Loïc Berdnikoff Chief Privacy Officer and Chief, Legal Operations and Conformity and Lawyer

Loïc Berdnikoff Chief Privacy Officer and Chief, Legal Operations and Conformity and Lawyer

Bureau

  • Montréal

Phone number

514 877-2981

Fax

514 871-8977

Bar Admission

  • Québec, 2005

Languages

  • English
  • French

Profile

Associate and Chief, Legal Operations and Conformity

Chief Privacy Officer

Me Berdnikoff began his career with Lavery as a student, then articled with the firm and then he continued his career with the firm as a lawyer and finally a partner. He practiced in the areas of access to information and the protection of personal information. As such, he regularly worked on cases involving the confidentiality of documents, electronic data transfer and archiving (information technology), the right to privacy, and professional secrecy. He often appeared before various courts and tribunals, including the Commission d’accès à l’information, the Superior Court, Court of Appeal, and even the Supreme Court of Canada.

Between 2017-2020, he was director, professional development. He used his professional experience and in-depth knowledge of the legal community to put in place programs and resources required for the professional development of the firm’s professionals. He was also responsible for both student and lateral recruitment.

As part of his current duties, Me Berdnikoff oversees the management of conflicts of interest and business conflicts as well as all aspects related to the firm's compliance. He is also responsible for knowledge management. Me Berdnikoff's role is also to work closely with the CEO, practice and office leaders, amongst other things to contribute to the firm's current operations, the implementation certain large-scale projects and strategic resource planning.

Committed to the advancement of law in Canada and elsewhere, Me Berdnikoff serves on the and is a member of the Canadian Bar Association (CBA), the Association de l’accès et de la protection de l’information (AAPI), the the International Association of Privacy Professionals (IAPP) and the National Association for Law Placement (NALP).

Publications

  • Accès à l’information: loi annotée, jurisprudence, analyse et commentaires, with Raymond Doray, Ad.E., Éditions Yvon Blais, 2014
  • “Canada’s Anti-spam Legislation: Phase 2 comes into force and first monetary penalty imposed,” Need to Know, April 2015
  • “New Anti-Spam Law: Better Act Quickly”, with Guillaume Laberge, Raymond Doray , André Vautour, and Guillaume Laberge, Need to Know, June 2014
  • Loi anti-pourriel: êtes-vous prêts? with Leïla Yacoubi, Magazine Sécurité financière, 2014 

Conferences

  • Des assureurs prennent le virage de l’intelligence d’affaires : quels sont les risques pour les assureurs? with Raymond Doray, Ad.E., Journée de l’assurance de dommages, March 12, 2014
  • La protection des renseignements personnels, les médias sociaux et le milieu de travail : impacts et avenir, with Guy Lavoie, Groupe Alerte-Santé, March 23, 2014–
  • L’accès à l’information et la protection des renseignements personnels : grandeurs et misères, Association des archivistes du Québec Conference, May 29, 2014
  • “Privacy Issues and Post-Secondary Institutions: Practical Advice on ‘Private’ Matters, with Lorne Randa and Mandy Woodland, CBA [email protected]. series , June 11, 2014
  • La nouvelle législation anti-pourriel,  with Joanne Desjardins and Myriam Duguay, Joint Conference  with Lavery and KPMG, June 17, 2014
  • Le droit à la vie privée et la protection des renseignements personnels au moment de la réclamation : quelles sont les règles et comment s’y prendre pour qu’elles ne deviennent pas un obstacle insurmontable, with Guillaume Laberge,  Lavery, October 23, 2014
  • Mise au point sur la nouvelle législation canadienne anti-pourriel : où en sommes-nous quatre mois plus tard, Symposium on comliance in Québec by London Life, Great West, and Canada Life, October 29, 2014
  • Vendre sur les réseaux sociaux en toute conformité : comment éviter les faux pas, with Mary Delli Quadri, 2014 Insurance & Investment Convention, November 11, 2014
  • La protection des renseignements personnels dans le milieu ambulancier, with Guy Lavoie and Magali Cournoyer-Proulx, Corporation des services d’ambulance du Québec, November 19 and 20, 2014 
  • Atelier sur l’accès à l’information et sur la protection des renseignements personnels, Archivistes étudiants et diplômés du Québec, December 12, 2014

Education

  • LL.B., Université du Québec à Montréal, 2004

Boards and Professional Affiliations

  • Member of the Executive Committee of the firm (Lavery Lawyers)
  • National Association for Law Placement (NALP)
  • Canadian Bar Association
  • Association de l’accès et de la protection de l’information (AAPI)
  • International Association of Privacy Professionals (IAPP)
  • Young Bar Association of Montréal (YBM)
  1. From “Safe Harbor” to “Privacy Shield”: laying the groundwork for a new agreement on transatlantic data transfer with the United States

    The United States and the European Union recently concluded a new agreement aimed at allowing U.S. companies to continue to collect, use and disclose personal information concerning European citizens, while still preserving their fundamental rights. To properly understand the importance of this new agreement, one must be aware that the Court of Justice of the European Union, in a decision rendered on October 6, 2015, had declared invalid the previous data sharing framework, known as "Safe Harbour", which governed the holding of personal information regarding European nationals by numerous American companies, including Web giants such as Facebook and Google. This transnational agreement provided for a self-certification mechanism for U.S. companies by which they undertook to abide by a certain number of guiding principles applicable in the European Economic Area (EEA), pursuant to which these companies could obtain the authorization to collect and store personal information originating from the European Union. Such an agreement was necessary to allow U.S. companies to hold personal information about European citizens because the legislative framework applicable in the United States does not offer "an adequate level of protection" for personal information as compared with that required by European authorities. However, in the wake of the revelations by Edward Snowden regarding the mass surveillance by U.S. authorities of the computer data of several large corporations, an Austrian citizen, Maximillian Schrems, sought and obtained the invalidation by the Court of Justice of the European Union of the Safe Harbour Agreement.1 The Court held that the “legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life”. While this decision was, in principle, supposed to apply immediately, the Data Protection Working Party (known as the “WP29”) — an independent European advisory board on data protection and privacy — urged the European institutions and the U.S. government to act by January 31, 2016 to agree to an alternative solution. It was in this context that the European Commission made the highly anticipated announcement, on February 2, 2016, of a new agreement in principle with the United States, dubbed the "Privacy Shield". The details of this agreement have not yet been disclosed, but we already know that this new mechanism will entail stricter obligations and tighter control of U.S. companies that deal with information of a personal nature originating from the European Union. Furthermore, access by U.S. authorities to this information is expected to be more closely regulated and more transparent. While, in theory, this agreement does not directly affect Canadian companies that collect, use or disclose personal information regarding European citizens, any such companies having an American subsidiary or a place of business in the United States and which collect personal information from Europe, as well as Canadian companies mandating third parties located in the United States with tasks that require the communication of personal information on European nationals, e.g. for hosting purposes, would be well advised to ensure they comply with the conditions of this new agreement when it takes effect. Stay tuned for more updates.   Schrems v. Data Protection Commissioner, 2000/520/CE, Court of Justice of the European Union, 6 Octobre 2015.

    Read more
  2. Canada’s Anti-spam Legislation : Phase 2 comes into force and first monetary penalty imposed

    Whereas Canadian businesses have barely recovered from the first phase of Canada’s anti-spam legislation (CASL), which aims primarily to regulate the sending of unsolicited commercial electronic messages, a new series of requirements applicable to the unauthorized installation of computer programs came into force on January 15, 2015. Like the rules applicable to commercial electronic messages, the second phase of the CASL is based on an opt-in mechanism as opposed to an opt-out mechanism. In other words, if someone wishes to install computer software or programs on someone else’s device, he must first obtain the consent of the device’s owner or authorized user. Parliament has not limited the legislation to any devices in particular. This means that the installation of software or programs on a computer, smartphone, tablet or game console is likely subject to the new rules. Likewise, the installation of software or programs on any device with computerized components, such as cars, appliances, smartwatches, etc. Since the legislation does not apply to the personal installation of computer software or programs, it is important to bear in mind that the new rules only apply when a business installs or causes the installation of software on someone’s device as part of its business activities. For example, the new rules do not apply where a person downloads an application onto his or her own device. Nor does the legislation apply to employers who install software or a computer program on the company’s devices. On the other hand, if the employer wishes to install a program or software on a device belonging to its employee, it must obtain the employee’s consent first. Furthermore, the legislation establishes several cases in which a person is deemed to have consented to the installation of a computer program or software. These include, for example, cookies, HTML, JavaScript, or an operating system such as Windows, OS/IOS, Linux, Android, Unix and BlackBerry OS. For the time being, if computer software or a computer program was installed on someone else’s computer before January 15, 2015, the person is also deemed to have implicitly consented to the installation of updates until January 15, 2018. CONSENT OF THE OWNER OR AUTHORIZED USER Express consent must be obtained from the device’s owner or an authorized user. The CASL does not define the notion of “authorized user.” According to the CRTC, anyone who has permission to use the device is an authorized user. For example, an employee who uses a device supplied by his or her business, a spouse or children who use the family computer, the renter of a device, and a person who is repairing a computer (but only to the extent that the person is making agreed-upon repairs) are authorized users. When a person must obtain consent, the person must convey the following information to the owner or authorized user in clear and simple language: The reason consent is being requested The identity of the person who is seeking consent If consent is sought on behalf of another person, a statement indicating which person is seeking consent and which person on whose behalf consent is being sought The mailing address and one other type of contact information of the person A statement indicating that the person whose consent is sought can withdraw their consent A description in general terms of the functions and purpose of the computer program to be installed In addition, if the software or computer program collects personal information, interferes with the user’s control of the device, changes the device’s settings or the data stored on the device, causes the device to communicate with another device or allows a third party to connect to the device remotely without the owner or authorized user’s knowledge, the request for consent must also disclose the following information: A description of these functions and the reason for them A description of the impact of these functions on the operation of the device All the consent-related requirements must be met before the software or computer program is installed. As for the consent itself, it is not presumed and the burden of proof is always on the person who does or causes the installation. A $1.1 MILLION PENALTY FOR CONTRAVENING CANADA’S ANTI-SPAM LEGISLATION The CRTC recently reprimanded a Quebec business for sending commercial electronic messages without the consent of the addressees and for sending messages with unsubscribe mechanisms that did not function properly. The monetary penalty for the four violations is $1.1 million. The company has 30 days to submit written representations to the CRTC or pay the penalty. It also has the option to request an undertaking with the CRTC to address this issue. We remind you that the CASL imposes serious penalties on people who do not comply with its provisions, including those concerning the unauthorized installation of computer programs. Offenders who are individuals face administrative monetary penalties of up to $1 million, whereas the maximum is $10 million for all other offenders. Effective July 1, 2017, any person who suffers a loss or damage due to a contravention of the CASL may apply to a competent court for an order requiring the person to pay the amount of the damage in question, plus up to $1 million in liquidated damages. CONCLUSIONS Although this second phase of the CASL mainly seeks to protect Canadian consumers and businesses against the installation of malware or spyware that is often particularly harmful to users, it should be kept in mind that the new requirements can apply to many other situations. It is therefore important for businesses to review their practices in this regard, to ensure they comply with the law’s provisions.

    Read more
  3. New Anti-Spam Law: Better Act Quickly

    In December 2010, the federal Parliament passed the Act to Promote the Efficiency and Adaptability of the Canadian Economy by Regulating Certain Activities1 that Discourage Reliance on Electronic Means of Carrying out Commercial Activities, better known as the “Canada’s Anti Spam Legislation” (CASL or the “Act”). The purpose of the Act is mainly to protect Canadian consumers and businesses against unsolicited spam messages, false or misleading commercial representations, malicious software and other electronic threats. It is scheduled to come into force on July 1, 2014. The new regime is based on a opt-in mechanism rather than through exclusion. As such, after July 1st, sending a commercial electronic message will be prohibited unless the recipient has consented to receiving it. Canadian businesses using electronic mail or social networks to inform and solicit customers will therefore have to review their practices in order to comply with the law, failing which they will be liable to administrative penalties and civil suits. However, transition measures are provided to give businesses time to adjust their practices.The definition of “commercial electronic message” within the meaning of the Act is wide and covers all electronic messages, including text messages (commonly called SMS), sound, vocal or visual messages in respect of which it is reasonable to conclude that their purpose is to encourage participation in a commercial activity. For instance, an electronic message which promotes an offer to purchase, sell or rent a product or a service constitutes a commercial electronic message covered under the Act. Such is also the case for an electronic message promoting a person as a purchaser, seller or renter of a product or service or involved in the areas of business, investment or gaming.Since non commercial activities are not covered under the Act, it must be noted that political parties, charitable organizations and corporations conducting market studies or surveys are generally not covered under the Act, unless their electronic messages are related to the sale or promotion of a product.Furthermore, the Act provides for many exceptions, such as messages sent between persons having a personal or family relationship or commercial electronic messages responding to a recipient who requested information on prices or estimates for the provision or delivery of goods, products or services.For the time being, the prohibition does not cover verbal communications by phone, which are currently governed by the Telecommunications Act2, particularly through the National Do Not Call List. However, this exception may be revoked by order-in-council if the government deems it appropriate.EXPRESS OR IMPLIED CONSENT OF THE RECIPIENTThe required consent for sending a commercial electronic message may be express or implied. The situations where the sender of such a message may rely on the implied consent of the recipient are set out in the Act. For instance, the Act provides that there is implied consent where the sender and the recipient have or had an ongoing business relationship within the two years preceding the date the message is sent. The same applies where the recipient asked the sender about products, goods or services during a 6-month period preceding the date of the message.The consent of the recipient is also implied if he or she has conspicuously published his or her electronic address without adding a statement whereby the recipient does not wish to receive unsolicited commercial electronic messages, to the extent that the message is relevant to the recipient’s employment or business or functions in such business.The consent is also implied where the recipient communicated his or her electronic address to the sender without indicating that he or she does not wish to receive unsolicited commercial electronic messages, again to the extent that the message is relevant to the recipient’s employment or business or functions in such business.Lastly, the existence of private relationships between the sender and the recipient within the two-year period immediately before the day on which the message is sent also allows for inferring the implied consent of the recipient to a commercial electronic message being sent in the cases provided in the Act.In all other cases where the Act does allow for inferring an implied consent, the express consent of the recipient is required for sending a commercial electronic message. Such consent is not presumed and the burden of proof lies with the sender.To obtain this consent, the sender must set out clearly and simply the purposes for which the consent is being sought and also the information that identifies the person seeking consent (or if the person is seeking consent on behalf of another person, information that identifies that other person). The scope of information which is required to be provided to identify the person seeking consent is set out in the regulations.It is important to note that after July 1st, a request for consent will in itself constitute a commercial electronic message. It will therefore not be possible to request such consent using an electronic mean, subject to certain exceptions.MECHANISM FOR WITHDRAWING CONSENT AND FORM OF COMMERCIAL ELECTRONIC MESSAGESThe Act provides that any person sending a commercial electronic message to another person must implement an unsubscribe mechanism allowing the recipient to withdraw his or her consent to receive commercial electronic messages from that sender. The sender must allow the recipient to express his or her will by electronic means, either by electronic mail or through a website, without cost and at any time. The sender must give effect to any withdrawal within a 10-day period.The description of this withdrawal mechanism must appear in the commercial electronic message which must, in addition, include information that identifies the person who sends the message or, if the message is sent on behalf of another person, the information that identifies the person who sends the message and the person on whose behalf it is sent. The commercial electronic message must also indicate the postal address and either the phone number to reach a service agent or a voicemail service, or the electronic mail address or the address of the website of the person who sends the message or, if applicable, the address of the website of the person on whose behalf it is sent.If it is practically impossible to include this information and the withdrawal mechanism in the commercial electronic message, they may be posted on an easily accessible web page without charge to the recipient through a link indicated clearly and prominently in the message.ADMINISTRATIVE PENALTIES AND PRIVATE RIGHT OF ACTIONThe Act provides for severe penalties for persons who fail to comply with its provisions. Contraveners are liable to administrative monetary penalties of up to $1,000,000 in the case of an individual, and $10,000,000 in the case of any other person.Furthermore, the existence of a private right of action against the sender of an unsolicited commercial electronic message constitutes a crucial point of this new regime. The Act allows any person suffering a loss or harm as a result of non-compliance with the provisions of the Act by the sender of a commercial electronic message to apply to a court of competent jurisdiction for a judgment ordering the sender to pay him or her the amount of such damages, plus liquidated damages of up to $1,000,000. For instance, the recipients of a spam message who suffer damages after relying on misleading information found therein may institute a class action to pursue their common claims on the basis of this new Act.CONCLUSIONUnsolicited electronic messages are a nuisance which warrant action. Canada is the only G8 jurisdiction which had not yet taken specific measures to regulate or prohibit spam messages. However, the obligation to obtain the consent of the recipients of commercial electronic messages, who in most cases have nothing to do with the spam messages, will constitute a difficult and costly burden for many businesses.It is therefore important that businesses review their electronic mailing lists to ensure that they comply with the provisions of the Act, namely, that the persons whose names are included have given their express consent to receive commercial electronic messages from the businesses or that the businesses can rely on the implied consent of such persons, failing which the businesses will have to obtain adequate consents. Again, contravening businesses will be liable to substantial penalties and claims which may exponentially increase through class actions involving hundreds if not thousands of recipients who allege that they suffered damages._________________________________________1 S.C. 2010, c. 23.2 S.C. 1993, c. 38.

    Read more
  1. Lavery hires five of its articling students

    Lavery is pleased to announce that it has hired five of its articling students as associates.  Alexandra Belley-McKinnon has joined the Litigation and Conflict Resolution group. She holds degrees in common law and civil law from McGill University as well as an LL.M. in International Law at the Graduate Institute of International and Development Studies in Geneva, Switzerland.   Céleste Brouillard-Ross has joined the Litigation and Conflict Resolution group. Prior to law school, Céleste studied History and Women’s Studies at McGill University.  Félix Germek-Michaud has joined the Labour and Employment Law group. He completed a Bachelor in Business Administration and a Bachelor of Law with honours from the Université du Québec à Montréal.   Pierre-Olivier Valiquette has joined the Business Law group. He holds a Bachelor of Civil Law (B.C.L.) and a Bachelor of Law (LL.B.) from McGill University.   Felicia Yifan Jin has joined the Business Law group. She completed her bachelor’s degree in civil law at the Université de Montréal and two internships in the Chinese legal system, one within the firm Tiantong & Partners, and the other at Guangdong International Business Law Firm.  “We are very proud to welcome talent like Daphnée, Charles, Chantal, Yaoqi and Andrée-Anne into the Lavery family. They have distinguished themselves by their quality of work, dedication and ongoing pursuit of excellence,” commented Loïc Berdnikoff, Director of Professional Development.

    Read more
  2. The Pierre-Basile-Mignault Moot Court Competition: five prizes for a team supervised by Lavery

    On February 16 and 17, 2018, the 40th edition of the Pierre-Basile-Mignault moot court competition was held between students from six Canadian civil law faculties. Lavery has been involved for several years, alongside students of the competition. This year, Justin Gravel supervised students of the Université de Sherbrooke, while Myriam Brixi and Dominique Vallières supervised students of the Université du Québec à Montréal (UQAM).  The UQAM team, which included Valérie Dupont, Vincent Grondin, Emmanuelle Arcand and Gabriel Sévigny-Ferland, set themselves apart by winning five of the nine prizes awarded in the competition: best team, best factum, tandem finalist of the finale (2nd best tandem), 2nd best litigator and best tandem of non-finalist litigators. The Lavery Cup for the 3rd best litigator was presented by Loïc Berdnikoff to Chloé Boisvenue of the University of Ottawa. For more information on the Pierre-Basile-Mignault Moot Court Competition, click here.

    Read more
  3. Lavery hires five of its articling students

    Lavery is pleased to announce that it has hired five of its articling students as associates. Daphnée Anctil and Charles Ceelen-Brasseur have joined the Business Law group with the Montréal office; Chantal Saint-Onge and Yaoqi Wang have joined the Litigation and Conflict Resolution group with the Montréal office; Andrée-Anne Perras-Fortin has joined the Business Law group with the Sherbrooke office and will also practise with the Lavery Legal Lab on Artificial Intelligence (L3AI); “We are very proud to welcome talent like Daphnée, Charles, Chantal, Yaoqi and Andrée-Anne into the Lavery family. They have distinguished themselves by their quality of work, dedication and ongoing pursuit of excellence,” commented Loïc Berdnikoff, Director of Professional Development.

    Read more
  4. Me Nathalie Roy, Lawyer Emeritus and former executive director of Éducaloi, chooses Lavery

    Lavery is pleased to announce that Nathalie Roy, Ad. E., has been named Project Manager, Training and Skills Development effective December 18. Under the direction of Loïc Berdnikoff, Director of Professional Development, Me Roy will be responsible for developing and implementing training programs within the firm. The core of Lavery’s success is based on retaining exceptional, engaged talent and recruiting highly qualified individuals. Under the leadership of the new chief executive officer and supported by the management team, Lavery aims to become a talent incubator, with a team of experts dedicated to developing its professionals. “Me Roy is a seasoned manager and an engaged leader. She has developed a keen understanding of the skills development needs in our industry”, commented Loïc Berdnikoff. “We are privileged to benefit from her long career to consolidate our offer. Her knowledge of the legal community and its transformation makes her a highly qualified player to define and implement programs to train the talent of today and tomorrow.” Me Roy co-founded Éducaloi, a pioneer in the communication of legal content in Quebec, and is known for her innovative vision and deep desire to do things differently. “A talent-based approach is entirely in keeping with the perception I have of my role and I am delighted to be working with an ambitious team to implement an audacious action plan,” remarked Me Roy. “Professional development is a key condition for ensuring that our resources, at every level, are both happy at work and equipped to be business partners with clients. I am very happy to be using my expertise and past experience to play a key role in developing skills and knowledge transfer at Lavery.” The strategic role that Me Roy will play in professional development is directly in line with the firm’s commitment to support its talent by implementing clear and sustained actions. “To embody its vision of being a key actor in the transformation of legal services in Quebec, Lavery has made it a point of honour to place talent at the core of its business strategy,” stated Anik Trudel, Lavery’s Chief Executive Officer. “The arrival of Me Roy at Lavery is proof that the firm is giving itself the means to implement a concrete action plan to respond to the challenges of today, while planning for the future.”

    Read more