> 10. The Canada Revenue Agency has taken all reasonable steps to ensure the security of this Web site. We have used sophisticated encryption technology and incorporated other procedures to protect your personal information at all times. However, the Internet is a public network and there is the remote possibility of data security violations. In the event of such occurrences, the Canada Revenue Agency is not responsible for any damages you may experience as a result
I am not a lawyer, but I would be surprised if this holds water, legally speaking. Imagine going to an amusement park and signing a waiver that the park takes no responsibility for your injuries. If you climb aboard a rollercoaster that hasn't seen any maintenance in 20 years and you get decapitated, I'm pretty sure the park is still legally responsible. Getting someone to sign something that says "we did our due diligence" doesn't make it true.
> If you climb aboard a rollercoaster that hasn't seen any maintenance in 20 years and you get decapitated, I'm pretty sure the park is still legally responsible
> "any script, robot, spider, Web crawler, screen scraper, automated query program or other automated device or any manual process to monitor or copy the content contained in any online services"
But the CRA already anticipated this and explicitly disallowed headless clients
Not a Canadian, but this just seems like a chicken running around with its head cut off [1]. A one-legged duck swimming in a circle.
Why does a government want to protect itself from hacking liability via ToS in the first place. Couldn't they, you know, just pass a law saying they're not liable?
Legal structures and especially state or state sponsored entities in Canada work much differently than in the US.
The ICBC has a literal state sponsored monopoly over car insurance, titling a vehicle and driver licensing, whereas in the US no state handles car insurance, while titling a vehicle and driver licensing are not necessarily the same state organizations.
Whereas here in the US I know many people that mix and match between different states DOLs and DORs for a variety of reasons, and your not going to get stuck with the same stubborn employee who can control every facet of your ability to identify yourself and also legally drive a vehicle on the road.
The DUI checkpoints up in BC are wild too, I'm glad they are banned in Washington and Oregon. Suspicionless stopping of cars en masse followed by interrogation by police seems like an overreach.
> Suspicionless stopping of cars en masse followed by interrogation by police seems like an overreach.
I’m pretty sure Canadian DUI checkpoints are limited to interrogations about alcohol/drug intoxication (edit: and a few matters regarding the vehicle itself) unless something else is offered/observed.
Supreme Court basically agreed that they are warrantless and detainments without reasonable suspicion, but considered them acceptable for the purposes of preventing drunk driving so that’s all the carve out it for. See R vs Mellenthin here: https://torontodui.com/knowledge-centre/everything-you-need-...
(Worth noting that Canada’s constitution is basically toilet paper for a lot of things because a judge (or politician!) can override a lot of it)
> The DUI checkpoints up in BC are wild too, I'm glad they are banned in Washington and Oregon. Suspicionless stopping of cars en masse followed by interrogation by police seems like an overreach.
I was just wondering about these (in the US) the other day. When I was growing up, I seem to remember them being a thing and going through them as a passenger but in 20+ years of driving, including on NYE/July 4 and late at night, I've never come across one.
> The ICBC has a literal state sponsored monopoly over car insurance
No, this is only true for the most basic plans (called Autoplan). For anything beyond this, eg third-party liability, collision, comprehensive, etc., you can buy private insurance or go with ICBC for those plans too if you want.
> The DUI checkpoints up in BC are wild too, I'm glad they are banned in Washington and Oregon. Suspicionless stopping of cars en masse followed by interrogation by police seems like an overreach.
There has been a lot of pushback to DUIs. I did a poli-sci BA thesis on it. Essentially its one of the few times they make exception to constitutional rights, and assume guilt without due process.
A fairly deep explanation of what I'm talking about, and why states like WA gave up on it:
"Wild" meaning, the police can still impound your car at their discretion if you blow below not just the legal limit of 0.08, but below the warning limit of 0.05, or even 0!
> Legal structures and especially state or state sponsored entities in Canada work much differently than in the US. The ICBC has a literal state sponsored monopoly over car insurance, titling a vehicle and driver licensing, whereas in the US no state handles car insurance, while titling a vehicle and driver licensing are not necessarily the same state organizations. This state sponsored vertical integration enables abuse of authority
It's impressive to see how omnipresent the government is everyday life in Canada, often via these state sponsored entities with bizarre ties to the government.
Alcohol sales are handled by government-owned stores (because it takes the government's unique expertise to run a liquor store?). Dairy products are subject to production quotas administered by the government, and excess production has to be destroyed (it is illegal to compete and lower your prices!). Car insurance is done through the state run monopoly so you can't shop around for rates. Health is handled by a single player, so you have no say in which providers you are assigned to (if you get one at all, they can deny coverage with year long wait times but you are still on the hook for the tax bill!). The country's largest broadcaster is state owned and operated, with journalists on government payroll reporting on... the government! Say the right thing and you might even land yourself a cushy government job [0]
> Imagine going to an amusement park and signing a waiver that the park takes no responsibility for your injuries. If you climb aboard a rollercoaster that hasn't seen any maintenance in 20 years and you get decapitated, I'm pretty sure the park is still legally responsible
I don't know Canadian law, just for fun this is my understanding of it under US laws which are likely similar although Canada usually has more consumer protections.
You generally can't waive negligence. Those waivers can be useful for things like a trampoline park - someone lands on their ankle wrong and injurs it, the waiver deals with assumption of the risk - landing incorrectly is a reasonable risk due to the nature of the event. However if a net was missing and you hit the concrete floor - that would be under negligence of the premises owner.
My guess (not a lawyer just guessing) is that if they followed all best practices and someone bruteforced an RSA 2048 key which is currently understood to not be (reasonably) possible - that might be covered? However if they left a S3 bucket open without a password, that would be under negligence?
> My guess (not a lawyer just guessing) is that if they followed all best practices and someone bruteforced an RSA 2048 key which is currently understood to not be (reasonably) possible - that might be covered? However if they left a S3 bucket open without a password, that would be under negligence?
Not a lawyer either, but to me, since users have no means to protect themselves against a backend breach, it seems like it would inherently be the fault of the business.
My chosen parallel would be owning a dog. Owning a dog has some inherent risk, because even if you take all precautions, there's always a chance it gets off it's leash or breaks out of the yard and bites someone. "I had a fence" shouldn't free you from liability; the fence was insufficient because someone still got bit. The only way to be free of that small risk is to not own a dog.
I view data the same way. Storing sensitive data comes with an inherent risk that it will be compromised. By asking for and keeping that data, companies assume the risk of that data being breached, and any resulting damage. If that risk is unacceptable, don't ask for or keep the data. Or find some way to make it so the data can't cause damage even if it's stolen (e.g. by using some kind of public tax ID).
On top of this, I don’t see how a contract that you are compelled to agree to in order to do your taxes could be seen as one that you’ve willingly entered.
What happens if you don't agree to the TOS? Pretty sure that means you can't do your taxes, and you'd get in pretty hot water as a result. To me, that implies that the Canadian government is forcing you to agree to this TOS, which further reduces its legal defensibility.
If you pay attention to ToS's, you'll find companies are increasingly trying to pull stunts like this. The CRA's terms are objectionable, yet sadly benign compared to other reprehensible terms I've seen gating the web. Lawyers are copying each other's tactics and propogating dark patterns that I doubt will stand the test of litigation (but will cost some poor sap a lot of money and time to get there). Indemnity clauses are another one (no, I'm not going to reimburse you for damage if my account gets hacked through no fault of my own).
When I encounter clearly dodgy terms like this I often contact the organization and tell them I do not accept the given clause. Sometimes they say 'stop using our service' (rarely enforced) but most often they simply don't respond.
Someone at CRA with authority to fix this might perk up if thousands of Canadians start emailing them about it, report it to MP's, the Privacy Commissioner and other ombudsmen, etc.
Also noteworthy is that compared to leading commercial websites (Amazon, Facebook, etc.), the Canada Revenue Agency website: Responds an order of magnitude slower (like 3000 ms vs. 300 ms), and has maintenance downtime hours (instead of being up 24/7).
> However, the Internet is a public network and there is the remote possibility of data security violations.
They conveniently ignore the fact that HTTPS is pervasive and that you can reasonably carry private conversations on a public network. And why don't they have a disclaimer for the fact that the telephone network is public and the mail network is public?
Revenue Canada's website is slow and often down for maintenance, but at least I find it much easier to find what I'm looking for than on Amazon. It's actually one of the better user experiences I have online, and much easier than tax filing was in the US. But that response time ensures I'll never get addicted to doom-scrolling my tax records, to be sure.
By comparison with the province of BC's web services, anything provided by the federal government looks straight out of science fiction. For example: https://www.corporateonline.gov.bc.ca/ ... have fun!
In first few the years following the 2000/2001 dotcom crash the Swedish Tax Agency realized they had a golden opportunity to move away from expensive and fickle consultants to a competent in-house team of long-term employed developers. They pulled it off really well. The effect is still visible - web services are well designed in a simple and efficient way and generally just work.
I think now (and the next year or two) might be a suitable time to pull a similar move.
You can say the same for any institutional web site. Sure CRA is slower than Google, but so is 99% of the sites in the internet. Is access speed really the top concern when you're interacting with the site? Unless you're an accountant, you're probably logging in all of twice a year, once to file and once to review the final result.
> Sometimes i want to know how much tfsa room i have on sunday evening
Which you wouldn't want to check with the CRA either, because the information is often incomplete and updated annually at best.
The CRA even advises that whatever numbers they give you are essentially fugazi, and you should keep your own records because if you make a mistake they will obliterate you with fines.
One of the mottos of the Canadian government is: if you make a mistake because we gave you the wrong information, it is still your fault and you will give us money.
Fortunately, contracts in Quebec are dependent of the Civil Code. Terms of service match the definition of a contract. I am eager to see if such practices by any level of government will pass the test of tribunals and current jurisprudence.
Excerpts :
1458 Every person has a duty to honour his contractual undertakings.
Where he fails in this duty, he is liable for any bodily, moral or material injury he causes to the other contracting party and is bound to make reparation for the injury; neither he nor the other party may in such a case avoid the rules governing contractual liability by opting for rules that would be more favourable to them.
1474 A person may not exclude or limit his liability for material injury caused to another through an intentional or gross fault; a gross fault is a fault which shows gross recklessness, gross carelessness or gross negligence.
He may not in any way exclude or limit his liability for bodily or moral injury caused to another.
1475 A notice, whether posted or not, stipulating the exclusion or limitation of the obligation to make reparation for injury resulting from the nonperformance of a contractual obligation has effect, with respect to the creditor, only if the party who invokes the notice proves that the other party was aware of its existence at the time the contract was formed.
1476 A person may not by way of a notice exclude or limit his obligation to make reparation with respect to third persons; such a notice may, however, constitute disclosure of a danger
1477 The assumption of risk by the victim, although it may be considered imprudent having regard to the circumstances, does not entail renunciation of his remedy against the author of the injury.
I don't think that the CRA is subject to Quebec law, and believe that the CRA may exercise sovereign immunity, though I'm not sure that it has done so in the past.
That's where 3149 would come in. Maybe even 3150 if you have "ID theft" insurance.
3149. Québec authorities also have jurisdiction to hear an action based on a consumer contract or a contract of employment if the consumer or worker has his domicile or residence in Québec; the waiver of such jurisdiction by the consumer or worker may not be set up against him.
3150. Québec authorities also have jurisdiction to hear an action based on a contract of insurance where the holder, the insured or the beneficiary of the contract is domiciled or resident in Québec, the contract covers an insurable interest situated in Québec or the loss took place in Québec.
I'm fairly confident that we deal with both here. They are totally separate entities and they don't even talk to each other. We get 2x the papers (R1 and T4), and we file separately with each. It's possible to get a refund cheque from one and still owe the the other.
But forget the CRA, ask me about how mine and many other peoples drivers licenses were suspended for weeks because the SAAQ totally fucked a software migration.
This government is so shoddily ran (leaving individual party politics aside) - Canadians aren't holding their government accountable. They're too busy trying to survive inflation and the knock-on effects it continues to cause, while distracting themselves with media that tells them "it's okay" and "it's not that bad"
Other boondoggled IT projects brought to you by the Canadian government include the Phoenix federal government paysystem - which coming up on a decade now, some federal employees _still_ aren't getting paid correctly, and the ArriveCan app - which is their hastily created, bug-filled app for pre-entry customs processing checklists that had accessibility problems for the disabled which have likely still been ignored, among other issues.
Between this and the very dodgy reactions from government officials (or lack thereof) to the recent news of foreign influence in our politics and elections processes from China, I would say this country has had its core emptied out and replaced with a nougat center of tasty corporate corruption and money laundering goodness.
The attitude seems to be "Not enough money to create and maintain a system that respects the privacy of our citizens, but we'll just legalese our responsibility away because we can and we're the government so _there_! We're like a silicon valley company, just try to sue us!"
At least we know that tax companies in the states are lobbying to make it harder to file taxes with the US government - the Canadian government just makes it more difficult by themselves!
I for one would like our government to be as responsible as possible when it comes to handling our data - ideally having as little of it as possible, only the required amounts to interact with me as minimally as possible - instead of having it all available in a portal that can be easily compromised and hacked judging from previous leaks/breaches in the linked article.
you should consider donating to the Canadian constitution foundation (https://www.youtube.com/@theCCF) then or something like them because our constitution actually does have a decent protections for separation of power between provinces and the federal government and getting that back to what is actually in the constitutional documents (as opposed to what has been twisted by decades of bad decisions to favor the federal government) would go a long way in creating the kind of competitive multi-polar environment that keeps America strong vs the uni-polar corrupted junk that Canada has increasingly become.
I would argue that a lot of our constitutional separation of powers between provincial and federal governments is antiquated and causes more harm than good today (this is particularly true in education and healthcare).
I asked my father - a lawyer in Spain - about these kind of terms, and he explained to me that the vast majority of noticeboards that claim no liability are total BS (at least in Spain, and talking about the kind that are on a wall, not signed/agreed ones). I still think it's highly relevant for this case; a contract implies agreement AND benefits for both parties, so if you cannot legally avoid agreeing to this contract it must be invalid.
The specific example was a paid garage that claimed no liability for any break-ins, any issue with the cars, etc etc. but he explained that if you are paying for a private parking, there are some expectations to the law and you cannot notice-board out of those. They are mainly a deterrent for people who are unaware of the law or these things, or made by a hapless manager.
In the US, there are a lot of gravel trucks that say something like
"Stay back 200 feet. Not responsible for broken windshields"
But the truth is: every vehicle on the road is responsible for not dropping stuff on the road. Especially dangerous stuff. Is it difficult in the case of gravel trucks - sure. But that doesn't matter.
CRA is almost a separate entity from other federal departments, so it behaves like a private business than a government department. They aren’t even at the behest of the treasury board.
The CRA is its own department, like any other department. It is structured and operates just like any other government department as opposed to a private business.
They are not at the behest of the Treasury Board because the Treasury Board is a committee, not an administration or agency. The board has no executive authority whatsoever and exists to give advice to Cabinet rather than to perform or execute a duty. However, the individual members of the Treasury Board do have the ability to order the CRA, principally the Minister of National Revenue, who sits on the Treasury Board, is the executive of the CRA.
Perhaps you're thinking of the Bank of Canada, which is an actual corporation and operates in a semi-independent manner from Parliament, although technically Parliament has full oversight and authority over it.
Canadian here. Thank you for sharing your Terms of Service. I don't agree to them. Thus, I wish to opt out of your Tax Revenue Collection Service. M'kay?
You don't need a computer to file your taxes.
Paper kits are provided by CRA and declarations can be submitted on paper by mail. Potential use cases being technology illiteracy, access to reliable internet connections just to name a few .
I'll go out on a limb here ... tell me if you disagree ... that if you file your taxes on paper, all that personal information will be quickly scanned and available in a database. The database of the site in question.
I say this because the My Account service allows a Canadian to check their balance, payments, credits, filing status, etc. It's there for anyone, ready to go, with whatever information the CRA has stocked it with. Your information, even if it started out on paper. It's pretty inconceivable that the CRA could function if the paper filings didn't soon end up in the same database as the e-filings.
Anyways, then at that point, your paper personal data is sitting right there behind the login of that same CRA site we're talking about. For your future convenience. Or leaking. Or hacking. And then we're back to ... "in the event of such occurrences, the Canada Revenue Agency is not responsible for any damages you may experience as a result."
Readit News
I am not a lawyer, but I would be surprised if this holds water, legally speaking. Imagine going to an amusement park and signing a waiver that the park takes no responsibility for your injuries. If you climb aboard a rollercoaster that hasn't seen any maintenance in 20 years and you get decapitated, I'm pretty sure the park is still legally responsible. Getting someone to sign something that says "we did our due diligence" doesn't make it true.
> "any script, robot, spider, Web crawler, screen scraper, automated query program or other automated device or any manual process to monitor or copy the content contained in any online services"
But the CRA already anticipated this and explicitly disallowed headless clients
So, not allowed to use Ctrl+C on their website?
Why does a government want to protect itself from hacking liability via ToS in the first place. Couldn't they, you know, just pass a law saying they're not liable?
[1] https://en.m.wikipedia.org/wiki/Mike_the_Headless_Chicken
The ICBC has a literal state sponsored monopoly over car insurance, titling a vehicle and driver licensing, whereas in the US no state handles car insurance, while titling a vehicle and driver licensing are not necessarily the same state organizations.
This state sponsored vertical integration enables abuse of authority in cases like https://www.reddit.com/r/nottheonion/comments/xa9j3x/church_...
Whereas here in the US I know many people that mix and match between different states DOLs and DORs for a variety of reasons, and your not going to get stuck with the same stubborn employee who can control every facet of your ability to identify yourself and also legally drive a vehicle on the road.
The DUI checkpoints up in BC are wild too, I'm glad they are banned in Washington and Oregon. Suspicionless stopping of cars en masse followed by interrogation by police seems like an overreach.
I’m pretty sure Canadian DUI checkpoints are limited to interrogations about alcohol/drug intoxication (edit: and a few matters regarding the vehicle itself) unless something else is offered/observed.
Supreme Court basically agreed that they are warrantless and detainments without reasonable suspicion, but considered them acceptable for the purposes of preventing drunk driving so that’s all the carve out it for. See R vs Mellenthin here: https://torontodui.com/knowledge-centre/everything-you-need-...
(Worth noting that Canada’s constitution is basically toilet paper for a lot of things because a judge (or politician!) can override a lot of it)
I was just wondering about these (in the US) the other day. When I was growing up, I seem to remember them being a thing and going through them as a passenger but in 20+ years of driving, including on NYE/July 4 and late at night, I've never come across one.
Are there still states doing these?
No, this is only true for the most basic plans (called Autoplan). For anything beyond this, eg third-party liability, collision, comprehensive, etc., you can buy private insurance or go with ICBC for those plans too if you want.
There has been a lot of pushback to DUIs. I did a poli-sci BA thesis on it. Essentially its one of the few times they make exception to constitutional rights, and assume guilt without due process.
A fairly deep explanation of what I'm talking about, and why states like WA gave up on it:
https://www.duicentral.com/dui/the-dui-exception/
> https://www.reddit.com/r/nottheonion/comments/xa9j3x/church_
to get
> Sorry, this post has been removed by the moderators of r/nottheonion.
It's impressive to see how omnipresent the government is everyday life in Canada, often via these state sponsored entities with bizarre ties to the government.
Alcohol sales are handled by government-owned stores (because it takes the government's unique expertise to run a liquor store?). Dairy products are subject to production quotas administered by the government, and excess production has to be destroyed (it is illegal to compete and lower your prices!). Car insurance is done through the state run monopoly so you can't shop around for rates. Health is handled by a single player, so you have no say in which providers you are assigned to (if you get one at all, they can deny coverage with year long wait times but you are still on the hook for the tax bill!). The country's largest broadcaster is state owned and operated, with journalists on government payroll reporting on... the government! Say the right thing and you might even land yourself a cushy government job [0]
[0] https://en.wikipedia.org/wiki/Micha%C3%ABlle_Jean
It is now:
Hey u/misanthrope2327, thanks for contributing to r/nottheonion. Unfortunately, your post was removed as it violates our rules:
Rule 2 - Sorry, but this story isn't oniony.
Not just BC. ON, too.
I don't know Canadian law, just for fun this is my understanding of it under US laws which are likely similar although Canada usually has more consumer protections.
You generally can't waive negligence. Those waivers can be useful for things like a trampoline park - someone lands on their ankle wrong and injurs it, the waiver deals with assumption of the risk - landing incorrectly is a reasonable risk due to the nature of the event. However if a net was missing and you hit the concrete floor - that would be under negligence of the premises owner.
My guess (not a lawyer just guessing) is that if they followed all best practices and someone bruteforced an RSA 2048 key which is currently understood to not be (reasonably) possible - that might be covered? However if they left a S3 bucket open without a password, that would be under negligence?
Not a lawyer either, but to me, since users have no means to protect themselves against a backend breach, it seems like it would inherently be the fault of the business.
My chosen parallel would be owning a dog. Owning a dog has some inherent risk, because even if you take all precautions, there's always a chance it gets off it's leash or breaks out of the yard and bites someone. "I had a fence" shouldn't free you from liability; the fence was insufficient because someone still got bit. The only way to be free of that small risk is to not own a dog.
I view data the same way. Storing sensitive data comes with an inherent risk that it will be compromised. By asking for and keeping that data, companies assume the risk of that data being breached, and any resulting damage. If that risk is unacceptable, don't ask for or keep the data. Or find some way to make it so the data can't cause damage even if it's stolen (e.g. by using some kind of public tax ID).
That being said, My Account is a useful, albeit very flawed online tool.
Src: https://www.canada.ca/en/revenue-agency/services/e-services/...
Dead Comment
Dead Comment
When I encounter clearly dodgy terms like this I often contact the organization and tell them I do not accept the given clause. Sometimes they say 'stop using our service' (rarely enforced) but most often they simply don't respond.
Someone at CRA with authority to fix this might perk up if thousands of Canadians start emailing them about it, report it to MP's, the Privacy Commissioner and other ombudsmen, etc.
For example let’s look at Ireland.
[0] Ireland tries to exclude itself from GDPR https://www.thejournal.ie/data-protection-bill-2018-3853647-...
[1] Entire health system compromised and possibly majority of PHI data exfiltrated https://www.hse.ie/eng/services/publications/conti-cyber-att...
[2] Irish health service only begins notifications to confirmed affected individuals a year later https://www.hse.ie/eng/services/news/media/pressrel/hse-begi...
[3] selective punishment of companies whose data is breached eg google https://techcrunch.com/2022/03/14/dpc-sued-google-rtb-compla... vs meta https://www.dataprotection.ie/en/news-media/data-protection-...
Laws unevenly applied make a mockery of justice.
My understanding is that member states (and perhaps all sovereigns) are not required to comply with GDPR unless they explicitly choose to.
> However, the Internet is a public network and there is the remote possibility of data security violations.
They conveniently ignore the fact that HTTPS is pervasive and that you can reasonably carry private conversations on a public network. And why don't they have a disclaimer for the fact that the telephone network is public and the mail network is public?
By comparison with the province of BC's web services, anything provided by the federal government looks straight out of science fiction. For example: https://www.corporateonline.gov.bc.ca/ ... have fun!
I think now (and the next year or two) might be a suitable time to pull a similar move.
The maintenance hours thing is unconsiable though. Sometimes i want to know how much tfsa room i have on sunday evening.
Which you wouldn't want to check with the CRA either, because the information is often incomplete and updated annually at best.
The CRA even advises that whatever numbers they give you are essentially fugazi, and you should keep your own records because if you make a mistake they will obliterate you with fines.
One of the mottos of the Canadian government is: if you make a mistake because we gave you the wrong information, it is still your fault and you will give us money.
Excerpts : 1458 Every person has a duty to honour his contractual undertakings. Where he fails in this duty, he is liable for any bodily, moral or material injury he causes to the other contracting party and is bound to make reparation for the injury; neither he nor the other party may in such a case avoid the rules governing contractual liability by opting for rules that would be more favourable to them.
https://www.legisquebec.gouv.qc.ca/en/document/cs/CCQ-1991?l...
1474 A person may not exclude or limit his liability for material injury caused to another through an intentional or gross fault; a gross fault is a fault which shows gross recklessness, gross carelessness or gross negligence. He may not in any way exclude or limit his liability for bodily or moral injury caused to another.
1475 A notice, whether posted or not, stipulating the exclusion or limitation of the obligation to make reparation for injury resulting from the nonperformance of a contractual obligation has effect, with respect to the creditor, only if the party who invokes the notice proves that the other party was aware of its existence at the time the contract was formed.
1476 A person may not by way of a notice exclude or limit his obligation to make reparation with respect to third persons; such a notice may, however, constitute disclosure of a danger
1477 The assumption of risk by the victim, although it may be considered imprudent having regard to the circumstances, does not entail renunciation of his remedy against the author of the injury.
https://www.legisquebec.gouv.qc.ca/en/document/cs/CCQ-1991?l...
I don't think that the CRA is subject to Quebec law, and believe that the CRA may exercise sovereign immunity, though I'm not sure that it has done so in the past.
3149. Québec authorities also have jurisdiction to hear an action based on a consumer contract or a contract of employment if the consumer or worker has his domicile or residence in Québec; the waiver of such jurisdiction by the consumer or worker may not be set up against him.
3150. Québec authorities also have jurisdiction to hear an action based on a contract of insurance where the holder, the insured or the beneficiary of the contract is domiciled or resident in Québec, the contract covers an insurable interest situated in Québec or the loss took place in Québec.
https://www.legisquebec.gouv.qc.ca/en/document/cs/CCQ-1991?l...
But forget the CRA, ask me about how mine and many other peoples drivers licenses were suspended for weeks because the SAAQ totally fucked a software migration.
- Provincial: Revenu Quebec
- Federal: CRA
Other boondoggled IT projects brought to you by the Canadian government include the Phoenix federal government paysystem - which coming up on a decade now, some federal employees _still_ aren't getting paid correctly, and the ArriveCan app - which is their hastily created, bug-filled app for pre-entry customs processing checklists that had accessibility problems for the disabled which have likely still been ignored, among other issues.
Between this and the very dodgy reactions from government officials (or lack thereof) to the recent news of foreign influence in our politics and elections processes from China, I would say this country has had its core emptied out and replaced with a nougat center of tasty corporate corruption and money laundering goodness.
The attitude seems to be "Not enough money to create and maintain a system that respects the privacy of our citizens, but we'll just legalese our responsibility away because we can and we're the government so _there_! We're like a silicon valley company, just try to sue us!"
At least we know that tax companies in the states are lobbying to make it harder to file taxes with the US government - the Canadian government just makes it more difficult by themselves!
I for one would like our government to be as responsible as possible when it comes to handling our data - ideally having as little of it as possible, only the required amounts to interact with me as minimally as possible - instead of having it all available in a portal that can be easily compromised and hacked judging from previous leaks/breaches in the linked article.
The specific example was a paid garage that claimed no liability for any break-ins, any issue with the cars, etc etc. but he explained that if you are paying for a private parking, there are some expectations to the law and you cannot notice-board out of those. They are mainly a deterrent for people who are unaware of the law or these things, or made by a hapless manager.
In the US, there are a lot of gravel trucks that say something like
"Stay back 200 feet. Not responsible for broken windshields"
But the truth is: every vehicle on the road is responsible for not dropping stuff on the road. Especially dangerous stuff. Is it difficult in the case of gravel trucks - sure. But that doesn't matter.
The effectivly FORCE you to use this site as they try to cut costs and reduce "call in" support.
Then, they create a ToS which absolves them of all responsibility if they are hacked?
I would be willing to bet that if any Canadian business tried this the government would crack down and state it not permitted.
The government has a tendency of "do as i say not as i do".
Any Canadian can tell you that for the most part government IT is utter garbage.
<cough>arrive-can</cough><cough>Phoenix</cough>
....
Well that’s the value proposition of government, right? A monopoly on violence in exchange for a set of rules leading to a stable society.
They are not at the behest of the Treasury Board because the Treasury Board is a committee, not an administration or agency. The board has no executive authority whatsoever and exists to give advice to Cabinet rather than to perform or execute a duty. However, the individual members of the Treasury Board do have the ability to order the CRA, principally the Minister of National Revenue, who sits on the Treasury Board, is the executive of the CRA.
Perhaps you're thinking of the Bank of Canada, which is an actual corporation and operates in a semi-independent manner from Parliament, although technically Parliament has full oversight and authority over it.
https://www.canada.ca/fr/agence-revenu/services/formulaires-...
I say this because the My Account service allows a Canadian to check their balance, payments, credits, filing status, etc. It's there for anyone, ready to go, with whatever information the CRA has stocked it with. Your information, even if it started out on paper. It's pretty inconceivable that the CRA could function if the paper filings didn't soon end up in the same database as the e-filings.
Anyways, then at that point, your paper personal data is sitting right there behind the login of that same CRA site we're talking about. For your future convenience. Or leaking. Or hacking. And then we're back to ... "in the event of such occurrences, the Canada Revenue Agency is not responsible for any damages you may experience as a result."