Following a series of urgent proceedings in late December and early January, the Quebec Superior Court issued an interesting decision1 on January 8, 2026, providing important clarifications on the scope of policies relating to intellectual property, confidential information and conflicts of interest, as well as on the duties of loyalty and confidentiality set out in employees’ employment contracts. The facts Concordia University (“Concordia”) sought a provisional injunction from the Court against a former employee and student, Mr. Oleg Khalimonov, as well as against Polaris Aerospace Inc. (“Polaris”), a company of which he was a director and shareholder. Mr. Khalimonov was employed by Concordia from September 2023 to December 2025. He had also been a student at the University since 2016 and, since 2023, he had served as Program Leader for Space Concordia, one of the University’s student associations. The group received significant public visibility with the launch of Starsailor in August 2025, described as the first rocket launch from Canadian soil in twenty-five years. These research and development activities are said to have generated significant intellectual property and attracted interest from commercial partners looking to invest in Concordia’s projects. In December 2025, Concordia was informed that Polaris was claiming in the market it had acquired Space Concordia’s intellectual property and as the entity behind the Starsailor project. On December 16, 2025, Concordia formally notified Mr. Khalimonov that his dual role with Polaris and Space Concordia raised serious concerns about potential breaches of his employment contract, the University’s Intellectual Property Policy, and its Conflict of Interest Policy. This process led to Mr. Khalimonov’s resignation as Program Leader for Space Concordia on December 18, 2025. On December 29, 2025, Polaris submitted a bid under the Launch the North initiative, a program of the Government of Canada’s Department of National Defense providing for a total of 105 million dollars in investments and grants over three years. Concordia asked the Court to order Polaris and Mr. Khalimonov to: Cease any use of proprietary or confidential information belonging to the University. Withdraw Polaris’s bid; and Remit any documentation in their possession relating to Space Concordia and/or the Starsailor project. Analysis of the criteria applicable to the provisional injunction The Court concluded that issuing the requested provisional injunction was appropriate and that Concordia had met its burden of proof. The evidence clearly showed that Mr. Khalimonov had played a central role in the University’s rocketry initiatives and that he had never formally disclosed to Concordia his simultaneous involvement with Polaris. He had undertaken to comply with strict obligations to Concordia regarding intellectual property and proprietary information, including keeping such information strictly confidential during and after his employment and acknowledging that any intellectual property developed in the course of his employment would remain Concordia’s exclusive property, with no vested rights accruing to him. Mr. Khalimonov also had to comply with university policies, including the Conflict of Interest Policy and the Intellectual Property Policy. The latter provided that the “Inventors” of “Qualifying Inventions” were deemed to have automatically assigned to Concordia the related intellectual property. The Court found that Starsailor constituted a “Qualifying Invention”, and that Mr. Khalimonov met the definition of an “Inventor” within the meaning of that policy. It also found that Polaris’s proposal used intellectual property and confidential information belonging to Concordia. In that context, the Court considers, on a prima facie basis, that Mr. Khalimonov had breached his obligations arising from his employment contract, the Intellectual Property Policy, and the Conflict of Interest Policy. The Court also concluded that refusing to grant the provisional injunction would result in the submission of competing proposals under the Launch the North initiative, creating significant uncertainty as to the ownership of the intellectual property upon which those proposals were based, and thereby causing irreparable harm to Concordia. It found that the balance of inconvenience favored Concordia and supported granting the requested provisional injunction, since the absence of a provisional injunction would likely lead to the disqualification of both Polaris’s and Concordia’s proposals due to unresolved competing claims regarding the intellectual property. Conclusions The Court granted Concordia University’s application for a provisional injunction and ordered, among other things, that Mr. Khalimonov and Polaris cease disseminating false statements suggesting that Polaris held any rights whatsoever in Concordia’s intellectual property, including in relation to Space Concordia’s rocketry projects. It also ordered Mr. Khalimonov and Polaris to cease using Concordia’s intellectual property (including for Space Concordia’s rocketry projects), as well as any confidential or proprietary information belonging to Concordia. Finally, it ordered the immediate withdrawal of Polaris’s submission filed under the Launch the North project. General Principles — Ownership of Inventions In Canada, except for inventions developed by federal public servants, ownership of inventions is derived from inventorship. Thus, the starting point for ownership of an invention lies with the inventor(s), who may subsequently transfer their rights. For Canadian federal public servants, inventions produced by a federal employee in the course of their employment are “vested in Her Majesty in right of Canada” and therefore belong to the federal government, pursuant to the provisions of the Public Servants Inventions Act. However, the Patent Act contains no comparable express provisions regarding ownership of an invention developed by an employee in the course of employment. The case law has established the general principle mentioned above: in the absence of a valid agreement relating to such rights in the context of employment ownership of an invention  vests in the employee who created it, unless the employee was “hired to invent.” The leading case in this respect is the Federal Court’s decision in Comstock2. In that case, the Court noted that the nature and context of the employer–employee relationship could be analyzed using various factors in order to determine whether an employee had indeed been “hired to invent.” Such a determination can be complex and remains uncertain, since each case depends on its particular facts. It is therefore always prudent to put in place an agreement governing ownership of inventions developed in the course of employment. Key Takeaway   Concordia University’s success in its application for a provisional injunction underscores the importance for employers of including robust intellectual property and confidentiality clauses in employment contracts. This decision is a reminder that it is not enough to rely on general principles: employers are well advised to draft comprehensive, clear, and operational provisions governing (i) the ownership and assignment of intellectual property rights, (ii) the definition and handling of confidential information, and (iii) the rules applicable during employment and after its termination. It is just as crucial that these policies and undertakings (intellectual property, confidentiality, conflicts of interest) be brought to the employee’s attention at the time of hiring, properly incorporated into or referenced in the employment contract, and easily accessible at all times. These contractual mechanisms complement the duties of loyalty and confidentiality set out in article 2088 of the Civil Code of Québec, which continue to apply after the end of the employment contract—but whose scope often remains insufficient in specialized sectors where intellectual property issues are decisive. In short, this case shows that, without well-structured contractual clauses, Concordia would have had much greater difficulty asserting its rights and obtaining the withdrawal of Polaris’s competing submission under Launch the North. Concordia University v. Polaris Aerospace Inc., 2026 QCCS 30. Comstock Canada et al. v. Electec Ltd. and Hyde, (1991) 45 F.T.R. 241 (TD).

Are you well-equipped to navigate the world of e-commerce, optimize your positioning, and avoid infringement problems?In this constantly changing context, Lavery invites you to its annual intellectual property symposium: a strategic morning event designed to provide practical answers that apply directly to today’s business realities. WHEN : April 22, 2026, from 9:00 a.m. to 11:30 a.m. Register to this webinar Speakers The panels will be moderated by Alain Y. Dussault Panel 1 – Online Protection Mechanisms and Taking Action Myriam Brixi, James Duffy and Isabelle Jomphe Panel 2 – Software and Online Commerce: Patents, Interfaces, Protection Strategies and Related Contracts Eric Lavallée and Benoit Yelle Program The proliferation of online sales platforms, the rise of “marketplaces,” and the acceleration of cross-border trade are creating market opportunities that warrant a thorough review of intellectual property rights protection strategies. How can you effectively structure your IP protection to support online growth? How can you quickly remove a counterfeit product from online sales channels or social media? What leverage is available in terms of copyright, trademarks and customs interventions? How can you protect the software innovation at the heart of digital platforms such as applications, software as a service, e-commerce channels, and optimization and automation tools? How can you protect the user interface and customer experience of your online sales platforms? What are the risks associated with the Consumer Protection Act in a digital environment? What types of contracts should you consider for your online sales model? 9:00 a.m. to 10:15 a.m. Panel 1 – Online Protection Mechanisms and Taking Action The first discussion will outline the different online business models and typical examples of infringement, and then identify the legal tools to effectively defend intellectual property rights in a digital environment. Participants will see how to plan an effective strategy for taking action against infringement and communicate with major online commerce platforms to obtain the rapid removal of counterfeit products or content, relying in particular on the international registration of trademarks and copyrights. The speakers will discuss the measures available through customs authorities to reduce the risks of importing counterfeit products. The panel will also analyze consumer protection issues in e-commerce. With digital transactions taking centre stage, companies must reconcile online growth with regulatory compliance. The specific legal risks associated with online sales and best practices for managing them will be addressed in a pragmatic way.Presented by Isabelle Jomphe, James Duffy and Myriam BrixiPanel moderated by Alain Dussault  10:30 a.m. to 11:30 p.m. Panel 2 – Software and Online Commerce: Patents, Interfaces, Protection Strategies and Related Contracts This discussion will focus on practical ways to protect the software innovation at the core of digital platforms such as applications, software as a service, e-commerce channels, and optimization and automation tools. Participants will learn about the cases where a software, a key feature, a technical process or a computer-implemented method can be patented (and under what conditions), as well as filing strategies to maximize the value of a portfolio, while taking the pace of technological development into account.The panel will also address the protection of the user interface and user experience, as well as visual elements that support the customer journey. How should you combine copyright, industrial designs and trademarks in different circumstances? How does one assess the risks when using or drawing inspiration from templates, component libraries, style guides, or AI-based tools?Lastly, the speakers will discuss the different types of contracts and policies underlying e-commerce, depending on the business model envisaged, as well as the blind spots to avoid.Presented by Benoit Yelle and Eric LavalléePanel moderated by Alain Dussault

The World Anti Doping Agency suffered a data breach in 2016­—a vivid illustration that even the most prominent sporting institutions are not immune to cyber incidents. The authorities have now formalized what was previously just an observation: In a bulletin published in 2024, the Canadian Centre for Cyber Security warned that the entire sports ecosystem—spectators, athletes, organizations and government representatives—is the target of cyberattack campaigns.  Malicious actors will attempt extortion through business email compromise, ransomware attacks, phishing, malicious websites and search engine poisoning, among others. Take heed, as when an incident occurs that is serious enough to require a report to the authorities, it is often too late to establish sound governance and engage in due diligence. The sporting competitions of today are producing massive amounts of data. The quantity is staggering, and the data itself almost Orwellian. Check the tables below to see for yourself. Data collected on athletes  League Information collected NFL Performance data (statistics, position and movement metrics, speed, and passing, rushing and receiving yards) Medical and/or health data (examinations, injuries, concussion protocols) Substance screening data Data on disciplinary actions and investigations Professional and contractual data Travel, logistics and security data NHL Performance data Medical and/or health data (examinations, injuries, concussion protocols) Substance screening data Data on disciplinary actions and investigations Professional and contractual data Travel, logistics and security data MLB Performance data Medical and/or health data (examinations, injuries, concussion protocols) Substance screening data Data on disciplinary actions and investigations Professional and contractual data Travel, logistics and security data   Collection of customer information online  League Information collected NFL  Information provided by individuals  Identifiers: name, email, address, telephone number, date of birth; unique identifiers (username, password, SSN and other government identifiers if required, e.g. for awards) Demographic data and other protected categories: gender, race, ethnicity, sexual orientation Financial and commercial information: payment data, purchase history Real-time geolocation; precise geolocation Communication and marketing preferences Favorite team and inferences about preferences Audio, electronic and visual information (e.g., photos provided) Biometric data, if you opt for biometric authentication at the stadium; with consent and additional notice if required Information about your contacts (name, email) that you share; if authorized, access to your contacts, calendars and photos Search queries Content posted (comments, forums) Professional and employment information Education information Information that may be health-related (e.g., accessible seating) Correspondence, waivers, consents and other information sent Automatic collection  Device and network identifiers and technical data: IP address, MAC address, advertising identifiers, device type, browser, OS Usage: page views, links clicked, browsing journeys, application usage data Tracking and emails: cookies, pixels, tags, interaction with emails (opened emails, clicks) Social media (if linked): data received according to your settings and the platform’s policy Logs and traffic: server logs, stadium Wi-Fi traffic Video and audio recordings: CCTV and pictures taken or video recorded during events   NHL  Information provided by individuals Identifiers and contact information (name, email, telephone number, address, date of birth) Commercial information (payments, purchases, services) Demographic data (language, age, gender, race, ethnicity, household composition and income) Preferences (favourite team, favourite players) Photos and/or videos Content, feedback (comments, surveys) Contact information of friends Application data (resume, references, checks permitted) Automatic collection Activity and interactions (content viewed, bids, purchases, time spent, cookies, tags), access methods (browser, OS, IP address, browsing history before and after) Device information and identifiers (type, unique identifiers, local content if allowed) Location (GPS, Bluetooth, Wi-Fi, cells) Inferences about preferences Commercial information about transactions (e.g., timestamps) Collection from third parties Member clubs (ticketing, login credential, usage logs) Fanatics, NHL Shop, NHL Auctions (name, email, items purchased; marketing engagement statistics) Other business partners, public sources, commercial sources (data brokers) Connected social media (according to the platform’s settings and policies) NHL teams* Contact information: name, email address, home address, gender, date of birth, telephone number (e.g., ticket purchase, ticket transfer, account creation, inquiries, contests, promotions) Demographic data and preferences (age group, race, gender; preferred events, preferred products, e.g., surveys) Health data related to accessibility needs Video surveillance in venues (security; sharing limited by law) Anonymous traffic analysis and device counting (cameras, technological devices; Wi-Fi); statistics that can be shared with partners Depersonalized web analytics (Google Analytics); opt-out option Online advertising and/or remarketing (Google, Facebook, LinkedIn, etc.) through cookies; opt-out mechanisms (platform settings; DAAC) Geolocation through applications if enabled Social media: profile data and authorized interactions Technical data (IP, browser, OS, resolution, location, language, origin, keywords, pages viewed, data entered, ads viewed), identifiers (IDFA, AAID), connection information (operator, ISP, Wi-Fi); ability to recognize a device) MLB Information provided by individuals Identifiers and contact information: full name, email address, home address, telephone numbers, date of birth Security and authentication: password Payments: payment details Demographic data: demographic characteristics Content and recordings: voice recordings, audiovisual recordings Preferences and interests: information about your interests and preferences Activity and event related data: information requested for an activity or event (e.g., emergency contact) Sensitive personal information: as defined by applicable laws (e.g., racial or ethnic origin; health information such as disabilities or allergies) Automatic collection  Technical and usage data: IP addresses, device data, usage data Location and contacts: location data; contacts saved on your mobile device Collection from third parties Data from third parties and integrations: information provided by other companies if individuals connect their services * This data is collected about website users, people who visit venues, people who apply for jobs or participate in contests, people who submit drafts.   How leagues are structured Regarding privacy and personal information, we must look at how sports leagues are organized to understand who does what. In most cases, sports leagues are non-profit organizations or corporations. An entire framework of rules is built around these structures, defining both how governance is done and what business model is used. First, there are the articles of association and by-laws, which dictate governance, team admissions, voting rights, and the powers of the commissioner or board of directors. There are also the sporting and competition regulations regarding eligibility, game schedules, transfers, drafts, salary caps and cost control mechanisms. The leagues also adopt integrity and security policies against doping, betting and manipulation, harassment and abuse, as well as commercial agreements covering broadcasting, sponsorships, ticketing and data leveraging, among others. There can also be collective agreements with players’ associations and formal dispute resolution mechanisms. In this environment, the league plays a central role. It generally has the power to adopt, interpret and amend its rules; admit teams; manage expansion and relocation projects and changes of control; as well as the power to impose sanctions such as fines, point deductions, suspensions or exclusions. It also centralizes strategic commercial rights, media rights, trademarks and data, and it implements revenue-sharing policies designed to maintain a competitive balance between teams. Personal information: the roles of each Teams In day-to-day relations with athletes and customers, teams are generally the main point of contact. They sign contracts with players, sell tickets, manage subscriptions and operate online stores and loyalty programs. In practice, teams are often the ones that collect personal information, that explain what the information is used for, that decide what information needs to be collected and that put in place security and incident management measures. Teams must therefore be able to clearly inform athletes and customers about the purposes for which personal information is collected, the means by which it is collected, the categories of information collected, who receives the information, and the rights that  athletes and customers have. Teams must limit collection to what is necessary. They must ensure that information is accurate; they must obtain valid, manifest, free, informed and explicit consent for sensitive information such as health or biometric data; they must implement security measures adapted to risks; they must manage and report confidentiality incidents likely to cause serious harm; they must respond to requests for access and rectification; and they must stringently govern the sharing of information with service providers and mandataries. Athletes and customers often see the team as the true holder of their data. Leagues The role leagues play regarding personal information is more difficult to understand, as it varies depending on activities. When a league directly collects information from an individual, for example through an official application, a broadcasting platform or a transactional site for its own purposes, it must assume responsibilities comparable to those a team has. This is what MLB Advanced Media does, for example, defining itself as a “data controller” with respect to its customers’ data. But in many cases, the league acts behind the scenes. In some respects, it acts as a mandatary for the teams, negotiating and signing technology contracts, broadcasting agreements and other commercial agreements that will be used by the teams. In other respects, it acts as a service provider, offering centralized technology platforms, ticketing systems, data infrastructure and shared administrative services. Under Quebec law, these two roles—mandatary and service provider—are treated the same: The team can transmit to the league the information it needs to perform the mandate or service contract without having to ask for the consent of each person again, provided that a written agreement imposes clear measures to protect privacy, limits the use of data to the sole purposes of the mandate or service and governs data retention. The league must also promptly inform a team’s privacy officer of any privacy breach or attempted privacy breach and allow the officer to conduct checks. Also, teams and the league can always choose to base certain exchanges of information on the explicit consent of athletes or customers. However, such consent must be genuinely explicit, free, informed, given for specific purposes and presented separately when asked to be given in writing. Conclusion Although professional leagues are the ones in the spotlight, the same logic applies to amateur or non-professional sports organizations. In all cases, the relationship between the league, the team and the athlete or customer must be clearly governed from a privacy standpoint. Sports organizations should map the flow of personal information, harmonize the information messages they give to the those concerned, establish a standard agreement governing the sharing of information between teams and the league, provide simple mechanisms for access and rectification, and have key employees trained in privacy matters. Incorporating these points into articles of association, by-laws and team and league agreements will reduce risks and strengthen the confidence of athletes, parents, fans and business partners. Yet, a fundamental question still remains: Given that by law, data can only be collected for serious and legitimate reasons (necessity criterion), is the mass of information currently collected in the sports ecosystem really warranted? Sports organizations will have no choice but to delve into this strategic issue.