Daniel Therrien headed the annual forum along with his provincial counterparts Jill Clayton, the Information and Privacy Commissioner of Alberta, and Michael McEvoy, the Information and Privacy Commissioner of British Columbia.

The forum provides the OPC with an opportunity to update practitioners and stakeholders on current and upcoming privacy matters as well provides an opportunity to discuss and share perspectives. Not surprisingly, the topic of transborder data flows dominated the discussion. Here are three key takeaways from the forum.

Read More

New “Digital Charter” Hints at Data Portability, Digital Identity, and Penalties

The federal government announced a new “digital charter” today, emphasizing Canadians’ control over their own personal information and hinting at a “strong enforcement” regime aimed at global internet companies that violate privacy laws.

The digital charter does not have the power of law, but is rather “set of principles that all government policy and legislation will be measured against.” There is no time left in the current federal government’s mandate to reform existing privacy laws and the charter is a halfway measure, signalling to Canadians, and to social media and internet companies especially, that change is coming and what that change might look like.

Read More