By Richard Stobbe

As a follow-up to our earlier post about Copyright in House Plans, an class action case is proceeding in Ontario on the subject of ownership of copyright in survey plans (See:  Ontario land surveyors can sue land registry managers for copyright infringement, court says).

In the course of their work, land surveyors in Ontario prepare a survey document, and that document is routinely scanned into the province’s land registry database. Copies of survey documents can be ordered from the registry for a fee. The Ontario Court of Appeal has certified a class action which permits the province’s land surveyors to continue their copyright lawsuit against Teranet Inc., the manager of the land registry system. The case is Keatley Surveying Ltd. v. Teranet (Case No. cv-10-414169).

Calgary – 07:00 MST

–

By Richard Stobbe

When a copyright owner suspects online infringement, but lacks evidence of the identity of the alleged infringers, it can seek an order to disclose those details. Canadian law is clear that “A court order is required in every case as a condition precedent to the release of subscriber information.”

A Norwich order is a “litigation tool requiring non-parties to a litigation to be subject to discovery or being compelled to provide information.” In a recent case, Voltage Pictures LLC v. John Doe, 2014 FC 161, a decision released in February, 2015, this tool was used by the Plaintiff (Voltage) to obtain the names and addresses of some 2,000 subscribers of an ISP known TekSavvy Solutions Inc.

Teksavvy said it would only disclose subscriber information if Voltage obtained a court order compelling disclosure. Voltage did obtain its so-called Norwich order, and Teksavvy was compelled to release subscriber information to Voltage, with some controls.

Then Voltage and Teksavvy argued about who should bear the costs for correlating and compiling the subscriber info. The resulting court opinion in Voltage Pictures LLC v. Teksavvy Solutions Inc. 2015 FC 339, makes for interesting reading (if you’re into this sort of thing) regarding best practices for copyright owners and ISPs to manage costs:

• The copyright owner should first ascertain, in advance “with clarity and precision”, the method used by the ISP to correlate IP addresses with subscriber information, and the investment in time and costs based on a hypothetical number of IP addresses. In other words, the copyright owner should ask the ISP: “What methods do you use, how long would it take and how much would it cost if we wanted you to correlate 100 or 1000 IP addresses?”
• Next, the copyright owner and ISP should agree on these timelines and costs in advance (in writing if possible) before the copyright owner files and serves its motion for a Norwich order.
• For smaller ISPs, the copyright owner should not make the assumption that the smaller ISP will handle IP address and subscriber info in the same way as larger ISPs, where such processes are likely automated.

 

Calgary – 07:00 MST

 

–

By Richard Stobbe 

They say the internet never forgets. From time to time, someone wants to challenge that dictum.

In our earlier posts, we discussed the so-called “right to be forgotten” in connection with a Canadian trade-secret misappropriation and passing-off case and an EU privacy case. In a brief ruling in October, the Federal Court reviewed a copyright claim that fits into this same category. In Davydiuk v. Internet Archive Canada, 2014 FC 944 (CanLII), the plaintiff sought to remove certain pornographic films that were filmed and posted online years earlier. By 2009, the plaintiff had successfully pulled down the content from the original sites on which the content had been hosted. However, the plaintiff discovered that the Internet Archive’s “Wayback Machine” had crawled and retained copies of the content as part of its archive.

If you’re not familiar with the Wayback Machine, here is the court’s description: “The ‘Wayback Machine’ is a collection of websites accessible through the websites ‘archive.org’ and ‘web.archive.org’. The collection is created by software programs known as crawlers, which surf the internet and store copies of websites, preserving them as they existed at the time they were visited. According to Internet Archive, users of the Wayback Machine can view more than 240 billion pages stored in its archive that are hosted on servers located in the United States. The Wayback Machine has six staff to keep it running and is operated from San Francisco, California at Internet Archive’s office. None of the computers used by Internet Archive are located in Canada.”

The plaintiff used copyright claims to seek the removal of this content from the Internet Archive servers, and these efforts included DMCA notices in the US. Ultimately unsatisfied with the results, the plaintiff commenced an action in Federal Court in Canada based on copyrights. The Internet Archive disputed that Canada was the proper forum: it argued that California was more appropriate since all of the servers in question were located in the US and Internet Archive was a California entity.

Since Internet Archive raised a doctrine known as “forum non conveniens”, it had to convince the court that the alternative forum (California) was “clearly more appropriate” than the Canadian court. It is not good enough to simply that there is an appropriate forum elsewhere, rather the party making this argument has to show that clearly the other forum is more appropriate, fairer and more efficient. The Federal Court was not convinced, and it concluded that there was a real and substantial connection to Canada. The case will remain in Canadian Federal Court. A few interesting points come out of this decision:

1. This is not a privacy case. It turns upon copyright claims, since the plaintiff in this case had acquired the copyrights to the original content. Nevertheless, the principles in this case (to determine which court is the proper place to hear the case) could be applied to any number of situations, including privacy, copyright or personality rights.
2. Interestingly, the fact that the plaintiff had used American DMCA notices did not, by itself, convince the court that the US was the best forum for this case.
3. The court looked to a recent trademark decision (Homeaway.com Inc. v. Hrdlicka) to show that a trademark simply appearing on the computer screen in Canada constituted use and advertising in Canada for trademark law purposes. Here, accessing the content in Canada from servers located in the US constituted access in Canada for copyright purposes.
4. While some factors favoured California, and some favoured Canada, the court concluded that California was not clearly more appropriate. This shows there is a first-mover advantage in commencing the action in the preferred jurisdiction.  

Get advice on internet copyright claims by contacting our Intellectual Property & Technology Group.

Calgary – 07:00 MST

 

By Richard Stobbe

The made-in-Canada notice-and-notice provisions are coming in January, 2015. 

You may recall that in June 2012 the Copyright Modernization Act was passed by Parliament. Portions of the new copyright law came into force in November 2012, while the so-called notice-and-notice procedures were held back, to give the government time to consider regulations. (See: New Copyright Act Becomes Law… In Part) Through an Order in Council, the government has elected to proceed without regulations.

The new provisons legally require Internet intermediaries, such as ISPs and website hosts, to take certain actions upon receiving a notice of alleged infringement from a copyright owner.

Specifically, ISPs and hosts are required to forward notices, sent by copyright owners, to users whose Internet address has been identified as being the source of possible infringement. The intermediary must also inform the copyright owner once the notice has been sent.

The Copyright Modernization Act sets clear rules on the content of these notices. Specifically, they must be in writing and state the claimant’s name and address, identify the material allegedly being infringed and the claimant’s right to it, as well as specify the infringing activity, the date and time of the alleged activity, and the electronic address associated with the incident.

Related Reading: Government Backgrounder

Calgary – 07:00 MST

–

By Richard Stobbe

The CRTC has released guidelines on the implementation of the incoming computer-program provisions of Canada’s Anti-Spam Law (CASL). Software vendors should review the  CASL Requirements for Installing Computer Programs for guidance on installing software on other people’s computer systems. Remember, the start-date of January 15, 2015 is less than 2 months away. Here are a few highlights:

• CASL prohibits the installation of software to another person’s computing computer – which includes any device, laptop, smartphone, desktop, gaming console, etc.) in the course of commercial activity without express consent;
• Downloading your own app from iTunes or Google Play? CASL does not apply to software, apps or updates that are downloaded by users themselves; 
• Maybe you still use a CD to install software? CASL does not apply to “offline” installations by a user;
• Where implied consent cannot be relied upon, then express consent is required. The guidelines state the following:

“When seeking consent for the installation you must clearly and simply set out:

1. The reason you are seeking consent;
2. Who is seeking consent (e.g., name of the company; or if consent is sought on behalf of another person, that person’s name);
3. If consent is sought on behalf of another person, a statement indicating which person is seeking consent and which person on whose behalf consent is being sought;
4. The mailing address and one other piece of contact information (i.e., telephone number, email address, or Web address);
5. A statement indicating that the person whose consent is sought can withdraw their consent; and
6. A description in general terms of the functions and purpose of the computer program to be installed.”  

 

Calgary – 07:00 MST

–

By Richard Stobbe

In Part 1, we looked at the B.C. decision in Douez v. Facebook, Inc.

Another proposed privacy class action was heard in the B.C. court a few months later: Ladas v. Apple Inc., 2014 BCSC 1821 (CanLII).

This was a claim by a representative plaintiff, Ms. Ladas, alleging that Apple breached the customer’s right to privacy under the Privacy Act (B.C.), since iOS 4 records the location of the “iDevice” (that’s the term used by the court for any Apple-branded iOS products) by surreptitiously recording and storing locational data in unencrypted form which is “accessible to Apple”. The claim did not assert that this info was transmitted to Apple, merely that it was “accessible to Apple”. This case involved a different section of the Privacy Act (B.C.) than the one claimed in Douez.

The Ladas claim, curiously, referred to a number of public-sector privacy laws as a basis for the class action, and the court dismissed these claims as providing no legal basis. The court did accept that there was a basis for a claim under the Privacy Act (B.C.) and similar legislation in 3 other provinces. However, the claim fell down on technical merit. It did not meet all of the requirements under the Class Proceedings Act: specifically, the court was not convinced that there was an “identifiable class” of 2 or more persons, and did not accept there were “common issues” among the proposed class members (assuming there was an identifiable class).

Thus, the class action was not certified. It was dismissed without leave to amend the pleadings.

Apple’s iOS software license agreement did not come into play, since the claim was dismissed on other grounds. If the claim had proceeded far enough to consider the iOS license, then it would surely have faced the same defences raised by Facebook in Douez. As the judgement noted: Apple argued that “every time a user updates the version of iOS running on the user’s iDevice, the user is prompted to decide whether the user wants to use Location Services by accepting the terms of Apple’s software licensing agreement. Apple relies on users taking such steps in its defence of the plaintiff’s claims. The legal effect of a user clicking on “consent” or “allow” or “ok” or “I agree” would be an issue on the merits in this action.”

Any test of Apple’s license agreement will have to wait for another day.

Calgary – 07:00 MST

–

By Richard Stobbe

Two privacy class actions earlier this year have pitted technology giants Facebook Inc. and Apple Inc. against Canadian consumers who allege privacy violations. The two cases resulted in very different outcomes.

First, the Facebook decision: In Douez v. Facebook, Inc., 2014 BCSC 953 (CanLII), the court looked at two basic questions:

1. Do British Columbian users of social media websites run by a foreign corporation have the protection of BC’s Privacy Act, R.S.B.C. 1996, c. 373?
2. Do the online terms of use for social media override these protections?

The plaintiff Ms. Douez alleged that Facebook used the names and likenesses of Facebook customers for advertising through so-called “Sponsored Stories”.  The claim alleges that Facebook ran the “Sponsored Stories” program without the permission of customers, contrary to of s. 3(2) of the B.C. Privacy Act which says:

“It is a tort, actionable without proof of damage, for a person to use the name or portrait of another for the purpose of advertising or promoting the sale of, or other trading in, property or services, unless that other, or a person entitled to consent on his or her behalf, consents to the use for that purpose.”

Interestingly, this Act was first introduced in B.C. in 1968, even before the advent of the primitive internet in 1969 .

Facebook argued that its Terms of Use precluded any claim in a B.C. court, due to the “Forum Selection Clause” which compels action in the State of California. The court accepted that, on its face, the Terms of Service were valid, clear and enforceable. However, the court went on to decide that the B.C. Privacy Act establishes unique claims and specific jurisdiction. The Act mandates that claims under it “must be heard and determined by the Supreme Court” in British Columbia. This convinced the court that Facebok’s Forum Selection Clause should be set aside in this case, and the claim should proceed in a B.C. court.

The class action was certified. Facebook has appealed. Stay tuned.

Next up, the Apple experience.

Calgary – 07:00 MST

–

By Richard Stobbe

In Part 1 we looked at some basic concepts. In Part 2, we look at “enhanced disclosure” requirements.

If the computer program that is to be installed performs one or more of the functions listed below, the person who seeks express consent must disclose additional information. This disclosure must be made “clearly and prominently, and separately and apart from the licence agreement”. In this additional or enhanced disclosure, the software vendor must describe the program’s “material elements” including the nature and purpose of the program, and the impact on the user’s computer system. A software vendor must bring this info to the attention of the user. This applies if you, as the software vendor, want to install a program that does any of the following things, and causes the computer system to operate in a manner that “is contrary to the reasonable expectations of the owner”. (You have to guess at the reasonable expectations of the user.) These are the functions that the legislation is aimed at:

• collecting personal information stored on the computer system;
• interfering with the owner’s or an authorized user’s control of the computer system;
• changing or interfering with settings, preferences or commands already installed or stored on the computer system without the knowledge of the owner or an authorized user of the computer system;
• changing or interfering with data that is stored on the computer system in a manner that obstructs, interrupts or interferes with lawful access to or use of that data by the owner or an authorized user of the computer system;
• causing the computer system to communicate with another computer system, or other device, without the authorization of the owner or an authorized user of the computer system;
• installing a computer program that may be activated by a third party without the knowledge of the owner or an authorized user of the computer system.

If the computer program or app that you, as the software vendor, want to install does any of these things, then you need to comply with the enhanced disclosure obligations, as well as get express consent.

There are some exceptions: A user is considered to have given express consent if the program is

• a cookie,

• HTML code,

• Java Scripts,

• an operating system,

• any other program that is executable only through the use of another computer program whose installation or use the person has previously expressly consented to, or

• a program that is necessary to correct a failure in the operation of the computer system or a program installed on it and is installed solely for that purpose; AND

• the person’s conduct is such that it is reasonable to believe that they consent to the program’s installation.

Remember: These additional provisions in CASL which deal with the installation of software come into effect on January 15, 2015, in less than 3 months. An offence under CASL can result in monetary penalties as high as $1 million for individuals and $10 million for businesses.

If you are a software vendor selling in Canada, get advice on the implications for automatic installs and updates, and how to structure consents, whether this is for business-to-business, business-to-consumer, or mobile apps. There are already more than 1,000 complaints under the anti-spam provisions of the law. You don’t want to be the test case for the computer program provisions.

Calgary – 07:00 MST

–

By Richard Stobbe

It’s mid-October. Like many businesses in Canada, you may be weary of hearing about CASL compliance. Hopefully that weariness is due to all the hard work you did 3 months ago to bring your organization into compliance for the July 1st start-date.

If you’re a software vendor, then you should gird yourself for round two: Yes, there are additional provisions in CASL which deal with the installation of software, and those rules come on stream in 3 months on January 15, 2015.

Section 8 of CASL ostensibly deals with spyware and malware. Hackers are not the only problem; think of the Sony Rootkit case (See our earlier post here) as another example of the kind of thing that this law was designed to address.

This is the essence of Section 8: “A person must not, in the course of a commercial activity, install …a computer program on any other person’s computer system… unless the person has obtained the express consent of the owner …” This applies only if the computer system is located in Canada, or if the person either is in Canada at the relevant time or is acting under the direction of a person who is in Canada at the time when they give the directions.

This relatively simple idea – get consent if you want to install an application on someone else’s system in Canada – has far-reaching implications due to the way the legislation draws the definitions of “computer program” and “computer system” from the Criminal Code. As you can guess, the Criminal Code definitions are extremely broad. So, what does this mean in real life?

• Certain types of specified programs require “enhanced disclosure” by the software vendor. (I am saying ‘software vendors’ as those are the entities most likely to bring themselves into compliance. Of course, hackers and organized crime syndicates should also take note of the enhanced disclosure requirements);
• Express consent, under this law, means that the consent must be requested clearly and simply, and the purpose of the consent must be described;
• The software vendor requesting consent must describe the function and purpose of the computer program that is to be installed;
• The software vendor requesting consent must provide an electronic address so that the user can request, within a period of one year, that the program be removed or disabled;
• Note that if a computer program is installed before January 15, 2015, then the person’s consent is implied. This implied consent lasts until the user gives notice that they don’t want the installation anymore. Or until January 15, 2018, whichever comes first. I’m not making this stuff up, that’s what the Act says.
• One more thing: Enhanced disclosure does not apply if the computer program only collects, uses or communicates “transmission data”. Transmission data is what you might call envelope information. The Act defines it as data that deals with “dialling, routing, addressing or signalling” and although it might show info like “type, direction, date, time, duration, size, origin, destination or termination of the communication”, it does not reveal “the substance, meaning or purpose of the communication”. So there is effectively a carve-out for the tracking of this category info.

Don’t worry, Canadian anti-spam laws are kind of like Lord of the Rings: Sequels will keep coming whether you like it or not. Once we’re past January 15, 2015, you can look forward to July 1, 2017, which is the day on which sections 47 to 51, 55 of CASL come into force. These provisions institute a private right of action for any breach of the Act.

If you are a software vendor selling in Canada, get advice on the implications for automatic installs and updates, whether this is for business-to-business, business-to-consumer, or mobile apps. There are already more than 1,000 complaints under the anti-spam provisions of the law. You don’t want to be the test case for the computer program provisions.

Calgary – 07:00 MST

–

By Richard Stobbe

I will be speaking next week at the 10th Essentials of Commercial Contracts Course in Calgary, Alberta (Download PDF) on the subject of IT contracting. This session will discuss key considerations in IT licensing and service agreements including:

• Key clauses in IT agreements and common mistakes
• Various models for licensing software
• Overlap between licenses and service agreements
• Service level metrics and remedies for non-compliance
• Statements of work in IT consulting and the lawyer’s role
• Other issues: privacy, vendor lock-in, third party and open source software.

If you want additional information, please contact me.

Calgary – 07:00 MST

–

By Richard Stobbe

Browsewrap, clickwrap, clickthrough, terms of use, terms of service, EULA. Just what are we talking about and how did we get here?

In Nguyen v. Barnes & Noble, Inc., 2014 WL 4056549 (9th Cir. Aug. 18, 2014) the US Ninth Circuit wades into the subject of online contracting. Law professor Eric Goldman (ericgoldman.org) argues that these terms we’re accustomed to using, to describe ecommerce agreements, only contribute to the confusion. The term “browsewrap” derives from “clickwrap”, which is itself a portmanteau derived from the concept of a shrinkwrap license. As one court described it in 1996: “The ‘shrinkwrap license’ gets its name from the fact that retail software packages are covered in plastic or cellophane shrink wrap, and some vendors… have written licenses that become effective as soon as the customer tears the wrapping from the package.”

The enforceability of a browsewrap – it is argued – is based not on clicking, but on merely browsing the webpage in question. However, the term browsewrap is often used in the context of an online retailer hoping to enforce its terms, in a situation where they should have used a proper click-through agreement.

In Nguyen, the court dealt with a claim by a customer who ordered HP TouchPad tablets from the Barnes & Noble site. Although the customer entered an order through the shopping cart system, Barnes & Noble later cancelled that order. The customer sued. The resulting litigation turned on the enforceability of the online terms of service (TOS). The court reviewed the placement of the TOS link and found a species of unenforceable browsewrap - the TOS link was somewhere near the checkout button, but completion of the sale was not conditional upon acceptance of the TOS.

There is a whole spectrum upon which online terms can be placed. At one end, a click-the-box agreement (in which completion of the transaction is conditional upon acceptance of the TOS) is generally considered to be valid and enforceable. At the other end, we see passive terms that are linked somewhere on the website, usually from the footer, sometimes hovering near the checkout or download button.  In Nguyen, the terms were passive and required no active step of acceptance. The court concluded that: “Where a website makes its terms of use available via a conspicuous hyperlink on every page of the website but otherwise provides no notice to users nor prompts them to take any affirmative action to demonstrate assent, even close proximity of the hyperlink to relevant buttons users must click on —without more — is insufficient…”

This leaves open the possibility that browsewrap terms (where no active step is required) could be enforceable if the user has notice (actual or constructive) of those terms.

In Canada, the concept was most recently addressed by the court in Century 21 Canada Limited Partnership v. Rogers Communications Inc., 2011 BCSC 1196 (CanLII). In that case, there was no active click-the-box terms of use, but the “browsewrap” terms were nevertheless upheld as enforceable, in light of the circumstances. Three particular factors convinced the court that it should uphold the terms: 1. the dispute did not involve a business-to-consumer dispute (as it did in Nguyen). Rather the parties were “sophisticated commercial entities”. 2. The defendants had actual notice of the terms. 3. The defendants employed similar terms on their own site.

The lessons for business?

The “browsewrap” is a passive attempt to impose terms on a site visitor or customer. Such passive terms should not be employed where the party seeking to enforce those terms requires certainty of enforceability. Even where there is a “conspicuous hyperlink” or “notice to users” or “close proximity of the hyperlink”, none of these factors should be relied upon, even if they might create an enforceable contract in special cases. Maybe it is time to retire the term “browsewrap” and replace it with “probably unenforceable”.

Now, do you still want to rely on a browsewrap agreement?

Related Reading: Online Terms – What Works, What Doesn’t

Calgary – 07:00 MST

–

By Richard Stobbe

Last summer, Google was ordered by a Canadian court to de-index certain offending websites which were selling goods that were the subject of an intellectual property (IP) infringement claim (Equustek Solutions Inc. v. Jack, 2014 BCSC 1063 (CanLII), see our earlier post: Court Orders Google to Remove Site from Worldwide Search Results).

The underlying dispute involved a trade-secret misappropriation and passing-off claim by a manufacturer against a rival company. Google appealed the lower court decision. In Equustek Solutions Inc. v. Google Inc., 2014 BCCA 295 (CanLII), the BC Court of Appeal has rendered a decision.

Google applied for a stay of the original injunction on a number of grounds, including the argument that the original order was “unprecedented in Canadian law”, the order was “overly broad”, and that the order will have a “direct and irreversible impact” on Google. Google argued that it would suffer “irreparable harm” for two reasons: first, Google customers would be impacted, although it was not clear how exactly; and second, Google argued that this Canadian court order would open the floodgates to other similar orders against Google in other jurisdictions.

The appeal court acknowleged the importance of the case, musing that “the order of the court below raises profound issues as to the competence of Canadian courts to issue global injunctions that affect what content users around the world can access on the Internet.”

However, after balancing the arguments, the Court of Appeal did not grant the stay, so the injunction remains in place.

There are a few interesting points about this decision:

• Although Google was not a party to the original lawsuit (remember, it was an IP dispute between two rival manufacturers) and no-one claimed anything against Google itself, Google took the extraordinary step of undertaking to pay damages to Equustek, for damage it might suffer if the injunction was lifted. Google said it would track traffic to the offending websites (which it is supposed to de-index) and disclose that information to Equustek. If Equustek lost profits as result of traffic to these sites, then Google would make good the damages.
• Equustek counter-argued that this was cold comfort, asking: “What value is it to have the right to sue Google for damages?”  If access to the offending websites was not blocked by Google, said Equustek, then Equustek would still face the burden of proving damages, and then suing Google for those damages, and in the meantime its intellectual property would continue to be devalued.

The appeal will go ahead, and while the appeal is underway, the order against Google will remain. This is one to watch.

Calgary – 07:00 MST

–

By Richard Stobbe

The online fine print – those terms and conditions that you agree to when you buy something online – it really does matter where those terms are placed in the checkout process. A recent US case illustrates this point. In Tompkins v. 23andMe, Inc., 2014 WL 2903752 (N.D. Cal. June 25, 2014), the court dealt with an online checkout process for DNA testing kits sold by 23andMe. When completing a purchase, customers were not presented with any mandatory click-through screen for the transaction to complete. There was a passive link at the footer of the transaction page, something the court dismissed as a “browsewrap”, which was ineffective to bind the customers. In other words, the Terms of Service were not effective at that point in the transaction.

In order to obtain test results, however, customers were obliged to register and create an account with 23andMe. In this (post-sale) registration process, a mandatory click-through screen was presented to customers, not once but twice. The court decided that this second step was valid to bind the customers who purchased the DNA testing kits.

While this shows that courts can take a position that is sympathetic to online retailers, this should not be taken as an endorsement of this contracting process. In my view, the better approach would be to push customers through a mandatory click-through screen at both stages. This is particularly so in a case like 23andMe, where the first transaction is for sale of a product (the kit) and the second step relates to a service (processing test results). The two, of course, are intertwined, but the double click-through reduces risk and plugs the holes left by the single click-through. For example, a customer may buy a kit and never create an account, or use a kit without have purchased it. As the court notes: “it is possible for a customer to buy a DNA kit, for example, as a gift for someone else, so that the purchasing customer never needs to create an account or register the kit, and thus is never asked to acknowledge the TOS.”

We can speculate on why the click-through appeared at the second account-creation step, and not the first kit-purchasing step. Sometimes, the purchasing process is modified over time due to changes in marketing or sales strategies. Perhaps the company broke a unified transaction process, which ended with account-creation, into two separate steps after market research or customer feedback. When something like this happens, it is important to repeat the legal review, to ensure compliance with e-commerce best practices.

Calgary – 07:00 MST

–

By Richard Stobbe

In a recent decision by the British Columbia courts (Equustek Solutions Inc. v Jack , 2014 BCSC 1063), Google has been ordered to de-index a website selling goods that were the subject of intellectual property (IP) infringement claims. While this may seem quotidian – after all, Google does comply with de-indexing requests on a regular and voluntary basis – this decision has broader implications for several reasons. This decision is the first Canadian decision to compel Google to delist a website after the so-called “right to be forgotten” case in the EU, and while that case involved personal privacy rights rather than IP rights, both cases have far-reaching implications for Google’s role in providing a practical remedy for an aggrieved party. This is a role that Google has resisted, but cannot avoid in light of its ever-expanding presence in the lives of individuals and the affairs of business.

The underlying dispute involved a trade-secret misappropriation and passing-off claim by a manufacturer against a rival company. Specifically, the plaintiff Equustek alleged that a competing product known as GW1000 was an unauthorized knock-off, built using trade secrets of the plaintiff. The plaintiff Equustek won an initial order barring sales of the offending GW1000 product and then engaged in a time-consuming process of chasing the defendant to obtain some meaningful and practical remedy. This involved repeated requests to Google to block hundreds of specific individual webpages and URLs from Google Canada search results, a game that the court described as “whac-a-mole”. Finally the plaintiff sought an order compelling Google to de-index the defendant’s sites from all Google search results worldwide. The resulting order is important for a number of reasons:

1. In order to make its order, the court had to assert jurisdiction over Google Inc. rather than the Canadian subsidiary Google Canada. In coming to this decision, the B.C. court relied in part on the EU “right to be forgotten” case. Interestingly, the court commented that the California choice-of-law clauses in Google’s various user agreements and advertising contracts did not prevent the Canadian court from asserting jurisdiction. This is due to the fact that this dispute did not arise out of any contract-related claims. Rather, the court found that it had scope to make an order (with extra-territorial reach) over Google (a non-party) under its inherent jurisdiction under the Law and Equity Act.
2. The court also commented on the fact that Google is not merely a passive site, but rather it conduct active and ongoing business with British Columbia companies and individuals.
3. The court found that blocking individual URLs was not as effective as blocking so-called “mother sites”. In effect, the court agreed that Google’s current practice of voluntarily complying with individual requests to block specific URLs does not provide an effective remedy. This will certainly be cited in future website blocking cases.
4. Regarding Google’s role, the court commented that “Google is an innocent bystander but it is unwittingly facilitating the defendants’ ongoing breaches of this Court’s orders. There is no other practical way for the defendants’ website sales to be stopped.”

After renewing the traditional criteria for assessing the merits of an injunction application, the court granted the order. Google is appealing this decision.

Calgary – 07:00 MST

By Richard Stobbe

Canada and the USA. We enjoy the world’s longest undefended border… a border that unfortunately does not screen spam.

If you are an American attorney with US clients doing business in Canada, then you should be aware of a few things, like our lack of imaginative legislative acronyms, such as the CAN-SPAM Act (from Controlling the Assault of Non-Solicited Pornography And Marketing) (…or while we’re at, who can forget the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property (PROTECT-IP) Act, or the Enforcing and Protecting American Rights Against Sites Intent on Theft and Exploitation (E-PARASITE) Act).

Secondly, you should be aware that Canada’s incoming anti-spam law, known unimaginatively as CASL (Canada’s Anti-Spam Law) is coming into force next week, on July 1, 2014. Here are some pointers for US counsel:

• Remember, an organization’s compliance with CAN-SPAM does not necessarily mean compliance with CASL. This is because of a number of important points of departure between the two laws. Canada’s law has been described as among the strictest internationally.
• CASL broadly covers all “commercial electronic messages” and is not restricted to email, as is the case with CAN-SPAM. Thus, CASL is broad enough to capture text messages, social media messaging and other forms of electronic messages.
• CAN-SPAM permits a “negative option” approach to consent, in which toggle consent boxes can be pre-clicked and the user has the ability to opt out by “un-clicking”. CASL prohibits such an approach and requires express consent with an opt-in mechanism.
• Statutory penalties under CASL are more severe (up to $10 million for organizations, and up to $1 million for individuals), and the law also establishes a broader private right of civil action (which will come into effect in the future).
• Lastly, CASL does provide for personal liability for directors and officers.

For more information on the application of this law to American businesses, contact Field Law.

Calgary – 07:00 MST

–

By Richard Stobbe

The Supreme Court puts it mildly in its opening line: “The Internet raises a host of new and challenging questions about privacy.”

One of those questions is whether an IP address can be considered personal information. An internet protocol (IP) address is the unique numeric identifier of a particular computer and, in a wider sense, can be any node or point in the internet generally. In the recent case of R. v. Spencer, 2014 SCC 43, the Supreme Court of Canada (SCC) considered whether there is a reasonable expectation of privacy in ISP subscriber information including IP address information.

In this case, police identified the IP address of a computer that someone had been using to access child pornography.  Police approached the ISP and obtained the subscriber information associated with that IP address. At this point, no warrant was issued. This led them to the accused  and a warrant was issued for a search of his residence. The accused was charged and convicted. The SCC indicated that in this case, there was a reasonable expectation of privacy in the subscriber information, including the IP address.

Since the search of the subscriber info was obtained without a warrant, the search violated the Charter. While a warrant was eventually issued for a search of the accused’s residence, that warrant could not have been obtained without the original (warrantless, unconstitutional) search of the ISP subscriber information. Since the original search was unconstitutional, it follows that the search of the residence was also unconstitutional. This all leads to the exclusion of the evidence found at the residence.

Nevertheless, the SCC said that, even in light of all of the above points, the “police conduct in this case would not tend to bring the administration of justice into disrepute.”  The court concluded, in essence, that excluding the evidence would be worse than allowing that unconstitutional search. The admission of the evidence was therefore upheld.

A few key points to note:

• Terms of Use and Privacy Policies are carefully reviewed and taken into account by the court in these cases.
• In this case Shaw was the ISP. Shaw’s Privacy Policy said that “Shaw may disclose Customer’s Personal Information to: . . . a third party or parties, where the Customer has given Shaw Consent to such disclosure or if disclosure is required by law…”  The initial warrantless search by the police was not “required by law” (in the sense that it was merely a request and police had no way to legally compel compliance). This contributed to the court’s conclusion that there was a reasonable expectation of privacy on the part of the accused.
• This contrasts with the decision by the Ontario Court of Appeal in R. v. Ward 2012 ONCA 660, where the court held that the provisions of PIPEDA were a factor which weighed against finding a reasonable expectation of privacy in subscriber information. That was another child pornography case. In that case, the ISP was Bell, whose terms said “[Bell Sympatico will] offer full co-operation with law enforcement agencies in connection with any investigation arising from a breach of this [Acceptable Use Policy].” There was no reference to disclosures “required” by law.  In that case, the accused has a subjective expectation of privacy, but that expectation was not objectively reasonable in light of his criminal activities.
• Consider reviewing your privacy policies and your organization’s ability to disclose subscriber information in light of these decisions.

By Richard Stobbe

If the term “CASL compliance” is giving you a nervous twitch, you’re not alone. Many small and medium-sized businesses in Canada are scrambling to prepare for Canada’s Anti-Spam Law (CASL), whose official title says it all – especially the part about “efficiency and adaptability” (take a deep breath before you read “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act“).

Two weeks from today, on July 1st, the first stage of the new law will come into force. The implied consent provisions in Section 66 create a transitional period.

For a period of three years after July 1, 2014, consent is implied for all “commercial electronic messages” (CEMs) if the sender and the recipient have a pre‐existing business or non-business relationship and that relationship previously included the exchange of CEMs.  Consent can be withdrawn by the recipient at any time during that three‐year period. Note that “commercial electronic messages”, “existing business relationship” and “existing non-business relationship” all have special definitions in the legislation.

While this transitional period only lasts for 36 months, it allows a sender of CEMs to rely on prior relationships that reach back in time. The regular implied consent provisions only permit a sender to rely on a two-year window – in other words, implied consent depends on an existing relationship during the two-year period before the CEM is sent (or only 6-months in some cases).

In recent information sessions, the CRTC has indicated that the Section 66 transition provisions do not impose those two-year or 6-month rules: “So what Section 66 does is during that transition period of three years, the definitions of existing business relationship and existing non-business relationship are not subject to the limitation period, which are six months and two years that would otherwise be applicable. So in theory, if you meet the definition of existing business relationship or existing non-business relationship and there’s the communication of CEMs between the individuals, you could go back 25 years in theory.” [Link to transcript.]

Don’t think the transitional period lets you off the hook. Every organization should be preparing for CASL for a July 1st start date. If you need assistance on reviewing the scope of your obligations, how the law applies, and how the transitional provisions might apply to your organization, contact us.

Calgary – 07:00 MST

By Richard Stobbe

A recent EU decision by the Court of Justice of the European Union (CJEU) has generated a lot of press since it involves a high profile company – Google – and a tantalizing concept of a “right to be forgotten”. The story stems from the efforts by a Spanish man to compel Google to remove search results that referred to the man’s prior financial history – in fact the references were to bankruptcy-related notices published by a Spanish newspaper years earlier. The online newspaper publication remains in place, but the CJEU’s decision touches on the indexing and display of the results in a Google search, which refer back to that online newspaper publication.

So what does this mean for Canada?

There has, as far as I am aware, no equivalent privacy-related decision relating to removal of search results by search engines in Canada. However, there are analogous rights in Canada for individuals to compel an organization to correct or delete personal information. And that would apply to the organization that has “collected, used or disclosed” the personal information.

In Canada, PIPEDA does contemplate the correction of personal information, the withdrawal of consent, and the deletion of personal information that has been collected. Those provisions still require the individual to make a request or a complaint in order to get a remedy.

In that sense the EU organization (in the EU context) in Google’s position then has to decide on the merits of that request or complaint, so the “right” may be subject to the interpretation of these subjective questions by a Google employee, considering all the different criteria that the EU decision has listed.

In Canada (in the PIPEDA context), the organization does not have to make the same kinds of assessments or value judgements – the question is simply whether the individual is withdrawing consent, or correcting information.

In the EU, the organization has to decide if “in all the circumstances” the info appears to be “inadequate, irrelevant or no longer relevant, or excessive” which requires the exercise of a lot more judgement. And more scope for disagreement.

How this is handled by Google, and how it may influence Canadian decisions on requests for removal of personal information, remains to be seen.

Calgary – 07:00 MST

 
By Richard Stobbe

The basic question “are APIs eligible for copyright protection?” has consumed much analysis (and legal fees) during the lawsuit between Oracle and Google, which started in 2010. (For more reading on our long-running coverage of the long-running Oracle vs. Google patent and copyright litigation, see below.)

The basic premise of Oracle’s complaint against Google is that the wildly popular Android operating system copied 37 Java API packages verbatim, and inserted the code from those APIs into the Android software. This copying was done without a license from Oracle. Therefore, says Oracle, copyright infringement has occurred. In a 2012 decision, the district court decided that the Java APIs were not subject to copyright protection. Therefore, said the lower court, there was no infringement. The US Federal Court of Appeals has reversed that finding.

In a 69-page decision released on May 9, 2014, the appeal court has decided that these Java APIs are subject to copyright protection, and concluded as follows: “Because we conclude that the declaring code and the structure , sequence, and organization of the API packages are entitled to copyright protection, we reverse the district court’s copyrightability determination with instructions to reinstate the jury’s infringement finding as to the 37 Java packages . Because the jury deadlocked on fair use, we remand for further consideration of Google’s fair use defense in light of this decision.”In short, Google has infringed Oracle’s copyright, and the question to be determined now is whether Google has a “fair use” defense to that infringement.

The EFF has called the decision dangerous since it exposes software developers to copyright infringement lawsuits. However, for software vendors, it may help strengthen the controls they place on developers to maintain standards and cross-compatibility through licensing. After all, that was (in theory) one of the complaints raised by Oracle – that its “write once, run anywhere” Java principle was violated when Google mis-used the Java APIs to essentially bring Android out of compatibility with the Java platform.
Related Reading:

• API Copyright Update: Oracle & Google …and Harry Potter
• Update on Oracle vs. Google
• Copyright: Apps and APIs
• Copyright Protection for APIs
• SDKs and APIs: Do they have copyright protection?

Calgary – 07:00 MDT

Social media is not just a marketing novelty – it has become the essential tool for running a promotional contest. Have a look at any big brand contest and you’re hard pressed to find one without a social media component. Many Canadian businesses also seek to extend their reach into the US market through promotional contests.

If you are in that category, take note of this recent FTC action against shoe-maker Cole Haan. At the conclusion of their investigation, the FTC warned that the structure of the contest was misleading to consumers since it employed contestants to create Pinterest boards using the #wanderingsole tag, which turned these pins into endorsements for Cole Haan products (…which was the whole point of the contest…). However, FTC rules are clear that the connection between endorsers and marketers should be made clear. While no penalty was levied against Cole Haan, this letter has served as notice to the rest of the industry that the FTC will be watching such contests to ensure that these endorsements are made sufficiently clear.

In Canada, the Competition Bureau oversees false and misleading advertisements, including the apparent endorsement of products by paid endorsers.

The business lessons are clear: a successful social media contest can back-fire if you get more publicity from an FTC or Competition Bureau investigation than from the contest. Not to mention potential penalties. Get advice on your social media policy and contest rules before you launch the next campaign.

Calgary – 07:00 MDT