Several times each month, we are pleased to republish a recent book review from the Canadian Law Library Review (CLLR). CLLR is the official journal of the Canadian Association of Law Libraries (CALL/ACBD), and its reviews cover both practice-oriented and academic publications related to the law.
Managing Privacy in a Connected World. By Éloïse Gratton & Elisa Hendry. Toronto: LexisNexis Canada, 2020. 488p. Includes bibliographic references and index. ISBN 9780433503651 (softcover) $190.00.
Reviewed by Stef Alexandru
Lawson Lundell LLP
In CLLR 46:2
Managing Privacy in a Connected World expertly ties together privacy and emerging practice areas with technologies that are shaping our environment. In recent years, privacy law has developed and extended into new and exciting areas like artificial intelligence, blockchain, the Internet of Things, and smart and connected devices. Although this book has a wide scope in considering a variety of existing and developing legal issues interrelated with privacy, it masterfully captures the essence of each issue.
Several key texts on privacy that address historical contexts and the current state of the law are already available. These include The Law of Privacy in Canada by Barbara McIsaac, Kris Klein, and Shaun Brown and Information and Privacy Law in Canada by Barbara von Tigerstrom. What Managing Privacy in a Connected World adds to the existing literature is a monograph that combines timely and emerging topics with practitioner insights in one resource. The authors, Éloïse Gratton and Elisa Hendry, are lawyers who practice privacy law and are recognized experts in their field. They serve as co-leaders of the Cybersecurity, Privacy & Data Protection Group of Borden Ladner Gervais LLP. The book contains 13 chapters, all of which provide the current lay of the land in privacy law. It provides citations to existing law and looks ahead at developing areas like privacy class actions and outsourcing. The book partly serves as a practical guide to managing complex privacy issues. For finding tools, the book contains an index, extensively footnoted material, bibliographic references, and detailed tables of contents, all of which will likely serve researchers well.
The first chapter, entitled “Digital Consent,” serves as the anchor of the book. It defines digital consent and provides an overview of the language of privacy and the practical issues associated with developing privacy policies, transparency, and obtaining consent. The second chapter, entitled “Global Risks and the General Data Protection Regulation,” is a primer on the European Union’s General Data Protection Regulation (GDPR),4 which came into effect in May 2018. This chapter discusses the global risks potentially faced by Canadian companies in respect of the GDPR. The third chapter, entitled “Cyber Risks and M&A Transactions,” identifies the types of cyber risks existing in M&A transactions and provides practical strategies for managing those risks.
The fourth chapter, “Privacy Class Actions,” tackles this developing area of Canadian privacy law and identifies various causes of action in civil and common law jurisdictions. The fifth chapter is all about the burgeoning field of artificial intelligence. This chapter defines artificial intelligence and explores the growing connections between artificial intelligence and Canadian privacy laws. The sixth chapter, entitled “Outsourcing,” lays out issues arising from outsourcing the processing and storage of personal information, a common practice for Canadian companies handling consumer data. The seventh chapter provides readers with a practical guide to handling personal information related to business transactions, including relevant legislation in Canadian jurisdictions and advice on compliance.
The eighth chapter is entitled “Online Reputation.” The first half of this chapter provides a detailed discussion of current Canadian laws that protect online reputation while the second half addresses the status and potential of the legal concept of the “right to be forgotten” (RTBF) in Canada. With the GDPR, the European Union serves as a leader in enacting legislation for the “right to be forgotten,” and the authors consider the potential for implementing RTBF legislation in Canada and the challenges that might arise. The ninth chapter focuses on distributed ledger technologies, more commonly known as blockchain technology. Here, the authors outline the history and character of distributed ledger technologies and consider key privacy issues related to them. The tenth chapter deals with targeted advertising and privacy issues surrounding transparency, consent obligations, restrictions on using sensitive information for targeted advertising, and industry best practices.
The eleventh chapter explores the intersection of privacy and competition law and outlines how the Competition Bureau Canada deals with big data issues arising in the areas of mergers and misleading advertisers. The twelfth chapter outlines regulatory and litigation risks associated with the Internet of Things, which is defined as “a network of physical objects or ‘things’ embedded with electronics, software, sensors, and connectivity to enable objects to collect and exchange data” (p. 395). The final chapter examines the regulation of connected and smart technologies in Canada, the United States, the United Kingdom, and the European Union. This chapter considers the regulation of devices and technologies in more detail. It focuses on three different industries, namely automotive, medical devices, and children’s products. These final chapters convey the ubiquity of technology and the opportunities available to new and experienced practitioners to become subject matter experts in these emerging areas.
Technology will continue to have an impact on business processes and the delivery of legal services. An overarching achievement of this book is its curation and assembly of many different privacy-related topics. This book would be a useful addition to academic libraries and law firm libraries at firms with dedicated privacy and technology practice groups. It is also recommended for professionals working in the areas of privacy, regulatory, compliance, marketing, procurement, and risk management. Readers and researchers will greatly benefit from the expertise of authors who are both practitioners in the field and who can provide expert analysis and practical guidance on these emerging topics. With wide-ranging Canadian content, this book is also useful for practitioners operating in multiple Canadian jurisdictions.