Archive for the 'Social Media Law' Category

Tech Companies Take Note: Google Hit with $76 Million GDPR Fine

.

By Richard Stobbe

The National Data Protection Commission (CNIL), France’s data protection authority, came down on Google with a €50 million penalty for breach of the EU’s General Data Protection Regulation (“GDPR”).

CNIL was responding to complaints from two privacy advocacy groups who called out Google for lacking a valid legal basis to process the personal data of EU users of Google services, particularly for ads personalization purposes. Although Google’s European headquarters are situated in Ireland, that country did not take the role of “lead authority” for DPA purposes, since processing of EU users’ data occurred through Google’s U.S. operations, rather than through its Irish division. This left the field open for France to take over the file and render a decision on the complaint.

The GDPR establishes a “one-stop-shop” which is designed for greater certainty for those organizations doing business in the EU. A business should only have to deal with the Data Protection Authority (“DPA”) of the country where its “main establishment” is located.

A DPA is, under the GDPR regime, an independent public authority tasked with supervising enforcement of data protection laws, with investigative powers and corrective authority. There is one DPA in each EU member state.

Google, according to CNIL, failed on two main counts based on the GDPR principles of transparency, information and consent:

  • First, Google’s explanation of data processing purposes is not clear nor comprehensive. “Users are not able to fully understand the extent of the processing operations carried out by GOOGLE,” says CNIL, and Google’s processing operations are “massive and intrusive” due to the sheer scope of the company’s services and the high volume of data which is collected and processed by Google.
  • Second, consent was not validly obtained, because the specific uses are not made clear to the user. This is the case even though the user of Google’s services can modify some options and configure some features of personalized ads. Just because some user configuration is allowed, that does not mean Google is in compliance with GDPR requirements.
  • CNIL was not impressed with the configuration options for ads personalization. To the extent configuration is made available to Google’s users, the choices are “pre-ticked”. The GDPR requires “unambiguous” consent, requiring a specific affirmative action from the user (for example, by clicking a non-pre-ticked box ). At the point of account creation, when a user clicks “I agree to the processing of my information as described above and further explained in the Privacy Policy“, the user gives consent in full, for all processing operations. However the CNIL notes that “the GDPR provides that the consent is ‘specific’ only if it is given distinctly for each purpose.”

This is the first penalty issued by France’s DPA.

Should Canadian companies be concerned? Any company that is engaged in processing of EU resident data will be subject to the GDPR, not just those who have a permanent establishment in the EU.

 

Calgary – 07:00 MST

No comments

#Illegal #Infringement : Defamation & Social Media

.

By Richard Stobbe

Can a hashtag constitute defamation?

In an Ontario case involving a music collaboration gone wrong, the answer apparently is yes. The dispute involved Mr. Johnson, who was allegedly a songwriter and music producer. Ms. Rakhmanova was also a song writer and signer. The two musicians collaborated on several tracks which were later the subject of a bitter dispute.

According to the judgement, Mr. Johnson released the tracks online, over the objections of Ms. Rakhmanova. At one point, after the songs were mixed and mastered, Ms. Rakhmanova requested that Mr. Johnson sign a recording contract, to memorialize the joint-authorship and ownership of the tracks, including equal publishing credit. Mr. Johnson refused to sign the contract since, according to the judgement, he intended to claim sole ownership over the three songs. Ms. Rakhmanova withdrew her consent to the release of her melodies and vocal tracks.  By then, however, the track had already been released online.  Mr. Johnson failed to properly account for any revenue or royalties, and did not include proper attribution of Ms. Rakhmanova’s contributions: her picture and name were omitted from certain track names.

Ms. Rakhmanova then launched a series of online communications – through emails, Facebook, Twitter, Instagram accounts and SoundCloud posts – demanding removal of the content, and generally calling out Mr. Johnson for his conduct that, in her view, could be described as “…#stealing“, “infringing of my copyright“, “#piracy” “#plagiarism“, “#Infringement“, “#Illegal“, and characterizing Mr. Johnson as akin to “con artists who shamelessly peddle stolen acappellas“…

In Johnson v. Rakhmanova, 2018 ONSC 5258 (CanLII), the Court reviewed a defamation claim by Mr. Johnson, based on comments of this type. Interestingly, the Court flagged the defamatory elements in the various extracts, specifically highlighting certain hashtags such as “#piracy” “#plagiarism”, “#Infringement”, “#Illegal”. While none of the social media posts consisted of only hashtags (there was always more content included in the post), it is worth noting that, for certain posts, the judge highlighted the hashtag alone as constituting the only defamatory element. This suggests that, in the right context, a well-placed hashtag can constitute a defamatory statement.

A finding of defamation raises a presumption that the words complained of were false, that they were communicated with malice and that the plaintiff suffered damage.  That presumption of falsity is rebutted by the defendant proving truth or justification.  In the end, the Court took the view that most of these defamatory statements were accurate and truthful and therefore justified. And therefore not defamatory. The court dismissed Mr. Johnson’s defamation claim in any event, and awarded costs to Ms. Rakhmanova.

 

Calgary -7:00 MST

No comments

Facebook at the Supreme Court of Canada: forum selection clause is unenforceable

By Richard Stobbe

We just wrote about a dispute resolution clause that was enforceable in the Uber case. Last year, a privacy class action claim landed in the Supreme Curt of Canada (SCC) and I see that we haven’t had a chance to write this one up yet.

In our earlier post ( Facebook Follows Google to the SCC  ) we provided some of the background: The plaintiff Ms. Douez alleged that Facebook used the names and likenesses of Facebook customers for advertising through so-called “Sponsored Stories”.  The claim alleged that Facebook ran the “Sponsored Stories” program without the permission of customers, contrary to of s. 3(2) of the B.C. Privacy Act. The basic question was whether Facebook’s terms (which apply California law) should be enforced in Canada or whether they should give way to local B.C. law. The lower court accepted that, on its face, the Terms of Service were valid, clear and enforceable and the lower court went on to decide that Facebook’s Forum Selection Clause should be set aside in this case, and the claim should proceed in a B.C. court. Facebook appealed that decision: Douez v. Facebook, Inc., 2015 BCCA 279 (CanLII) (See this link to the Court of Appeal decision). The appeal court reversed and decided that the Forum Selection Clause should be enforced. Then the case went up to the SCC.

In Douez v. Facebook, Inc., [2017] 1 SCR 751, 2017 SCC 33 (CanLII), the SCC found that Facebook’s forum selection clause is unenforceable.

How did the court get to this decision?   Um…. hard to say, even for the SCC itself, since there was a 3-1-3 split in the 7 member court, with some judges agreeing on the result, but using different reasoning, making it tricky to find a clear line of legal reasoning to follow.  The court endorsed its own “strong cause” test from Z.I. Pompey Industrie v. ECU-Line N.V., 2003 SCC 27 (CanLII): When parties agree to a jurisdiction for the resolution of disputes, courts will give effect to that agreement, unless the claimant establishes strong cause for not doing so.  Here, the Court tells us that public policy considerations must be weighed when applying the “strong cause” test to forum selection clauses in the consumer context. The public policy factors appear to be as follows:

  • Are we dealing with a consumer contract of adhesion between an individual consumer and a large corporation?
  • Is there a “gross inequality of bargaining power” between the parties?
  • Is there a statutory cause of action, implicating the quasi-constitutional privacy rights? These constitutional and quasi-constitutional rights play an essential role in a free and democratic society and embody key Canadian values, so this will influence the court’s analysis.
  • The court will also assess “the interests of justice” and decide which court is better positioned to assess the purpose and intent of the legislation at issue (as in this case, where there was a statutory cause of action under the BC Privacy Act).
  • Lastly, the court will assess the expense and inconvenience of requiring an individual consumer to litigate in a foreign jurisdiction (California, in this case), compared to the comparative expense and inconvenience to the big bad corporation (Facebook, in this case).

The court noted that, in order to become a user of Facebook, a consumer “must accept all the terms stipulated in the terms of use, including the forum selection clause. No bargaining, no choice, no adjustments.” But wait… Facebook is not a mandatory service, is it?  The fact that a consumer’s decision to use Facebook is entirely voluntary seems to be missing from the majority’s analysis.  A consumer must accept the terms, yes, but there is a clear choice: don’t become a user of Facebook.  That option does not appear to be a factor in the court’s analysis.

The take-home lesson is that forum selection clauses will have to be carefully handled in consumer contracts of adhesion.  It is possible that this decision will be limited to these unique circumstances.

 

Calgary – 07:00 MST

No comments

Privacy Breach … While Jogging Down a Public Path?

.

By Richard Stobbe

An online video shows someone jogging on a public pathway during a 2-second clip. Let me get this straight… does this constitute a breach of privacy rights? According to an Ontario court, the answer is yes.

This is a scenario that is likely repeated every year across the country in a variety of industries. In this case, a real estate developer engaged a video developer to produce a sales video for a residential condominium project. To capture the “lifestyle” of the neighbourhood, the video developer shot footage of local shops, bicycling paths, jogging trails, and other local amenities. In the course of this project, the plaintiff – a jogger – was caught on video, and after editing, a 2-second clip of the plaintiff was included in the final 2-minute promotional video.

Like all video, this one was posted to YouTube, where it lived for 1 week, before being taken down in response to the plaintiff’s complaints.

In Vanderveen v Waterbridge Media Inc., 2017 CanLII 77435 (ON SCSM), the court considered the claim that this clip of the jogger constituted a violation of privacy rights and appropriation of personality rights.   In the analysis, the court considered the tort of “intrusion upon seclusion”, which was designed to provide a remedy for conduct that intrudes upon private affairs where the invasion of privacy is considered “highly offensive”.

The court in this case decided that a 2-second video clip of someone jogging on a public pathway does constitute a “highly offensive” invasion of a person’s private affairs. The plaintiff was awarded $4,000 for the breach of privacy rights and $100 for the appropriation of personality.

Some points to consider:

  • It is unclear why the court did not spend more time considering the issue of “reasonable expectation of privacy”. A number of court decisions have looked at this issue as it relates to video or photography on public beaches, public schools and other public places. This is not a new issue in privacy law, but it appears to have been given short shrift in this decision.
  • The impact of this decision must be put into context: it is an Ontario small claims court decision, so it won’t be binding on other courts. However, it may be referred to in other cases of this type. The decision is unlikely to be appealed considering the amounts at issue, so we probably won’t see a review of the analysis at a higher level of court.
  • Consider the implications of this approach to privacy and personality rights in light of the use of drone footage in making promotional videos – something that is becoming more common as costs lower and access to this technology increases.
  • When entering into contracts for any promotional or marketing collateral – website content, images, video footage, film, advertisements, print materials – both sides should review the terms to confirm who bears the risk of addressing complaints such as this one, and who bears the responsibility for obtaining consents or releases from recognizable individuals who appear in the media content.

 

For advice regarding privacy rights, personality rights, drone law, and video development contracts, contact Field Law.

Calgary – 10:00 MST

No comments

Is there copyright in a screenshot?

.
By Richard Stobbe

Ever wanted to remove something after it had been swallowed up in the gaping maw of the internet? Then you will relate to this story about an individual’s struggle to have certain content deleted from the self-appointed memory banks of the web.

The Federal Court recently rendered a procedural decision in the case of Davydiuk v. Internet Archive Canada and Internet Archive 2016 FC 1313 (for background, visit the Wayback Machine… or see our original post Copyright Implications of a “Right to be Forgotten”? Or How to Take-Down the Internet Archive).

For those who forget the details, this case relates to a long-running plan by Mr. Davydiuk to remove certain adult video content in which he appeared about a dozen years ago. He secured the copyright in the videos and all related material including images and photographs, and went about using copyright to remove the online reproductions of the content. In 2009, he discovered that Internet Archive, a defendant in these proceedings, was hosting some of this video material as part of its web archive collection.  It is Mr. Davydiuk’s apparent goal to remove all of the content from the Internet Archive – not only the video but also associated images, photos, and screenshots taken from the video.

The merits of the case are still to be decided, but the Federal Court has decided a procedural matter which touches upon an interesting copyright question:

When a screenshot is taken from a video, is there sufficient originality for copyright to extend to that screenshot? Or is it a “purely mechanical exercise not capable of copyright protection”?

This case is really about the use of copyright in aid of personal information and privacy goals. The Internet Archive argued that it shouldn’t be obliged to remove material for which there is no copyright. Remember, for copyright to attach to a work, it must be “original”. The Supreme Court of Canada (SCC) has made it clear that:

For a work to be “original” within the meaning of the Copyright Act, it must be more than a mere copy of another work.  At the same time, it need not be creative, in the sense of being novel or unique.  What is required to attract copyright protection in the expression of an idea is an exercise of skill and judgment.  By skill, I mean the use of one’s knowledge, developed aptitude or practised ability in producing the work.  By judgment, I mean the use of one’s capacity for discernment or ability to form an opinion or evaluation by comparing different possible options in producing the work. This exercise of skill and judgment will necessarily involve intellectual effort. The exercise of skill and judgment required to produce the work must not be so trivial that it could be characterized as a purely mechanical exercise.  For example, any skill and judgment that might be involved in simply changing the font of a work to produce “another” work would be too trivial to merit copyright protection as an “original” work. [Emphasis added]

From this, we know that changing font (without more) is NOT sufficient to qualify for the purposes of originality. Making a “mere copy” of another work is also not considered original. For example, an exact replica photo of a photo is not original, and the replica photo will not enjoy copyright protection.  So where does a screenshot fall?

The Internet Archive argued that the video screenshots were not like original photographs, but more like a photo of a photo – a mere unoriginal copy of a work requiring a trivial effort.

On the other side, the plaintiff argued that someone had to make a decision in selecting which screenshots to extract from the original video, and this represented an exercise of sufficient “skill and judgment”.  The SCC did not say that the bar for “skill and judgment” is very high – it just has to be higher than a purely mechanical exercise.

At this stage in the lawsuit, the court merely found that there was enough evidence to show that this is a genuine issue. In other words, the issue is a live one, and it has to be assessed with the benefit of all the evidence. So far, the issue of copyright in a screenshot is still undetermined, but we can see from the court’s reasoning that if there is evidence of the exercise of “skill and judgment” involved in the decision-making process as to which particular screenshots to take, then these screenshots will be capable of supporting copyright protection.

Stay tuned.

 

Calgary – 07:00 MT

No comments

Google v. The Court: Free Speech and IP Rights (Part 2)

 
By Richard Stobbe

Last week, hearings concluded in the important case of Google Inc. v. Equustek Solutions Inc., et al.  The Supreme Court of Canada (SCC) will render its judgment in writing, and the current expectation is that it will clarify the limits of extraterritoriality, and the unique issues of protected expression in the context of IP rights and search engines.

In Part 1, I admonished Google, saying “you’re not a natural person and you don’t enjoy Charter rights.” Some commentators have pointed out that this is too broad, and that’s a fair comment.  Indeed, it’s worth clarifying that corporate entities can benefit from certain Charter rights, and can challenge a law on the basis of unconstitutionality. The Court has also held that freedom of expression under s. 2(b) can include commercial expression, and that government action to unreasonably restrict that expression can properly be the subject of a Charter challenge.

The counter-argument about delimiting corporate enjoyment of Charter rights is grounded in a line of cases stretching back to the SCC’s 1989 decision in Irwin Toy where the court was clear that the term “everyone” in s. 7 of the Charter, read in light of the rest of that section, excludes “corporations and other artificial entities incapable of enjoying life, liberty or security of the person, and includes only human beings”.

Thus, in Irwin Toy and Dywidag Systems v. Zutphen Brothers  (see also: Mancuso v. Canada (National Health and Welfare), 2015 FCA 227 (CanLII)), the SCC has consistently held that corporations do not have the capacity to enjoy certain Charter-protected interests – particularly life, liberty and security of the person – since these are attributes of human beings and not artificial persons such as corporate entities.

It is also worth noting that the Charter is understood to place restrictions on government, but does not provide a right of a corporation to enforce Charter rights as against another corporation. Put another way, one corporation cannot raise a claim that another corporation has violated its Charter rights. While there can be no doubt that a corporation cannot avail itself of the protection offered by section 7 of the Charter, a corporate entity can avail itself of Charter protections related to unreasonable limits on commercial expression, where such limits have been placed on the corporate entity by the government – for example, by a law or regulation enacted by provincial or federal governments.

There is a good argument that the limited Charter rights that are afforded to corporate entities should not extend to permit a corporation to complain of a Charter violation where its “commercial expression” is restricted at the behest of another corporation in the context of an intellectual property infringement dispute.

 

Calgary – 07:00 MT

1 comment

Google v. The Court: Free Speech and IP Rights (Part 1)

 
By Richard Stobbe

Google Inc. v. Equustek Solutions Inc., et al., the long-running case involving a court’s ability to restrict online search results, and Google’s obligations to restrict search results has finally reached the Supreme Court of Canada (SCC). Hearings are proceeding this week, and the list of intervenors jostling for position at the podium is like a who’s-who of free speech advocates and media lobby groups. Here is a list of many of the intervenors who will have representatives in attendance, some of whom have their 10 minutes of fame to speak at the hearing:

  • The Attorney General of Canada,
  • Attorney General of Ontario,
  • Canadian Civil Liberties Association,
  • OpenMedia Engagement Network,
  • Reporters Committee for Freedom of the Press,
  • American Society of News Editors,
  • Association of Alternative Newsmedia,
  • Center for Investigative Reporting,
  • Dow Jones & Company, Inc.,
  • First Amendment Coalition,
  • First Look Media Works Inc.,
  • New England First Amendment Coalition,
  • Newspaper Association of America,
  • AOL Inc.,
  • California Newspaper Publishers Association,
  • Associated Press,
  • Investigative Reporting Workshop at American University,
  • Online News Association and the Society of Professional Journalists (joint as the Media Coalition),
  • Human Rights Watch,
  • ARTICLE 19,
  • Open Net (Korea),
  • Software Freedom Law Centre and the Center for Technology and Society (joint),
  • Wikimedia Foundation,
  • British Columbia Civil Liberties Association,
  • Electronic Frontier Foundation,
  • International Federation of the Phonographic Industry,
  • Music Canada,
  • Canadian Publishers’ Council,
  • Association of Canadian Publishers,
  • International Confederation of Societies of Authors and Composers,
  • International Confederation of Music Publishers and the Worldwide Independent Network (joint) and
  • International Federation of Film Producers Associations.

The line-up at Starbucks must have been killer.

The case has generated a lot of interest, including this recent article (Should Canadian Courts Have the Power to Censor Search Results?) which speaks to the underlying unease that many have with the precedent that could be set and its wider implications for free speech.

You may recall that this case is originally about IP rights, not free speech rights. Equustek sued Datalink Technologies for infringement of the IP rights of Equustek. The original lawsuit was based on trademark infringement and misappropriation of trade secrets. Equustek successfully obtained injunctions prohibiting this infringement. It was Equustek’s efforts at stopping the ongoing online infringement, however, that first led to the injunction prohibiting Google from serving up search results which directed customers to the infringing websites.

It is common for an intellectual property infringer (as the defendant Datalink was in this case) to be ordered to remove offending material from a website. Even an intermediary such as YouTube or another social media platform, can be compelled to remove infringing material – infringing trademarks, counterfeit products, even defamatory materials. That is not unusual, nor should it automatically touch off a debate about free speech rights and government censorship.

This is because the Charter-protected rights of freedom of speech are much different from the enforcement of IP rights.

The Court of Appeal did turn its attention to free speech issues, noting that “courts should be very cautious in making orders that might place limits on expression in another country. Where there is a realistic possibility that an order with extraterritorial effect may offend another state’s core values, the order should not be made.  In the case before us, there is no realistic assertion that the judge’s order will offend the sensibilities of any other nation. It has not been suggested that the order prohibiting the defendants from advertising wares that violate the intellectual property rights of the plaintiffs offends the core values of any nation. The order made against Google is a very limited ancillary order designed to ensure that the plaintiffs’ core rights are respected.”

Thus, the fear cannot be that this order against Google impinges on free-speech rights; rather, there is a broader fear about the ability of any court to order a search engine to restrict certain search results in a way that might be used to restrict free speech rights in other situations.  In Canada, the Charter guarantees that everyone has the right to: “freedom of …expression, including freedom of the press and other media of communication…” It is important to remember that in Canada a corporation is not entitled to guarantees found in Section 7 of the Charter. (See: Irwin Toy Ltd. v. Quebec (Attorney General), 1989 CanLII 87 (SCC), [1989] 1 S.C.R. 927)

So, while there have been complaints that Charter rights have been given short shrift in the lower court decisions dealing with the injunction against Google, it’s worth remembering that Google cannot avail itself of these protections. Sorry Google, but you’re not a natural person and you don’t enjoy Charter rights. [See Part 2 for more discussion on a corporation’s entitlement to Charter protections.]

Although free speech will be hotly debated at the courthouse, the Google case is, perhaps, not the appropriate case to test the limits of free speech. This is a case about IP rights enforcement, not government censorship.

 

Calgary – 07:00 MT

1 comment

Dear CASL: When can I rely on “implied consent”?

.

By Richard Stobbe

Canada’s Anti-Spam Legislation (CASL) is overly complex and notoriously difficult to interpret – heck, even lawyers start to see double when they read the official title of the law (An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act).

The concept of implied consent (as opposed to express consent) is built into the law, and the trick is to interpret when, exactly, a company can rely on implied consent to send commercial electronic messages (CEMs). There are a number of different types of implied consent, including a pre-existing business or non-business relationship, and the so-called “conspicuous publication exemption”.

One recent administrative decision (Compliance and Enforcement Decision CRTC 2016-428 re: Blackstone Learning Corp.) focused on “conspicuous publication” under Section 10(9) of the Act. A company may rely on implied consent to send CEMs where there is:

  1. conspicuous publication of the email address in question,
  2. the email address is not accompanied by a statement that the person does not wish to receive unsolicited commercial electronic messages at the electronic address; and
  3. the message is relevant to the person’s business, role, functions, or duties in a business or official capacity.

In this case, Blackstone Learning sent about 380,000 emails to government employees during 9 separate ad campaigns over a 3 month period in 2014. The case against Blackstone by the CRTC did not dwell on the evidence – in fact, Blackstone admitted the essential facts. Rather, this case focused on the defense raised by Blackstone. The company pointed to the “conspicuous publication exemption” and argued that it could rely on implied consent for the CEMs since the email addresses of the government employees were all conspicuously published online.

However, the company provided very little support for this assertion, and it did not provide back-up related to the other two elements of the defense; namely, that the email addresses were not accompanied by a “no spam” statement, and that the CEMs were relevant to the role or business of the recipients. The CRTC’s decision provides some guidance on implied consent and “conspicuous publication”:

  • The CRTC observed that “The conspicuous publication exemption and the requirements thereof set out in paragraph 10(9)(b) of the Act set a higher standard than the simple public availability of electronic addresses.” In other words, finding an email address online is not enough.
  • First, the exemption only applies if the email recipient publishes the email address or authorizes someone else to publish it. Let’s take the example of a sales rep who might publish his or her email, and also authorize a reseller or distributor to publish the email address. However, the CRTC notes if a third party were to collect and sell a list of such addresses on its own then “this would not create implied consent on its own, because in that instance neither the account holder nor the message recipient would be publishing the address, or be causing it to be published.”
  • The decision does not provide a lot of context around the relevance factor, or how that should be interpreted. CRTC guidance provides some obvious examples – an email advertising how to be an administrative assistant is not relevant to a CEO.  In this case, Blackstone was advertising courses related to technical writing, grammar and stress management. Arguably, these topics might be relevant to a broad range of people within the government.
  • Note that the onus of proving consent, including all the elements of the “conspicuous publication exception”, rests with the person relying on it. The CRTC is not going to do you any favours here. Make sure you have accurate and complete records to show why this exemption is available.
  • Essentially, the email address must “be published in such a manner that it is reasonable to infer consent to receive the type of message sent, in the circumstances.” Those fact-sepecific circumstances, of course, will ultimately be decided by the CRTC.
  • Lastly, the company’s efforts at compliance may factor into the ultimate penalty. Initially, the CRTC assessed an administrative monetary penalty (AMP) of $640,000 against Blackstone. The decision noted that Blackstone’s correspondence with the Department of Industry showed the “potential for self-correction” even if Blackstone’s compliance efforts were “not particularly robust”. These compliance efforts, among other factors, convinced the commission to reduce the AMP to $50,000.

As always, when it comes to CEMs, an ounce of CASL prevention is worth a pound of AMPs. Get advice from professionals about CASL compliance.

See our CASL archive for more background.

Calgary 07:00 MST

No comments

Copyright and the Creative Commons License

 

By Richard Stobbe

There are dozens of online photo-sharing platforms. When using such photo-sharing venues, photographers should take care not to make the same mistake as Art Drauglis, who posted a photo to his online account through the photo-sharing site Flickr, and then discovered that it had been published on the cover of someone else’s book. Mr. Drauglis made his photo available through a Creative Commons CC BY-SA 2.0 license, which permitted reproduction of his photo, even for commercial purposes.

You might be surprised to find out how much online content is licensed through the “Creative Commons” licensing regime. According to recent estimates, adoption of Creative Commons (CC) has expanded from 140 million licensed works in 2006, to over 1 billion today, including hundreds of millions of images and videos.

In the decision in Drauglis v. Kappa Map Group LLC (U.S. District Court D.C., cv-14-1043, Aug. 18, 2015), the federal court acknowledged that, under the terms of the CC BY-SA 2.0 license, the photo was licensed for commercial use, so long as proper attribution was given according to the technical requirements in the license. The court found that Kappa Map Group complied with the attribution requirements by listing the essential information on the back cover. The publisher’s use of the photo did not exceed the scope of the CC license; the copyright claim was dismissed.

There are several flavours of CC license:

  • The Attribution License (known as CC BY)
  • The Attribution-ShareAlike License (CC BY-SA)
  • The Attribution-NoDerivs License (CC BY-ND)
  • The Attribution-NonCommercial License (CC BY-NC)
  • The Attribution-NonCommercial-ShareAlike License (CC BY-NC-SA)
  • The Attribution-NonCommercial-NoDerivs License (CC BY-NC-ND)
  • Lastly, a so-called Public Domain (CC0) designation permits the owner of a work to make it available with “No Rights Reserved”, essentially waiving all copyright claims.

Looks confusing? Even within these categories, there are variations and iterations. For example, there is a version 1.0, all the way up to version 4.0 of each license. The licenses are also translated into multiple languages.

Remember: “available on the internet” is not the same as “free for the taking”. Get advice on the use of content which is made available under any Creative Commons license.

Calgary – 07:00 MST

No comments

Social Media Defamation: the #creeper decision

By Richard Stobbe

A dispute between suburban neighbours escalated and spilled over into social media when one of the neighbours vented on Facebook. The Facebook posts suggested that the plaintiff was a “nutter” and a “creep” who deployed a system of cameras and mirrors to keep the defendant’s backyard and young children under 24-hour surveillance. There was no evidence of any such system. Once the initial comments were posted, they were widely disseminated among the defendant’s 2,000 Facebook “friends” and potentially viewed by any Facebook users due to the “public” settings on the defendant’s Facebook account.

This in turn prompted other comments from the defendant’s Facebook “friends” such as a “pedo”, “#creeper”, “nutter”, “freak” (and more). After about 27 hours, the posts were deleted from the defendant’s account, but by then the same posts had propagated through other Facebook pages ; the court noted dryly that “The phrase ‘gone viral’ would seem to be an apt description.”

The plaintiff, a middle school teacher, was obviously concerned that the posts, as published, could cause him among other things to lose his job or face disciplinary action at his place of employment.

In Pritchard v. Van Nes, 2016 BCSC 686 (CanLII), the court noted that the social media posts constituted attacks on the plaintiff’s character which “were completely false and unjustified. [The plaintiff] has, as a consequence of the defendant’s thoughtless, reckless actions, suffered serious damage to his reputation, and for the reasons set out herein he is entitled to a substantial award of damages.”

The court awarded general damages for defamation of $50,000 and additional punitive damages of $15,000, plus costs.

(See our Defamation Archive)

Calgary – 07:00 MST

No comments

Facebook Follows Google to the SCC

 

By Richard Stobbe

A class action case against Facebook (see our previous posts for more background) is heading to the Supreme Court of Canada.

The BC Court of Appeal in Douez v. Facebook, Inc., 2015 BCCA 279 (CanLII)  had reviewed the question of whether the Facebook terms (which apply California law) should be enforced in Canada or whether they should give way to local B.C. law. The appeal court reversed the trail judge and decided that the Facebook’s forum selection clause should be enforced.

Facebook now joins Google, whose own internet jurisdiction is also going up to the Supreme Court of Canada this year.

These are two cases to watch.

Calgary – 07:00 MT

 

1 comment

CASL Enforcement (Part 1)

.
By Richard Stobbe

Since July 1, 2014, Canada’s Anti-Spam Law (or CASL) has been in effect, and the software-related rules have been in force since January 15, 2015.

With the benefit of hindsight, we can see a few patterns emerge from the efforts by the enforcement trifecta: the Privacy Commissioner of Canada, the CRTC and the Competition Bureau. (For background, see our earlier posts) What follows is a round-up of some of the most interesting and instructive enforcement actions:

  • March 2015 – A notice of violation was issued by the Competition Bureau to 3510395 Canada Inc. (dba Compu.Finder) with an accompanying administrative monetary penalty of $1,100,000 for sending commercial electronic messages without the consent and for commercial electronic messages which contained an ineffective unsubscribe mechanism in violation of CASL.
  • March 2015 – A penalty of $48,000 was levied against Plentyoffish Media Inc. as part of an undertaking concerning an alleged CASL violation related to an unsubscribe mechanism that was not set out “clearly and prominently” and was not able to be “readily performed”.
  • March 2015 – The Competition Bureau commenced action against Avis Budget Group Inc. for deceptive marketing practices, seeking $30 million in administrative monetary penalties from the companies, and refunds for consumers. The Bureau took action under CASL since Avis and Budget used electronic messages to disseminate the alleged false or misleading representations.
  • June 2015 – Porter Airlines Inc. paid $150,000 as part of an undertaking concerning certain CASL violations that were very similar to those which caught Plentyoffish. The Porter allegations related to commercial electronic messages that contained an unsubscribe mechanism that was not set out “clearly and prominently”, or that were missing an unsubscribe mechanism.
  • November 2015 – Similarly, Rogers Media paid $200,000 as part of a CASL investigation into commercial electronic messages that either contained an unsubscribe mechanism that was not able to be “readily performed”, that did not enable the person to indicate their wish to no longer receive messages or that did not provide an electronic address for the purposes of unsubscribing that was valid for a period of 60 days after the message was sent.
  • This certainly points to the more technical risks of poorly implemented unsubscribe features, rather than underlying gaps in consent. Perhaps this is because heavy enforcement action related directly to consent is still to come. Implied consent can be relied upon during a three-year transitional period. After that window closes, expect enforcement to focus on failures of consent.

    To put this all in perspective, consider enforcement of other laws within the CRTC mandate: in 2014 the CRTC did not issue any notices of violation of CASL, but issued 10 notices of violation related to the Unsolicited Telecommunications Rules and the National Do Not Call List (DNCL); in 2015 the CRTC issued 1 notice of violation of CASL and about 20 related to the Do Not Call List.

    Calgary – 07:00 MT

    1 comment

    Copyright Act confers no rights upon animals

    .
    By Richard Stobbe

    Naruto the monkey must abandon his budding photography career and go back to using his opposable thumbs towards some other end. To bring the monkey-selfie case to a close, the US District Court outlined its careful reasoning for rejecting the copyright claims of Naruto, a six-year-old crested macaque. (If you missed the background story, see our earlier post.)

    The decision in Naruto v. Slater (US District Court No. Calif. Case 15-cv-04324-WHO) is, if nothing else, a study in restraint. The judge reviews cases involving other non-human claimants, such as the 2004 decision dealing with a claim advanced on behalf of the world’s whales, porpoises, and dolphins, regarding violations of the US Endangered Species Act.

    In its final analysis, the court concluded: “Naruto is not an ‘author’ within the meaning of the Copyright Act. Next Friends argue that this result is ‘antithetical’ to the ‘tremendous [public] interest in animal art.’ Perhaps. But that is an argument that should be made to Congress and the President, not to me. The issue for me is whether Next Friends have demonstrated that the Copyright Act confers standing upon Naruto. In light of the plain language of the Copyright Act, past judicial interpretations of the Act’s authorship requirement, and guidance from the Copyright Office, they have not.”

    Calgary – 07:00 MT

    No comments

    Online Defamation: Linking and Liking

    .
    By Richard Stobbe

    Defamatory content on the internet?? Throw a metaphorical rock into the ether and you’ll hit something that meets the definition of defamatory content. In order to establish a claim for defamation, a plaintiff must establish that:
    (a) the words are defamatory, in the sense that they would tend to lower the plaintiff’s reputation in the eyes of a “reasonable person”;
    (b) the words refer to the plaintiff; and
    (c) the words were published, in the sense that they were communicated to at least one person other than the plaintiff.

    In Canada, this is the same basic test whether the medium is an old-school print newspaper, a neighbourhood newsletter, a personal blog, or an online comments section. While defamation can be difficult to establish, the law appears to have settled on a few rules around linking to allegedly defamatory content. Two recent U.S. cases addressed this issue, and U.S. commentators have even pointed back for guidance to a watershed Canadian case from 2011 (which we wrote about here).

    In Life Designs Ranch Inc. v. Sommer the court reaffirmed that linking to defamatory content does not, by itself, constitute a publication of that content: “…a URL is not qualitatively different from a mere reference. Therefore, we hold Mr. Sommer did not republish allegedly defamatory material when he posted on his website: ‘For more info click or cut and paste the link ….’ ”

    Going one step further, what if the link is more than just a link? The court in Slozer and Donches v Slattery reviewed a situation where the defamatory content was linked in a post, and then that post was “Liked” on Facebook by the defendant. The court said: “…by providing a link to the challenged posting, without reiterating the content of that posting did not initiate a republication. Her motivations and her designation of the link with a “like” as alleged by Appellants, is not equivalent to a reiteration of the defamatory content as to constitute republication.”

    Calgary – 10:00 MT

    No comments

    Two Privacy Class Actions: Facebook and Apple (Part 2)

    Courtesy of Apple

    By Richard Stobbe

    In Part 1, we looked at the B.C. decision in Douez v. Facebook, Inc.

    Another proposed privacy class action was heard in the B.C. court a few months later: Ladas v. Apple Inc., 2014 BCSC 1821 (CanLII).

    This was a claim by a representative plaintiff, Ms. Ladas, alleging that Apple breached the customer’s right to privacy under the Privacy Act (B.C.), since iOS 4 records the location of the “iDevice” (that’s the term used by the court for any Apple-branded iOS products) by surreptitiously recording and storing locational data in unencrypted form which is “accessible to Apple”. The claim did not assert that this info was transmitted to Apple, merely that it was “accessible to Apple”. This case involved a different section of the Privacy Act (B.C.) than the one claimed in Douez.

    The Ladas claim, curiously, referred to a number of public-sector privacy laws as a basis for the class action, and the court dismissed these claims as providing no legal basis. The court did accept that there was a basis for a claim under the Privacy Act (B.C.) and similar legislation in 3 other provinces. However, the claim fell down on technical merit. It did not meet all of the requirements under the Class Proceedings Act: specifically, the court was not convinced that there was an “identifiable class” of 2 or more persons, and did not accept there were “common issues” among the proposed class members (assuming there was an identifiable class).

    Thus, the class action was not certified. It was dismissed without leave to amend the pleadings.

    Apple’s iOS software license agreement did not come into play, since the claim was dismissed on other grounds. If the claim had proceeded far enough to consider the iOS license, then it would surely have faced the same defences raised by Facebook in Douez. As the judgement noted: Apple argued that “every time a user updates the version of iOS running on the user’s iDevice, the user is prompted to decide whether the user wants to use Location Services by accepting the terms of Apple’s software licensing agreement. Apple relies on users taking such steps in its defence of the plaintiff’s claims. The legal effect of a user clicking on “consent” or “allow” or “ok” or “I agree” would be an issue on the merits in this action.”

    Any test of Apple’s license agreement will have to wait for another day.

    Calgary – 07:00 MST

    No comments

    Two Privacy Class Actions: Facebook and Apple

    By Richard Stobbe

    Two privacy class actions earlier this year have pitted technology giants Facebook Inc. and Apple Inc. against Canadian consumers who allege privacy violations. The two cases resulted in very different outcomes.

    First, the Facebook decision: In Douez v. Facebook, Inc., 2014 BCSC 953 (CanLII), the court looked at two basic questions:

    1. Do British Columbian users of social media websites run by a foreign corporation have the protection of BC’s Privacy Act, R.S.B.C. 1996, c. 373?
    2. Do the online terms of use for social media override these protections?

    The plaintiff Ms. Douez alleged that Facebook used the names and likenesses of Facebook customers for advertising through so-called “Sponsored Stories”.  The claim alleges that Facebook ran the “Sponsored Stories” program without the permission of customers, contrary to of s. 3(2) of the B.C. Privacy Act which says:

    “It is a tort, actionable without proof of damage, for a person to use the name or portrait of another for the purpose of advertising or promoting the sale of, or other trading in, property or services, unless that other, or a person entitled to consent on his or her behalf, consents to the use for that purpose.”

    Interestingly, this Act was first introduced in B.C. in 1968, even before the advent of the primitive internet in 1969 .

    Facebook argued that its Terms of Use precluded any claim in a B.C. court, due to the “Forum Selection Clause” which compels action in the State of California. The court accepted that, on its face, the Terms of Service were valid, clear and enforceable. However, the court went on to decide that the B.C. Privacy Act establishes unique claims and specific jurisdiction. The Act mandates that claims under it “must be heard and determined by the Supreme Court” in British Columbia. This convinced the court that Facebok’s Forum Selection Clause should be set aside in this case, and the claim should proceed in a B.C. court.

    The class action was certified. Facebook has appealed. Stay tuned.

    Next up, the Apple experience.

    Calgary – 07:00 MST

    No comments

    CASL 2.0: The Computer Program Provisions (Part 2)

    By Richard Stobbe

    In Part 1 we looked at some basic concepts. In Part 2, we look at “enhanced disclosure” requirements.

    If the computer program that is to be installed performs one or more of the functions listed below, the person who seeks express consent must disclose additional information. This disclosure must be made “clearly and prominently, and separately and apart from the licence agreement”. In this additional or enhanced disclosure, the software vendor must describe the program’s “material elements” including the nature and purpose of the program, and the impact on the user’s computer system. A software vendor must bring this info to the attention of the user. This applies if you, as the software vendor, want to install a program that does any of the following things, and causes the computer system to operate in a manner that “is contrary to the reasonable expectations of the owner”. (You have to guess at the reasonable expectations of the user.) These are the functions that the legislation is aimed at:

    • collecting personal information stored on the computer system;
    • interfering with the owner’s or an authorized user’s control of the computer system;
    • changing or interfering with settings, preferences or commands already installed or stored on the computer system without the knowledge of the owner or an authorized user of the computer system;
    • changing or interfering with data that is stored on the computer system in a manner that obstructs, interrupts or interferes with lawful access to or use of that data by the owner or an authorized user of the computer system;
    • causing the computer system to communicate with another computer system, or other device, without the authorization of the owner or an authorized user of the computer system;
    • installing a computer program that may be activated by a third party without the knowledge of the owner or an authorized user of the computer system.

    If the computer program or app that you, as the software vendor, want to install does any of these things, then you need to comply with the enhanced disclosure obligations, as well as get express consent.

    There are some exceptions: A user is considered to have given express consent if the program is

    • a cookie,

    • HTML code,

    • Java Scripts,

    • an operating system,

    • any other program that is executable only through the use of another computer program whose installation or use the person has previously expressly consented to, or

    • a program that is necessary to correct a failure in the operation of the computer system or a program installed on it and is installed solely for that purpose; AND

    • the person’s conduct is such that it is reasonable to believe that they consent to the program’s installation.

    Remember: These additional provisions in CASL which deal with the installation of software come into effect on January 15, 2015, in less than 3 months. An offence under CASL can result in monetary penalties as high as $1 million for individuals and $10 million for businesses.

    If you are a software vendor selling in Canada, get advice on the implications for automatic installs and updates, and how to structure consents, whether this is for business-to-business, business-to-consumer, or mobile apps. There are already more than 1,000 complaints under the anti-spam provisions of the law. You don’t want to be the test case for the computer program provisions.

    Calgary – 07:00 MST

    No comments

    What, exactly, is a browsewrap?

    By Richard Stobbe

    Browsewrap, clickwrap, clickthrough, terms of use, terms of service, EULA. Just what are we talking about and how did we get here?

    In Nguyen v. Barnes & Noble, Inc., 2014 WL 4056549 (9th Cir. Aug. 18, 2014) the US Ninth Circuit wades into the subject of online contracting. Law professor Eric Goldman (ericgoldman.org) argues that these terms we’re accustomed to using, to describe ecommerce agreements, only contribute to the confusion. The term “browsewrap” derives from “clickwrap”, which is itself a portmanteau derived from the concept of a shrinkwrap license. As one court described it in 1996: “The ‘shrinkwrap license’ gets its name from the fact that retail software packages are covered in plastic or cellophane shrink wrap, and some vendors… have written licenses that become effective as soon as the customer tears the wrapping from the package.”

    The enforceability of a browsewrap – it is argued – is based not on clicking, but on merely browsing the webpage in question. However, the term browsewrap is often used in the context of an online retailer hoping to enforce its terms, in a situation where they should have used a proper click-through agreement.

    In Nguyen, the court dealt with a claim by a customer who ordered HP TouchPad tablets from the Barnes & Noble site. Although the customer entered an order through the shopping cart system, Barnes & Noble later cancelled that order. The customer sued. The resulting litigation turned on the enforceability of the online terms of service (TOS). The court reviewed the placement of the TOS link and found a species of unenforceable browsewrap – the TOS link was somewhere near the checkout button, but completion of the sale was not conditional upon acceptance of the TOS.

    There is a whole spectrum upon which online terms can be placed. At one end, a click-the-box agreement (in which completion of the transaction is conditional upon acceptance of the TOS) is generally considered to be valid and enforceable. At the other end, we see passive terms that are linked somewhere on the website, usually from the footer, sometimes hovering near the checkout or download button.  In Nguyen, the terms were passive and required no active step of acceptance. The court concluded that: “Where a website makes its terms of use available via a conspicuous hyperlink on every page of the website but otherwise provides no notice to users nor prompts them to take any affirmative action to demonstrate assent, even close proximity of the hyperlink to relevant buttons users must click on —without more — is insufficient…”

    This leaves open the possibility that browsewrap terms (where no active step is required) could be enforceable if the user has notice (actual or constructive) of those terms.

    In Canada, the concept was most recently addressed by the court in Century 21 Canada Limited Partnership v. Rogers Communications Inc., 2011 BCSC 1196 (CanLII). In that case, there was no active click-the-box terms of use, but the “browsewrap” terms were nevertheless upheld as enforceable, in light of the circumstances. Three particular factors convinced the court that it should uphold the terms: 1. the dispute did not involve a business-to-consumer dispute (as it did in Nguyen). Rather the parties were “sophisticated commercial entities”. 2. The defendants had actual notice of the terms. 3. The defendants employed similar terms on their own site.

    The lessons for business?

    The “browsewrap” is a passive attempt to impose terms on a site visitor or customer. Such passive terms should not be employed where the party seeking to enforce those terms requires certainty of enforceability. Even where there is a “conspicuous hyperlink” or “notice to users” or “close proximity of the hyperlink”, none of these factors should be relied upon, even if they might create an enforceable contract in special cases. Maybe it is time to retire the term “browsewrap” and replace it with “probably unenforceable”.

    Now, do you still want to rely on a browsewrap agreement?

    Related Reading: Online Terms – What Works, What Doesn’t

    Calgary – 07:00 MST

    1 comment

    Ownership of Photograph by Employee

    By Richard Stobbe

    While our last post dealt with the creation of photographs and other works of authorship by primates, robots and divine beings, this story is a little more grounded in facts that you might see in the average work day.

    When an employee takes a photograph, who owns copyright in the image?

    In Mejia v. LaSalle College International Vancouver Inc., 2014 BCSC 1559, a BC court reviewed this question in the context of an employment-related complaint (there were other issues including wrongful dismissal and defamation which we won’t go into). Here, an instructor at LaSalle College in Vancouver took a photograph, and later alleged that the college infringed his copyright in the picture after he discovered that it was being used on LaSalle’s Facebook page.

    The main issue was whether the picture was taken in the course of employment. The instructor argued that the photograph was taken during his personal time, on his own camera. He tendered evidence from camera metadata to establish the details of the camera, time and date. He argued that s. 13(3) of the Copyright Act did not apply because he was not employed to take photos. He sought $20,000 in statutory damages. The college argued that the photo was taken of students in the classroom and was within the scope of employment, and copyright would properly belong to the college as the employer, under s. 13(3) of the Act.

    The court, after reviewing all of this, decided that the instructor was not hired as a photographer. While an instructor could engage in a wide variety of activities during his employment activities, the court decided that “the taking of photographs was not an activity that was generally considered to be within the duties of the plaintiff instructor, and there was no contractual agreement that he do so.” It was, in short, not connected with the instructor’s employment. In the end, the photograph was not made in the course of employment. Therefore, under s. 13(1) of the Copyright Act, the instructor was the first owner of copyright, and the college was found to have infringed copyright by posting it to Facebook.

    Calgary – 07:00 MST

    No comments

    Online Terms – What Works, What Doesn’t

    By Richard Stobbe

    The online fine print – those terms and conditions that you agree to when you buy something online – it really does matter where those terms are placed in the checkout process. A recent US case illustrates this point. In Tompkins v. 23andMe, Inc., 2014 WL 2903752 (N.D. Cal. June 25, 2014), the court dealt with an online checkout process for DNA testing kits sold by 23andMe. When completing a purchase, customers were not presented with any mandatory click-through screen for the transaction to complete. There was a passive link at the footer of the transaction page, something the court dismissed as a “browsewrap”, which was ineffective to bind the customers. In other words, the Terms of Service were not effective at that point in the transaction.

    In order to obtain test results, however, customers were obliged to register and create an account with 23andMe. In this (post-sale) registration process, a mandatory click-through screen was presented to customers, not once but twice. The court decided that this second step was valid to bind the customers who purchased the DNA testing kits.

    While this shows that courts can take a position that is sympathetic to online retailers, this should not be taken as an endorsement of this contracting process. In my view, the better approach would be to push customers through a mandatory click-through screen at both stages. This is particularly so in a case like 23andMe, where the first transaction is for sale of a product (the kit) and the second step relates to a service (processing test results). The two, of course, are intertwined, but the double click-through reduces risk and plugs the holes left by the single click-through. For example, a customer may buy a kit and never create an account, or use a kit without have purchased it. As the court notes: “it is possible for a customer to buy a DNA kit, for example, as a gift for someone else, so that the purchasing customer never needs to create an account or register the kit, and thus is never asked to acknowledge the TOS.”

    We can speculate on why the click-through appeared at the second account-creation step, and not the first kit-purchasing step. Sometimes, the purchasing process is modified over time due to changes in marketing or sales strategies. Perhaps the company broke a unified transaction process, which ended with account-creation, into two separate steps after market research or customer feedback. When something like this happens, it is important to repeat the legal review, to ensure compliance with e-commerce best practices.

    Calgary – 07:00 MST

    No comments

    Next Page »