GME3: Slot and Order, Ctrl+X for Parliament & Beauty and the Breach

In this week’s GME3, the BCLC challenges a penalty of over $1 million imposed by FINTRAC over alleged anti-money laundering failures, Canada’s Federal government launches an investigation into how a key privacy provision from the Online Safety Act was accidentally removed, and south of the border, Disney has agreed to a $10 million fine to the U.S. Federal Trade Commission for alleged violations of the Children’s Online Privacy Protection Act. Read the full stories below!

Gambling

Slot and Order

British Columbia Lottery Corporation (BCLC) is challenging a $1.075 million penalty imposed by Canada’s financial intelligence agency, FINTRAC, over alleged anti-money laundering (AML) failures. In a Federal Court appeal filed August 20, BCLC claims it was “ambushed” by FINTRAC, arguing that the 2024 compliance examination was conducted without proper notice and contrary to the agency’s procedures. BCLC contends it was denied a fair opportunity to respond to the allegations before sanctions were imposed.

The fines stem from three alleged violations of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act: failing to report suspicious transactions, lacking adequate policies for high-risk clients, and failing to apply special measures to such clients. The largest penalty – $950,000 – related to reporting obligations, with smaller fines for policy and monitoring deficiencies. FINTRAC’s case focused largely on one high-volume slot player, who frequently used $100 bills. BCLC counters that both its internal monitoring and oversight by its regulator, the B.C. Gaming Policy and Enforcement Branch, found nothing suspicious about the individual’s gambling.

In its appeal, BCLC accuses FINTRAC of misinterpreting the facts and applying a “moral judgment” by equating large-scale gambling with suspicious or criminal activity. The corporation also objects to learning it was under examination only during what it thought was a routine meeting, which turned out to be treated as the review’s exit interview.

BCLC maintains that no criminal wrongdoing was alleged and stresses that high-volume gambling is not inherently suspicious. Its case mirrors a separate appeal by the Canadian National Exhibition Casino, which is disputing a nearly $200,000 fine for AML compliance lapses. Both organizations argue that FINTRAC’s process was flawed and its conclusions unsupported.

Media

Ctrl+X for Parliament

The federal government is investigating what appears to be an accidental deletion of a key privacy safeguard in the Online Streaming Act. The error came to light when University of Ottawa law professor Michael Geist revealed that an amendment in a subsequent official languages bill unintentionally removed the clause only two months after the Act became law in April 2023. The clause, added at the urging of the federal privacy commissioner and championed by Senator Julie Miville-Dechêne, required the Act to be applied in a manner consistent with individuals’ right to privacy.

Instead of replacing a similar provision in the Online Safety Act regarding official language minority communities, the official languages amendment replaced the privacy clause, leaving the Act with two overlapping provisions on linguistic rights but none on privacy. Both Geist and Miville-Dechêne expressed frustration, noting that such a mistake undermines legislative safeguards and must be corrected quickly. Miville-Dechêne, who had introduced the privacy amendment, said she was surprised the error was not caught through multiple levels of review.

The Department of Canadian Heritage acknowledged the oversight, stating it was “looking into” the issue. It emphasized that other federal and provincial privacy laws still apply to the CRTC and broadcasters. However, both Geist and Miville-Dechêne argued that the point of the deleted clause was to reinforce privacy protections within the Broadcasting Act itself, ensuring consistent interpretation with Canadian privacy law, something not achieved by general privacy statutes alone.

Policy experts warned that the error now leaves courts with two near-identical provisions on linguistic communities and no explicit privacy clause, which could complicate interpretation. Monica Auer of the Forum for Research and Policy in Communications stressed that courts must apply legislation as written, even if Parliament’s intent was different.

Entertainment

Beauty and the Breach

Disney has agreed to pay a $10 million civil penalty to the U.S. Federal Trade Commission (FTC) for alleged violations of the Children’s Online Privacy Protection Act (COPPA), a federal law that prohibits collecting data from children under 13 without safeguards. The FTC accused Disney of failing to properly designate hundreds of its YouTube videos as “Made for Kids,” a classification required to prevent targeted advertising on content directed at children.

According to the FTC’s complaint, YouTube flagged about 300 Disney videos in 2020 – including clips from The Incredibles, Coco, Toy Story, Tangled, and Frozen – that were not properly labelled. Despite being notified, Disney allegedly continued to rely on channel-level defaults instead of designating each video individually. This practice allegedly persisted for years and extended to multiple Disney-managed YouTube channels, such as Disney Channel, Disney Junior, Pixar Cars, and Nat Geo Kids. In some cases, the FTC claimed targeted ads were enabled even on content that had been marked as child-directed.

The settlement not only imposes the $10 million penalty but also requires Disney to implement a robust audience-designation and video-review system using age-assurance technology to ensure proper compliance going forward. FTC Chair Andrew Ferguson said the order addresses Disney’s “abuse of parents’ trust” and aims to strengthen online protections for children.

In response, Disney emphasized that the settlement applies only to content distributed on YouTube, not its owned and operated platforms. The company stated that protecting children remains “at the heart of what we do,” highlighting its long-standing commitment to compliance with privacy laws and pledging further investment in tools to safeguard young viewers.