• – 2013-06-02 –

    The CRTC released Telecom Regulatory Policy CRTC 2013-271 today, its decision in a proceeding which set out to establish a new Code to protect consumers of wireless services. The Code represents a solid first step towards addressing myriad woes that have been plaguing Canadian wireless services. It adopts measures that should alleviate bill shock resulting from excessive charges for data usage by requiring service providers to gain express customer consent before charging them in excess of $50 in data usage charges ($100 for international data roaming). It also takes steps towards limiting the ability of service providers to impose changes onto customers during the course of their contract. The Code also obligates service providers to unlock customer phones -- an important step, which will make it easier for customers to switch providers or use foreign SIM cards when travelling abroad. These are all important steps, which will somewhat address concerns that have plagued customers of Canadian wireless services for years.

    In addition, the Code limits amortization time-lines to two years, a measure that will effectively end the unique 3 year lock-in period that Canadians uniquely enjoy. In its submissions to TNC CRTC 2012-557, CIPPIC argued that the 3 year lock-in period is harmful to customers, in that it denies them access to a rapidly evolving marketplace and locks them into devices that are often not even supported for three years. Moreover, CIPPIC argued that Canadian incumbents are using 3 year contracts as a lock-in mechanism designed to prevent their existing historical customer base from reaching the small number of new market entrants, who started operations in late 2009/2010 after the AWS spectrum auction -- barely three years ago. Finally, CIPPIC conducted an international pricing comparison which demonstrated that Canada's unique 3 year amortization periods do not lead to lower prices for customers, but rather to higher overall costs when one considers the value of a 'free' handset in conjunction with the very high monthly service offerings Canadian customers must endure for three years at a time. Canada's OECD counterparts offer the same phones and services for less, and do so without three year lock-ins. The Code will apply in full to any mobile agreement entered into or amended after December 2, 2013. The 2 year term limit, however, applies to all service contracts as of today (June 3, 2012). For more information see:

  • – 2013-03-29 –

    CIPPIC participated in a consultation held by the Assemblée nationale du Québec on the Province's data protection and right to information framework. The consultation sought input on a set of recommendations issued by the the Commission d'accès à l'information du Québec and designed to update Québec's freedom of information statute and privacy statute in light of technological changes.

    CIPPIC's submission addressed a number of the Commission's recommendations, including issues arising from risks of re-identification, the need for data minimization obligations, the need for a right to information that extends to data that must be processed before it can be released, and the need to impose an obligation on the government to proactively disclose data useful to the public in interoperable formats.

  • – 2013-03-27 –

    The Supreme Court of Canada issued its ruling in R. v. Telus Communications Company, 2013 SCC 16, in which it was called upon to decide the extent to which important privacy protections offered for the interception of private communications should apply to advanced communications delivery mechanisms. Normally, a special interception warrant (called a Part VI authorization) is required before police are authorized to access private communications that have not yet occurred. In this case, however, the government argued it should be able to bypass the critical privacy protections found in Part VI because one company, TELUS, decides to temporarily store these as part of its message delivery process. The premise for this argument was that Part VI only protects against 'interceptions', and you cannot 'intercept' something that is not in motion, including TELUS' temporarily stored text messages. Therefore, the government can gain access to future messages that have not yet been sent, and no 'interception' occurs since the messages are taken from TELUS' stored databases.

    The problem is that, while real-time voice was the predominant form of electronic communications in the late 70s when Part VI protections were enacted, many forms of electronic communications, including SMS and email, employ temporary storage as part of the delivery process. The question then arises: do we throw away a critical set of privacy protections just because private communications are being transmitted by new techniques? In our intervention in this case, we argued against an overly narrow definition of Part VI that would defeat its ultimate purpose -- the protection of private communications. Today's decision saw a 5-3 majority of the Supreme Court rejecting the argument that police can do what is effectively and practically the type of 'electronic conversation' that Part VI was intended to protect. Access to text messages that have not yet been sent normally requires Part VI authorization. Just because TELUS stores its messages for a short period of time as part of the delivery process does not mean Part VI can be ignored.

  • – 2013-02-27 –

    CIPPIC welcomed the announcement of private member's Bill C-475, which proposed amendments to Canada’s federal privacy legislation, PIPEDA. The proposals will bring long overdue privacy protections for Canadians, including a comprehensive data breach notification regime and, critically, much needed enforcement powers for Canada’s privacy laws. A long-enduring and central gap in Canada’s privacy protections is the ongoing inability of the Privacy Commissioner to force non-compliant organizations to meet their privacy obligations. Even as our Courts, our provincial legislatures, and most of our international counterparts have recognized the increasing need to protect privacy in a digital era, our federal privacy regime remains toothless and our federal Privacy Commissioner lacks the basic power to enforce her own compliance orders. 

    In addition, the lack of a comprehensive data breach notification regime puts Canadians personal information at great risk. Experience from jurisdictions around the world has demonstrated that a legal obligation to notify individuals when their data has been put at risk is an essential component of any privacy protection regime. Not only does this notification requirement provide an opportunity for individuals to take protective measures against privacy harms ranging from identity theft to great embarrassment, but it also provides a poignant incentive for organizations to put in place the practical and technical mechanisms necessary to avoid such breaches in the first place.

  • – 2013-02-22 –

    CIPPIC is pleased to announce that, for the fifth year in a row, we will be hosting a Google Policy Fellow this summer. The Google Policy Fellow will join our Summer Internship Program and work closely with CIPPIC staff on a range of dynamic, cutting edge law & technology issues as we seek to further our mandate. This mandate regularly takes us before various policy- and law-making forums, including parliamentary committees, regulatory bodies, all levels of court and various international fora as we seek to advocate in the public interest on issues arising at the intersection of law and technology. It additionally includes a public education and engagement component, as we seek to ensure the public is aware of issues that may effect their daily digital lives. Substantively, CIPPIC advocacy covers a diverse range of digital rights/policy issues, including copyright, privacy/electronic surveillance, telecommunications regulation/net neutrality, online consumer protection, online speech, access to knowledge and more general Internet governance concerns.

    We involve our interns and policy fellows in all elements of our work. In addition, the policy fellow will enjoy our Summer Speaker Series, which brings leading experts in Canadian law & technology fields in to discuss various pressing issues with our students in a closed environment. See our annual bulletin for a list of past speakers, as well as a description of some of our recent work. Applications are due Friday, March 15, 2013. To apply, visit Google's Policy Fellowship interface. The fellowship will run from May 6 - July 15, 2013 (10 weeks), and is open to any law students or law graduate students.

  • – 2013-02-15 –

    CIPPIC has been granted leave to intervene in Voltage Pictures LLC v. Doe. Voltage has alleged that approximately 2000 unknown individuals, identified by IP address, have unlawfully downloaded movies and thereby infringed its copyright. Voltage subsequently filed a motion asking the court to order an Internet Service Provider, Teksavvy, to hand over the subscriber identities linked to those IP addresses. CIPPIC is now able to participate in that motion.

    CIPPIC asked to intervene in order to argue for the protection of Canadians' privacy, and to ensure that all procedural safeguards were respected. As part of its intervention CIPPIC will be allowed to challenge Voltage's evidence, and question whether it is robust enough to justify handing over customers' personal details. CIPPIC will also be allowed to introduce its own evidence, and to make arguments about the proper legal tests to follow in file-sharing lawsuits. We expect to provide evidence to court by the end of this month.

  • – 2013-02-12 –

    As part of ongoing proceedings set to establish a 'Wireless Bill of Rights' for customers of Canadian wireless services, the CRTC held a hearing seeking input on what protections should be included in such a document. CIPPIC, appearing alongside its client in the proceeding,, called on the CRTC to take strong steps towards alleviating growing customer frustration with a highly concentrated and difficult to navigate mobile service landscape. This requires, CIPPIC argued, simplified and standardized point of sale information on the nature and cost of services. It also requires that mobile service providers deploy real-time usage management tools that help individuals avoid bill shock. This includes handset-based notifications that kick in as individuals approach their usage limits, as well as a customizable 'hard' notification that will temporarily cut off usage as individuals approach excessive usage fees ($50, for example).

    In addition, effective protections will lower switching costs that currently keep customers locked in to their plans long after their smartphone battery expires, long after their frustration with changing fees or inadequate customer service raises their level of frustration to new heights, long after the wireless market has evolved to offer cheaper and more responsive service offerings. Lock-in, which, uniquely in Canada, is typically for three year terms of service, is achieved by a combination of technical measures preventing an individual from using their handset with another service and hefty fees (which can amount to hundreds of dollars depending on how far the individual is into their contract) levied at individuals seeking to leave their contracts early.

  • – 2013-01-31 –

    In response to the dramatically outdated nature of Canada's now 30 year old Access to Information Act, the Office of the Information Commissioner of Canada has initiated an Open Dialogue Consultation on the need to modernize ATI. Building on submissions from fellow organizations such as BCFIPA, CIPPIC participated in the OIC's consultation, calling for the Access to Information Act to be modernized. Specific modernizations include reduced barriers to ATI requests, a 'digital first' response policy that should lower ATI response costs, and, importantly, exceptions should be narrowed and focused, and subject to a public interest override as well as the need to prove harm will result if information is not withheld. Too often are exceptions relied upon to obscure information that Canadians have a right to know.

    More generally, the right to information needs to be conceived in broader terms than reflected in the ATIA. It needs to be exercised more proactively if it is to be achieve its objective within the context of a democratic and technologically innovative society. While the current ATIA focuses on information responses to individual requests, it should additionally obligate periodic and proactive disclosure of important public information. This proactive publication obligation should extend to important data sets in the government's control, so that Canadians can fully benefit from data held and generated by their government. Government-held information is a national resource, generated by public officials in the course of carrying out their public mandates and, ultimately, paid for by public funds. The outdated nature of Canada's ATI regime has become a tangible obstacle to the ability of Canadians to fully benefit from this resource. It is now time to bring our right-to-information system forward into the twenty-first century. For more information visit:

  • – 2013-01-28 –

    CIPPIC is seeking applications for our Summer Internship Program. Summer interns work closely with CIPPIC staff on dynamic and cutting edge issues that arise at the intersection of law & technology. Our advocacy efforts regularly take us before Parliamentary, regulatory and quasi-judicial bodies, the production of research papers, and input into several domestic and international policy-making processes. In addition, in furthering our public outreach mandate, CIPPIC produces a diverse range of media that seek to engage the public on law and technology policy while providing high quality information resources on relevant issues. CIPPIC's advocacy covers several areas of law and policy, including copyright, privacy/electronic surveillance, telecommunications regulation/net neutrality, online consumer protection, online speech, access to knowledge and other digital rights.

    In addition, CIPPIC interns benefit from our Summer Speaker Series, which lets interns benefit directly from the experience of premier experts on various Canadian law & technology issues. Applications are due Friday, February 22, 2013. Applications are open to any current law or law graduate students (FR). Internships will run from May 6-July 26, 2013.

  • – 2013-01-28 –

    Data Privacy Day and its European counterpart, Data Protection Day, commemorates the signing of the world's first international treaty on data protection -- the Council of Europe's Convention 108. Data protection is rapidly becoming an international norm, as recent developments have brought the number of countries with data protection legislation to 89, globally. Additionally, 2012 saw an unprecedented commitment by lawmakers in one of the largest data markets -- the United States, a long-time adherence of a sectoral approach to privacy protection -- committing to the enactment of data protection laws. Our courts have similarly advanced the cause of privacy with landmark decisions that recognized the right to anonymity in judicial proceedings, a constitutional right to individual notification when police intercept communications in an emergency, and the right to privacy in our work computers. In addition, our Federal Privacy Commissioner released a sweeping (but yet to be enforced) Finding on the privacy practices of a youth-based social networking site, Nexopia. Finally, advances in transparency have helped us better understand how our information is being accessed by the government, as more organizations began publishing statistics on government access, and Google, who pioneered the transparency reporting model, has increased the scope of their own reports so that the public can better assess the nature of government requests.

    At the same time, the challenges have never been greater with online surveillance legislation, long over-due updates to our federal privacy statutes (PIPEDA and the Privacy Act) still nowhere in sight, and legislative initiatives that will allow our online service providers to hand over our data to litigants and copyright trolls alike -- all on the horizon. More after the jump.