Packed with valuable information, our publications help you stay in touch with the latest developments in the fields of law affecting you, whatever your sector of activity. Our professionals are committed to keeping you informed of breaking legal news through their analysis of recent judgments, amendments, laws, and regulations.
From “Safe Harbor” to “Privacy Shield”: laying the groundwork for a new agreement on transatlantic data transfer with the United States
The United States and the European Union recently concluded a new agreement aimed at allowing U.S. companies to continue to collect, use and disclose personal information concerning European citizens, while still preserving their fundamental rights. To properly understand the importance of this new agreement, one must be aware that the Court of Justice of the European Union, in a decision rendered on October 6, 2015, had declared invalid the previous data sharing framework, known as "Safe Harbour", which governed the holding of personal information regarding European nationals by numerous American companies, including Web giants such as Facebook and Google. This transnational agreement provided for a self-certification mechanism for U.S. companies by which they undertook to abide by a certain number of guiding principles applicable in the European Economic Area (EEA), pursuant to which these companies could obtain the authorization to collect and store personal information originating from the European Union. Such an agreement was necessary to allow U.S. companies to hold personal information about European citizens because the legislative framework applicable in the United States does not offer "an adequate level of protection" for personal information as compared with that required by European authorities. However, in the wake of the revelations by Edward Snowden regarding the mass surveillance by U.S. authorities of the computer data of several large corporations, an Austrian citizen, Maximillian Schrems, sought and obtained the invalidation by the Court of Justice of the European Union of the Safe Harbour Agreement.1 The Court held that the “legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life”. While this decision was, in principle, supposed to apply immediately, the Data Protection Working Party (known as the “WP29”) — an independent European advisory board on data protection and privacy — urged the European institutions and the U.S. government to act by January 31, 2016 to agree to an alternative solution. It was in this context that the European Commission made the highly anticipated announcement, on February 2, 2016, of a new agreement in principle with the United States, dubbed the "Privacy Shield". The details of this agreement have not yet been disclosed, but we already know that this new mechanism will entail stricter obligations and tighter control of U.S. companies that deal with information of a personal nature originating from the European Union. Furthermore, access by U.S. authorities to this information is expected to be more closely regulated and more transparent. While, in theory, this agreement does not directly affect Canadian companies that collect, use or disclose personal information regarding European citizens, any such companies having an American subsidiary or a place of business in the United States and which collect personal information from Europe, as well as Canadian companies mandating third parties located in the United States with tasks that require the communication of personal information on European nationals, e.g. for hosting purposes, would be well advised to ensure they comply with the conditions of this new agreement when it takes effect. Stay tuned for more updates. Schrems v. Data Protection Commissioner, 2000/520/CE, Court of Justice of the European Union, 6 Octobre 2015.
Canada’s Anti-spam Legislation : Phase 2 comes into force and first monetary penalty imposed
New Anti-Spam Law: Better Act Quickly
In December 2010, the federal Parliament passed the Act to Promote the Efficiency and Adaptability of the Canadian Economy by Regulating Certain Activities1 that Discourage Reliance on Electronic Means of Carrying out Commercial Activities, better known as the “Canada’s Anti Spam Legislation” (CASL or the “Act”). The purpose of the Act is mainly to protect Canadian consumers and businesses against unsolicited spam messages, false or misleading commercial representations, malicious software and other electronic threats. It is scheduled to come into force on July 1, 2014. The new regime is based on a opt-in mechanism rather than through exclusion. As such, after July 1st, sending a commercial electronic message will be prohibited unless the recipient has consented to receiving it. Canadian businesses using electronic mail or social networks to inform and solicit customers will therefore have to review their practices in order to comply with the law, failing which they will be liable to administrative penalties and civil suits. However, transition measures are provided to give businesses time to adjust their practices.The definition of “commercial electronic message” within the meaning of the Act is wide and covers all electronic messages, including text messages (commonly called SMS), sound, vocal or visual messages in respect of which it is reasonable to conclude that their purpose is to encourage participation in a commercial activity. For instance, an electronic message which promotes an offer to purchase, sell or rent a product or a service constitutes a commercial electronic message covered under the Act. Such is also the case for an electronic message promoting a person as a purchaser, seller or renter of a product or service or involved in the areas of business, investment or gaming.Since non commercial activities are not covered under the Act, it must be noted that political parties, charitable organizations and corporations conducting market studies or surveys are generally not covered under the Act, unless their electronic messages are related to the sale or promotion of a product.Furthermore, the Act provides for many exceptions, such as messages sent between persons having a personal or family relationship or commercial electronic messages responding to a recipient who requested information on prices or estimates for the provision or delivery of goods, products or services.For the time being, the prohibition does not cover verbal communications by phone, which are currently governed by the Telecommunications Act2, particularly through the National Do Not Call List. However, this exception may be revoked by order-in-council if the government deems it appropriate.EXPRESS OR IMPLIED CONSENT OF THE RECIPIENTThe required consent for sending a commercial electronic message may be express or implied. The situations where the sender of such a message may rely on the implied consent of the recipient are set out in the Act. For instance, the Act provides that there is implied consent where the sender and the recipient have or had an ongoing business relationship within the two years preceding the date the message is sent. The same applies where the recipient asked the sender about products, goods or services during a 6-month period preceding the date of the message.The consent of the recipient is also implied if he or she has conspicuously published his or her electronic address without adding a statement whereby the recipient does not wish to receive unsolicited commercial electronic messages, to the extent that the message is relevant to the recipient’s employment or business or functions in such business.The consent is also implied where the recipient communicated his or her electronic address to the sender without indicating that he or she does not wish to receive unsolicited commercial electronic messages, again to the extent that the message is relevant to the recipient’s employment or business or functions in such business.Lastly, the existence of private relationships between the sender and the recipient within the two-year period immediately before the day on which the message is sent also allows for inferring the implied consent of the recipient to a commercial electronic message being sent in the cases provided in the Act.In all other cases where the Act does allow for inferring an implied consent, the express consent of the recipient is required for sending a commercial electronic message. Such consent is not presumed and the burden of proof lies with the sender.To obtain this consent, the sender must set out clearly and simply the purposes for which the consent is being sought and also the information that identifies the person seeking consent (or if the person is seeking consent on behalf of another person, information that identifies that other person). The scope of information which is required to be provided to identify the person seeking consent is set out in the regulations.It is important to note that after July 1st, a request for consent will in itself constitute a commercial electronic message. It will therefore not be possible to request such consent using an electronic mean, subject to certain exceptions.MECHANISM FOR WITHDRAWING CONSENT AND FORM OF COMMERCIAL ELECTRONIC MESSAGESThe Act provides that any person sending a commercial electronic message to another person must implement an unsubscribe mechanism allowing the recipient to withdraw his or her consent to receive commercial electronic messages from that sender. The sender must allow the recipient to express his or her will by electronic means, either by electronic mail or through a website, without cost and at any time. The sender must give effect to any withdrawal within a 10-day period.The description of this withdrawal mechanism must appear in the commercial electronic message which must, in addition, include information that identifies the person who sends the message or, if the message is sent on behalf of another person, the information that identifies the person who sends the message and the person on whose behalf it is sent. The commercial electronic message must also indicate the postal address and either the phone number to reach a service agent or a voicemail service, or the electronic mail address or the address of the website of the person who sends the message or, if applicable, the address of the website of the person on whose behalf it is sent.If it is practically impossible to include this information and the withdrawal mechanism in the commercial electronic message, they may be posted on an easily accessible web page without charge to the recipient through a link indicated clearly and prominently in the message.ADMINISTRATIVE PENALTIES AND PRIVATE RIGHT OF ACTIONThe Act provides for severe penalties for persons who fail to comply with its provisions. Contraveners are liable to administrative monetary penalties of up to $1,000,000 in the case of an individual, and $10,000,000 in the case of any other person.Furthermore, the existence of a private right of action against the sender of an unsolicited commercial electronic message constitutes a crucial point of this new regime. The Act allows any person suffering a loss or harm as a result of non-compliance with the provisions of the Act by the sender of a commercial electronic message to apply to a court of competent jurisdiction for a judgment ordering the sender to pay him or her the amount of such damages, plus liquidated damages of up to $1,000,000. For instance, the recipients of a spam message who suffer damages after relying on misleading information found therein may institute a class action to pursue their common claims on the basis of this new Act.CONCLUSIONUnsolicited electronic messages are a nuisance which warrant action. Canada is the only G8 jurisdiction which had not yet taken specific measures to regulate or prohibit spam messages. However, the obligation to obtain the consent of the recipients of commercial electronic messages, who in most cases have nothing to do with the spam messages, will constitute a difficult and costly burden for many businesses.It is therefore important that businesses review their electronic mailing lists to ensure that they comply with the provisions of the Act, namely, that the persons whose names are included have given their express consent to receive commercial electronic messages from the businesses or that the businesses can rely on the implied consent of such persons, failing which the businesses will have to obtain adequate consents. Again, contravening businesses will be liable to substantial penalties and claims which may exponentially increase through class actions involving hundreds if not thousands of recipients who allege that they suffered damages._________________________________________1 S.C. 2010, c. 23.2 S.C. 1993, c. 38.
Quarterly legal newsletter intended for accounting, management, and finance professionals, Number 10
Limited Partners: a Closer Look at Your Liability Voluntary Disclosure: Is It Still a Worthwhile Option for Repenting Taxpayers? The Court of Appeal Recognizes the Right to Claim Legal Fees from a Defaulting Debtor The Superior Court’s Decision in Chambre des notaires du Québec v. Canada (Procureur général)
The Superior Court of Québec rules that requirements to provide documents or information under section 231.2 of the Income Tax Act are unconstitutional and of no force and effect insofar as they relate to lawyers and notaries
On April 28, 2005, the Chambre des notaires du Québec filed a petition to declare unconstitutional and of no force and effect requirements issued by the Canada Revenue Agency (CRA) under sections 231.2 and 231.7 as well as subsection 5 of section 232(1) of the Income Tax Act, R.S.C. 1985, c. 1 (5th Supp.) (ITA) to obtain documents or information prima facie protected by professional secrecy.
Legal newsletter for business entrepreneurs and executives, Number 3
The member-funded pension plan: a defined benefit pension plan that limits the employer’s financial risk Doing business with the government: a question of transparency Your company and the influenza H1N1 flu pandemic