In the wake of the financial crisis and fragile recovery that consumed 2009, companies increasingly strove to reduce costs by leveraging technology, including cloud computing and social media, to conduct and grow their businesses.

On the regulatory front, the Canadian government tabled legislation to facilitate electronic surveillance by law enforcement agencies and tackle the ever-present and growing problems of unsolicited commercial telecommunications (including SPAM) and identity theft. However, when Parliament was prorogued, all of these bills died. It remains to be seen whether they will be reintroduced once the next Parliamentary session begins in March 2010.

What follows is a review of some hot button issues of 2009 and a glimpse of what to expect in the coming year.

Looking Back at 2009

Social Networking Comes of Age

The past year saw increased focus on the privacy practices of Facebook as well as growing awareness of the commercial potential of both Facebook and Twitter. A 14-month investigation by the Privacy Commissioner of Canada resulted in a report requiring Facebook to address several violations of the federal Personal Information Protection and Electronic Documents Act (PIPEDA). 1 Facebook ultimately agreed to both minor changes to the wording of its Privacy Policy as well as some major changes affecting both its business model and the functionality of its website. However, Facebook continued to make changes to its Privacy Policy, in particular to the default privacy settings of its users. On December 21, 2009, a coalition of privacy advocates filed a complaint with the United States Federal Trade Commission, claiming that Facebook’s privacy policies are unfair and deceptive. 2 Last month, in response to a complaint filed by an individual, Canada’s Privacy Commissioner launched another investigation into Facebook’s privacy practices. 3

In February of 2009, Facebook was approved as a means to serve a defendant a notice of action in Alberta (as was already the case in Australia and New Zealand). 4

“Real-time” reporting on corporate news and events using microblogs such as Twitter came under scrutiny in 2009.5 Absent clear corporate policies governing the use of such communications tools it is possible that material information could be disclosed before that information is disclosed to the market (contrary to securities laws). As corporations increasingly utilize communications tools such as Twitter (or permit them to be used in connection with the dissemination of corporate information), appropriate use policies will be required to ensure ongoing regulatory compliance and to avoid civil and regulatory liability.

Anti-SPAM and Identity Theft Legislation

Canada joined the other members of the G8 by introducing the Electronic Commerce Protection Act (ECPA).6 The ECPA, which died when Parliament was prorogued, provided new requirements for commercial e-mails, including unsubscribe mechanisms and sender disclosure, and defined relationships that must be met in order to send unsolicited commercial messages. The installation of spyware, malware and phishing were also addressed by the ECPA, which introduced potentially severe penalties for non-compliance. 7 It is likely the ECPA will be tabled soon after Parliament resumes in March. If tabled and passed without amendment, it will have a significant impact on marketing practices, customer relationship management and systems configurations with the attendant compliance costs.

On October 22, 2009, An Act to amend the Criminal Code (identity theft and related misconduct) 8 received Royal Assent. This legislation provides new identity theft-related prohibitions on, among other things, the trafficking in identity information (as well as related forging devices), fraudulently personating another person for gain or other improper purposes, and obtaining another person’s identity information with the intent to use it to commit an indictable offence.

New Electronic Surveillance and Investigatory Powers

In June 2009, the federal government introduced two pieces of legislation 9 requiring, among other things, that all telecommunications under the control of telecommunications providers (notably including Internet service providers (ISPs) and wireless providers) eventually acquire surveillance capabilities. The legislation further required those providers to submit certain subscriber data to government agencies on demand and without judicial authorization. Both bills died when Parliament prorogued and it is unclear whether they will be reintroduced upon the return of Parliament in March.

Long-Awaited Amendments to Bankruptcy Legislation Come Into Force

On September 18, 2009, after years of delay dating back to 2005, wide-ranging amendments to Canada’s Companies’ Creditors Arrangement Act 10 (CCAA) and Bankruptcy and Insolvency Act 11 (BIA) (the “Amendments”) came into force, providing, among other things, new protections to licensees of intellectual property. 12 Prior to the Amendments, intellectual property licensees were at serious risk of having their rights to use licensed intellectual property extinguished in a restructuring proceeding. The Amendments attempt to mitigate this risk, recognizing that intellectual property licenses create unique concerns relative to other types of licences and can be of particular significance to a licensee’s business.

CRTC Permits Traffic Shaping

In October 2009, the Canadian Radio-television and Telecommunications Commission (CRTC) issued its decision introducing a framework for Internet traffic management practices of ISPs. 13 Recognizing the need for ISPs to manage their traffic to realize greater efficiency of their bandwidth, the CRTC encouraged ISPs to use economic incentives to manage traffic, rather than restricting specific types of Internet traffic (e.g. certain protocols used for peer-to-peer file sharing).

Anonymizing Personal Information

As the use of online technologies by individuals continues to grow, so too does the quantity of personal information available for collection, use and disclosure. In one case, a class action complaint was filed in the U.S. against Netflix, an online movie rental company, led by a woman who alleged the company had not sufficiently anonymized her rental history when it launched a contest in an effort to improve its automatic film recommendation system based on customers’ past choices. 14 The proceedings magnify the need for companies to implement appropriate strategies to ensure that anonymized data cannot be linked with other available data to identify individuals.

Looking Forward to 2010: “Hot Topics” to watch out for

  • Applications for the new “open” generic Top Level Domains (gTLDs), which will permit the registration of not only “” but also “x.sample,” may be accepted as soon as the first quarter of 2010. Among other parties, trademark holders in particular should monitor applications in order to protect their rights.  
  • The effects of the recent launch of internationalized domain names (IDNs) (e.g. non-ASCII based scripts such as Arabic or Chinese).  
  • How sponsors of American based blogs will react to the rules introduced in October 2009 by the U.S. Federal Trade Commission requiring disclosure by bloggers of any payments received from sponsors that are the subject of the bloggers posts. Foreign companies advertising on American based blogs may want to re-examine their marketing agreements.  
  • The potential legal fallout from cloud computing and its new implementations (e.g. Amazon’s new auction-style approach to renting its unused processing capacity). 15 Microsoft is seeking American and European Union law reforms to address, in the case of the U.S., the greater vulnerability of data posed by reliance on the cloud and, in the E.U., the inconsistencies of data protection laws among E.U. member states and international trading partners.  
  • Compliance with patchwork privacy laws will continue to challenge multinational corporations.16  
  • Whether Canadian copyright law reforms will be reintroduced in March 2010 and the extent, if any, such reforms differ from those introduced in the defunct Bill C-61. Bill C-61 proposed several reforms, including specific prohibitions on the circumvention of Digital Rights Management (DRM), statutory damages for illegal music downloads and “making available” copyrighted content without permission.  
  • Mobile payment technology and services are seen to be critical to the continued evolution of mobile computing. Several developments that are expected in 2010 to have impact to the mobile payment space may include: the federal government’s proposed code of conduct for the payments industry and ongoing technological developments in the areas of contactless payment systems and mobile money technology platforms.