Legal Report August 2016
CANADIAN JUDICIAL DECISION
Corruption. The Supreme Court of Canada ruled that international organizations like the World Bank Group have immunity protections under Canadian law that prevent third-party access to their archives and personnel.
In the 2000s, the Government of Bangladesh planned to construct a six-kilometer long road and railway bridge over the Padma River. The project, called the Padma Multipurpose Bridge, was valued at $2.9 billion.
The World Bank Group, which provides loans, guarantees, credits, and grants for development projects in developing countries, agreed to be a primary lender for the project and intended to lend Bangladesh $1.2 billion to complete it.
In 2010, however, the bank’s Integrity Vice Presidency (INT) received a series of e-mails suggesting that there was corruption in the process for awarding the supervision contract for the project.
The tipsters alleged that SNC-Lavalin employees were negotiating to pay a portion of the contract amount to Bangladeshi officials in exchange for favorable treatment. The INT investigated the allegations, and in 2011 shared some of the information it gathered about the Montreal-based SNC-Lavalin with the Royal Canadian Mounted Police (RCMP).
Using this information—and data collected on its own—the RCMP obtained wiretap authorizations to intercept private communications to obtain evidence of individuals’ participation in corruption.
The RCMP eventually charged four individuals with one count of bribing foreign public officials under the Corruption of Foreign Public Officials Act. Three of the individuals were former employees of SNC-Lavalin: Kevin Wallace, Ramesh Shah, and Mohammad Ismail. The fourth person to be charged, Zulfiquar Bhuiyan, was allegedly a representative of Abul Chawdhury, a Bangladeshi official.
The bank also canceled its funding for the bridge project and debarred SNC-Lavalin from participating in bank-funded projects for 10 years.
The accused individuals then challenged the wiretap authorizations in a lower court. They applied to compel senior bank investigators to appear before a Canadian court and produce the documents the INT shared with the RCMP, which led to the wiretap authorization.
The trial judge granted the application, and the bank appealed the order and sought to have it overturned. The bank argued that the Bretton Woods and Related Agreements Act grants immunity to the archives and personnel of certain organizations of the World Bank Group and that the documents were not relevant. Because of this, the bank argued that the documents the accused wanted were immune from the court order and need not be produced.
The appeal reached the Supreme Court of Canada, which ruled that immunity protections from search, seizure, and compelled production in court under Canadian law extend to all documents stored by the INT.
It also found that the bank’s senior investigators were immune from being compelled to appear in court. “The purpose for according immunity to international organizations and their personnel is to shield these organizations from interference by member states,” the court wrote in its opinion. “Corruption often transcends borders. In order to tackle this global problem, worldwide cooperation is needed. When international financial organizations, such as the appellant World Bank Group, share information gathered from informants across the world with the law enforcement agencies of member states, they help achieve what neither could do on their own.” (World Bank Group v. Wallace, Supreme Court of Canada, No. 36315, 2016)
U.S. LEGISLATION
Aviation. The Senate passed legislation that enhances aviation security and helps speed up the introduction of commercial drone usage. The bill (H.R. 636) reauthorizes the Federal Aviation Administration’s (FAA) programs and powers through October 1, 2017. FAA funding was set to expire on July 15, 2016.
Included in the reauthorization are numerous measures that are designed to enhance aviation security. For instance, one measure increases the number of government “viper teams” from 30 to 60. These teams stop and search suspicious passengers in public places outside the airport security perimeter.
Another measure requires new passenger airliners to create secondary barriers to keep unauthorized individuals from gaining access when a pilot opens the cockpit door. It also requires the FAA to consider—within 180 days of the bill’s enactment—whether to implement additional screening for mental health conditions as part of a comprehensive medical certification process for pilots. The screening would include tests for depression and suicidal thoughts or tendencies, and access to treatment that would address risks associated with these conditions.
Additionally, the bill requires the Transportation Security Administration to use private companies to market and enroll more individuals in its PreCheck program, while also ensuring that PreCheck screening lanes at airports are open during high-volume travel times.
Along with the airport security measures, the reauthorization bill requires the FAA to authorize package deliveries by drones within two years of its passage. To do this, the FAA would create a small drone “air carrier certificate” for delivery drone operators, similar to the safety certificates for commercial airlines.
Rep. Patrick Tiberi (R-OH) introduced the bill, which has 14 bipartisan cosponsors and was previously passed by the House of Representatives. The two branches will now resolve differences in the bill, before sending it President Barack Obama to sign.
Utilities. The Senate passed a bill that gives the federal government greater power to protect the nation’s electric grid from cyberattacks.
The bill (S. 2012) provides $100 million per year through 2025 for the U.S. Department of Energy (DOE) to conduct research and develop digital defense testing programs. Of those funds, $65 million per year would go towards a program that identifies whether energy sector products are vulnerable to known cyberthreats.
Along with the increased revenue, the bill also allows the president to determine when “immediate action” is needed to protect the power grid and direct the department to step in. The secretary of energy would then have the ability to tell electric companies what to do.
OTHER LEGISLATION
European Union
Data protection. The European Parliament passed data protection legislation into law to create one, single rulebook for data protection in the European Union (EU).
The regulation requires data controllers (companies that collect and use personal information) to implement the right to be forgotten, appoint a data protection officer, conduct a privacy impact assessment before processing data, and implement “privacy by design” and “privacy by default” principles when designing new products.
Additionally, the regulation requires that data breaches be reported within 72 hours and gives EU citizens the right to know if their data has been hacked.
Companies that do not comply with the regulation could be fined up to 4 percent of their total global annual turnover, or up to €20 million (about $22,594,000).
The regulation applies to all businesses that handle EU citizens’ data, even if the business is not based in Europe. It goes into effect this summer, but will not be binding in its entirety until 2018. (For more information about the regulation, see “Cybersecurity,” page 30.)
Austin
Background checks. Voters in Austin, Texas, rejected a ballot initiative that would have allowed Uber and Lyft to avoid running fingerprint-based background checks on their drivers.
Proposition 1 would have allowed the two ride-hailing companies to self-regulate their drivers and bypass regulations requiring fingerprint checks as part of background checks—similar to those required for taxi drivers. The measure would also have repealed requirements to identify ride-sharing vehicles with a distinctive emblem.
Fifty-six percent of voters opposed the measure, which led Uber and Lyft to temporarily halt their services in the city. The companies claim fingerprinting requirements are burdensome and unnecessary because they already conduct name-based background checks.
