• – 2015-04-30 –

    CIPPIC Project to Examine Privacy Implications of Open Data

    CIPPIC has been awarded a grant from the Office of the Privacy Commissioner of Canada 's Contributions Program.  CIPPIC's project, called "Open Data, Open Citiziens", will examine government open data policies and the commercial exploitation of open data by the private sector with a view to assessing implications for Canadians’ privacy.  

  • – 2015-04-21 –

    CIPPIC and a number of other civil society groups and experts has put out an open letter to Industry Minister James Moore, highlighting a roadmap for how to fix a number of loopholes in Canada's Notice-Notice copyright regime. The Notice-Notice regime was enacted with the objective of creating a minimally intrusive mechanism for rights holders to contact alleged infringers. However, it is being exploited by some rights holders to send settlement demands that are unreasonable. Typical abusive notices include extravagant demands for damages well in excess of what would be available under Canada's Copyright Act, and might be sent without meaningful corroboration that the threatened recipient is actually the rights infringer. Some also include threats that the recipient will have her Internet access account terminated if they do not pay up. Third parties often flood ISPs with notices in a 'scattershot' approach not designed to facilitate an actual lawsuit based on proof of wrongdoing, but rather to encourage recipients to pay in order to make the matter go away - a highly questionable monetization technique. While rights infringers should not be able to hide behind ISPs in order to justify conduct, the current model is being abused to inappropriately threaten individuals who, often, have done nothing wrong at all.

  • – 2015-03-23 –

    Bill S-4, the Digital Privacy bill, introduces amendments to PIPEDA, Canada's federal commercial sector privacy law. The Bill, a result of PIPEDA's first five year review conducted in 2006, introduces some far overdue improvements to Canada's privacy protection toolset at a time when privacy has never faced greater challenges. These include the adoption of a breach notification regime which would obligate companies to notify customers (as well as the Privacy Commissioner) whenever a privacy breach can place affected individuals at risk of significant harm, and the adoption of more robust consent obligations. However, as CIPPIC pointed out in its testimony and response to follow-up questions, the framework adopted by Bill S-4 in addressing these issues is flawed. The data breach notification regime in particular will fail to instill incentives for better security safeguards as it only applies to breaches that pose a significant threat of harm to affected individuals. Yet the reality of security breaches is that it will often be highly uncertain whether data was even exposed, meaning many serious breaches will go unreported. Moreover, even trivial breaches that do not pose a specific risk to individuals are often indicative of a general laxity in technical safeguards. These too will remain unreported.

    Of greater concern, the Bill also includes a number of troubling exceptions that would expand the conditions under which organizations can hand over sensitive customer information to third parties. One exception would allow ISPs, online blogging discussion fora, social media sites and others to help companies trying to sue their customers by handing over sensitive customer information. It also allows for nigh unlimited information-sharing in the context of a cybersecurity breach. Such breaches often implicate immense amounts of sensitive data. The PIPEDA amendments fail to impose any obligations for companies dealing with a breach to minimize privacy impact when handing over these data troves. Additionally, our national security agencies are increasingly implicated in domestic security breaches, yet Bill S-4 does nothing to prevent them from repurposing the data troves they receive for security breaches into general security information and keeping it indefinitely. As such, there is serious concern that the emails, financial/banking information, health data, and other sensitive information that is commonly implicated in data breaches will simply be rolled in to these security agencies general profiling activities and ultimately used against the individuals who the data breach notification regimes is supposed to protect. Indeed, Bill C-51, currently being rushed through both houses of parliament at once, will make it even easier by removing barriers to 'all of government' information sharing for cybersecurity purposes.

  • – 2015-03-12 –

    CIPPIC is intervening an important Supreme Court case about copyright and technological neutrality. CBC v SODRAC concerns royalties payable by broadcasters for digital copies of music embedded in the production and broadcast of television programs. The Court’s decision could have implications for the way in which all Canadians access and pay for digital content, including music, movies and television programs, e-books, and many other online materials.  Professor Jeremy de Beer and CIPPIC Director David Fewer will appear in the case on behalf of CIPPIC. The hearing takes place on Monday, March 16, 2015, and will be webcast. Common Law students Jillian Brenner, Chelsey Colbert, Parineeta Chahal, Tracey Doyle, Laura Garcia, Grace Ko, Laura MacDonald, Samantha Peters, Sadegh Fattah, Laura Garcia and Mayuran Sivagurunathan have all assisted in preparations for the case.

  • – 2015-03-04 –

    The CIPPIC Summer Internship Program offers outstanding law students an unequaled opportunity to work on cutting edge research and advocacy issues related to law and technology. CIPPIC advocacy typically involves submission of briefs to government and other policy-makers, intervention in precedent-setting cases before judicial and quasi-judicial tribunals, provision of public legal education resources, publication of reports, participation in multi-stakeholder policy-making forums, provision of expert testimony before parliamentary committees, and advising under-represented organizations and individuals on relevant public interest issues.

    Working closely with CIPPIC lawyers, interns learn how to be effective researchers, policy analysts, and advocates while contributing to public interest policy and law reform in such areas as copyright law, privacy, online consumer protection, telecommunications regulation, net neutrality, free speech and civil liberties on the Internet.Interns may additionally have opportunities to attend conferences and workshops such as the CIPPIC summer speaker series and to participate in other aspects of the Centre for Law, Society, & Technology.

  • – 2015-02-17 –

    CIPPIC is pleased to announce that we will be hosting a Google Policy Fellow this summer. The Google Policy Fellow will join our Summer Internship Program and work closely with CIPPIC staff on a range of dynamic, cutting edge law & technology issues as we seek to further our mandate. This mandate regularly takes us before various policy- and law-making forums, including parliamentary committees, regulatory bodies, all levels of court and various international fora as we seek to advocate in the public interest on issues arising at the intersection of law and technology. It additionally includes a public education and engagement component, as we seek to ensure the public is aware of issues that may effect their daily digital lives. Substantively, CIPPIC advocacy covers a diverse range of digital rights/policy issues, including copyright, privacy/electronic surveillance, telecommunications regulation/net neutrality, online consumer protection, online speech, access to knowledge and more general Internet governance concerns.

    We involve our interns and policy fellows in all elements of our work. In addition, the policy fellow will enjoy our Summer Speaker Series, which brings leading experts in Canadian law & technology fields in to discuss various pressing issues with our students in a closed environment. See our annual bulletin for a list of past speakers, as well as a description of some of our recent work. Applications are due Thursday, March 12, 2015. To apply, visit Google's Policy Fellowship interface. The fellowship will run for 10 weeks this summer, and is open to any law students or law graduate students.

  • – 2015-02-11 –

    CIPPIC has been granted leave to intervene before the Supreme Court of Canada in CBC v. SODRAC.  The case involves the interpretation of the reproduction right and its application to so-called "ephemeral copies" - copies of works for the purposes of facilitating the creation and transmission of broadcasts.  CIPPIC's intervention will focus on the role of the principle of technological neutrality in interpreting the reproduction right.

  • – 2015-01-28 –

    Data Privacy Day (a.k.a. Data Protection Day) 2015 marked a range of developments - some good, some bad, all significant. Data Privacy Day is celebrated annually to commemorate the world's first data protection treaty: the Council of Europe's Convention 108. This year, the day began with a series of startling revelations from CBC, which released documents acquired through former NSA Analyst Edward Snowden detailing a comprehensive electronic surveillance program that monitored various file upload sites around the world. The program, implemented by Canada's foreign intelligence agency, CSEC, involved combing through its comprehensive meta-data-bases in order to identify individuals uploading or accessing 'questionable' documents on sites such as MegaUpload and Rapidshare. Visitors to such documents are then subjected to intense meta-data-scrutiny in order to find their identity through such things as Facebook and email login cookies. Aside from the millions of documents tracked by the program daily, the program demonstrates an immensely invasive capacity that can emerge from mere analysis of the metadata held by CSEC and its Five EYEs partners. Far from acknowledging these concerns, we expect more of the same, with State promises to introduce expanded lone wolf surveillance powers this Friday.

    Some tentatively promising developments from APEC also came this week. CIPPIC had endorsed a letter sent by a number of privacy groups in late December pointing to several issues with APEC's certification of TRUSTe as an accountability agent capable of overseeing compliance with APEC obligations for the purpose of receiving personal data transfers from other APEC member states such as Canada. This week, APEC and TRUSTe addressed a number of the concerns, but left a few (particularly those relating to conflicts of interest between TRUSTe board members and some of the commercial organizations it is tasked with overseeing) outstanding. In brighter news, the Mexican data protection authority announced it would be officially signing the International Principles on the Application of Human Rights to Communications Surveillance (IPAHRCS-es for short!), designed to provide comprehensive suggestions on how to conduct electronic surveillance in a targeted and privacy respective manner. The IPAHRCS have now been endorsed by over 480 international organizations, experts and government officials. An eventful data privacy day, for better or worse!

  • – 2014-12-11 –

    The Supreme Court of Canada issued its decision in R. v. Fearon, 2014 SCC 77, today, which addressed whether law enforcement could indiscriminately search mobile devices of individuals upon arrest. Whereas the Charter requires prior judicial authorization based on reasonable grounds in most instances, law enforcement are granted more latitude when searching individuals under arrest. The question in Fearon (and in a similar appeal heard by the United States Supreme Court around the same time - Riley v. California, 134 St.Ct. 2473 (2014)), was whether this broad rule should be applied to mobile devices given the rich amounts of information contained on these devices. In its intervention, CIPPIC argued that the breadth of the power to search on arrest combined with the ubiquitous use and far-ranging data contained on mobile devices will leave few instances where law enforcement cannot rummage through cell phones.

    While acknowledging the high privacy interest in mobile devices requires limiting access on arrest to situations where an immediate investigative purpose exists, a split decision of the court provided wide latitude for law enforcement to scour mobile data receptacles on arrest in many if not most instances. This is because, as noted by the dissent, mobile devices are implicated in most of our activities, so law enforcement will almost always be able to advance a general prospect that such a device might yield evidence of a witness, co-conspirator, or object of crime. Similarly, as noted by the dissent, while not each search of a mobile device will reveal sensitive information, the knowledge of an impending search is likely to have a chilling effect on mobile device use and, in those instances where an invasion occurs, there will not be an opportunity to remedy the issue ex post. In spite of this, the majority found that law enforcement objectives must prevail. The decision appears at odds with a string of supreme court decisions upholding additional protections for data receptacles, as well as with the United States jurisprudence. In the US, a concern for officer safety and the need to prevent destruction of evidence has, historically, motivated a search on arrest rule as broad as Canada's, but as the US Supreme court recently found in Riley/Wurie​, this rule does not extend to mobile devices.

  • – 2014-12-08 –
    The Federal Court has heard Teksavvy's motion for "all reasonable legal costs, administrative costs and disbursements" arising from voltage's order that Teksavvy disclose the identies of those of its subscribers whose IP addresses Voltages alleges that it has identified downloading copyright materials.  The motion springs from Prothonotary Aalto's February 20, 2014, decision granting Voltage a Norwich order compelling Teksavvy to provide requested subscriber information provided that certain conditions and safeguards were met.  One of those conditions involved Voltage's payment of Teksavvy's "reasonable legal costs, administrative costs and disbursements".  Teksavvy has submitted a bill of costs in the amount of $346,480.68.  voltage opposes the amount as "outrageous".
    Teksavvy's Record