• – 2013-07-31 –

    CIPPIC has joined over 120 civil society groups from around the world in endorsing a set of principles (FR) geared towards re-asserting what it means to protect privacy and associated human rights in light of increasing state surveillance capacities. Over the past several years, several gaps and cracks have developed in constitutional privacy frameworks around the world, which have simply not kept up with technological advances. Slipping through these cracks, government monitoring has grown to exponential proportions, as highlighted most recently and dramatically by a string of revelations regarding the unchecked surveillance programs operated by several foreign intelligence agencies in Canada and around the world. Over the past year, CIPPIC has worked with a number of civil society groups including the Electronic Frontier Foundation, Privacy International and Access to develop these principles as a means of addressing several of these shortcomings. As detailed below, the Principles collectively call for:

    • Transparency in Surveillance. The basis and interpretation of surveillance powers must be on the public record, and rigorous reporting and individual notification obligations are required;
    • Technical Neutrality. It is no longer acceptable to rely on artificial technical distinctions such as 'content' or 'non-content' as a basis for harvesting mass amounts of personal information;
    • Proportionality & Due Process. It is time to re-assert what has historically been the primary vehicle for preventing electronic surveillance from getting out of hand: prior authorization by an independent judicial entity based on a determination that the surveillance is highly likely to provide evidence that will address a serious harm;
    • Formalized Trans-Border Access. All access to any data of any individual must occur in a manner that is consistent with these Principles. It is no longer acceptable to bypass domestic privacy protections by relying on secretive and informal information sharing arrangements with foreign states, on voluntary cooperation by private international companies, or by treating individuals as though they lack privacy rights simply because they live in another country.

    It is time to turn back the surveillance tide. If your organization is interested in endorsing these principles or in learning more, please email: The full set of principles can be found at and

  • – 2013-06-27 –

    The CRTC issued Broadcasting Decision CRTC 2013-310 today, in which it approved the merger of Canada's largest and most heavily integrated communications company (Bell) and Canada's last significant independent (and non-integrated) broadcaster (Astral). In its submissions to this proceeding, CIPPIC called on the Commission to refuse the merger a second time, pointing to a number of flaws in the current regulatory framework that a merged Bell/Astral could exploit in order to harm competition and innovation in Canadian services. Specifically, CIPPIC was concerned post-merger Bell will drive up costs, limit online innovation by centralizing online distribution and restrict customer choice by constraining program packaging. Averting these harms and preserving the public interest in the face of a highly concentrated Bell/Astral will require a more invasive regulatory approach than provided by the Commission's current vertical integration toolset, which relies heavily on flawed dispute resolution mechanisms.

    While disappointingly approving the merger, the Commission acknowledges the need for some form of "additional oversight" in light of "BCE's increased ability to act in an anti-competitive manner." Further, it expressly states concerns over online innovation:

    that BCE’s market position relating to multiplatform rights could permit it to act as a “gatekeeper,” effectively preventing other distributors from offering services to their customers until BCE has decided to offer such services on its own platforms. The Commission is concerned that this could stifle innovation and limit the growth of digital media in Canada.

    However, the Commission appears to adopt a 'wait and see' approach to many of the challenges in question, noting, for example, that it will explore new dispute resolution mechanisms on a 'case by case' basis and in other instances expressing 'expectations' that Bell will not act in an anti-competitive manner, without specifying how it will monitor or enforce these expectations.

  • – 2013-06-12 –

    CIPPIC has been granted leave to intervene at the Federal Court of Appeal in two appeals that raise important copyright issues. National Post v. Fournier and Warman v. Fournier are being heard together. The cases raise important issues such as whether hyperlinks count as 'attribution' (a pre-requisite to the exercise of some fair dealing rights), the application of copyright law's limitation period to works published on the internet (specifically, whether something posted to the Internet is reproduced 'every day' it remains available online), whether reproducing excerpts from an original work amounts to "substantial" reproduction when assessing a non-economic claim of infringement and the nature of liability for Internet intermediaries such as online discussion platforms.

    The Court of Appeal also granted the Computer and Communications Industry Association intervener status in the appeal.

  • – 2013-06-03 –

    The CRTC released Telecom Regulatory Policy CRTC 2013-271 today, its decision in a proceeding which set out to establish a new Code to protect consumers of wireless services. The Code represents a solid first step towards addressing myriad woes that have been plaguing Canadian wireless services. It adopts measures that should alleviate bill shock resulting from excessive charges for data usage by requiring service providers to gain express customer consent before charging them in excess of $50 in data usage charges ($100 for international data roaming). It also takes steps towards limiting the ability of service providers to impose changes onto customers during the course of their contract. The Code also obligates service providers to unlock customer phones -- an important step, which will make it easier for customers to switch providers or use foreign SIM cards when travelling abroad. These are all important steps, which will somewhat address concerns that have plagued customers of Canadian wireless services for years.

    In addition, the Code limits amortization time-lines to two years, a measure that will effectively end the unique 3 year lock-in period that Canadians uniquely enjoy. In its submissions to TNC CRTC 2012-557, CIPPIC argued that the 3 year lock-in period is harmful to customers, in that it denies them access to a rapidly evolving marketplace and locks them into devices that are often not even supported for three years. Moreover, CIPPIC argued that Canadian incumbents are using 3 year contracts as a lock-in mechanism designed to prevent their existing historical customer base from reaching the small number of new market entrants, who started operations in late 2009/2010 after the AWS spectrum auction -- barely three years ago. Finally, CIPPIC conducted an international pricing comparison which demonstrated that Canada's unique 3 year amortization periods do not lead to lower prices for customers, but rather to higher overall costs when one considers the value of a 'free' handset in conjunction with the very high monthly service offerings Canadian customers must endure for three years at a time. Canada's OECD counterparts offer the same phones and services for less, and do so without three year lock-ins. The Code will apply in full to any mobile agreement entered into or amended after December 2, 2013. The 2 year term limit, however, applies to all service contracts as of today (June 3, 2012). For more information see:

  • – 2013-03-30 –

    CIPPIC participated in a consultation held by the Assemblée nationale du Québec on the Province's data protection and right to information framework. The consultation sought input on a set of recommendations issued by the the Commission d'accès à l'information du Québec and designed to update Québec's freedom of information statute and privacy statute in light of technological changes.

    CIPPIC's submission addressed a number of the Commission's recommendations, including issues arising from risks of re-identification, the need for data minimization obligations, the need for a right to information that extends to data that must be processed before it can be released, and the need to impose an obligation on the government to proactively disclose data useful to the public in interoperable formats.

  • – 2013-03-27 –

    The Supreme Court of Canada issued its ruling in R. v. Telus Communications Company, 2013 SCC 16, in which it was called upon to decide the extent to which important privacy protections offered for the interception of private communications should apply to advanced communications delivery mechanisms. Normally, a special interception warrant (called a Part VI authorization) is required before police are authorized to access private communications that have not yet occurred. In this case, however, the government argued it should be able to bypass the critical privacy protections found in Part VI because one company, TELUS, decides to temporarily store these as part of its message delivery process. The premise for this argument was that Part VI only protects against 'interceptions', and you cannot 'intercept' something that is not in motion, including TELUS' temporarily stored text messages. Therefore, the government can gain access to future messages that have not yet been sent, and no 'interception' occurs since the messages are taken from TELUS' stored databases.

    The problem is that, while real-time voice was the predominant form of electronic communications in the late 70s when Part VI protections were enacted, many forms of electronic communications, including SMS and email, employ temporary storage as part of the delivery process. The question then arises: do we throw away a critical set of privacy protections just because private communications are being transmitted by new techniques? In our intervention in this case, we argued against an overly narrow definition of Part VI that would defeat its ultimate purpose -- the protection of private communications. Today's decision saw a 5-3 majority of the Supreme Court rejecting the argument that police can do what is effectively and practically the type of 'electronic conversation' that Part VI was intended to protect. Access to text messages that have not yet been sent normally requires Part VI authorization. Just because TELUS stores its messages for a short period of time as part of the delivery process does not mean Part VI can be ignored.

  • – 2013-02-27 –

    CIPPIC welcomed the announcement of private member's Bill C-475, which proposed amendments to Canada’s federal privacy legislation, PIPEDA. The proposals will bring long overdue privacy protections for Canadians, including a comprehensive data breach notification regime and, critically, much needed enforcement powers for Canada’s privacy laws. A long-enduring and central gap in Canada’s privacy protections is the ongoing inability of the Privacy Commissioner to force non-compliant organizations to meet their privacy obligations. Even as our Courts, our provincial legislatures, and most of our international counterparts have recognized the increasing need to protect privacy in a digital era, our federal privacy regime remains toothless and our federal Privacy Commissioner lacks the basic power to enforce her own compliance orders. 

    In addition, the lack of a comprehensive data breach notification regime puts Canadians personal information at great risk. Experience from jurisdictions around the world has demonstrated that a legal obligation to notify individuals when their data has been put at risk is an essential component of any privacy protection regime. Not only does this notification requirement provide an opportunity for individuals to take protective measures against privacy harms ranging from identity theft to great embarrassment, but it also provides a poignant incentive for organizations to put in place the practical and technical mechanisms necessary to avoid such breaches in the first place.

  • – 2013-02-22 –

    CIPPIC is pleased to announce that, for the fifth year in a row, we will be hosting a Google Policy Fellow this summer. The Google Policy Fellow will join our Summer Internship Program and work closely with CIPPIC staff on a range of dynamic, cutting edge law & technology issues as we seek to further our mandate. This mandate regularly takes us before various policy- and law-making forums, including parliamentary committees, regulatory bodies, all levels of court and various international fora as we seek to advocate in the public interest on issues arising at the intersection of law and technology. It additionally includes a public education and engagement component, as we seek to ensure the public is aware of issues that may effect their daily digital lives. Substantively, CIPPIC advocacy covers a diverse range of digital rights/policy issues, including copyright, privacy/electronic surveillance, telecommunications regulation/net neutrality, online consumer protection, online speech, access to knowledge and more general Internet governance concerns.

    We involve our interns and policy fellows in all elements of our work. In addition, the policy fellow will enjoy our Summer Speaker Series, which brings leading experts in Canadian law & technology fields in to discuss various pressing issues with our students in a closed environment. See our annual bulletin for a list of past speakers, as well as a description of some of our recent work. Applications are due Friday, March 15, 2013. To apply, visit Google's Policy Fellowship interface. The fellowship will run from May 6 - July 15, 2013 (10 weeks), and is open to any law students or law graduate students.

  • – 2013-02-15 –

    CIPPIC has been granted leave to intervene in Voltage Pictures LLC v. Doe. Voltage has alleged that approximately 2000 unknown individuals, identified by IP address, have unlawfully downloaded movies and thereby infringed its copyright. Voltage subsequently filed a motion asking the court to order an Internet Service Provider, Teksavvy, to hand over the subscriber identities linked to those IP addresses. CIPPIC is now able to participate in that motion.

    CIPPIC asked to intervene in order to argue for the protection of Canadians' privacy, and to ensure that all procedural safeguards were respected. As part of its intervention CIPPIC will be allowed to challenge Voltage's evidence, and question whether it is robust enough to justify handing over customers' personal details. CIPPIC will also be allowed to introduce its own evidence, and to make arguments about the proper legal tests to follow in file-sharing lawsuits. We expect to provide evidence to court by the end of this month.

  • – 2013-02-12 –

    As part of ongoing proceedings set to establish a 'Wireless Bill of Rights' for customers of Canadian wireless services, the CRTC held a hearing seeking input on what protections should be included in such a document. CIPPIC, appearing alongside its client in the proceeding,, called on the CRTC to take strong steps towards alleviating growing customer frustration with a highly concentrated and difficult to navigate mobile service landscape. This requires, CIPPIC argued, simplified and standardized point of sale information on the nature and cost of services. It also requires that mobile service providers deploy real-time usage management tools that help individuals avoid bill shock. This includes handset-based notifications that kick in as individuals approach their usage limits, as well as a customizable 'hard' notification that will temporarily cut off usage as individuals approach excessive usage fees ($50, for example).

    In addition, effective protections will lower switching costs that currently keep customers locked in to their plans long after their smartphone battery expires, long after their frustration with changing fees or inadequate customer service raises their level of frustration to new heights, long after the wireless market has evolved to offer cheaper and more responsive service offerings. Lock-in, which, uniquely in Canada, is typically for three year terms of service, is achieved by a combination of technical measures preventing an individual from using their handset with another service and hefty fees (which can amount to hundreds of dollars depending on how far the individual is into their contract) levied at individuals seeking to leave their contracts early.