Log in
Log in


  • 19 Apr 2023 3:15 PM | CAN-TECH Law (Administrator)

    SPECIAL OFFER FOR STUDENTS: Sign up to attend and get 2023 membership, all for one low price!

    CAN-TECH Law is extending a special invitation to students to save on conference and student membership fees for 2023. Students can attend the sessions and get membership for $100. Read more about all the benefits of CAN-TECH membership below. 

    This year, CAN-TECH is taking a fresh approach to Spring Conference. Remote work has left knowledge gaps in practice fundamentals necessary for success as a junior practitioner in Technology Law. This program will focus on closing those gaps by providing core literacy on key transactional issues for technology lawyers.

    We will be hosting a one-day program with hybrid in-person and webcast sessions from five satellite locations across the country. Join us at one of our five locations to get insight beyond the classroom from our panels of leaders in the technology law field while getting to know your local colleagues.

    Please note that there will not be an option to attend this conference remotely.

    Conference Co-chairs:

    • Danielle Graff, Partner, MLT Aikens LLP
    • Jacob Kojfman, Senior Legal Counsel, The Co-operators Group Ltd.

    This program contains 1 hour(s) and 0 minutes of Professionalism Content.

    This program will provide 4 substantive hours of CPD.

    Vancouver: 9 am to 2 pm PT
    Hosted by McCarthy Tétrault LLP (MAP)

    Damage and Recovery: Liability and Indemnities
    We are starting the day with what are often the last clauses to be negotiated: limitations of liability and indemnities. Our panel has spent years building, buying and selling software, services and software-as-a-service. They will share their experience, insights and interests when it comes to negotiating limitations of liability and indemnities. Topics will include:
    • What is “market” on limitations of liability (lump sum? fee multiples?)
    • Understanding what risks you are trying to allocate;
    • Alternatives to contractual risk allocation, such as insurance; and
    • Explaining all of this “lawyer stuff” to business teams.

    Moderator: Jacob Kojfman, Senior Legal Counsel, The Co-operators Group Limited
    • Rahim Esmail, Senior Counsel, Legal Services, TELUS
    • Dana Siddle, Partner, McCarthy Tétrault LLP
    Regina: 11 am to 4 pm CT
    Hosted by MLT Aikins LLP (MAP)

    You Can’t always Get What You Want: Service Levels
    Moderator: Danielle Graff, Partner, MLT Aikins LLP

    Toronto: 12 to 5 pm ET
    Hosted by Fasken (MAP)

    Everything is Awesome: Don’t Sleep on Everything Other Than Liability/SLAs and Cyber
    This session will provide an overview of three areas of a technology contract that are often overlooked, but remain essential to setting out clear expectations between the vendor and customer (i.e., termination, transition of services, and governance). Attendees can expect to come away with an understanding of the following:
    • Key considerations for termination provisions;
    • Language essential to transition of services provisions upon termination, including portability of data and unique considerations for certain types of agreements, such as transition-out provisions in "x-as-a-service" agreements; and
    • The importance of governance, including the interplay between governance and acceptance criteria and assessing whether there is capacity to meet governance processes.
    Moderator: Andrew Alleyne, Partner, Fasken
    • Mark Bowman, Senior Legal Counsel, Interac Corp.
    • Justice Agyemang, Senior Legal Counsel, HSBC Bank Canada
    Montreal: 12 to 5 pm ET
    Hosted by McCarthy Tétrault LLP (MAP)

    Every Breath You Take: Privacy and Cybersecurity
    Fittingly coming from Quebec – the home of Canada’s most dramatic privacy law changes – this panel will look at how privacy compliance and cybersecurity risk management work their way into commercial technology agreements. Topics will include:
    • Meeting statutory, industry and organizational requirements for privacy clauses;
    • Understanding the controller / processor relationship (if such a thing exists in Canada); and
    • Knowing what to look for, ask for and insist on for cybersecurity, including security provisions and incident notification.
    • Eugen Miscoi, Associate, McCarthy Tétrault LLP
    • Patrice Labonté, General Counsel North America, Valtech
    Halifax: 1 to 6 pm AT
    Hosted by McInnes Cooper (MAP)

    Bridge over Troubled Water: Achieving Success and Managing Expectation as a Junior Lawyer
    This program is designed to assist junior lawyers understand the skills necessary to achieve success and manage expectations within the legal profession. Topics to be covered in this interactive program include time management; goal setting; responsive communication; mentorship; and work-life balance. Panelled by seasoned technology lawyers with a broad array of in firm and in house experience, attendees will learn how to:
    • manage competing priorities;
    • identify and communicate areas of interest;
    • find a mentor and maximize value in the relationship; and
    • understand various legal environments (in firm, in house, etc.) and their growth opportunities.
    Moderator: Jennifer Davidson, Partner, Deeth Williams Wall LLP
    • Sarah Dykema, Partner, McInnes Cooper
    • Harj Gill, Corporate Counsel, NTT DATA Services

    The program will centre around issues in drafting and revising agreements; our team of experts in the field will take you through all the necessary steps in drafting and reviewing contracts. 

    Each location will host a live session, with the remaining four sessions live broadcast from cities coast to coast.


    • $125: CAN-TECH members
    • $150: Non-members
    • $50: CAN-TECH student members
    • $100: Student non-members (this includes registration for the event plus CAN-TECH membership for the remainder of 2023)

    Interested in registering small groups?

    • 3-4 registrants save 10%
    • 5 or more save 15%

    Email for details on group savings.

    Come out to learn, network and grow.

    Space is limited, be sure to register early!


    Why join CAN-TECH Law?

    Benefits of membership include:

    • Members only access to our Mentorship program
      • Partner with an expert for career advice and create lasting connections
    • Discounts on CAN-TECH conferences
      • Our Spring Conference program is built for junior lawyers and students specifically in mind. Learn the basics from our expert panels and make lasting connections
      • Our Fall Conference program brings together professionals from all career stages for learning, teaching and networking opportunities
    • Free attendance to most CAN-TECH roundtables
    • Access to members-only content and resources that include articles, conference content and videos
    • Networking opportunities with members of the IT bar nationwide
    • Get listed on our Member directory 
    • Volunteer opportunities with our active committees
      • Student members are encouraged to volunteer on our committees; have a voice in building programming for our membership, through roundtable events and conferences
    CAN-TECH provides you with opportunities to sharpen your practice, network and grow professionally, as well as access exclusive content to stay on top of the latest developments in national and global technology law.

    CAN-TECH is the only national legal association that is dedicated to all aspects of technology law and includes members from all areas of practice – large firms, small and solo practices, corporate counsel, government, academia and students.


  • 10 Mar 2023 5:09 PM | CAN-TECH Law (Administrator)

    British Columbia privacy commissioner releases tool for assessing and addressing privacy breaches

    Though British Columbia remains the last province with a private sector privacy law that does not mandate notification and reporting of serious privacy incidents, the Information and Privacy Commissioner of British Columbia has recently released a very user-friendly resource for the private sector on evaluating and responding to privacy incidents.

    For more details, please click here

  • 10 Mar 2023 5:05 PM | CAN-TECH Law (Administrator)

    When Is Your Data in Plain View?

    SCC splits on application of “plain view doctrine” to data search and seizure

    In R. v. McGregor, the accused was a Canadian military member who had been posted to the Canadian Embassy in Washington, D.C. An investigation by the Canadian Forces National Investigation Service (“CFNIS”) turned up evidence that he had committed the offences of voyeurism and possession of a device for surreptitious interception of private communications, during the course of his employment. In cooperation with local police in Virginia, where McGregor lived, the CNFIS obtained a warrant to search his residence and electronic devices, and to analyze any devices that were seized. While executing the search, forensic investigators scanned the contents of some of the devices and discovered what appeared to be evidence of other offences, including a sexual assault. They seized the items and brought them back to Canada, and then obtained a warrant to further analyze the contents of these devices. At trial, McGregor argued that the search and seizure had breached s. 8 of the Charter, but both levels of court found that, if the Charter applied, s. 8 had been complied with.

    For more details, please click here

  • 10 Mar 2023 4:45 PM | CAN-TECH Law (Administrator)

    What a SLAPP in the Face

    Nurses’ anti-vaccination defamation action against online reporting dismissed under anti-SLAPP legislation

    In Canadian Frontline Nurses v. Canadian Nurses Association, Justice Vermette of the Ontario Superior Court of Justice presided over an “anti-SLAPP motion” that arose from anti-vaccination protests in 2021. The plaintiffs were three former nurses and a not-for-profit organization (“CFN”) they had founded and/or were involved with. In September 2021 CFN organized 15 different “rallies/protests” that took place outside hospitals across Canada, at which various opinions were expressed regarding the effectiveness of COVID-19 vaccines, including that the “medical freedom” and “informed choice” of nurses and other health care workers was being infringed by mandatory vaccination policies. Various media coverage and public commentary ensued, including comments by: the defendant Canadian Nurses Association (CNA), a national advocacy organization for nurses; and the defendant Together News Inc. (TNI), a small regional media organization in British Columbia. Each of the defendants (along with other media outlets) published commentary that was critical of the CFN and the protests.

    The plaintiffs brought an action for defamation, and the defendants responded with a motion under section 137.1(3) of Ontario’s Courts of Justice Act. These are usually referred to as “anti-SLAPP motions,” as the court explained:
    • These provisions were enacted to mitigate the harmful effects of strategic lawsuits against public participation (also known as “SLAPPs”). SLAPPs are lawsuits initiated against individuals or organizations that speak out or take a position on an issue of public interest. They are generally initiated by plaintiffs who engage the court process and use litigation not as a direct tool to vindicate a bona fide claim, but as an indirect tool to limit the effectiveness of the opposing party’s speech and deter that party, or other potential interested parties, from participating in public affairs.

    For more details, please click here

  • 10 Mar 2023 4:23 PM | CAN-TECH Law (Administrator)

    Investor relations firm failed to disclose requisite information in social media posts

    The British Columbia Securities Commission found, in its decision of January 30, 2023, that an investor relations firm hired by five reporting issuers failed to disclosed clearly and conspicuously that materials disseminated via social media and otherwise were issued on behalf of the respective issuers. The obligation arises under s. 52(2) of the Securities Act of  British Columbia.
    • 52(2)   A person engaged in investor relations activities, and an issuer or security holder on whose behalf investor relations activities are undertaken, must ensure that every record disseminated, as part of the investor relations activities, by the person engaged in those activities clearly and conspicuously discloses that the record is issued by or on behalf of the issuer or security holder.

    For more details, please click here

  • 10 Mar 2023 12:53 PM | CAN-TECH Law (Administrator)

    Where sharing is unexpected or unobvious, consent needs to be explicitly obtained

    On January 26, 2023, the Office of the Privacy Commissioner of Canada (OPC) released a report of findings following its investigation into Home Depot of Canada Inc.’s compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA). The OPC concluded that organizations can’t rely on implied consent obtained via a privacy policy for certain unexpected uses and disclosures of customer personal information, even where that information isn’t sensitive in nature.

    The OPC’s investigation followed a complaint from a customer surprised to discover, upon a review of his Facebook account information, that Facebook had a record of many of his in-store purchases from Home Depot. In the course of the investigation, the retailer confirmed that when in-store customers chose to receive their receipt by email instead of or in addition to a paper receipt, it forwarded to Meta the customer’s hashed email address and in-store purchase details (for example, date and dollar amount of purchase, and general type of purchase) for analysis using Meta’s “Offline Conversions” tool. Meta would then match the hashed email address to determine if it had a Facebook account that corresponded to that email address. If the customer had a Facebook account, Meta would compare the customer’s offline purchase information to the retailer’s ads delivered to the customer by Meta to measure the effectiveness of those ads. If, for example, the customer had purchased goods in-store that had been previously advertised to the customer via Meta’s advertising tools, that would indicate the effectiveness of that particular ad. Meta would provide the results of that analysis back to the retailer in the form of an aggregated report, giving insight into the impact of its advertising on its customers’ ‘offline’ purchasing behavior. This report that was provided back to Home Depot would not identify any particular customers, but give broader insights into the general effectiveness of its online ads.

    For more details please click here

  • 12 Dec 2022 9:34 AM | CAN-TECH Law (Administrator)

    Ontario Court of Appeal holds that accused had no standing to challenge search of vehicle he rented under a false name

    In R. v. Dosanjh, the accused was convicted of first degree murder, arising from having shot the victim and escaped in a “getaway car” moments later. Among the evidence against him was data taken from the vehicle’s “infotainment system” that, among things, tracked the movement of the car. At trial the tracking data was admitted after the trial judge refused to exclude the evidence despite finding a breach of s. 8 of the Charter. On appeal, the accused argued that the trial judge had made various errors in this analysis, and the Crown countered with the argument that, since the accused had rented the car using a false name, the trial judge had erred in finding the accused even had standing to raise the s. 8 breach. The Court of Appeal agreed with the Crown, holding that the trial judge had erred in finding that the accused’s subjective expectation of privacy in the data was also objectively reasonable, and without this the accused had no standing to argue the breach.

    For the Court Fairburn ACJO held:

    [124]   Not all biographical core information is made equal. In relation to each set of data, the trial judge should have calibrated the degree to which the appellant’s biographical core of personal information was engaged. We are not talking here about medical records, private communications or the like, all of which presumptively contain a high degree of personal information. Rather, we are talking about information that rests further down the privacy line.

    [125]   As for the contact list, it was not even the appellant’s contact list. While it may have held the appellant’s number and name, thereby connecting the appellant to Mr. Passi, there was nothing more that could have engaged the appellant’s privacy interest.

    [126]   While I accept that GPS data stored in an Infotainment system can inform where a car was and, by implication, where the driver was during a specific period of time, it is really just a form of tracking data. To this end, it has been long established that tracking information “is a less intrusive means of surveillance than electronic audio or video surveillance”: R. v. Wise, [1992] 1 S.C.R. 527, at para. 48. The somewhat diminished privacy interest engaged by tracking data is reflected in the fact that, even where an individual has standing in relation to that data, the police can obtain a judicial authorization to have it produced on the lower standard of “reasonable grounds to suspect”: Criminal Code, ss. 487.017. As well, also engaging the lesser standard of suspicion, the police can obtain an authorization to install a tracking device on a vehicle and have that vehicle tracked in real time for lengthy periods: Criminal Code, s. 492.2(1).

    [127]   Therefore, there exists both a jurisprudential and legislative recognition that, while tracking data may engage a biographical core of personal information, that data rests a good distance away from the more intimately personal end of the privacy spectrum. As part of the “totality of circumstances”, the trial judge should have considered these factors when calibrating the objective reasonableness of the appellant’s subjective privacy interest.

    [128]   As well, the trial judge should have considered other factors informing the objective analysis. What is absent from his reasoning is how the appellant came to be in possession of the QX60 – which was relevant to an assessment of both the place where the search occurred and the appellant’s control over the subject matter.

    [129]   It was the appellant’s burden to establish on a balance of probabilities that he had a reasonable expectation of privacy in the subject matter of the search. Although he did not have to demonstrate a proprietary interest in the vehicle, he had to establish something beyond a tenuous connection to it…. By holding himself out to the rental agency as Jaspinder Nagra – personating Jaspinder Nagra – the appellant came into fraudulent possession of the QX60, thereby rendering his connection to the vehicle tenuous at best. Not only was the appellant in unlawful possession of the QX60 when it was collecting and storing data on the Infotainment system, but he had no colour of right over the vehicle – no excuse for his possession. In short, he could neither use the car nor exclude others from it. 

    [130]   In fact, and in the most minimalist of terms, he was a trespasser in the QX60 when it was collecting and storing the subject matter of the search: Simpson, at paras. 50-51; R. v. Caza, 2005 BCCA 318, 198 C.C.C. (3d) 273, at paras. 32-33. The fact that the appellant fraudulently accessed the place and his lack of control over the QX60 – without a colour of right – are relevant circumstances informing whether he could objectively expect privacy in the data generated by his use of the QX60.


    [134]   The question is whether Canadians ought to have a reasonable expectation of privacy in GPS data and the contents of a friend’s contact list, all of which has been created and stored in a vehicle they have, in essence, stolen. The answer to this question does not depend on whether the information contains evidence of illegal activity.

    [135]   The answer to this question is: “no”.

    [136]   Although a person may reasonably expect that, barring prior judicial authorization, the tracking data produced by a car that they drive will be protected from state seizure, that expectation is not objectively reasonable here because the appellant had no right to possess or use the car that produced that data. In addition to other considerations, the appellant cannot plausibly assert that his dignity, integrity, or autonomy are at stake when his claim to privacy hinges on the very fraud that he committed to obtain that car in the first place: Chow, at para. 34.

    [137]   I do not doubt that the appellant desired privacy and hoped for it; that is clear from his subterfuge in obtaining the car. The appellant hoped to avoid detection; he hoped that however the car was used, it could not be traced back to him. But that is a far cry from establishing a reasonable expectation that he was entitled to privacy: R. v. Van Duong, 2018 ONCA 115, at para. 7.

    [138]   In all of these circumstances, including the nature of the subject matter, the place where the search occurred and the appellant’s lack of control over the subject matter, I conclude that the appellant did not have a reasonable expectation of privacy in the subject matter of the search.

  • 12 Dec 2022 9:34 AM | CAN-TECH Law (Administrator)

    American Bar Association publishes formal opinion providing caution regarding cc’ing clients on emails

    On 2 November 2022 the American Bar Association’s Standing Committee on Ethics and Professional Responsibility (the “Committee”) issued its Formal Opinion No. 503, which deals with the use of “reply all” in email communications by lawyers. The opinion begins by noting the obligation on counsel not to communicate directly with represented parties without the consent of that party’s counsel (unless legal or ethical obligations require it), usually referred to as the “no contact rule.” It then observes that some disputes have arisen around situations where counsel for a party sends an email to an opposing lawyer and cc’s the client on the email. If the opposing lawyer responds to the email using “reply all,” has that lawyer breached the no contact rule? At the state regulatory level, the view had been expressed that the cc’ing of the client in the email did not necessarily mean that the sending lawyer was waiving the no contact rule, but that such waiver could be implied in some circumstances.

    The Committee felt this situation was unsatisfactory, as it muddies the interpretation of the Rule, making it difficult for receiving counsel to discern the proper course of action or leaving room for disputes. It concluded that: “given the nature of the lawyer-initiated group electronic communication, a sending lawyer impliedly consents to receiving counsel’s “reply all” response that includes the sending lawyer’s client, subject to certain exceptions...” This was justified on a number of grounds. First, a lawyer who brings a client in on a physical meeting or conversation with an opposing lawyer is impliedly waiving the rule and it would be reasonable for the opposing lawyer to think so, and the same logic should apply here. The purpose of the no contact rule is to prevent the opposing lawyer from “overreaching or attempting to pry into confidential lawyer-client communications,” and the obligation is and should be on the sending lawyer to impose clarity on the situation and not undermine this purpose. It is fairer and more efficient to impose the burden on the sending lawyer, and resolving the issue is simpler for the sending lawyer.

    The Committee did note that the presumption of consent was rebuttable, by “an express oral or written remark” indicating lack of consent. Also:

    the presumption applies only to emails or similar group electronic communications, such as text messaging, which the lawyer initiates. It does not apply to other forms of communication, such as a traditional letter printed on paper and mailed. Implied consent relies on the circumstances, including the group nature and other norms of the electronic communications at issue. For paper communications, a different set of norms currently exists.

  • 12 Dec 2022 9:33 AM | CAN-TECH Law (Administrator)

    Amendments made to satisfy requirements CUSMA trade agreement 

    A provision tucked into the Budget Implementation Act, 2022 amends the Copyright Act to give effect to terms of copyright protection, including the general term, from 50 to 70 years after the life of the author to give effect to one of Canada’s obligations under the Canada–United States–Mexico free trade agreement. The general term, contained in s. 6 of the Copyright Act will be replaced with the following:

    Term of copyright

    6 Except as otherwise expressly provided by this Act, the term for which copyright subsists is the life of the author, the remainder of the calendar year in which the author dies, and a period of 70 years following the end of that calendar year.

     Order in Council 2022-2019, published on November 17, 2022 has fixed December 30, 2022 as the date that these amendments go into effect. Notably, by virtue of the transitional provisions contained in s. 280, the change from a 50 to a 70 year term will not revive any copyrights that have expired before the coming-into-force date.

  • 12 Dec 2022 9:32 AM | CAN-TECH Law (Administrator)

    Revelations of the use of facial recognition and spyware by the RCMP results in a long list of recommendations and a call for accountability

    The House of Commons’ Standing Committee on Access to Information, Privacy and Ethics (also known as “ETHI”) has had a busy few months examining how Canadian police have been using or have considered using particularly intrusive technologies and techniques to advance their examined. In two separate studies and reports, the Committee examined the use of facial recognition and artificial intelligence technology (report) and the use of so-called on-device investigative tools (report), principally by the Royal Canadian Mounted Police. 

    The review of the use of facial recognition by the Committee followed media reports and a Privacy Commissioner Investigation into the practices of Clearview AI. The company was actively crawling social media websites and ingesting billions of photos into its databases, analyzing them biometrically and then providing a service mainly to police agencies which it touted could identify a person or a suspect in any image. Initially the RCMP denied that it had used the company’s facial recognition services, but ultimately admitted they had trialed it. The Commissioner concluded that the images would have been harvested in contravention of Canadian law and that the RCMP should only use services where the underlying data had been lawfully compiled. 

    Among its 19 recommendations, the Committee recommended tighter regulation of the use of the technology both in the public and the private sectors, that there be a moratorium imposed on the use of facial recognition by the police until a framework for review has been approved and that there be a much more transparent approach to the use of facial recognition and artificial intelligence in the public sector. Scrutiny by the Committee and the Privacy Commissioner are credited with prompting the RCMP to establish a “National Technology Onboarding Program” to review police use and adoption of new technology and investigative tools. 

    The same Committee carried out a study of the police use of spyware as an investigative tool after documents tabled in Parliament disclosed that the RCMP had been using “on-device investigation tools” (or “ODITs”), akin to spyware, for some years. This coincided with media reporting on an Israeli cybersurveillance company, NSO Group, and their software called “Pegasus”, which has reportedly been widely used journalists, lawyers and politicians. 

    In testimony before the Committee, the RCMP stated that ODITs provide law enforcement agencies with the capability to secretly collect private communications and other data that can no longer be obtained through conventional wiretap activities or other less intrusive investigation techniques. 

    A range of witnesses commented on the fact that the use of ODITs relies on vulnerabilities existing in devices and operating systems that manufacturers are likely not aware of. If they exist on suspects’ devices, they exist on the devices of many others. As a result, they can be exploited by a range of actors, both foreign and domestic. The Privacy Commissioner confirmed that his office had not been consulted at any time regarding the use this invasive technology. 

    The recommendations of this study closely parallel, thematically, the recommendations of the facial recognition study. They focus on increased accountability, increased scrutiny and increased transparency about the use of these tools. The Committee recommended a review of the provisions of Criminal Code related to the interception of private communications and the creation of an independent advisory body composed of relevant stakeholders from the legal community, government, police and national security, civil society, and relevant regulatory bodies to review new technologies used by law enforcement and to establish national standards for their use.


Canadian Technology Law Association

1-189 Queen Street East

Toronto, ON M5A 1S2

Copyright © 2023 The Canadian Technology Law Association, All rights reserved.