My data, everyone’s business – Privacy regulators issue Concluding Joint Statement on data scraping and the protection of privacy
On October 28, 2024, the Office of the Privacy Commissioner of Canada (“OPC”) issued a Concluding Joint Statement on data scraping and privacy protection.[1] This document outlines the expectations for organizations to safeguard individuals against the risks posed by unlawful […]
Facebook failed to obtain consent and safeguard personal data: Federal Court Appeal clarifies PIPEDA compliance
INTRODUCTION On September 9, 2024, the Federal Court of Appeal (the “FCA”) issued its decision in Privacy Commissioner of Canada v Facebook Inc., 2024 FCA 140,[i] overturning the Federal Court’s decision[ii] and declaring that Facebook, Inc. (now Meta Platforms Inc.) […]
EU Artificial Intelligence Act: Implementation timeline and impact on Canadian companies
On July 12th, 2024, the European Union’s Artificial Intelligence Act (the “AI Act” or the “Act”) was published in the Official Journal of the European Union, making it the world’s first comprehensive legislation regulating artificial intelligence (“AI”) technologies. The AI […]
Essential legal due diligence for investing in AI companies: Top tips for investors and legal advisors
Introduction Investment banks and private equity firms are increasingly attracted to the potential of artificial intelligence (“AI”) companies as lucrative investment opportunities. However, the unique and evolving nature of AI technology and developing regulations demands comprehensive due diligence to evaluate […]
The Government of Québec publishes a Regulation respecting the anonymization of personal information
Québec’s Act respecting the protection of personal information in the private sector (the “Private Sector Act”) underwent significant amendments that came into force on September 22, 2023. These changes impact all businesses that collect, hold, use or transfer (communicate) personal […]
Legal privilege in cyber incident response: Insights from the LifeLabs data breach
When organizations fall victim to cyber-attacks or other incidents involving data security, they must respond in a way that allows for swift action, while still looking around corners to what additional risks might be lurking after the incident has been […]
AI in music: The Drake/Tupac case and beyond
In a matter of days, Drake’s latest release went from making headlines around the world to being taken down amidst threats of legal action from the estate of arguably one of the most revered and popular rap artists of all […]
Privacy prevails: The Supreme Court of Canada’s landmark decision regarding IP address privacy
On March 1, 2024, the Supreme Court of Canada released its decision in R v Bykovets, finding that IP addresses attract a reasonable expectation of privacy. Accordingly, corporations should take note that they have no legal obligation to provide the […]
Officer and director liability for cybersecurity breaches: Canadian implications of the SolarWinds case
Facts With the continued prevalence of cybersecurity threats and the many times associated consequences of business interruption, reputational damage, personal data breaches, disclosure of confidential and proprietary information, as well as loss of revenue, it comes as no surprise that […]
Practical steps to help your business prepare for Canada’s new privacy legislation: Quebec’s law 25 and proposed federal Bill C-27
Canadian privacy laws are changing – here are some practical steps to help businesses adapt to Quebec’s Law 25 and proposed federal Bill C-27. On April 24, 2023, Bill C-27, also known as the Digital Charter Implementation Act, 2022[1], passed its second reading at the […]
