Presentation is loading. Please wait.

Presentation is loading. Please wait.

CASL Computer Programs Provisions and Challenges in Specific Vertical Sectors Michael Fekete (Osler) Howard Fohr (BlackBerry Limited) April 30, 2014.

Published byDaniel Coard Modified over 9 years ago

Similar presentations

Presentation on theme: "CASL Computer Programs Provisions and Challenges in Specific Vertical Sectors Michael Fekete (Osler) Howard Fohr (BlackBerry Limited) April 30, 2014."— Presentation transcript:

1 CASL Computer Programs Provisions and Challenges in Specific Vertical Sectors Michael Fekete (Osler) Howard Fohr (BlackBerry Limited) April 30, 2014

2 Key Verticals 2  Software  Mobile/Telecom  Product manufacturing  Online businesses

3 Software Vertical - Identifying regulated activities 3  Pre-installed/embedded software? RIAS: “...the requirements under CASL for the installation of computer programs only apply to the installation of computer programs on another person’s computer system”  User initiated installations (e.g., downloads)? RIAS: “CASL will not apply to installations carried out by persons on their own computing devices.”  Updates and upgrades What if the installation is carried out by the consumer?  Installations by IT help desks  Installations on devices in other countries

4 Identifying Exempt Activities 4  Law enforcement, protection/defence of Canada, international affairs  Public safety

5 Assessing whether the “enhanced disclosure” rules apply 5  Function listed in s.10(5) AND  Knowledge and intent that function will cause the computer system to operate in a manner that is “contrary to the reasonable expectations of the owner or an authorized user of the computer system”  Operational challenges software products update programs

6 Applying the knowledge and intent qualifier 6  Is it reasonable to take into account “reasonableness” overall, including whether: The function is required for the very services the user signed up to receive? The function would improve the services? The function would provide some other utility to the user (outside of the particular software/services at issue)? The function would have some non-invasive business purpose/utility for the vendor?  How much information do consumers reasonably want? Do they want to understand the technical details, or do they want it to “just work”?

7 Deciding whether/when to request consent 7 Reliance on exceptions?  What “conduct” is required to demonstrate it is reasonable to believe consent has been given Reliance on 3 year transition provision (s.67)? Seeking consent to updates and upgrades at the same time as consent for installation/downloading/first use?

8 Developing strategy for obtaining “CASL- compliant” express consent 8 Can consent be obtained through a licence agreement (if 10(4) not triggered)? Can consent be obtained through the use of a pre-checked box (e.g., default settings, with user confirmation)? Can consent be obtained for a “suite” of products? Can consent to updates and upgrades be mandatory? Can identity and contact information be provided through links?

9 Satisfying the Disclosure Rules 9  Minimum disclosures: Describe the “function and purpose”  “clearly and simply”  “in general terms”  Enhanced disclosures:  Describe the “program’s material elements that perform the function or functions, including the nature and purpose of those elements and their reasonably foreseeable impact on the operation of the computer system” “clearly and prominently” “separately and apart from license agreement” “separately from any other information provided” “acknowledgement in writing... that they understand and agree”

10 Proving Consent 10  CRTC Enforcement Bulletin (2012-548) “The Commission considers that the requirement for consent in writing is satisfied by information in electronic form if the information can subsequently be verified.” “Examples of acceptable means of obtaining consent in writing include checking a box on a web page to indicate consent where a record of the date, time, purpose, and manner of that consent is stored in a database; and filling out a consent form at a point of purchase.”

11 Satisfying the withdrawal of consent rule (s.11(5)) 11  When does obligation to provide an electronic address apply? Only if program performs a function regulated by s.10(4)? Exempt if the program is covered by s.10(8)?  How must contact information be provided?

12 “Deemed” express consent (s. 10(8)) 12 A person is considered to expressly consent to the installation of a computer program if: a) the program is: i. a cookie, ii. HTML code, iii. Java Scripts, iv. an operating system, v. any other program that is executable only through the use of another computer program whose installation or use the person has previously expressly consented to, or vi. any other program specified in the regulations; and b) the person’s conduct is such that it is reasonable to believe that they consent to the program’s installation.

13 “Deemed” express consent for network security & updating a network (IC Reg’s, s. 6(a) & (b)) 13  (a) a program that is installed by or on behalf of a telecommunications service provider solely to protect the security of all or part of its network from a current and identifiable threat to the availability, reliability, efficiency or optimal use of its network;  (b) a program that is installed, for the purpose of updating or upgrading the network, by or on behalf of the telecommunications service provider who owns or operates the network on the computer systems that constitute all or part of the network;

14 “Deemed” express consent - Questions for both s. 6(a) & (b) of IC Reg’s 14  Non-definition of a “network”  How to identify the “end node” of the network?  Applicability to not just parts of a network that require a 24/7 ‘live’ connection to a telecommunications service? E.g. What about a program which could be used in some cases without active/online wireless connectivity?

15 “Deemed” express consent - Questions for both s. 6(a) & (b) of IC Reg’s 15  Definition of “telecommunications service provider”  Broad?  Not so broad, due to constitutional limitations? (e.g. applicability of CASL’s computer program provisions to intraprovincial communications?)

16 “Deemed” express consent - Questions for s. 6(a) of IC Reg’s (network security exemption) 16  Is a “threat to the availability, reliability, efficiency or optimal use” just: Malware? Viruses? Software bug? Other?  What is a “current and identifiable” threat? Threats that are not ‘identifiable’ in addition to being ‘current’? What about ‘future’ security threats?  “Solely” – is the exemption available if the program has an additional legitimate purpose in addition to just addressing a ‘security’ threat?

17 “Deemed” express consent (IC Reg’s, s. 6(c) – correcting a failure) 17  (c) a program that is necessary to correct a failure in the operation of the computer system or a program installed on it and is installed solely for that purpose.  “Solely” – is the exemption available if the program provided ‘new’, improved or additional functionality or features, and not “solely” bug fixes?

18 “Deemed” express consent - Questions for each of s. 6(a), (b) & (c) of IC Reg’s 18  How to assess whether the person’s conduct is such that they consent to the program’s installation (s. 10(8)(b))?

19 Additional Compliance Challenges and Solutions – Mobile/Telecom 19 Scenario I:  Initial software updates during “Out Of Box Experience” (OOBE) for a new BlackBerry 10 device

20 Out Of Box Experience (OOBE) on BlackBerry 10 - First substantive step after user chooses UI language is acceptance of BlackBerry Solution License Agreement, which indicates software may automatically check for updates and that BlackBerry may make required updates available

21 OOBE on BlackBerry 10 (cont’d) - The last substantive step before completion of initial setup is a user notice regarding software update as part of the OOBE (most current OS available for relevant carrier/region)

22 22 Scenario II:  3rd Party App Submission Process in BlackBerry World Additional Compliance Challenges and Solutions – Mobile/Telecom

23 Step 1: Developer creates a Vendor account – after acceptance of BlackBerry World vendor terms, etc various fields made available for vendor to complete. - These include for vendor identification and contact info. 3rd Party App Submission Process in BlackBerry World

24 Step 1 (cont’d): fields also made available for vendor’s support email, Privacy Policy url etc. 3rd Party App Submission Process in BlackBerry World (cont’d)

25 Step 2: App submission process: Vendor creates the listing for the app under their Vendor account. 3rd Party App Submission Process in BlackBerry World (cont’d)

26 Step 2 (cont’d): Vendor adds Descriptive text which will be seen by the user when they view the app in BlackBerry World, prior to download. Substantial space available in “Long Description” – vendor free to provide information about the function and purpose of the computer program (or to provide additional disclosures as may be required by s. 10(4) or (5) of CASL if the vendor so chooses (presumably ‘separate and apart from the license agreement’ as it is prior to download).) 3rd Party App Submission Process in BlackBerry World (cont’d)

27 Step 2 (cont’d): Vendor adds App icon and screenshots 3rd Party App Submission Process in BlackBerry World (cont’d)

28 Step 2 (cont’d): Vendor can limit the availability of their app by Carrier and or Country 3rd Party App Submission Process in BlackBerry World (cont’d)

29 Step 3: End user process: Once app accepted for distribution in BlackBerry World, it is made available for users to access in BlackBerry World, either through the user browsing or searching for the desired app 3rd Party App Submission Process in BlackBerry World (cont’d)

30 Step 3: End user process (cont’d): Users goes to the app listing in BlackBerry World, to view the information that the vendor had input about the app 3rd Party App Submission Process in BlackBerry World (cont’d)

31 Users chooses to download the app Step 3 (cont’d): BlackBerry World End user process:

32 Users presented with any required permissions sought by app prior to using the software (Note: outside of BlackBerry World, once the user is in the app the vendor may also provide its EULA or other notice(s) for acceptance etc). Step 4: App permissions notice to end user

33 Additional Compliance Challenges and Solutions – Product Manufacturing 33  Lack of direct interaction with consumers Express consent Exceptions to consent  Obtaining consent for products with no user interface  Global marketplace challenges

34 Additional Compliance Challenges and Solutions – Online Business 34  Cookies  Java scripts  HTML code

Download ppt "CASL Computer Programs Provisions and Challenges in Specific Vertical Sectors Michael Fekete (Osler) Howard Fohr (BlackBerry Limited) April 30, 2014."

Similar presentations

Transparency and Domestic Regulation Mina Mashayekhi Division on International Trade UNCTAD.

Transparency and Domestic Regulation Mina Mashayekhi Division on International Trade UNCTAD.
Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.
The following 10 questions test your knowledge of desired configuration management in Configuration Manager 2007. Configuration Manager Desired Configuration.

The following 10 questions test your knowledge of desired configuration management in Configuration Manager Configuration Manager Desired Configuration.
Five Steps in 5 Minutes Close deals faster, more easily, more often! 1.Start a Quote: Input deal amounts and review the available lease options 2.Create.

Five Steps in 5 Minutes Close deals faster, more easily, more often! 1.Start a Quote: Input deal amounts and review the available lease options 2.Create.
Bill c. 23 - CASL Effects of the Canadian Anti-Spam Legislation (CASL) at Skate Canada.

Bill c CASL Effects of the Canadian Anti-Spam Legislation (CASL) at Skate Canada.
© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.

© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.
IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.

IMPORTANT READ CAREFULLY BEFORE USING THIS PRODUCT LICENSE AGREEMENT AND LIMITED WARRANTY BY INSTALLING OR USING THE SOFTWARE, FILES OR OTHER ELECTRONIC.
CareCentrix Direct Training.

CareCentrix Direct Training.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.

Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.
How to get started RMA Portal ZEBRA TECHNOLOGIES March 19, 2015.

How to get started RMA Portal ZEBRA TECHNOLOGIES March 19, 2015.
New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.

New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.
Canada’s New Anti-Spam Legislation: Compliance Challenges and Risk Mitigation Strategies IT.CAN 18 th Annual Conference October 20, 2014 Craig T. McDougall.

Canada’s New Anti-Spam Legislation: Compliance Challenges and Risk Mitigation Strategies IT.CAN 18 th Annual Conference October 20, 2014 Craig T. McDougall.
Www.hoganlovells.com Hogan Lovells EU Product Safety and Market Surveillance Reforms How will this impact businesses – Lawyers' view BIICL seminar, 2 October.

Hogan Lovells EU Product Safety and Market Surveillance Reforms How will this impact businesses – Lawyers' view BIICL seminar, 2 October.
1 Regulatory Framework for C&I Regimes Presented by Andrew Kwan ITU Consultant Conformity and Interoperability Training for ARB Region on Type Approval.

1 Regulatory Framework for C&I Regimes Presented by Andrew Kwan ITU Consultant Conformity and Interoperability Training for ARB Region on Type Approval.
2/16/2010 The Family Educational Records and Privacy Act.

2/16/2010 The Family Educational Records and Privacy Act.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Similar presentations

Ads by Google