News

  • - 2017-06-23 -

    In a 4-3 decision, the Supreme Court of Canada ruled in Douez v Facebook Inc, 2017 SCC 33, that Facebook’s efforts in its terms of service to require Canadians to pursue grievances with Facebook in California courts instead of Canadian courts is unenforceable.

    The case involved a class action against Facebook alleging violations of BC's Privacy Act. The class action could not proceed, however, as Facebook argued that its terms of service require disputes to be resolved in California courts and under California law. Historically, the Supreme Court of Canada's jurisprudence favoured enforcement of these “forum selection clauses” on the rationale that holding sophisticated commercial parties to their jurisdictional choices advances the underlying principles that private international law seeks to achieve.

    However, online platforms now routinely impose non-negotiable choice of forum and law clauses in their terms of service, which consumers must accept on a take it or leave it basis. This places a heavy burden on individuals, who are left with no option but to enforce their rights in foreign courts and under foreign laws. This is especially problematic where the laws in question implicate constitutionally protected rights are invoked, as different jurisdictions must have leeway to apply different standards of freedom of expression and privacy to their denizens. CIPPIC's intervention therefore argued that enforcing forum selection clauses imposed onto online customers on a non-negotiable basis will undermine the principles of order, fairness and comity which private international law seeks to achieve.

  • - 2017-06-01 -

    CIPPIC has been awarded a grant from the Office of the Privacy Commissioner of Canada, through its Contributions Program, for a research project analyzing the activities of data brokers in Canada.

    The project, titled Back on the Data Trail, examines the evolution of the Canadian data broker industry over the past decade. The project picks up CIPPIC’s prior OPC-funded work in this field: in 2006, CIPPIC published a study of Canada’s data broker industry: On the Data Trail: How detailed information about you gets into the hands of organizations with whom you have no relationship. Over a decade later, and despite radical structural changes in Canada’s data broker industry, this report continues to be the leading analysis of the industry. Indeed, the Research Group of the Office of the Privacy Commissioner of Canada’s 2015 discussion paper on the industry, Data Brokers: A Look at the Canadian and American Landscape (September 2014), relied heavily on CIPPIC’s now-dated 2006 report. It is past time to update this important research.

  • - 2017-04-10 -

    Today marks the launch of the 2017 Google Policy Fellowship (Canada), which will host a Google Policy Fellow at each of Canada's two leading technology research and policy centres - CIPPIC and the Citizen Lab, University of Toronto. CIPPIC's Google Policy Fellow will join our Summer Internship Program and work closely with CIPPIC staff on a range of dynamic, cutting edge law & technology issues as we seek to further our public interest mandate. This includes helping to formulate strategy, conducting research and analysis, and drafting submissions to various levels of court, political and legislative venues, and regulatory bodies. Substantively, CIPPIC advocacy covers a diverse range of digital rights/policy issues, including copyright, privacy/electronic surveillance, telecommunications regulation/net neutrality, online consumer protection, online speech, access to knowledge and more general Internet governance concerns. CIPPIC is strongly committed to a diverse environment, and in particular encourages applications from racialized persons / persons of colour, women, Indigenous / Aboriginal People of North America, persons with disabilities, LGBTQ persons, and others who will enrich our discourse by ensuring it is the product of a diversity of perspectives.

    The policy fellow will also participate in our Summer Speaker Series, which brings leading experts in Canadian law & technology fields in to discuss various pressing issues with our students in a closed environment. See past annual bulletins for a list of past speakers, as well as a description of some of our work. Applications are due Friday, April 28, 2017. The fellowship will run for 10 weeks this summer and is open to any law students or law graduate students, with specific times and dates to be coordinated with the host organization. Application details are available at: https://cippic.ca/jobs/google_policy_fellowship_canada_2017.

  • - 2017-03-21 -

    A NAFTA Arbitration Panel has dismissed Eli Lilly's claim for compensation from the Canadian government for the invalidation of two of its patents by the Supreme Court of Canada.  Lilly claimed that Canada's utility standard under patent law failed to meet its NAFTA obligations, and that the invalidation of its patents amounted to an expropriation that entitled it to a remedy under NAFTA's investor protection provisions.

    Lilly's argument sought to leverage international trade investor protection provisions to shape the general contours of substantive intellectual property law.  The Panel rejected that invitation, declining to challenge courts' supervisory role over patentability in the Canadian patent system, stating that "a NAFTA Chapter Eleven tribunal is not an appellate tier" and that it would be inappropriate for a NAFTA tribunal to assess judicial conduct against NAFTA obligations other than in "exceptional circumstances, in which there is clear evidence of egregious and shocking conduct."   

    Decision:

    Previously:

  • - 2016-11-10 -

    The Federal Court of Canada has found that obtaining, reading and distributing paywalled articles for the purposes of assessing and responding to the contents of those articles constituted fair dealing under the Copyright Act.

    In a tightly drafted judgement, Justice Barnes found that the Finance Department employees exercised their fair dealing rights for research purposes in receiving a pair of articles from a Blacklock's subscriber, and reading and sharing those articles internally with other Department employees.  Justice Barnes rejected Blacklock's arguments that its terms of use barred such dealing, noting that it was not Blacklock's practice to explicitly bring such terms to the attention of users, and, in any event, those terms contained an ambiguity permitting reproduction and distribution for non-commercial, personal or educational purposes.

    Given the outcome of its fair dealing analysis, Justice Barnes saw no need to address the Government's claim that Blacklock's practices constituted copyright misuse, although he did note that there are "certainly some troubling aspects to Blacklock's business practices".  The Court awarded costs to the Government.

  • - 2016-10-05 -

    Last month, Public Safety Canada followed through on commitments to review and consult on Canada’s national security framework. The process reviews powers that were passed into law following the passage of Bill C-51, Canada’s recent controversial anti-terrorism overhaul, as well as invite a broader debate about Canada’s security apparatus. While many consultation processes have explored expansions of Canada’s national security framework, the current consultation constitutes the first modern day attempt to explore Canada’s national security excesses and deficiencies. Unfortunately, the framing of the consultation demonstrates minimal direct regard for privacy and civil liberties because it is primarily preoccupied with defending the existing security framework while introducing a range of additional intrusive powers. Such powers include some that have been soundly rejected by the Canadian public as drawing the wrong balance between digital privacy and law enforcement objectives, and heavily criticized by legal experts as well as by all of Canada’s federal and provincial privacy commissioners. The government’s framing of the issues are highly deficient. Specifically, the consultation documents make little attempt to explain the privacy and civil liberties implications that can result from the contemplated powers. And while the government is open to suggestions on privacy and civil liberties-enhancing measures, few such proposals are explored in the document itself. The consultation documents also fail to provide detailed suggestions for improving government accountability and transparency surrounding state agencies’ use of already-existent surveillance and investigative tools. 

    In light of these deficiencies, we will be discussing a number of the consultation document’s problematic elements in a series of posts authored in conjunction with Christopher Parsons at the Citizen Lab, beginning with today's installment (after the jump, or in PDF format) regarding the government’s reincarnation of a highly controversial telecommunication subscriber identification power.

  • - 2016-09-21 -

    The trial in Blacklock’s Reporter v Attorney-General Canada ended today with the parties’ closing arguments.

    Justice Barnes opened the day inviting the parties to make submissions focusing on the legal implications of what happened between the parties.

    Plaintiff’s counsel opened argument with a brief review of the documentary evidence, and suggested that there were four issues:  (1) infringement, (2) fair dealing, (3) copyright misuse, and (4) damages.

  • - 2016-09-20 -

    CIPPIC appeared today before the House of Commons Standing Committee on Access to Information, Privacy & Ethics (ETHI) in its ongoing review of Canada's aging Privacy Act. The Act regulates the federal government's handling of personal information, comprising a central component of Canada's privacy framework. However, it has not received any substantial updates since its introduction in the early 1980s, despite tectonic shifts in the incentives animating government data-related objectives as well as in the technological capability to achieve these objectives. In addition, the government has introduced numerous laws designed to update and expand its ability to collect, use and share private data since the 1980s, including laws specifically designed to address technological developments. In the face of this one-sided expansion of state capabilities, the Privacy Act has simply not kept pace, and is in serious need of modernization if it is to continue to effectively meet its objectives to protect individual privacy rights, facilitate government accountability and safeguard public trust.

    CIPPIC's recommendations sought to address key gaps in the Privacy Act, while adding principled protections that will help the Act stay relevant in the future. This includes the addition of principled limits on how long data can be reasonably kept by the government. There is currently no such explicit obligation in the Privacy Act, despite the fact that retention limitations are a hallmark of data protection regimes. An over-riding reasonableness obligation is also necessary, as it would ensure government data practices remain proportionate and in alignment with Charter values. CIPPIC also called for addressing central shortages in the Act's transparency framework, including the incorporation of statistical reporting obligations attaching to all law enforcement electronic surveillance powers, and a general 'openness' obligation compelling the government to proactively explain its privacy practices. Additional recommendations addressed the need for mandating reasonable technical safeguards, a mandatory data breach notification regime and formalizing privacy impact assessment requirements.

    UPDATE: In December 2016, ETHI released the results of its study in a report entitled "Protecting the Privacy of Canadians: Review of the Privacy Act". The Report adopts many of CIPPIC's recommendations.

  • - 2016-09-13 -

    CIPPIC and the Citizen Lab, released a report today that describes and analyzes a class of covert electronic surveillance devices called cell site simulators (typically referred to as IMSI Catchers or by brand names such as 'Stingray'). IMSI Catchers operate by impersonating cell phone towers in order to trick mobile devices within range into transmitting digital identifiers, which are then used to track mobile devices or identify the otherwise anonymous individuals associated with them. The report (Executive Summary, FR) argues that the devices are inherently invasive. The geo-location and identification they facilitate engages sensitive privacy interests and, moreover, they are inherently coarse - for each target they are deployed against, the privacy of thousands of non-targeted mobile devices within range is collaterally affected. IMSI Catchers are also intrusive for their interference with the operation of mobile devices, which cannot receive or transmit any phone, text or data communications while engaged with an IMSI Catcher. This can include interference with critical communications such as emergency 911 calls.

    Exacerbating the intrusive features of this electronic surveillance tool has been the cloud of secrecy that pervades its use. The report describes significant efforts by journalists and civil society, in Canada and abroad, which sought to uncover use of this device in Canada and the heavy and unnecessary yet persistent resistance these efforts have experienced. The resulting secrecy, which appears to be encouraged by non-disclosure agreements imposed on Canadian agencies by IMSI Catcher vendors, has delayed important public policy debates regarding the appropriate use of these devices, while eroding public confidence. The report calls for the imposition of a range of transparency, proportionality and mitigation measures, modeled on regulatory frameworks adopted by other jurisdictions for IMSI Catchers, by Canadian courts and legislatures for comparably intrusive electronic surveillance tools and by international normative frameworks for digital privacy protection.

  • - 2016-08-26 -

    CIPPIC's application for leave to intervene has been granted in Douez v Facebook Inc, SCC File No 36616, an appeal that raises fundamental questions regarding the nature of online jurisdiction, e-consumer protection and privacy. Specifically at issue is a forum selection clause imposed by Facebook onto all of its customers, on a take it or leave it basis, mandating that all disputes be brought against it in California. On the basis of this clause, it was held that a class action launched against Facebook in BC and alleging violations of BC privacy laws cannot proceed.

    Managing online jurisdiction-where services can have significant global presence and impact on a largely virtual basis-has strained digital policy since the early days of the world wide web. However, CIPPIC's proposed intervention intends to argue that forum selection clauses are ill-suited as a means of navigating the challenges posed by global online services. A mandatory, non-negotiable forum selection clause effectively opts a service provider out of Canadian standards and laws as foreign courts tend to apply their own rules and standards. As forum selection clauses are ubiquitous and non-negotiable in online services, their universal enforcement could effectively deprive Canadians from domestic protections in relation to digital activities that are increasingly critical to their daily lives. In addition, it could force any Canadian individual embroiled in a dispute with a global online platform to undertake the expense and inconvenience of suing in a foreign court.