The United States–Mexico–Canada Agreement (USMCA) enters into effect on July 1, 2020. Nicknamed “NAFTA 2.0” because it replaces the North America Free Trade Agreement (NAFTA), the USMCA addresses a number issues that had not been tackled by its predecessor, conceived and negotiated almost 30 years ago, at the down of the commercial Internet. In its Chapter 19 – Digital Trade, the USMCA focuses on the trading of digital products, such as computer programs, image, text, video, sound recording or other products that are digitally encoded and can be transmitted electronically. Several Articles focus on cybersecurity, privacy, data localization, and cross-border data transfers, which should be of interest to cloud providers and cloud users. Other areas of interest include, protection against unsolicited commercial communication, source code protection, prohibition against the application of customs duties, and internet platform liability for third party content.(more…)
Barry Sookman, Daniel Glover, Roland Hung and Keith Rose
SCC Strikes Down Alberta Privacy Legislation on Speech Grounds
This morning, the Supreme Court of Canada released Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401, 2013 SCC 62, an important decision relating to the intersection of freedom of expression and protection of privacy and, in the process, struck down Alberta’s Personal Information Protection Act, SA 2003, c. P-6.5 ( “PIPA”). At issue were the privacy rights created by the PIPA and the right to free expression, which is constitutionally enshrined as section 2(b) of the Canadian Charter of Rights and Freedoms (the “Charter”).
The case arose from a strike in 2006, at the Palace Casino in Edmonton. Both the union and the employer videotaped the picket line, which was located in a shopping mall. The evidence on record suggests that recording picket lines was standard practice in Alberta at the time. The union posted notices at the site that recordings of people crossing the picket line might be posted to a web site.
Certain individuals, including officers of the employer, employees, and other members of the public, filed complaints with Alberta’s Information and Privacy Commissioner, under PIPA. The record indicates that the complainants were recorded crossing the picket line, but that no such recordings of any of the complainants were ever posted on the web site.
The Adjudicator concluded that the union did not have the right to collect and use the recordings. The union applied for judicial review and the chambers judge struck down certain portions of PIPA. [United Food and Commercial Workers, Local 401 v Alberta (Information and Privacy Commissioner), 2011 ABQB 415.] The Alberta Court of Appeal upheld the conclusion that portions of the Act were unconstitutional. [United Food and Commercial Workers, Local 401 v Alberta (Attorney General), 2012 ABCA 130.]
Daniel Glover, Roland Hung and Shannel Rajan
Manitoba Joins the Ranks of Other Provinces in Enacting its own Private Sector Privacy Legislation
The Government of Manitoba recently enacted the Personal Information Protection and Identity Theft Prevention Act (PIPITPA) to regulate the collection, use and disclosure of personal information by the private sector in Manitoba. The statute has not come into force, but this enactment is momentous, as it will enable Manitoba to join the ranks of Alberta, British Columbia and Quebec, which all have their own private sector privacy legislation that is “substantially similar” to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). Manitoba is also the first province to move in this direction with an all‑encompassing private sector law since 2004.
This significant moment in privacy law in Canada cannot escape a historic parallel. Despite its title, the PIPITPA is almost identical to the 2009 version of Alberta’s Personal Information Protection Act (2009 Alberta PIPA), with word-for-word similarities in many places. Similar to the 2009 Alberta PIPA, the PIPITPA is organized by divisions of purpose, protection, access and care, regulation, as well as general provisions. The key differences are that the Alberta legislation takes a different approach on breach notification and on the role of the Privacy Commissioner. Accordingly, many of the experiences under the Alberta Personal Information Protection Act (Alberta PIPA) will help guide organizations in Manitoba as to their risks and obligations. Likewise, the case law in Alberta should guide Manitoba courts whenever privacy litigation arises.
This article will focus on how these two statutes compare and provide commentary on what organizations can do to prepare for the coming into force of the PIPITPA.