2022 has been bittersweet for many reasons. Corporate workforces trudged back into office buildings after hunkering down at home for more than two years. The COVID-19 pandemic does not feel like a permanent tenant in our lives anymore, despite lurking in the corner. The world is seeing vestiges of the “old normal,” even as the “new normal” intermittently rears its head.

Stock markets tumbled as inflation soared. The Ukraine war rubbed salt on recovering economies’ wounds. The technology industry, including Big Tech both north and south of the U.S.-Canada border, saw unprecedented massive layoffs. CEOs penned melancholic send-offs on social media to and for affected employees (a particularly lachrymose one posted a crying selfie, leaving netizens wondering the difference between affliction and affectation). In the high-stakes game of acquisitions in Big Tech as well, not everyone saved the drama for the llama.

In a year-end anti-climax, the world’s fifth-largest cryptocurrency exchange, FTX, folded up like a Greek tragedy, grimly reminiscent of QuadrigaCX and Mt. Gox. Close on its heels, crypto platform BlockFi filed for bankruptcy in New Jersey, citing exposure to FTX as the chief reason for their collapse. But not all was calamitous in the crypto world, as we shall see later in this article. On September 15, Ethereum successfully transitioned from the mining-based proof-of-work to the more energy-efficient proof-of-stake consensus algorithm.

Was the metaverse the most reiterative word of the year in the inexorable march to Web3? Virtual offices, anyone?

As an eventful year draws to a close, we take stock of some of the key technology law developments from Parliament, the courts, and regulatory bodies in Canada.

Key Legislation

Digital Charter Implementation Act, 2022

Arguably Canada’s most significant and sweeping piece of legislation this year, Bill C-27, the Digital Charter Implementation Act, 2022, tabled by the federal government on June 16, introduces three new acts, namely:

  1. the Consumer Privacy Protection Act to replace Part 1 of the Personal Information Protection and Electronic Documents Act to govern protection of personal information in the private sector, while accounting for the need of organizations to collect, use and disclose such information in the course of their business;
  2. the Personal Information and Data Protection Tribunal Act to establish an administrative tribunal to hear appeals of certain decisions made by the Privacy Commissioner of Canada under the Consumer Privacy Protection Act; and
  3. the Artificial Intelligence and Data Act to regulate international and interprovincial trade and commerce in artificial intelligence systems.

Bill C-27 is a rebirth of Bill C-11, introduced in November 2020, which died on the order paper upon the announcement of the 2021 federal election. Bill C-27 is now at the second stage of reading.

Online Streaming Act

This year’s Bill C-11, the Online Streaming Act, was introduced on February 2. Bill C-11 will amend Canada’s Broadcasting Act by adding a distinct class of broadcasting undertakings called “online undertakings” for the transmission of content over the internet. Online undertakings include music streaming services like Spotify and Apple Music, video streaming services like Netflix and Disney+, and social media platforms like YouTube and Instagram. The Canadian Radio-television and Telecommunications Commission (“CRTC”) will have broad regulatory powers over online undertakings, including the showcasing and discoverability of Canadian programs for Canadians and devoting programs to specific genres to ensure programming diversity.

Bill C-11 has been contentious on two main issues: first, the potential for regulating user-generated content, and second, privacy concerns with respect to the discoverability provision. The discoverability provision empowers the CRTC to make rules on presentation of programs and programming services for selection by the Canadian public. In his appearance before the Standing Senate Committee on Transport and Communications, the Privacy Commissioner of Canada, Philippe Dufresne noted that while Bill C-11 specifies that the CRTC cannot require the use of a specific computer algorithm or source code, “discoverability conditions could nonetheless potentially require the adaptation of existing algorithms that rely on personal information or the analysis of personal information to determine whether user-generated content is Canadian.” [Also see earlier blog post by Aird & Berlis examining Bill C-11 in detail.]

The last major amendment to the Broadcasting Act was in 1991. Bill C-11 is now in consideration by the Senate committee after the second reading in the Senate.

Online News Act

Modelled after Australia’s News Media and Digital Platforms Mandatory Bargaining Code, Bill C-18, the Online News Act, introduced on April 5, establishes a bargaining framework for news organizations to secure fair compensation when their news content is made available by digital news intermediaries such as Meta and Google. It will apply to the intermediaries only if there is a “significant bargaining power imbalance” between the two sides. The criteria to determine such imbalance are the size of the intermediary, possibility for the intermediary’s strategic advantage over news businesses, and whether the intermediary occupies a prominent market position.

Bill C-18 also provides the CRTC with new roles and powers, including drafting of regulations and a code of conduct to guide negotiations.

Both Meta and Google have opposed Bill C-18 before the Standing Committee on Canadian Heritage. The former contended that it would stifle innovation and force the company to pay for content that publishers voluntarily place on Facebook. The latter argued it would trump trusted information sources in favour of lower quality content.

Critical Cyber Systems Protection Act

On June 14, the federal government tabled Bill C-26, An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts. Part 2 will introduce the Critical Cyber Systems Protection Act, which establishes a regulatory framework to “strengthen baseline cyber security for services and systems that are vital to national security and public safety.” It also gives the federal government a new tool “to respond to emerging cyber threats.” It additionally introduces a regulatory regime requiring designated operators in the finance, telecommunications, energy and transportation sectors to protect their critical cyber systems.

Part 1 will amend the Telecommunications Act to promote the security of the Canadian telecommunications system and to authorize the Governor in Council and the Minister of Industry to do anything or refrain from doing anything necessary to secure the Canadian telecommunications system.

Bill C-26 will apply to designated operators of federally regulated services and systems in four sectors: finance, energy, telecommunications and transport.

Budget Implementation Act, 2022, No. 1

Bill C-19, Budget Implementation Act, 2022, No. 1 received royal assent on June 23. It makes amendments to Canada’s Copyright Act, the most significant being the extension in the term of copyright protection in literary, dramatic, musical and artistic works from 50 years to 70 years after the end of the year of the author’s death. Bill C-19 keeps Canada’s commitment under the Canada-United States-Mexico Agreement and brings the nation in line with the United States and the European Union. Back in June 2015, copyright protection for published sound recordings, performers’ performances, and certain audiovisual works, were extended from 50 to 70 years after death.

The Bill C-19 amendments come into force on December 30, 2022, and will not have retrospective effect. This means that copyrighted works that are due for expiry this year will be protected for another two decades, but not those that have already entered public domain prior to December 30, 2022. [Also see earlier blog post by Aird & Berlis examining Bill C-19 in detail.]

Record companies, music publishers, performance rights organizations, as well as digital and technological innovators, in particular, would do well to take note of this development.

Key Court Decisions

Owsianik v. Equifax Canada Co., 2022 ONCA 813

Hot off the press: the Court of Appeal for Ontario, on November 25, held that the tort of “intrusion upon seclusion” cannot be a cause of action against defendants whose negligence in storing information led to a privacy breach. There was nothing in the facts to show that the defendants acted in consort with or were vicariously liable for the conduct of independent hackers who accessed such information.

The Court reiterated the elements of the tort of intrusion upon seclusion as recognized by this Court in Jones v. Tsige, 2012 ONCA 32 (“Jones”), namely:

  1. defendant must have invaded or intruded upon the plaintiff’s private affairs or concerns, without lawful excuse (the “conduct requirement”);
  2. the conduct which constitutes the intrusion or invasion must have been done intentionally or recklessly (the “state of mind requirement”); and
  3. a reasonable person would regard the invasion of privacy as highly offensive, causing distress, humiliation or anguish (the “consequence requirement”).

In Jones, the defendant repeatedly accessed the private banking records of the plaintiff without lawful justification. However, in the current case, the defendants’ storage, access and use of data for commercial purposes is not the conduct that interfered with the plaintiff’s privacy.

The Court heard and dismissed three grouped appeals arising from three separate class actions (the other two being Obodo v. Trans Union of Canada, Inc., 2022 ONCA 814 and Winder v. Marriott International, Inc., 2022 ONCA 815).

Rogers Media Inc. v. John Doe 1, 2022 FC 775

In what was a first of its kind in Canada and the United States, the Federal Court of Canada, on May 27, issued a “dynamic” site-blocking order requiring Internet Services Providers (“ISPs”) to block unlawful streaming of live broadcasts of National Hockey League (“NHL”) games in Canada whose copyrights are owned by the plaintiffs. The plaintiffs relied on a recent precedent of Bell Media Inc. v. GoldTV.Biz, 2019 FC 1432 (“GoldTV case”) in which the same Court issued a “static” blocking order against a business that provided access to programming content over the internet. The GoldTV case order listed a specific number of sites to be blocked. Only the Court could order addition of new sites.

In the current case, the plaintiffs sought a “dynamic” order that follows and blocks the unlawful streaming as it occurs, since most fans watch hockey games live, rather than the recordings. The Court sought guidance from jurisprudence in the United Kingdom where an order of this kind was issued, including the principles endorsed by the England and Wales Court of Appeal in Cartier International AG v. British Sky Broadcasting Ltd., [2016] EWCA Civ 658, namely effectiveness, dissuasiveness, complexity and cost, barriers to legitimate trade, fairness, substitution and safeguards.

The “dynamic” order required the plaintiffs to indemnify the ISPs to a capped amount for the costs incurred in complying with the order, and to retain an independent expert to verify that Internet Protocol addresses identified for blocking fit within the criteria of the order.

SOCAN v. Entertainment Software Association, 2022 SCC 30

The Supreme Court of Canada, on July 15, ruled that Parliament did not intend to create a new compensable “making available” right under Section 2.4 (1.1) of the Copyright Act. The ruling dismissed an appeal from a decision by the Federal Court of Canada that overturned the decision by the Copyright Board of Canada requiring users to pay additional royalties to collective societies to access works online.

Section 2.4 (1.1) to the Copyright Act, added in 2012 to implement the rights and protections of the World Intellectual Property Organization Copyright Treaty, clarifies that “communication of a work or other subject-matter to the public by telecommunication includes making it available to the public by telecommunication in a way that allows a member of the public to have access to it from a place and at a time individually chosen by that member of the public.” The Copyright Board’s decision deemed the act of making works available to be a separately protected and compensable activity that required paying two royalties when a work is distributed online: one, when it is made available online, and two, when the work is actually streamed or downloaded. The Supreme Court ruled that this undermines the text, structure, purpose and context of the Copyright Act by violating the principle of technological neutrality, and that actual streaming was part of the performance right. [Also see earlier blog post by Aird & Berlis examining this decision in detail.]

Li et al. v. Barber et al., 2022 ONSC 1176 

In this proposed class proceeding, the plaintiffs were citizens of Ottawa who live, carry on business or work in the downtown core in the city. They were seeking compensation based on torts of private and public nuisance for damages inflicted by the participants, supporters and organizers of the “Freedom Convoy” that occupied downtown Ottawa for weeks. On February 17, a motion for an ex parte Mareva Injunction – a motion brought without warning to freeze the assets of the defendants so that those assets do not disappear – was brought before the Court.

The question before the Court was whether the Mareva Injunction should be granted in the context of this litigation. In this regard, the Court found that the funds the plaintiffs sought to enjoin, whether they were in the form of currency or cryptocurrency, were legally in the possession, power and control of the defendants. The Court noted that such funds were purposely not in the control of a fundraising platform such as GoFundMe since the defendants mistakenly believed that cryptocurrencies like bitcoin are untraceable and cannot be seized.

Justice C. MacLeod held: “Digital funds are not immune from execution and seizure to satisfy a debt any more than a bank account provided the individual or institution which can access the funds are within the reach of a court order. Digital wallets may be self controlled, but more commonly are part of a service provided by a provider and accessed through an application or software in a similar manner to online banking. Cryptocurrency exchanges are used to convert bitcoin or other currencies to fiat currency. Many of these digital institutions are within the jurisdiction of the court or are located in jurisdictions where Ontario judgments and orders may be enforced. The defendants of course are themselves subject to the jurisdiction of the court because they are present in Ontario and they may be enjoined from cashing or transferring assets including cryptocurrency.”

Sweet v. Canada, 2022 FC 1228

The Federal Court of Canada, on August 25, certified a class action proceeding instituted by a plaintiff alleging a data breach in which hackers gained access to the personal, financial and other information of thousands of Canadians through federal government websites from June to August 20. The plaintiff cited operational failures by the federal government to properly secure the portals as the reason for the online government accounts being vulnerable. Hackers committed identity theft, submitted fraudulent claims under the Canada Emergency Response Benefit, and accessed sensitive and personal information, including social insurance numbers. The plaintiff advanced causes of action against the federal government based on the torts of systemic negligence, breach of confidence, and intrusion upon seclusion, as well as invoking the vicarious liability provisions of the Crown Liability and Proceedings Act. He pled that he and other class members incurred costs in preventing identity theft and suffered from damage to credit reputation and mental distress.

The federal government argued that the plaintiff’s pleadings did not disclose a reasonable cause of action in systemic negligence, had no facts to support proximity necessary to establish a prima facie duty of care, and that the claim seeks to impose a duty of care in circumstances that would result in indeterminate liability on an indeterminate class. However, the Court ruled that there was a viable cause of action in systemic negligence, and that there was a relationship of proximity by virtue of individuals availing access to data offered online by government entities. The Court also found viable causes of action in breach of confidence and intrusion upon seclusion. The case is yet to proceed to a negotiated settlement or a hearing on its merits.

Key Regulatory Developments

Cryptocurrency

  1. On October 12, Coinsquare Capital Markets Ltd. became the first crypto-asset trading platform (“CTP”) and marketplace to be fully registered as an investment dealer with the Investment Industry Regulatory Organization of Canada (“IIROC”), offering trading in crypto contracts to retail investors. This was in response to Staff Notice 21-329 Guidance for Crypto-Asset Trading Platforms: Compliance with Regulatory Requirements, jointly published by the Canadian Securities Administrators and IIROC in March 2021 to provide guidance on how securities laws apply to CTPs that facilitate or propose to facilitate the trading of crypto assets that are securities or instruments or contracts involving crypto assets.
  2. On November 16, the Office of the Superintendent of Financial Institutions, the Financial Consumer Agency of Canada, and the Canada Deposit Insurance Corporation issued a statement to all federally regulated entities that carry out crypto-related services or engage in crypto-asset activities. The statement reinforces the expectation that such entities adhere to all applicable current regulatory requirements and guidance when carrying out their activities. It states, “regulated entities must also ensure any crypto-asset activities comply with existing federal financial laws including the Bank Act, Insurance Companies Act, Trust and Loan Companies Act, and Proceeds of Crime (Money Laundering) and Terrorist Financing Act, as well as any regulations or guidance issued by federal and provincial regulatory agencies.”

Open Banking

The final report of August 2021 of the Advisory Committee on Open Banking – created by the federal government in 2018 to lead a review of the merits of open banking in Canada – made recommendations for vision, scope, governance, common rules, accreditation, and technical specifications and standards in the implementation of an open banking plan. Over the course of this year, four industry working groups – comprising members from banks, financial institutions, and other industry stakeholders – met to discuss four focus points, namely accreditation, liability, privacy and security. The term of the working groups, tasked with a focus point each, is expected to end by September 29, 2023.

Open banking, pioneered in Europe, refers to the practice of securely and safely sharing financial data among banks and accredited third-party service providers. The practice is expected to give consumers and small and medium enterprises more control and portability options with respect to their data while using financial services.

Digital Identity

The Treasury Board of Canada Secretariat announced Canada’s Digital Ambition in August to provide for a “clear, long-term strategic vision for the Government of Canada to advance digital service delivery, cyber security, talent recruitment, and privacy.” A key component of the Digital Ambition is digital identity. The federal government proposes to make government services more accessible and flexible in the digital age by way of a federal Digital Identity Program, integrated with pre-existing provincial platforms. In this regard, the government plans to launch public consultations on a federally managed digital identity framework and develop a common and secure framework to digital identity.