Publications

Introduction Non-liability clauses are often included in many types of contracts. In principle, they are valid and used to limit (limitation of liability clause) or eliminate (exoneration clause) the liability of a party with respect to its obligations contained in a contract. The recent unanimous decision of the Supreme Court of Canada confirms that under Quebec law, parties may limit or exclude their liability in a contract by mutual agreement. However, a party may have such a clause declared inoperative by invoking the doctrine of breach of a fundamental obligation of the contract. In this case, the Supreme Court of Canada confirmed the validity of the clause at issue and circumscribed the limits of the application of the doctrine. The Supreme Court of Canada’s decision The facts The dispute relates to a contract signed between 6362222 Canada inc. (“Createch”), a consulting firm specializing in the improvement and implementation of integrated management systems, and Prelco inc. (“Prelco”), a manufacturing company specializing in the fabrication and transformation of flat glass. Under the terms of the contract that the parties concluded in 2008, Createch was to provide software and professional services to help Prelco implement an integrated management system. Createch prepared a draft contract and Prelco did not ask for any changes to the proposed conditions. A clause entitled Llimited Liability was included in the contract, which stipulated that Createch’s liability to Prelco for damages attributed to any cause whatsoever would be limited to amounts paid to Createch, and that Createch could not be held liable for any damages resulting from the loss of data, profits or revenues or from the use of products or for any other special, consequential or indirect damages. When the system was implemented, numerous problems arose and Prelco decided to terminate its contractual relationship with Createch. Prelco brought an action for damages against Createch for the reimbursement of an overpayment, costs incurred to restore the system, claims from its customers and loss of profits. Createch filed a cross-application for the unpaid balance for the project. At trial, the Superior Court of Québec concluded that the limitation of liability clause was inoperative under the doctrine of breach of fundamental obligation, because Createch had breached its fundamental obligation by failing to take Prelco’s operating needs into account when implementing the integrated management system. The Court of Appeal of Québec confirmed the trial judge’s decision and held that the doctrine of breach of fundamental obligation can annul the effect of an exoneration or limitation of liability clause by the mere fact that a breach relates to a fundamental obligation. The Supreme Court of Canada’s reasons The Supreme Court of Canada allowed the appeal and set aside the decisions of the lower courts. Per Chief Justice Wagner and Justice Kasirer, the Supreme Court held that the limitation of liability clause in the parties’ contract was valid, despite the fact that Createch had breached its fundamental obligation. The Supreme Court addressed the two legal bases for the existence of the doctrine of breach of fundamental obligation: the validity of the clause having regard to public order and he validity of the clause having regard to the requirement relating to the cause of the obligation. In this case, the Court determined that public order could not render the limitation of liability clause inoperative as the contract at issue was one by mutual agreement and the parties were free to share the risks associated with a contractual breach between them, even if the breach involved a fundamental obligation. As for the validity of the limitation of liability clause, the Court determined that it was not a no obligation clause that would exclude the reciprocity of obligations. Createch had significant obligations to Prelco, and Prelco could keep the integrated management system, obtain damages for unsatisfactory services and be compensated for necessary costs for specific performance by replacement, but no higher than what had been paid to Createch. A limitation of liability clause does not therefore deprive the contractual obligation of its objective cause and does not exclude all sanctions. The Court explains: “[86] Thus, art. 1371 C.C.Q. applies to contract clauses that negate or exclude all of the debtor’s obligations and, in so doing, deprive the correlative obligation of its cause. Where a contract includes such clauses, it can be said that the reciprocal nature of the contractual relationship is called into question (arts. 1371, 1378 para. 1, 1380 para. 1, 1381 para. 1 and 1458 C.C.Q.). To apply a more exacting criterion would amount to annulling or revising a contract on assessing the equivalence rather than the existence of the debtor’s prestation and, as a result, to indirectly introducing the concept of lesion, which is narrowly delimited in the Code.”1 Prelco remains bound by the limitation of liability clause in this case. The Supreme Court of Canada is of the view that the trial judge and the Court of Appeal erred in law in declaring the limitation of liability clause inoperative. It allowed Createch’s appeal. Conclusion This Supreme Court of Canada decision confirms the importance of the principles of autonomy of contracting parties and freedom of contract between sophisticated legal persons in Quebec law. The doctrine of breach of fundamental obligation does not permit the circumvention of the principle of freedom of contract: It cannot be said that an obligation is deprived of its cause when a sanction for nonperformance of obligations fundamental to the contract is provided for in a limitation of liability clause. [1] 6362222 Canada inc. v. Prelco inc., 2021 SCC 39, para. 86..

Ahead of the 2021 holiday season, as children dream about the toys that Santa Claus will bring them, let’s take a look back at a landmark decision that reviews what is copyrightable under the Copyright Act. As visual artist Claude Bouchard (“Bouchard”) learned from the outcome of her legal action against Ikea Canada (“Ikea”),1 the Copyright Act2 does not protect the ideas, styles or methods developed and used by artists to create their works, even if their work is exhibited in museums and marketed internationally. From 1994 to 2005, Bouchard sold in a Montreal’s Unicef store soft toys that she designed based on children’s drawings. In September 2014, Ikea held a drawing competition for children and made 10 soft toys from the winning entries, marketed as part of the “Sogoskatt” collection. A portion of the profits were donated to UNICEF. Originally, Bouchard was seeking a monetary award against UNICEF and Ikea for copying her toys, alleging that they had used, in particular, her idea, her original style and her methods. In 2018, the Superior Court ruled on the case for the first time, dismissing the legal action against UNICEF based on the privileges and immunities of the United Nations.3 UNICEF’s immunity from suits is in this case absolute since Bouchard’s legal action is directly related to the organization’s mission.4 In January 2021, Justice Patrick Buchholz of the Superior Court put an end to the dispute between Bouchard and Ikea, dismissing the legal action for infringement of Bouchard’s works based on the Copyright Act as being ill-founded, destined to fail and unreasonable, thus opening the door to its dismissal for abuse of process.5 Why was Bouchard’s infringement action ill-founded? The Court first examined the arguments put forward by Ikea to the effect that two essential elements giving rise to the infringement action6 could not be demonstrated by Bouchard: There is no evidence that Ikea had access to Bouchard’s work.7 There is no evidence that Ikea reproduced a substantial part of the plaintiff’s work. Therefore, Ikea argues that there was no infringement of the copyright of Bouchard, who was seeking a monopoly on an idea, style or method, which is not protected under the Copyright Act8 Lack of access to Bouchard’s works The Court did not accept Ikea’s first argument that there was a lack of access to Bouchard’s works. It ascertained that the proceedings were at a too preliminary stage to make a determination.9 The Honourable Justice Buchholz pointed out that section 51 of the Code of Civil Procedure is not [our translation] “a free pass to bypass the judicial process and prematurely set aside otherwise allowable claims” when the evidence is still incomplete.10 The Court also noted the seriousness of the links between Ikea and UNICEF, which may have made access to Bouchard’s works possible and likely.11 In this context, only a hearing on the merits could have clarified the question of access to Bouchard’s works by making it possible to test, more precisely, the credibility of the witnesses at trial.12 Lack of reproduction of a substantial part of the work Bouchard alleged that the toys designed by Ikea incorporate eight essential features of her soft toy concept, namely [our translation]: Round eyes cut from non-fraying fabrics and sewn around the edges; Thinly cut linear mouths sewn into non-fraying fabrics; iii. Polyester fibre stuffing; iv. The toy is proportionate to the size of children’s hands; v. Soft toy faithful to the child’s drawing; vi. Child’s name and age on the tag; vii. Everything is solid (head, body, legs, and tail), in the same plane and stuffed; viii.  Use of textiles, plush, and the original colours of the drawings.”13 However, the Court accepted Ikea’s second argument that Ikea’s soft toys did not reproduce a substantial part of Bouchard’s work. Since Bouchard’s works and Ikea’s works did not share a resemblance, this means that a substantial part of the works was not reproduced.14 How to determine if a “substantial part” of a work has been reproduced? Under the Copyright Act, copyright, “in relation to a work, means the sole right to produce or reproduce the work or any substantial part thereof”.15 The Supreme Court defined “substantial part” of the work in the Cinar decision,16 stating that it is a flexible notion to be interpreted based on the facts. The assessment is holistic and qualitative in nature. The criteria to be used by the courts to determine whether there has been a reproduction of a “substantial part” of a work are as follows: The originality of the work, which must be protected under the Copyright Act;17 The part “represents a substantial portion of the author’s skill and judgment”;18 The nature of the two works as a whole, without looking at isolated passages;19 “[T]he cumulative effect of the features copied from the work”.20 Although there are some similarities between the Bouchard and Ikea soft toys, the soft toys are completely different and do not look the same because they are designed from the drawings of different children. Bouchard even admitted that [our translation] “a toy made from a unique child’s drawing is in itself a unique toy”.21 Can the Copyright Act protect an idea, a concept or a body of work? Bouchard instead claimed that Ikea illegally reproduced her idea, concept, style or methods.22 She ultimately argued that Ikea did not copy a specific work, but instead copied her “work” in a broader sense.23 Bouchard’s arguments highlight issues that often come up in the court system and demonstrate a misunderstanding of what is protected by copyright. Copyright of an idea, concept, style or method In 2004, the Supreme Court pointed out that copyright protects the expression of ideas in a work and not the ideas themselves.24 Justice Buchholz rightly pointed out that an artist can be inspired by another artist without infringing the rights protected by the Copyright Act. He noted, for example, that if styles were protected, Monet could not have painted in the Impressionist style.25 The Court also noted that the soft toys made by Bouchard correspond to a generic style dictated by safety standards for the manufacture and sale of toys.26 Thus, the Copyright Act does not offer any protection for ideas, concepts, styles or manufacturing methods and techniques. Copyright of an artistic legacy, corpus, or collection The Court specified that the Copyright Act does not protect a body of work or an artistic legacy, but rather each individual work.27 Bouchard c. Ikea Canada, 2021 QCCS 1376. R.S.C. 1985, c. C-42. Bouchard c. Ikea Canada, 2018 QCCS 2690. Idem, para. 24–25. Section 51, Code of Civil Procedure, CQLR c. C-25.01. Section 2, “infringing”, Copyright Act. Bouchard c. Ikea Canada, supra, note 1, para. 16–17. Idem, para. 15. Idem, para. 34. Idem, para. 28. Idem, para. 37–39. Idem, para. 40. Idem, para. 49. Idem, para. 55. Section 3, Copyright Act. Cinar Corporation v. Robinson, 2013 SCC 73, para. 26, 35–36. Idem, para. 26. Idem. Idem, para. 35. Idem, para. 36. Bouchard c. Ikea Canada, supra, note 1, para. 53. Idem, para. 56. Idem, para. 69. CCH Canadian Ltd. v. Law Society of Upper Canada, 2004 SCC 13, para. 8. Idem, para. 67. Toys Regulations, SOR/2011-17, adopted under the Canada Consumer Product Safety Act, S.C. 2010, c. 21, s. 29, 31–32. Bouchard c. Ikea Canada, supra, note 1, para. 69–71.

Ransomware has wreaked so much havoc in recent years that many people forget about other cybersecurity risks. For some, not storing personal information makes them feeling immune to hackers and cyber incidents. For others, as long as their computers are working, they do not feel exposed to no malware. Unfortunately, the reality is quite different. A new trend is emerging: malware is being released to collect confidential information, including trade secrets, and then such information is being sold to third parties or released to the public.1 The Pegasus software used to spy on journalists and political opponents around the world has been widely discussed in the media, to the point that U.S. authorities decided to include it on their trade blacklist.2 However, the use of spyware is not limited to the political sphere. Recently, a California court ordered a U.S. corporation, 24[7].ai, to pay $30 million to one of its competitors, Liveperson.3 This is because 24[7].ai installed competing technology on mutual client websites where LivePerson’s technology already is installed. Liveperson alleged in its lawsuit that 24[7].ai installed spyware that gathered confidential and proprietary information and data regarding Liveperson’s technology and client relationships. In addition, the software which 24[7].ai allegedly installed removed some features of Liveperson’s technology, including the “chat” button. In doing so, 24[7].ai interfered in the relationship between Liveperson and its clients. This legal saga is ongoing, as another trial is scheduled to take place regarding trade secrets related to a Liveperson client.4 This legal dispute illustrates that cybersecurity is not only about personal information, but also about trade secrets and even the proper functioning of business software. A number of precautions can be taken to reduce the risk of cybersecurity incidents. Robust internal policies at all levels of the business help maintain a safe framework for business operations. Combined with employee awareness of the legal and business issues surrounding cybersecurity, these policies can be important additions to IT best practices. In addition, employee awareness facilitates the adoption of best practices, including systematic investigations of performance anomalies and the use of programming methods that protect trade secrets. Moreover, it may be advisable to ensure that contracts with clients provide IT suppliers with sufficient access to conduct  the necessary monitoring for the security of both parties. Ultimately, it is important to remember that the board of directors must exercise its duty with care, diligence and skill while looking out for the best interests of the business. Directors could be held personally liable if they fail to meet their obligation to ensure that adequate measures are implemented to prevent cyber incidents or if they ignore the risks and are wilfully blind. Thus, board members must be vigilant, be trained in and aware of cybersecurity in order to integrate it into their risk management approach. In an era in which intellectual property has become a corporation’s most important asset, it goes without saying that it is essential to put in place not only the technological tools, but also the procedures and policies required to adequately protect it! Contact Lavery for advice on the legal aspects of cybersecurity. See Page, Carly, “This new Android spyware masquerades as legitimate apps,” Techcrunch, November 10, 2021. https://techcrunch.com/2021/11/10/android-spyware-legitimate-apps; Page, Carly, “FBI says ransomware groups are using private financial information to further extort victims,” Techcrunch, November 2, 2021. https://techcrunch.com/2021/11/02/fbi-ransomware-private-financial-extort. Gardner, Frank, “NSO Group: Israeli spyware company added to US trade blacklist,” BBC News, November 3, 2021. https://www.bbc.com/news/technology-59149651. Claburn, Thomas, “Spyware, trade-secret theft, and $30m in damages: How two online support partners spectacularly fell out,” The Register,June 18, 2021. https://www.theregister.com/2021/06/18/liveperson_wins_30m_trade_secret. Brittain, Blake, “LivePerson wins $30 million from [24]7.ai in trade-secret verdict,”Reuters, June 17, 2021. https://www.reuters.com/legal/transactional/liveperson-wins-30-million-247ai-trade-secret-verdict-2021-06-17.

Do you have the right to copy source code written and developed by someone else? The answer to this question depends on the situation; however, even in the context of open innovation, intellectual property rights will be the starting point for any analysis required to obtain such an answer. In the software industry, open-source licences allow anyone to access the source code of corresponding software, free of charge and with few restrictions. The goal is generally to promote the improvement of this code by encouraging as many people as possible to use it. Linus Torval, the programmer of the Linux kernel (certainly one of the most well-known open-source projects) recently stated that without the open-source approach, his project would probably not have survived.1 However, this approach has legal consequences: Vizio was recently hit with a lawsuit alleging non-compliance with an open-sourceGPL licence used in the SmartCast OS software embedded in some of its televisions. It is being sued by Software Freedom Conservancy (“SFC”), an American non-profit promoting and defending open-source licences. As part of its lawsuit, SFC alleges, among other things, that Vizio was required to distribute the SmartCast OS source code under the above-mentioned open-source GPLlicence, which Vizio failed to do, thereby depriving consumers of their rights2. In Canadian law, section 3 of the Copyright Act3 gives the author the exclusive right to produce or reproduce all or any substantial part of an original work. This principle has been adopted by all signatories of the 1886 Berne Convention, i.e., almost every country in the world. A licence agreement, which may inter alia confer the right to reproduce the work of another person, can take different forms. It also establishes the extent of the rights conferred and the terms and conditions of any permitted use. However, not all open-source licences are equivalent. Many allow creators to attach various conditions to the right to use the code that has been made available. Under these licences, anyone may use the work or software, but subject to the following constraints, depending on the type of licence in effect: Obligation to display: An open-source licence may require disclosure of certain information in the software or in the source code itself, such as the following: The author’s name or pseudonym, or even maintaining the anonymity of the author, depending on their wishes, and/or a citation of the title of the work or software; The user licence of the redistributed open-source work or software; A modification note for each modified file; and A warranty disclaimer. Contribution obligations: Some licences require the sharing of any modifications made to the open-source code, with said modifications being under the same licence conditions. In some cases, this obligation extends to any software that incorporates the open-source code. In other words, code derived from open-source material can itself become open-source. This obligation to contribute can generally be categorized as follows: Any redistribution must be done under the original licence, making the result open-source as well; Any redistribution of the code, modified or not, must be done under the original licence, but other code may be associated or added without being subject to the open-source licence; or Any redistribution is done without any sharing constraints. Ban on commercialization: Some licences prohibit any use for commercial purposes. Apache v2 Level of obligation to contribute upon redistributionAny redistribution of the software, modified or not, or with added components, must be done under the terms of the original licence. Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedYes BSD Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Copyright notice Warranty disclaimer Commercial use permittedYes CC BY-NC 4.0 Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedNo CC0 1.0 Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Licence of the redistributed open-source software Commercial use permittedYes GPLv3 Level of obligation to contribute upon redistributionAny redistribution of the software, modified or not, or with added components, must be done under the terms of the original licence Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedYes, but sub-licensing is not allowed LGPLv3 Level of obligation to contribute upon redistributionAny redistribution of the software, modified or not, must be done under the terms of the original licence. New components can be added, but not integrated, under other non-open-source licences Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedYes MIT Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Licence of the redistributed open-source software Copyright notice Warranty disclaimer Commercial use permittedYes It is important to make programming teams aware of the issues that can arise when using modules governed by what are known as “viral licences” (such as the CC BY-NC 4.0 licence) in the design of commercial software. Such software could lose significant value if such modules are incorporated, making it difficult or even impossible to commercialize said software. In the context of open innovation where developers want to share their code, in particular to encourage collaboration, it is important to understand the scope of these different licences. The choice of the appropriate licence must be made based on the project’s objectives. Also, keep in mind that it is not always possible to change the licence used for the distribution of the code once said distribution has commenced. That means the choice of licence can have long-term consequences for any project. David Cassel, Linus Torvalds on Community, Rust and Linux's Longevity, The NewStack, Oct. 1, 2021, online: https://thenewstack.io. See the SFC press release: https://sfconservancy.org/copyleft-compliance/vizio.html. RSC 1985, c. C-42.

Suppose that your best employee, the up-and-comer you’ve been training for several years, resigns. It’s terrible news for you, especially amid a labour shortage. And, to top it off, their new employer is your main competitor. How long has the employee been planning to leave? Did they plan during working hours? Using your company’s resources? What about the knowledge and contacts gained over the past few years: Will the employee share them with your competitor? If they did so, would it be illegal? At this point, one of your main concerns would be whether the resigning employee’s employment contract contains restrictive covenants, such as non-competition, non-solicitation or confidentiality undertakings. If it did, it would bode well for you provided that the covenants are valid and enforceable. You would otherwise have to rely on the duty of loyalty provided for in article 2088 of the Civil Code of Québec, a safety net that employers have relied on until a recent decision of the Court of Appeal of Québec limited its scope. Sahlaoui c. Médicus1 Mr. Sahlaoui, an orthotist-prosthetist, had been working for Médicus for about ten years, during which time he had built a relationship of trust with clients thanks to the quality of his services. He informed Médicus that he was resigning to start a competing company, Evo. Accusing Mr. Sahlaoui of breaching his duty of loyalty, Médicus sued him and his new company, claiming damages for one year’s lost profits, for hardship and inconvenience. The Superior Court awarded Médicus damages in the sum of $135,238, plus interest. However, the Court of Appeal dismissed Médicus’ recourse in its entirety and reaffirmed the right to freedom of work, concluding that the former employee, both before and after his resignation, had not breached his duty of loyalty. The Court thus considers that the duty of loyalty provided for in the Civil Code of Québec must be assessed in two stages, namely during and after employment. Duty during employment In the course of employment, an employee’s duty of loyalty is significant, especially for key employees and those with a great deal of professional discretion. The close ties that Mr. Sahlaoui had developed with clients during his employment were not enough to convince the Court that he had held a key position in his employer’s business, which, it should be noted, had approximately 350 employees at 15 branches. The Court is of the opinion that seeking new work does not in itself constitute a breach of the duty of loyalty, as it is an extension of the freedom of work. There are legitimate limits to the openness and transparency required under the terms of an employment contract, such that an employee may keep both their intention to change jobs and the steps taken to do so secret.2 On the other hand, the employee, while still employed, must not prepare their departure during working hours with tools provided by the employer. Stealing or hacking confidential information, withholding or misappropriating the employer’s business opportunities, taking client lists and recruiting clients for the employee’s benefit are examples of disloyal acts that the Court mentions. The judges cite with approval a 2007 decision of their court, which held that retaining or “refusing to turn over a former employer’s property in some cases constitutes outright theft, regardless of the notion of loyalty.”3 Duty after employment The Court of Appeal believes that the duty of loyalty is considerably reduced after an employee’s departure. The duty of loyalty set out in the Civil Code of Québec does not impose restrictions on an employee equivalent to those resulting from a well-drafted non-competition clause,4 particularly in terms of duration, because the duty of loyalty remains in effect for only a reasonable amount of time, which rarely exceeds a few months (three to four months).5 In this case, although Mr. Sahlaoui had signed a loyalty, confidentiality and non-competition undertaking to govern his post-employment conduct, the Court disregarded it because such undertaking did not meet the requirements for restrictive covenants established by the courts. Mr. Sahlaoui’s actions were therefore analyzed in terms of the duty of loyalty set out in article 2088 of the Civil Code of Québec. As the Court of Appeal points out, an employee who is not subject to a non-competition clause (or a non-solicitation or confidentiality clause having a term that exceeds the end of employment) may use their personal professional experience, i.e., their expertise, knowledge, network and skills acquired and developed with the former employer, as they see fit. Such employee may compete with their former employer, by soliciting its clientele, for example, without committing a fault.6 In short, the duty of loyalty under the Civil Code of Québec does not prohibit competition, but requires that it be exercised in moderation and only for a short time after employment ends. What it means Because the duty of loyalty is “rather minimal,” to quote the Court of Appeal, any organization would be well advised to protect itself by using restrictive clauses and having a clear plan of action for when an employee leaves to join the competition. To be enforceable, restrictive covenants must be specific and contextual. They must not exceed what is reasonable to protect the legitimate interests of the employer. The following questions are worth considering: When preparing an employment contract, is it possible to predict whether the employee in question will have direct relations with clients or suppliers? Will the employee learn, for example, the manufacturing processes or techniques that the organization strives to safeguard? If so, what restrictive clauses should be included in the employment contract, in particular regarding the nature of the employee’s tasks, reporting level and unique expertise? What needs to be protected? Examples include the confidentiality of information and the business’ reputation and services. The business should also protect itself against competition and solicitation of its clientele, suppliers and employees. To avoid unpleasant surprises, it is important to understand the purpose of each restrictive clause. They should also not be confused between them or thought to encompass the restrictions of another. Do the restrictive clauses meet the reasonable criteria necessary to be enforceable? Will they withstand contestation to the extent possible? Once the employee’s departure is announced, who will take over with clients or suppliers in order to maintain their trust? What security measures will be put in place when the departure is announced to ensure and preserve the confidentiality of certain information? The absence of restrictive covenants at the time of hiring is not disastrous, as the parties may negotiate such undertakings during the course of employment. While an employee cannot be forced to accept them, it is easier to reach an agreement when discussing a salary increase, promotion or other consideration, always making sure that the restrictive clauses are reasonable in light of the employee’s work context and the employer’s legitimate needs and rights. The parties may also agree to certain restrictions as part of an exit agreement. The Médicus decision has, at the very least, clarified the scope of the duty of loyalty provided for in the Civil Code of Québec. The members of our Labour and Employment Law group are available to advise you and answer your questions. Sahlaoui c. 2330-2029 Québec inc. (Médicus), 2021 QCCA 1310, see paragraph 59. See paragraph 35. Concentrés scientifiques Bélisle inc. c. Lyrco Nutrition inc. 2007 QCCA 676. See paragraph 44. See paragraph 48. See paragraph 53.

In the third and final entry of this three-part article series, we share with you the last set of intellectual property (IP)–related mistakes (mistakes #10 to #13) that we regularly see with startups. We hope you will find it useful for your business. Please be sure to read our first and second entries in this series, where we go over mistakes #1 to #5 and #6 to #9, respectively. Happy reading! Part 3 of 3 Mistake #10:       Assuming that your invention is unpatentable One common mistake we see business owners make is that they assume their technology is not patentable. This frequently applies to computer-related inventions, such as software. Even though there is no outright ban on patenting software in Canada, many inventors are under the impression that software is unpatentable. This is most likely due to the fact that many patent applications for computer-implemented inventions are initially refused because the Patent Office determines that the invention in question is merely a disembodied series of mental steps and/or a mathematical formula (both of which are not considered patentable subject matter). However, it is important to remember that, while certain types of subject matter are not patentable in Canada (e.g., disembodied mental steps and mathematical formulae, as mentioned above), that does not mean that technology involving such unpatentable subject matter (e.g., computer software) is completely void of patentability. Often, it simply means that another aspect of the technology should be the focus of the patent application. For example, with regard to computer-implemented inventions, one strategy to increase the likelihood of patentability is to draft the patent application in such a way so as to emphasize that the computer hardware is essential, or to draft the application in such a way that it is clear that the invention creates an output comprising discernible effects or changes (e.g.: this can be as simple as generating distinct groups in a classification method). It is also worth noting that many inventors are under the mistaken impression that a new piece of technology has to be all but revolutionary in order to be patentable. However, improvements over existing technology are also patentable as long as they are sufficiently new and inventive. Accordingly, it is important to speak to a patent agent to properly determine if and how your invention may be patented. Mistake #11:       Believing that your patent automatically gives you the right to use and/or commercialize your invention One common misconception regarding patents is that they give the owner thereof the right to use and/or commercialize the patented technology without fear of infringing third-party patents. However, what a patent actually does is allow its owner to exclude others from using and/or commercializing their patented technology. It is not a shield against potential infringement of third-party IP rights. For example, if you obtain a patent for a piece of technology you developed, that does not necessarily mean you have the right to use or commercialize that technology. Specifically, if your technology incorporates patented technology owned by another company, then that company can actually prevent you from using or commercializing your own invention. This is an important aspect of “patent protection” that all entrepreneurs should be aware of. Mistake #12:       Not informing yourself about the criteria for recognition as an inventor or owner of an invention, and not training your employees on these criteria Many types of intellectual property disputes can arise within a business. Most of the time, they are the result of misconceptions, such as: An employee believes they are the inventor of an invention, when they are not; An employee believes that as the inventor of an invention, they are necessarily entitled to consideration (monetary or otherwise); the invention belongs to them rather than to the company; they are free to use the invention, for example upon leaving the company to become a competitor; or An employer believes that their company can use the specific results of a researcher’s work obtained from a previous job. It’s easy to imagine how messy such issues can get! An ounce of prevention is certainly worth a pound of cure. Get informed! Also, clarify these issues with new employees as soon as you hire them, and set down in writing who will own the rights to intellectual property developed during the course of employment. A quick training session before such problems arise can set the record straight and avoid conflicts based on unrealistic expectations. Mistake #13:       Not having an intellectual property protection strategy After reading this three-part article, we hope you now have a better understanding of the importance of developing an intellectual property strategy for your company. While such strategies can be very complicated, we have provided three broad questions that you should consider at all times (not just when starting out).  What intellectual property is my company using? This first question tasks you with identifying intellectual property that your company uses. This would include any technology that you are using or selling; any brand names/logos; and any works you are currently using (e.g., logos, slogans, website layouts, website texts, pictures, brochures or computer programs). Is there a risk that I am infringing a third party’s IP? Once you have identified the above intellectual property, you should ask yourself if your activities might infringe a third party’s IP rights. Obtaining a response may involve the following: Hiring a patent agent to perform a freedom to operate search for any technology you plan on using. Hiring a lawyer specialized in IP to perform a trademark search and opinion for any brand names/logos you use, as well as to negotiate and prepare an assignment of IP rights. How can I expand my own IP portfolio? This question involves determining, for each piece of IP you have identified, if and how it can be protected. This can include asking yourself the following additional questions: Is any of the technology I use or commercialize worth protecting? If so, should I file a patent application or keep the technology a trade secret? In which countries do I want IP protection? Are any of my company’s brand names or logos worth protecting by filing a trademark application? What’s important is not necessarily that you protect each and every piece of intellectual property your company owns, but that you have properly evaluated your company’s IP and have come up with an effective strategy that suits your business. In order to properly optimize your company’s IP portfolio, we naturally recommend speaking with your IP professional, whether it be a patent agent, a trademark agent, or a lawyer. Conclusion Lavery’s intellectual property team would be happy to help you with any questions you may have regarding the above or any other IP issues. Why don’t you take a look at our Go Inc. start-up program? It aims to provide you with the legal tools you need as an entrepreneur so you can start your company on the right foot. Click on the following links to read the two previous parts. Part 1 | Part 2

Excess claim fees on the horizon As reported earlier, the Canadian government published proposed amendments to the Patent Rules on July 3, 2021. A significant component of the proposal is the introduction of excess claim fees on the order of $100 CAD for each claim beyond 20 claims, which will be payable when requesting examination, and will be re-assessed upon allowance to determine if further claim fees are due when paying the final fee based on changes in the number of claims during examination. Consider acting now In anticipation of the likely introduction of such a regime in early 2022 (which may be announced with only 30 days’ notice), Applicants may wish to begin assessment of their Canadian patent matters and consider requesting examination by the end of 2021 to avoid the payment of such excess claim fees and retain the right to present a larger number of claims for examination. Based on the transitional provisions in the proposed Rules, taking such action now shall avoid payment of such excess claim fees when requesting examination and when paying the final fee upon allowance. We thus recommend that Applicants consider taking such action this year to retain the benefits of the current regime, particularly for cases with a large number of claims as well as those which were already being considered for requesting examination in the short term. Stay Tuned! While the exact details and timing of the upcoming changes remain unknown, the earlier proposal suggests that they will likely be soon and with little advance notice. Please stay tuned for upcoming news in due course, and do not hesitate to contact a member of our patent team for guidance through the ultimate transition.

In IT service contracts, it is common to find non-liability clauses protecting companies that provide software and professional IT system implementation or integration services. Issue In Dispute Is such a contractual non-liability clause valid under Quebec civil law where a fundamental obligation is breached? In 6362222 Canada inc. v. Prelco inc., recently rendered, the Supreme Court of Canada ruled that the non-liability clause in question was freely negotiated between the parties and resulted from compromises made by both sides. It therefore had to be respected. The respondent “Prelco” mandated the appellant “Créatech” to supply software and provide services to implement an integrated management system, the purpose of which was to manage and track all operational services information found in a large number of databases. Further to the many recurring problems during the system implementation, Prelco decided to end its contractual relationship with Créatech and hired another company to render the system operational. Prelco then claimed damages from Créatech, while Créatech filed a counterclaim for the unpaid balance for the project from Prelco. This began a long legal battle, which ended in the Supreme Court. In its decision, the Supreme Court treated various arguments which, according to Prelco, would have precluded the application of the non-liability clause. The Court dismissed these arguments. Reaffirmation Of The Primacy Of Freedom Of Contract The Supreme Court of Canada held that the Civil Code is set out in such a way as to provide for parties’ freedom to contract and to strike a balance between the notion of public order and the principle of freedom of contract. In considering the applicable legal principles, the judges noted however that the principle of respect for the contractual will of the parties does have exceptions, for example in cases of gross negligence or intentional fault, where economic forces are unbalanced ( such as a contract between a merchant and a consumer), where adhesion contracts and other types of contracts, such as nominate contracts mentioned in the Civil Code are involved, or where exclusions cover liability for body or moral injury.  Conclusion From this decision, it appears beneficial for IT service providers or other service providers to choose to be governed by the Quebec regime in contracts where the parties negotiate a clause limiting or excluding liability.

The Supreme Court of Canada has previously addressed this issue in Evans v. Teamsters Local Union No. 311 and concluded that, in certain circumstances, when an employer offers a new position to a dismissed employee, the latter may have to accept it in order to mitigate their losses. A few years later, in 2108805 Ontario inc. c. Boulad,2 the Court of Appeal stated that such acceptance is not automatically required because an employee cannot be forced to accept a position offered without mutual understanding and respect between the parties. More recently, the courts have indicated that acceptance of a position with a former employer is indeed not automatically required and emphasized the importance of analyzing the totality of the circumstances when determining whether an employee must accept an offer from their former employer. In short, the issue is whether a reasonable person in the same situation would accept the employer’s offer. Both the tangible aspects, such as the nature and conditions of employment, as well as the intangible aspects, such as work climate and the preservation of the employee’s dignity, are essential and must be considered. Mitigation of damages In determining whether an employee has been constructively dismissed, the question is whether a reasonable person in the same circumstances would have considered there to be a substantial change to the essential conditions of their employment contract. In St-Laurent c. Cosmétiques Baronesse inc.,3 the Administrative Labour Tribunal («ALT») responded to this question by confirming that each situation is unique. In this case, the ALT concluded, on the basis of all the facts and the relationship between the parties, that the plaintiff was not required to mitigate her damages by agreeing to a change of territory, given that such a change was not compatible with her family obligations. The employer, a distributor of cosmetic products for beauty salon and spa professionals, had offered the plaintiff, a resident of Chambly, the position of sales representative for the South Shore. The territory for which she would have been responsible stretched from Boucherville to Drummondville, and from Brossard to Sherbrooke. It also included Vaudreuil. When a portion of Montréal’s downtown and the West Island was added to her territory, the plaintiff, who had joint custody of her children and had them in her care every other week, was given flexibility in her schedule to care for her children. After an absence due to disability, the plaintiff was informed of the need to adhere to a strict schedule and that, because of client complaints, she would instead be assigned to the territory of the North Shore (Laval, Laurentides, Ottawa and Gatineau), with the obligation to work more than 40 hours per week, despite her attending physician’s advice to the contrary. The ALT first pointed out that the undisputed evidence showed that the plaintiff had initially accepted the representative position because the employer offered her the opportunity to work on the South Shore and a flexible schedule. The ALT added that the employer had not established policies or practices whereby territorial changes could be made on a regular basis or in certain circumstances. Finally, the ALT noted the employer’s failure to attempt to adjust the schedule or sales territory, even though it had hired two representatives to replace the plaintiff and reorganized the territory for them. Placed in this situation without further modification, the plaintiff had no choice but to refuse the changes. The ALT confirmed the absence of a resignation and upheld the complaint for constructive dismissal. Notice of termination Dismissed employees have a duty to mitigate their damages, meaning that they must make reasonable efforts to find employment in their field or a related field, and they must not refuse offers of employment that are deemed to be reasonable in the circumstances. The assessment of a reasonable notice period is a question of fact that must take into consideration the specifics of the entire situation. The question of whether the notice period should be reduced due to the employees’ failure to fulfil their obligation to mitigate their damages—which is an obligation of means—is also essentially a question of fact.4 This is another example of something which requires a case-by-case assessment. What to look for when assessing the terms offered to a person facing a termination of employment In short, although it may be reasonable for an employee whose position has been eliminated to accept a job offered by their employer to mitigate their damages, it is not a given. All facts and circumstances must be considered. In assessing the position and terms offered to such an employee, and in order to validly claim that the employee is required to mitigate their damages, a prudent manager should determine whether there are barriers to continued employment under these conditions. In particular, this manager should consider whether a reasonable person placed in the same situation would accept the position, notably because the employee would not suffer embarrassment, humiliation, hostility or loss of dignity in doing so. Our Labour and Employment Law team is available to advise you and answer your questions. 2008 SCC 20. 2016 QCCA 75. 2021 QCTAT 3732. CISSS des Laurentides c. St-Arnaud, 2021 QCSC 2071.

An employer grievance is a means that employers can use to obtain compensation for material damages caused by pressure tactics or to recover overpayments resulting from a union’s wrongdoing. Such a recourse can also be filed to claim damages and legal fees from a union that has abused the grievance arbitration process, in particular by raising grounds that are unfounded or filing applications that are dilatory, or doing either in bad faith. Although not very common, abuse of process does exist and can be sanctioned. However, an employer can successfully raise abuse of rights when a union’s actions are reckless, manifestly ill-founded, done in bad faith or dilatory. Two recent cases The decision in Régie intermunicipale de police Richelieu Saint-Laurent et Fraternité des policiers et policières Richelieu Saint-Laurent1 is an interesting example: The arbitrator ordered the union to reimburse the employer part of the legal costs that it had incurred, as well as the sums paid to three of its witnesses. The case can be summarized as follows. As a result of pressure tactics, three police were summoned to a disciplinary hearing before the discipline committee.  The parties agreed in writing to reschedule the hearings before the committee. The officers were finally met in 2014, after which they filed grievances to contest the disciplinary measures taken against them. Arbitration was set for May 2018 and a pre-trial conference was held prior to the hearing. At the hearing, the union raised a preliminary exception on the grounds that the disciplinary measures had been imposed outside the time limit set out in the collective agreement. The employer invited the union to make verifications, maintaining that the parties had agreed to postpone the hearing before the discipline committee. The union upheld its preliminary exception. The employer then filed a grievance, claiming damages arising from the union’s time-barred and unfounded preliminary exception. In January 2019, the parties presented their arguments on the preliminary exception and the employer grievance. On February 14, the union withdrew its preliminary exception during deliberations. The arbitrator allowed the employer grievance in part. He concluded that the exception filed by the union was unfounded and that the latter’s conduct was a clear example of an abuse of legal process. The employer was compensated for the costs incurred in defending itself against the abuse of rights. In Syndicat des professeures(eurs) de l'UQAM (SPUQ) et Université du Québec à Montréal (UQAM),2 the parties had recently renewed their collective agreement and agreed to a clause providing for a reduction in the salary of professors over 70. Shortly after the collective agreement came into force, grievances were filed challenging the discriminatory nature of the clause. UQAM filed an employer grievance alleging abuse of the grievance process by the union. The evidence showed that the union had agreed to the clause even though it knew that it was discriminatory, with the intention of challenging it in arbitration. The union had even asked that the age of the professors be added to the clause, which made its discriminatory nature even more obvious, thereby maximizing its chances of success at arbitration. The arbitrator allowed the employer grievance and ordered the union to reimburse the arbitrator’s fees and disbursements, as well as the professional fees charged by the employer’s lawyer to represent it during arbitration of the union grievance. He concluded that the union’s actions violated the duty to bargain in good faith and constituted an abuse of rights on the union’s part. Key takeaway and helpful tips Abuse of process can take many forms: the use of an unfounded declinatory exception, for example, or the filing of an abusive grievance arising from collective bargaining in bad faith. When confronted with situations not seen in the ordinary course of labour relations, an employer must determine whether there has been abuse of rights. Should abuse of rights be found, the employer could exceptionally claim the professional fees of its lawyers, the cost of summoning witnesses and possibly other damages resulting from the union’s wrongful conduct by filing an employer grievance. However, employers must bear in mind that an ill-founded union grievance, dismissed on the basis that the union’s interpretation of the facts or collective agreement differs from that of the employer, will not necessarily be deemed abusive. In order to win the case, the employer will have to prove that the union’s actions were reckless, manifestly ill-founded, in bad faith or dilatory. It goes without saying that an abuse of procedure by an employer could also be sanctioned by damages. The members of our Labour and Employment Law team are available to advise you and answer your questions. 2021 QCTA 319. 2021 QCTA 296.

Bill 64, also known as the Act to modernize legislative provisions as regards the protection of personal information, was adopted on September 21, 2021, by the National Assembly of Québec. This new bill amends some 20 laws relating to the protection of personal information, including the Act respecting Access to documents held by public bodies and the Protection of personal information ("Access Act"), the Act respecting the protection of personal information in the private sector (“ARPIPS”) and the Act to establish a legal framework for information technology (“AELFIT”). While these changes will affect both public bodies and private businesses, this article focuses exclusively on the new requirements for public bodies covered by the Access Act.  We have prepared an amended version of the Access Act in order to reflect the exact changes brought about by Bill 64. 1. Strengthening consent mechanisms and increasing individual control over personal information By way of Bill 64, some important changes were made to the notion of consent when disclosing personal information to public bodies. From now on, any time an individual’s consent is required by the Access Act, public bodies must ensure that the concerned individual’s consent is given separately from any other disclosed information (s. 53.1). Furthermore, any consent to the collection of sensitive personal information (e.g., health or financial information that gives rise to a reasonable expectation of privacy) will have to be expressly obtained from the data subject (s. 59). The amended Access Act now also provides that minors under the age of 14 must have a parent or a guardian consent to the collection of their personal information. For minors over the age of 14, consent can be given either directly by the minor or by their parent or guardian (s. 53.1). The right to data portability is one of the new rights enforced by Bill 64. These added provisions to the Access Act allow data subjects to obtain data that a public body holds on them in a structured and commonly used technological format and to demand that this data be released to a third party (s. 84). Whenever a public body renders a decision based exclusively on automated processing of personal information, the affected individual must be informed of this process. If the decision produces legal effects or otherwise affects the individual concerned, upon request, the public body must also disclose to the individual (i) the personal information used in reaching the decision, (ii) the reasons and main factors leading to the decision, and (iii) the individual’s right to have this personal information rectified (s. 65.2).  Furthermore, public bodies that use technology to identify, locate or profile an individual must now inform the affected individual of the use of such technology and the means that are available to them in order to disable such functions (s. 65.0.1). 2. New personal data protection mechanisms Public bodies will now be required to conduct a privacy impact assessment whenever they seek to implement or update any information system that involves the collection, use, disclosure, retention or destruction of personal data (s. 63.5). This obligation will effectively compel public bodies to consider the privacy and personal information protection risks involved in a certain project at its outset. In fact, the Access Act now states that every public body must create an access to information committee, whose responsibilities will include offering their observations in such circumstances. 3. Promoting transparency and accountability for public bodies The changes brought about by Bill 64 also aim to increase the transparency of processes employed by public bodies in collecting and using personal data, as well as placing an emphasis on accountability. As such, public bodies will now have to publish on their websites the rules that govern their handling of personal data in clear and simple language (s. 63.3). These rules may take the form of a policy, directive or guide and must set out the various responsibilities of staff members with respect to personal information. Training and awareness programs for staff should also be listed. Any public body that collects personal information through technological means will likewise be required to publish a privacy policy on their website. The policy will have to be drafted in clear and simple language (s. 63.4). The government may eventually adopt regulations to specify the required content of such privacy policies. Moving forward, public bodies will also have to inform data subjects of any personal data transfer outside of the province of Quebec (s. 65). Any such transfer will also need to undergo a privacy impact assessment, which will include an analysis of the legal framework applicable in the State where the personal information will be transferred (s. 70.1). Furthermore, any transfer of personal data outside of Quebec must be subject to a written agreement that takes into account, in particular, the results of the privacy impact assessment and, if applicable, the agreed-upon terms to mitigate the risks identified in the assessment (s. 70.1). A public body that wishes to entrust a person or body outside of Quebec with the task of collecting, using, communicating or retaining personal information on its behalf will have to undertake a similar exercise (s. 70.1 (3)). 4. Managing confidentiality incidents Where a public body has reason to believe that a confidentiality incident (which is defined in Bill 64 as the access, use, disclosure or loss of personal information) has occurred, public bodies will be required to take reasonable steps to mitigate the injury caused to the affected individuals and to reduce the risk of further confidentiality incidents occurring in the future (s. 63.7). In addition, where the confidentiality incident poses a risk of serious harm to the affected individuals, these individuals and the Commission d’accès à l’information (“CAI”) must be notified (unless doing so would interfere with an investigation to prevent, detect or suppress crime or violations of law) (s. 63.7). Public bodies must now also keep a register of confidentiality incidents (s. 63.10), a copy of which must be sent to the CAI upon request. 5. Increased powers for the CAI Bill 64 also grants the CAI an arsenal of new powers aiming to ensure that public bodies, as well as private companies, comply with privacy laws. For example, in the event of a confidentiality incident, the CAI may order any public body to take appropriate action to protect the rights of affected individuals, after allowing the public body to make representations (s. 127.2). Furthermore, the CAI now has the power to impose substantial administrative monetary penalties, the value of which may reach up to $150,000 for public bodies (s. 159). In the event of repeat offences, fines will be doubled (s. 164.1). 6. Coming into force The amendments made by Bill 64 will come into force in several stages. Most of the new provisions of the Access Act [DM1] will come into force two years after the date of assent, which was granted on September 22, 2021. However, some specific provisions will take effect one year after that date, including: The requirements regarding actions to be taken in response to confidentiality incidents (s. 63.7) and the powers of the CAI upon disclosure by an organization of a confidentiality incident (s. 137.2); and The exception to disclosure without consent for research purposes (s. 67.2.1). Conclusion The clock is now ticking for public bodies to implement the necessary changes in order to comply with the new privacy requirements outlined in Bill 64, which received official assent on September 22, 2021. We invite you to consult our privacy specialists to help ensure proper compliance with the new requirements of the updated Access Act. The Lavery team would be more than pleased to answer any questions you may have regarding the upcoming changes and the potential impacts on your org

Bill 64, also known as the Act to modernize legislative provisions respecting the protection of personal information, was adopted on September 21, 2021, by the National Assembly of Québec. It amends some 20 laws relating to the protection of personal information, including the Act respecting access to documents held by public bodies ("Access Act"), the Act respecting the protection of personal information in the private sector ("Private Sector Act") and the Act respecting the legal framework for information technology. While the changes will affect both public bodies and private businesses, this publication will focus on providing an overview of the new requirements for private businesses covered by the Private Sector Act. We have prepared an amended version of the Private Sector Act in order to reflect the exact changes brought about by Bill 64. Essentially, the amended Private Sector Act aims to give individuals greater control over their personal information and promote the protection of personal information by making businesses more accountable and introducing new mechanisms to ensure compliance with Québec’s privacy rules. The following is a summary of the main amendments adopted by the legislator and the new requirements imposed on businesses in this area. It is important to note that, for the most part, the new privacy regime will come into effect in two years. 1. Increasing transparency and individual control over personal information The new Private Sector Act establishes the right of individuals to access information about themselves collected by businesses in a structured and commonly used technological format. Data subjects will now also be able to require a business to disclose such information to a third party, as long as the information was not “created or inferred” by the business (s. 27). This right is commonly referred to as the “right to data portability.” Businesses now have an obligation to destroy personal information once the purposes for which it was collected or used have been fulfilled. Alternatively, businesses may anonymize personal information in accordance with generally accepted best practices in order to use it for meaningful and legitimate purposes (s. 23). However, it is important that the identity of concerned individuals can never again be inferred from the retained information. This is a significant change for private businesses which, under the current law, can still retain personal information that has lapsed. In addition, Bill 64 provides individuals with a right to “de-indexation.” In other words, businesses will now have to de-index any hyperlink that leads to an individual’s personal information where dissemination of such personal information goes against the law or a court order (s. 28.1). Additionally, whenever a business uses personal information to render a decision based exclusively on an automated processing of such information, it must inform the concerned individual of the process at the latest when the decision is made (s. 12.1). The individual must likewise be made aware of their right to have the information rectified (s. 12.1). Bill 64 provides that the release and use of nominative lists by a private company for commercial or philanthropic prospecting purposes are now subject to the consent of concerned data subjects. Furthermore, in an effort to increase transparency, businesses will now be required to publish their rules of governance with respect to personal information in simple and clear terms on their website (s. 3.2). These rules may take the form of a policy, directive or guide and must, among other things, set out the various responsibilities of staff members with respect to personal information. In addition, businesses that collect personal information through technology will also be required to adopt and publish a privacy policy in plain language on their website when they collect personal information (s. 8.2). The amended Private Sector Act further provides that businesses that refuse access to information requests, in addition to giving reasons for their refusal and indicating the relevant sections of the Act, must now assist applicants in understanding why their request was denied when asked to (s. 34). 2. Promoting privacy and corporate accountability Bill 64 aims to make businesses more accountable for the protection of personal information, as exemplified by the new requirement for businesses to appoint a Chief Privacy Officer within their organization. By default, the role will fall upon the most senior person in the organization (s. 3.1). In addition, businesses will be required to conduct privacy impact assessments (“PIA”) for any information system acquisition, development or redesign project involving the collection, use, disclosure, retention or destruction of personal information (s. 3.3). This obligation forces businesses to consider the privacy and personal information protection risks involved in a project at its outset. The PIA must be proportionate to the sensitivity of the information involved, the purpose for which it is to be used, its quantity, distribution and medium (s. 3.3). Businesses will likewise be required to conduct a PIA when they intend to disclose personal information outside Québec. In these cases, the purpose of the PIA will be to determine whether the information will be adequately protected in accordance with generally accepted privacy principles (s. 17). The extra-provincial release of personal information must also be subject to a written agreement that takes into account, among other things, the results of the PIA and, if applicable, the terms and conditions agreed to in order to mitigate identified risks (s. 17(2)). The disclosure of personal information by businesses for study, research or statistical purposes is also subject to a PIA (s. 21). The law is substantially modified in this regard, in that a third party wishing to use personal information for such purposes must submit a written request to the Commission d'accès à l'information (“CAI”), attach a detailed description of their research activities and disclose a list of all persons and organizations to which it has made similar requests (s. 21.01.1 and 21.01.02). Businesses may also disclose personal information to a third party, without the consent of the individual, in the course of performing a service or for the purposes of a business contract. The mandate must be set out in a written contract, which must include the privacy safeguards to be followed by the agent or service provider (s. 18.3). The release of personal information without the consent of concerned individuals as part of a commercial transaction between private companies is subject to certain specific requirements (s. 18.4). The amended Private Sector Act now defines a business transaction as “the sale or lease of all or part of an enterprise or its assets, a change in its legal structure by merger or otherwise, the obtaining of a loan or other form of financing by it, or the taking of a security interest to secure an obligation of the enterprise” (s. 18.4). Bill 64 enshrines the concept of “privacy by default,” which means that businesses that collect personal information by offering a technological product or service to the public with various privacy settings must ensure that these settings provide the highest level of privacy by default, without any intervention on behalf of their users (s. 9.1). This does not apply to cookies. Where a business has reason to believe that a privacy incident has occurred, it must take reasonable steps to reduce the risk of harm and the reoccurrence of similar incidents (s. 3.5). A privacy incident is defined as “the access, use, disclosure or loss of personal information” (s. 3.6). In addition, businesses are required to notify concerned individuals and the CAI for each incident that presents a serious risk of harm, which is assessed in light of the sensitivity of the concerned information, the apprehended consequences of its use and the likelihood that it will be used for a harmful purpose (s. 3.7). Companies will furthermore be required to keep a confidentiality incident log that must be made available to the CAI upon request (s. 3.8). 3. Strengthening the consent regime Bill 64 modifies the Private Sector Act to ensure that any consent provided for in the Act is clear, free and informed and given for specific purposes. This means that consent must be requested for each of the purposes of the collection, in simple and clear terms and in a clearly distinct manner, to avoid consent being obtained through complex terms of use that are difficult for individuals to understand (art. 14). The amended Private Sector Act now provides that minors under the age of 14 must have a parent or a guardian consent to the collection of their personal information. For minors over the age of 14, consent can be given either directly by the minor or by their parent or guardian (s. 14). Within an organization, consent to the disclosure of sensitive personal information (e.g., health or other intimate information) must be expressly given by individuals (s. 12). 4. Ensuring better compliance The Private Sector Act has likewise been amended by adding new mechanisms to ensure that businesses subject to the Private Sector Act comply with its requirements. Firstly, the CAI is given the power to impose hefty dissuasive administrative monetary penalties on offenders, which can be as high as $10,000,000 or 2% of the company's worldwide turnover (s. 90.12). In the event of a repeat offence, the fine will be doubled (s. 92.1). In addition, when a confidentiality incident occurs within a company, the CAI may order it to take measures to protect the rights of affected individuals, after allowing the company to make observations (s. 81.3). Secondly, new criminal offences are added to the Private Sector Act, which may also lead to the imposition of severe fines. For offending companies, such fines can reach up to $25,000,000 or 4% of their worldwide turnover (s. 91). Finally, Bill 64 creates a new private right of action. Essentially, it provides that when an unlawful infringement of a right conferred by the Private Sector Act or by articles 35 to 40 of the Civil Code of Québec results in prejudice and the infringement is intentional or the result of gross negligence, the courts may award punitive damages of at least $1,000 (s. 93.1). 5. Coming into force The amendments made by Bill 64 will come into force in several stages. Most of the new provisions of the Private Sector Act will come into force two years after the date of assent, which was granted on September 22, 2021. However, some specific provisions will take effect one year after that date, including: The requirement for businesses to designate a Chief Privacy Officer (s. 3.1); The obligation to report privacy incidents (s. 3.5 to 3.8); The exception for disclosure of personal information in the course of a commercial transaction (s. 18.4); and The exception to disclosure of personal information for study or research purposes (s. 21 to 21.0.2). Finally, the provision enshrining the right to portability of personal information (s. 27) will come into force three years after the date of official assent. The Lavery team would be more than pleased to answer any questions you may have regarding the upcoming changes and the potential impact of Bill 64 on your business. The information and comments contained in this document do not constitute legal advice. They are intended solely for the use of the reader, who assumes full responsibility for its content, for their own purposes.

On September 8, 2021, Mr. Éric Girard, Minister of Finance, presented his Draft Regulation specifying the classes of liability insurance contracts that may derogate from public policy rules previously applicable to liability insurance (the “Draft Regulation”), namely those set out in articles 2500 and 2503 of the Civil Code of Québec (“CCQ”) concerning the insurer’s duty to defend and the exclusive application of insurance coverage to injured third parties. Background Since May 27, 2021, article 2503 CCQ reads as follows: The insurer is bound to take up the interest of any person entitled to the benefit of the insurance and assume his defence in any action brought against him. Legal costs and expenses resulting from actions against the insured, including those of the defence, and interest on the proceeds of the insurance are borne by the insurer over and above the proceeds of the insurance. However, the Government may, by regulation, determine categories of insurance contracts that may depart from those rules and from the rule set out in article 2500, as well as classes of insureds that may be covered by such contracts. The Government may also prescribe any standard applicable to those contracts. When Bill 82 was introduced for adoption, the Minister of Finance seemed to suggest that the categories that would benefit would be public companies and liability insurance for directors and officers. Although small and medium-sized enterprises are not covered by the Draft Regulation, it does provide for several categories of insureds that may benefit from exemptions. Draft Regulation – covered categories The Draft Regulation appears to cover “any liability insurance contract,” but sets out conditions that must be met by an insured in order to benefit from exemptions. Finally, many businesses and their directors and officers will be entitled to subscribe to policies that do not comply with articles 2500 and 2503 CCQ. Here is a summary of exemptions:  Section 1 Category of insured Drug manufacturers under the Act respecting prescription drug insurance; Certain corporations incorporated under a private bill;1 and Directors, officers and trustees of such businesses, except for their activities as members of a pension committee. Exemptions These insureds may subscribe to policies that depart from the rules set out in article 2500 CCQ and those set out in the first and second paragraphs of article 2503 CCQ.2 Section 2 Category of insured Companies not referred to in section 1, but meeting one of the following conditions “where the total coverage under all the civil liability insurance contracts subscribed by that insured is at least $5,000,000”: Large businesses for the purpose of the Act respecting the Québec sales tax; that is, businesses that have total taxable sales in a given fiscal year in excess of $10 million; A reporting issuer or subsidiary of such reporting issuer within the meaning of the Securities Act; A foreign business corporation within the meaning of the Taxation Act (chapter I-3) or the Income Tax Act; that is, a company that is not resident in Canada; and A corporation that pursues an activity outside Canada and derives income from that activity. Directors, officers and trustees of such businesses, except for their activities as members of a pension committee. Exemptions These insureds may subscribe to policies that depart from the rules set out in article 2500 CCQ and those set out in the first and second paragraphs of article 2503 CCQ. Section 3 Category of insured Businesses not referred to in sections 1 and 2 that conduct activities to provide services provided for in the Act respecting health services and social services as: An intermediate resource not referred to in the Act respecting the representation of family-type resources and certain intermediate resources and the negotiation process for their group agreements (chapter R-24.0.2) and who is a support for elderly autonomy-type resource; A private seniors’ residence; or A private health and social services institution operating a residential and long-term care centre or rehabilitation centre. Directors, officers and trustees of such businesses, except for their activities as members of a pension committee. Exemptions These insureds may subscribe to policies that depart from the rules set out in article 2500 CCQ and those set out in the second paragraph of article 2503 CCQ only. Section 4 Category of insured Businesses that are not covered by section 2, for example because they do not have total coverage of at least $5,000,000, and that have operations outside of Canada and earn income from them. However, exemptions are possible only for coverage of these foreign activities. Policies covering the Canadian operations of businesses must comply with the rules set out in the public interest.   Exemptions These insureds may purchase policies that depart from the rules set out in article 2500 CCQ and those set out in the first and second paragraphs of article 2503 CCQ. Section 6 Category of insured Businesses not referred to in any of sections 1 to 3 having primary liability insurance contracts in accordance with the provisions of articles 2500 and 2503 CCQ, covering legal costs and expenses resulting from actions against them, including those of the defence, and interest on the proceeds of the insurance. Exemptions These insureds may subscribe to complementary policies that depart from the rules set out in article 2500 CCQ and those set out in the first and second paragraphs of article 2503 CCQ. The Draft Regulation also stipulates that where an insurance policy does not provide for an obligation for an insurer to assume an insured’s defence (first paragraph of article 2503 CCQ), the insured retains the right to select counsel, but must keep the insurer informed of the progress of the proceedings and allow it to participate in the defence. Finally, the government, in article 8 of the Draft Regulation, provides that the proceeds of the insurance that are not applied exclusively to the payment of injured third parties may not exceed 50% of the proceeds of the insurance, unless the insured is found not to be liable or unless the payments to injured third parties do not reach such 50%. However, where a minimum amount of liability insurance coverage is required by law, that amount must be applied in full to the payment of injured third parties without regard to the exceptions discussed above. What to expect While some will welcome the government’s openness in allowing policyholders and insurers to relax certain obligations that may have contributed to a tightening insurance market in Quebec, others will fear the consequences that these changes may have, in particular on the availability of “non-exempt” insurance policies for insureds covered by the Draft Regulation.  In any case, this is a significant change that will generate much discussion between risk managers, market intermediaries and underwriters.  Also, some may be interested in obtaining additional information or commenting on the Draft Regulation. Information requests may be directed to the Direction générale du droit corporatif et des politiques relatives au secteur financier, Ministère des Finances, and comments may be made in writing to the attention of the Minister of Finance before October 23, 2021. Do not hesitate to contact a member of Lavery’s insurance team in connection with the above. Act constituting Capital régional et coopératif Desjardins (C-6.1), Act to establish Fondaction, le Fonds de développement de la Confédération des Syndicats Nationaux pour la Coopération et l'emploi (F-3.1.2) and Act to establish the Fonds de solidarité des travailleurs du Québec (F-3.2.1). As reproduced above, the first paragraph of article 2500 CCQ concerns the insurer’s obligation to assume the defence of the insured with respect to covered claims, and the second paragraph specifies that the insurer assumes the legal costs, interest and expenses, over and above the proceeds of the insurance.