Blog
News
RSA Conference : Finding Balance Between Surveillance & Safety
Éloïse Gratton May 28, 2020
I was recently interviewed by Britta Grade from RSA Conference with Jules Polonetsky from the Future of Privacy Forum on tracing apps and the balance between surveillance and safety. As countries across the globe work through various phases of opening and trying to return to a new COVID-19-tinged normal, contact tracing is a core tenant […] Read more
News
OPC publishes guidance on Privacy and the COVID-19 outbreak
Éloïse Gratton March 20, 2020
The COVID-19 outbreak is raising questions about privacy issues during a pandemic. The OPC has recently published guidance Privacy and the COVID-19 outbreak. It explains how during a public health crisis, privacy laws still apply but that they are not a barrier to necessary information sharing. Since the management of public health crises is a […] Read more
News
New privacy book dealing with the Protection of Personal Information in Québec is out!
Éloïse Gratton March 13, 2020
My new privacy book “The Protection of Personal Information in the Private Sector in Québec : Looking Back and Thinking Forward” published by Editions Yvon Blais and co-authored with Antoine Guilmain is out! It deals with the challenges with the Quebec private sector privacy act – with the preface authored by former privacy commissioner of Canada […] Read more
News
Comments on the OPC Consultation on Artificial Intelligence
Éloïse Gratton February 24, 2020
On January 28, 2020, the Office of the Privacy Commissioner of Canada (OPC) published its Consultation on the OPC’s Proposals for ensuring appropriate regulation of artificial intelligence (Consultation Paper). The Consultation Paper sets out several proposals for how the federal Personal Information Protection and Electronic Documents Act (PIPEDA) could be reformed, in the words of the OPC, “in order […] Read more
News
New book: Managing Privacy in a Connected World
Éloïse Gratton January 10, 2020
Our new privacy book Managing Privacy in a Connected World (co-authored with Elisa Henry) is out! It deals with cutting-edge technologies (AI, blockchain, connected devices, IoT, targeted advertising) and new legal risks (digital consent, cyber, competition, online reputation, GDPR, privacy class actions, etc). This book would have not been possible without the help and expertise […] Read more
News
Privacy Commissioners’ Report of Findings on Aggregate IQ : Challenges with Position on Service Providers’ Obligations
Éloïse Gratton January 9, 2020
On November 24, 2019, the federal Office of the Privacy Commissioner of Canada (OPC) and the Office of the Privacy Commissioner of British Columbia (BC OIPC) released their report of findings (the Report) arising from their joint investigation of Aggregate IQ Data Services Ltd (AIQ). Before the investigation, AIQ processed personal information as a service provider to […] Read more
News
California Consumer Privacy Act — Preparing for Compliance
Éloïse Gratton November 14, 2019
The California Consumer Privacy Act (CCPA) is coming into force in less than two months, on January 1, 2020. The CCPA has an extraterritorial scope, which means that certain Canadian organizations may be covered by the statute. In order to comply with the law, these organizations will need to observe new transparency requirements (such as by adding […] Read more
News
Benchmarking Businesses’ Privacy Framework: Highlights from the 2019 IAPP-EY Annual Privacy Governance Report
Éloïse Gratton October 3, 2019
IAPP and EY published their fifth annual Privacy Governance Report (Report) last week. The authors of the Report surveyed companies across the globe to determine privacy governance trends. The Report aims to understand the structure of businesses’ privacy programs (e.g., budget, staffing, career development), measure privacy compliance efforts (this year, with a focus on compliance with […] Read more
News
Canada’s New CyberSecure Canada Certification Program
Éloïse Gratton August 18, 2019
On August 12, 2019, the Canadian federal government announced CyberSecure Canada, a voluntary certification program to help small and medium enterprises (“SMEs”) achieve a baseline of cybersecurity. SMEs that demonstrate compliance with specified baseline cybersecurity controls, based on an audit by an accredited certification body, will be granted a two-year certification and be entitled to […] Read more
News
Security Incident: The Quebec Superior Court confirms that the mere fact of being a victim of an incident is insufficient to support a claim for damages
Éloïse Gratton July 16, 2019
Security incidents involving consumers’ personal information are increasingly being reported in the media. Consumers are worried about fraud or identity theft and companies that have suffered such incidents are often the subject of class actions, with more than 80 class actions involving privacy breaches currently in progress across the country. The Superior Court of Québec […] Read more