Teresa Scassa - Blog

Displaying items by tag: Internet
Wednesday, 06 June 2012 09:39

Location-Based Services and Privacy

“Location-Based Services and Privacy”, (T. Scassa & Anca Sattler) (2011) 9:2 Canadian Journal of Law and Technology 99-134

The last decade has seen a rapid growth in the number and variety of location-based services that are available to consumers. While some of the older location-based services are tools such as GPS and other navigation systems, more recent innovations include applications that permit users to call up a variety of different information about their current locations, such as the nearest Italian restaurant, or the best deals at a favourite store. Location-based services (LBS) also allow individuals to share their location with friends in a wide range of social networking contexts. Location-based services are already shifting from pull to push applications. Information can now be pushed automatically to users based on their location. The options for such services are virtually limitless, and include mobile-marketing, public transportation applications, information about local points of interest, health care applications connected to remote treatment systems, or tools to find the closest election-day polling booth.

There is no doubt that many location-based services offer real benefits to users. Yet location-based services raise inevitable user privacy concerns. These concerns operate on multiple levels and involve many players. In some applications, privacy issues will arise between individual users, where, for example, applications permit the tracking of movements of family members, co-workers or “friends”. Location-based services may also result in the collection of a new layer of personal information about consumers by private sector companies. Information about individuals and their movements has meaningful commercial value, and the potential for the collection, use and disclosure of this information is significant. Location-based services also raise the spectre of state surveillance of individual activity – either concurrent with an individual’s movements (tracking), or retrospectively, through searching records of individual patterns of movement. These are just some of the contexts in which privacy issues are raised.

In this paper we describe location-based services, their evolution and their future directions. We then outline privacy issues raised by such services. We consider how current Canadian data protection laws apply to location-based services, and indicate where such laws fall short of addressing the full range of issues raised by location-based services. We also explore some technological methods to address the privacy challenges raised by location-based services. The paper concludes with a series of recommendations.

Published in Refereed Articles

“New First Principles? Assessing the Internet’s Challenges to Jurisdiction”, (T. Scassa & R. Currie) (2011) 42:4 Georgetown Journal of International Law 1017-1082

The globalized and decentralized Internet has become the new locus for a wide range of human activity, including commerce, crime, communications and cultural production. Activities which were once at the core of domestic jurisdiction have moved onto the Internet, and in doing so, have presented numerous challenges to the ability of states to exercise jurisdiction. In writing about these challenges, some scholars have characterized the Internet as a separate “space” and many refer to state jurisdiction over Internet activities as “extraterritorial.” This article examines these challenges in the context of the overall international law of jurisdiction, rather than focusing on any one substantive area. This article argues that while the Internet may push at the boundaries of traditional principles of jurisdiction in public international law, it has not supplanted them. The article explores the principles of jurisdiction, including the evolving concept of “qualified territoriality,” and demonstrates how these principles continue to apply in the Internet context. The article examines how states exercise their authority with respect to Internet activities by addressing governance issues, by engaging in normative ordering for the Internet, and by extending the reach of their domestic laws to capture Internet-based activities. Lastly, the article concludes by offering a set of “first principles,” in the form of policy precepts, to guide the evolution of public international law norms and to address problems particular to the context of the global Internet.

Published in Refereed Articles

“Working at the Intersection of Law and Science: Reflections on a Fruitful Collaboration” (with J. Chandler, Y. Bédard, and M. Gervais), in Nicholas Chrisman & Monica Wachowicz, eds., Spatially Enabling Government, Industry and Citizens: Research and Development Perspectives, 2012.

Abstract. It is relatively rare for largely scientific collaborations to involve researchers from law, and when this is done, their contributions are often peripheral to the goals of the main project which are to advance scientific or technological knowledge and to develop applied outcomes. GEOIDE Phase IV broke with this tradition by funding a science-led collaborative research project that put legal and ethical issues squarely at the forefront of the research agenda. In our project, the researchers sought to examine what legal considerations were relevant to the evolution of GIS-related practices, how technological innovations and standards should adapt to normative frameworks, and where law reform might be needed to advance the goals of GIS in a rapidly changing information environment. In this chapter, the authors reflect on the merits and challenges of such an approach, drawing from their own experience as legal researchers and as scientists within a predominantly science and technology-oriented research network.

 

Available from the author.

Published in Refereed Book Chapters

The recent Alberta Court of Appeal decision in United Food and Commercial Workers, Local 401 v. Alberta (Attorney General) raises interesting issues regarding the relationship of data protection legislation to the constitutionally guaranteed freedom of expression.

The dispute arose after a union representing striking casino workers set up a picket line at the mall entrance to the casino. As part of the picketing activity, the Union videotaped the picket line and also took still photographs of persons crossing the line to enter the casino. Signs posted nearby indicated that photographs and videos might be featured on strike-related website. Different things were done with the images; some were posted online on the union’s website, and a still photo of the Casino Vice-President was used in unflattering ways in the Union newsletter and on leaflets. Following a complaint by some of the filmed individuals, an adjudicator under Alberta’s Personal Information Protection Act (PIPA) found that the photos and videos constituted personal information and that it had been collected, used and disclosed without notice or consent, as required by the Act. She also found that the exception to the application of PIPA for personal information that is collected, used or disclosed for “journalistic purposes and no other purpose” did not apply because the Union had multiple purposes for its actions, most of which were not journalistic. She found that the Union could argue that the information was collected, used or disclosed for the purposes of a possible investigation or legal proceeding, as disputes often broke out on picket lines. However, she ruled that the relevant exception would only be available if notice had been given of this purpose for collection. According to the adjudicator, the scope of this exception, if it had been available, would not have extended to the publication of the materials on the website, or the use of the still photos in the newsletter and elsewhere.

The Union sought judicial review of the decision, arguing in particular that their Charter right to freedom of expression had been infringed. Justice Goss of the Alberta Court of Queen’s Bench agreed, and she ordered that the regulation defining “publicly available information” be struck down for being under inclusive, and that the words “and for no other purpose” found in the exception to the Act for journalistic purposes should also be struck down. She also ordered a temporary suspension of invalidity to permit the Alberta legislature to address the defects in the legislation.

The Attorney-General of Alberta appealed this decision to the Alberta Court of Appeal. Although the Court of Appeal agreed with Justice Goss that PIPA posed certain constitutional issues, it disagreed with her as to the source of these issues and the appropriate remedies. It rejected the conclusion that the regulations defining “publicly available information” were relevant, observing correctly that “[u]nder the Act, “personal” information is not the same as “private” information” (at para 10). It spent more time on the s. 4(3)(c) exception to the application of the Act where information is collected, used or disclosed “for journalistic purposes and for no other purpose.” The Union had argued that posting the information on its website or in its pamphlets or newsletters served journalistic purposes, and that the consent of the photographed individuals should not have been required.

The Court of Appeal noted that it was possible to give this provision effect in two ways. The first would be to find that any information that was collected for journalistic purposes as well as other purposes was entirely tainted by those other purposes, and thus could not qualify for the exception. The second would be to find that the information could be collected, used or disclosed without consent for journalistic purposes, but consent would have to be obtained for any other purposes. The Court preferred the latter interpretation, noting that organizations may have many different objectives and purposes. It wrote: “even though the union’s purpose is not primarily journalistic, to the extent that it does engage in journalistic activities it is entitled to rely on the exemption in the Act for that purpose.” (at para 52) Because this approach was adopted, the Court found it unnecessary to rule (as had Justice Goss) that the terms “and for no other purpose” in s. 4(3)(c) were unconstitutional.

The Court next considered the scope of the exception for journalistic purposes in order to determine whether the Union’s activities were captured by it. It opted for a relatively narrow interpretation. It found that the Union’s activities in filming the picket line were not primarily journalistic, but rather focused on “labour relations, collective bargaining, and the economic dynamics of a strike.” (at para 57). It noted: “Just because the union might have to communicate with its members and the public about the strike in order to accomplish its labour relations objectives does not turn the whole exercise into journalism.”(at para 57). The Court was of the view that it was not appropriate to cram the union’s activities into “journalism” in order to conduct a constitutional assessment. Rather, the issue should be whether PIPA, by creating barriers to the Union’s expression in the context of a strike, cast an appropriate balance between the goals of protecting personal information and the freedom of expression.

The jurisprudence is clear that picketing is an expressive activity that is also linked to the freedom of association. The Court of Appeal acknowledged that the decision of the adjudicator in this case did not impact on the right to picket. However, it did place limits on what could be done with photos and recordings made of the picket line activities. According to the Court, recording and distributing images and videos is an activity directly related to the purposes of picketing, which has both an informational and a dissuasive component. Because recordings of people crossing the picket line “spreads news of the picket line to a wider audience . . . [and] tends to increase the pressure on those who might be tempted to cross the picket line” (at para 64), it constitutes expressive activity. Although there is a coercive element to this type of expression, the Court observed that unpleasant speech is protected by the constitution. It stated: “so long as there is no promotion of violence or other illegal activity, a reasonable amount of psychological pressure may be brought to bear on all those involved.” (at para 66)

Because the recording and dissemination of images of people crossing the picket line is expressive conduct, the Court of Appeal concluded that the adjudicator’s decision that the images could not be collected, used or disclosed without consent, violated the Union’s freedom of expression rights. The Court accepted that PIPA served a pressing and substantial objective (protecting against the misuse of personal information), and that placing limits on the collection, use and disclosure of personal information was rationally connected to that objective. However, it found that there was no proportionality in the legislation because it was not drafted “in a manner that is adequately sensitive to Charter rights.” (at para 73). The Court’s comments on the elements of overbreadth of PIPA are interesting.

In the first place, the Court suggests that PIPA is overbroad for having “no functional definition” of the term “personal information”. Yet the core of the definition (“information about an identifiable individual”) is essentially shared by private and public data protection statutes across Canada. According to the Court, it is necessary for the Commissioner to narrow this definition in order to make it compliant with Charter values. However, the structure of the legislation is such that, although the definition is broad, the Act contains many exceptions to its application or to the requirements of consent for collection, use or disclosure of personal information in particular contexts or circumstances. It is not at all clear that the definition is the problem. The court may be looking for a definition that would exclude information about people in public places, yet such an exception to the application of the law (as inadvisable as it might be) could be created without changing the definition. It should be noted that shrinking the scope of the definition might also mean that the legislation would no longer qualify as “substantially similar” to PIPEDA.

The objection to the definition of personal information is thus closely linked to the Court’s second objection, which is that PIPA does not contain a general exception for information “that is personal, but not at all private”. Without citing any examples, the Court claims that “the comparative statutes in some provinces exempt activity that occurs in some public places.” (at para 73). It is not clear to what the court is referring, as the only other provinces with private sector data protection statutes are B.C. and Quebec, and neither statute has the kind of exemption described. The court is most likely referring to statutes in some provinces which create torts of invasion of privacy, and which set certain contextual boundaries for the torts. The situations are not at all equivalent. It is entirely appropriate that an individual’s ability to allege an invasion of their privacy be considered in light of circumstances that include whether they were engaged in activity in a public place. However, the data protection context is different. Data protection laws protect individuals against the collection, use and disclosure of their personal information by private sector actors. There is no obvious reason why an exception to the law should be carved out to permit companies to cull personal information about individuals from multiple sources regarding their movements in public spaces. It is important to note that video surveillance cameras and cell phone location information could both fall within this category of information.

The Court also objects to the “artificially narrow” definition of “publicly available information”. This objection is also problematic. The publicly available information exception is narrowly crafted, and is limited to things such as public telephone directory listings, public government registries, court and tribunal records, and the like. The exception is only available where the information is used for the purposes for which it was made publicly available, and where the collection, use or disclosure being made is for purposes which a reasonable person would consider appropriate in the circumstances. In all cases, the categories of publicly available information are ones where it could be said that the individual has either consented to the information becoming public (for example, directory listings only constitute publicly available information where the individual has been given an option to delist their number), or where the government has mandated by law that such information is to be public (in the case of registries, or court decisions). Information published in a newspaper, magazine or other publication is only publicly available information if “it is reasonable to assume that the individual that the information is about provided that information” (PIPA Regulation, s. 7(e)(ii).) Here again, one finds the notion of consent to a specific use of the information. The exceptions are crafted narrowly because to do otherwise would substantially disrupt the balance in the Act, making all manner of personal information open to collection, use or disclosure without consent. Expanding the definition of publicly available information to include activities in public lacks both the consent element and the specific purpose as a limiting condition.

The Court also objects to the fact that there is “no special exemption for information collected and used for free expression”. In an article critical of the wording of the journalistic purposes exception, I consider a number of problems with the journalistic purposes exception. I have argued that indeed the formulation in Quebec’s private sector data protection legislation is broader than that used in PIPA or PIPEDA, as it refers to journalistic information that is communicated for “the legitimate information of the public”, rather than for the more obscure “journalistic purposes”. This gives somewhat more scope to the exception. However, I note that the effect of the Quebec exception is to permit the Commissioner to consider whether a communication was for “the legitimate information of the public”. In other words, it does not function as an outright exception to the application of the Act (as does the journalistic purposes exception). Rather, it allows the Commissioner to consider the scope and manner of the communication in order to determine whether the balance between freedom of expression and privacy has been appropriately struck. Given the significant developments in the new media, it may well be time to revisit the journalistic purposes exception in data protection laws; this must be done, however, in a thoughtful and considered manner.

Finally, the Court objects to the fact that “there is no exemption allowing organizations to reasonably use personal information that is reasonably required in the legitimate operation of their business.” (at para 73). This is puzzling since this seems to be a central purpose of data protection legislation. The statute as a whole is a scheme designed to permit just that – while at the same time giving individuals some right to control how their personal information is collected, used and disclosed.

Ultimately the Court wisely chose to simply quash the decision of the adjudicator, rather than to declare any portion of the statute unconstitutional. According to the Court, it is up to the legislature “to decide what amendments are required to the Act in order to bring it in line with the Charter.” (at para 81). Any such reform initiative by the legislature should be one that gives a much more careful consideration to the structure of the Act as a whole, and the complex web of interests that are already finely balanced.

 

Published in Privacy

Below is the statement I made to the House of Commons Standing Committee on Access to Information, Privacy and Ethics on May 31, 2012. The Standing Committee had convened hearings on the following motion:

Be it Resolved: That the Committee study the efforts and the measures taken by Google, Facebook and other social media to protect the personal information of Canadians, and that the Committee report its findings back to the House.

I would like to begin by saying that I think it is very important that more attention be given to data protection and privacy in relation to the activities of social media companies. I do find it somewhat ironic, however, that the Committee’s mandate has been framed in terms of studying the efforts and measures taken by social media companies to protect the personal information of Canadians. It is a bit like studying the efforts made by foxes to protect the lives of the chickens.

I note that to the extent that Google, Facebook and other social media companies attempt to protect the personal information of Canadians, these efforts are shaped by data protection law. The adequacy of our data protection legislation must therefore be a focus of attention. The amendments from the first five year review of 2006 have yet to make it through Parliament; the second five year review is already late in getting underway. These should be matters for concern, particularly since the data protection environment has changed substantially since the law was first enacted. The current law is particularly weak with respect to enforcement. The Commissioner has no order making powers and lacks the ability to impose fines or other penalties in the case of particularly egregious conduct.

The focus on social media and privacy has two broad aspects. The first relates to how individuals use these tools to communicate amongst themselves. In this regard we hear concerns about employers accessing Facebook pages, people posting the personal information of other people online, criminals exploiting Facebook information, and so on. These are concerns about information that individuals choose to share, the consequences of that sharing, and the norms that should govern this new mode of interpersonal exchange. The second aspect, and the one on which I will focus my attention is on the role of these companies in harvesting – or in facilitating the harvesting – of massive amounts of information about us in order to track our online activity, consumption habits, and even patterns of movement. In this respect, attention given to large corporations such as Facebook and Google is important, but there are also many other players in the digital environment who are engaging in these practices.

The business models of social media companies are generally highly dependent upon the personal data of their users. In fact, social networking, search engines, email and many other services are offered to us for free. By hosting our content and tracking our activities, these services are able to extract a significant volume of personal data. The nature and quality of this data is enhanced by new innovations. For example, information about the location and movements of individuals is highly coveted. More and more individuals carry with them location enabled smart phones and they use these devices for social networking and other online activities. Even computer browsers are now location-enabled, and thus information about our location is routinely gathered in the course of ordinary internet activities.

The point is that more and more data of increasingly varied kinds are being sought, collected, used and disclosed. This data is compiled, matched and mined in order to profile consumers for various purposes including targeted behavioural marketing. In some cases, this data may be shared with third party advertisers, with application developers or with related companies. Even where the data is de-identified, its fine-textured nature may still leave individuals identifiable, as companies such as AOL and Netflix have learned the hard way. Individuals may also still be identifiable from detailed profile information, and the substantial volumes of information gathered about us make us highly vulnerable to data security breaches of all kind.

It has become very difficult to protect our personal data, particularly in contexts where privacy preferences are set once (and often by default) and the service is one which we use daily or even multiple times each day. It is often difficult to determine what information is being collected, how it is being shared and with whom. Privacy policies are often too long, unclear, and remote for anyone to actually read and understand. We now enter into a myriad of transactions each day and there simply isn’t time or energy to properly “manage” our data. It is a bit like walking through a swamp and being surrounded by a cloud of mosquitoes. To avoid being bitten we can swat away; we can even use insect repellents or other devices, but in the end we are inevitably going to be bitten, often multiple times.

It is also becoming increasingly difficult to avoid entering this swamp. People use social media to keep family and friends close, regardless of how far apart they live, or because the social network communities have become a part of how their own peer groups communicate and interact. Increasingly businesses, schools, and even governments are developing presences in social media, which give even more impetus to individuals to participate in these environments. Traditional information content providers are also moving to the Internet and to Facebook and Twitter, and are encouraging their readers/viewers/listeners to access their news and other information online and in interactive formats. These tools are rapidly replacing traditional modes of communication.

To date, our main protection from the exploitation of our personal information in these contexts has been data protection law. Data protection laws are premised on the need to balance the privacy interests of consumers with the needs of businesses to collect and use personal data. But in the time since PIPEDA was enacted, this need has become a voracious hunger for more and more data, retained for longer and longer periods of time. The need for data has shifted from information required to complete transactions or to maintain client relationships to a demand for data as a resource to be exploited. This shift risks gutting the consent model on which the legislation is based. This new paradigm deserves special attention and may require different legal norms and approaches.

Under the traditional data protection model, the goal was to enable consumers to make informed choices about their personal data. In the big data context, informed choices are virtually impossible to make. Beyond this, there is an element of servitude that is deeply disturbing. Nancy Obermeyer uses the term “volunteered geoslavery” to describe a context where location-enabled devices report on our movements to any number of companies without us necessarily being aware of this constant stream of data. She makes the point that equipping individuals with sensors that report on their activities leaves them vulnerable to dominance and exploitation; yet this is a growing reality in our everyday lives. Going beyond the simple collection of data, social networking services encourage users to make these sites the hub of their daily activities and communications.

Our personal data is a resource that businesses large and small regularly exploit. The data is used to profile us so as to define our consumption habits, to determine our suitability for insurance or other services, or to apply price discrimination in the delivery of wares or services. We become data “subjects” in the fullest sense of the word. There are few transactions or activities that do not leave a data trail.

As noted earlier, many so-called “free” services such as social networking sites, document sharing sites, cool applications, and even internet searching, are actually premised upon the ability to extract user data. In the 2011 decision of the Quebec Superior Court in St. Arnaud c. Facebook a judge refused to certify a class action law suit against Facebook. To do so would have required classifying the terms of use for the site as a consumer contract so that Quebec law could override the clause that provided that all disputes would be settled under the laws of California and adjudicated by California courts. The Quebec Court found that there was no consumer contract because the Facebook service is entirely free, whereas a consumer contract “is premised on payment and consideration.” The judge found that there was no obligation placed on users that could be regarded as a form of consideration.

This case demonstrates how the provision of personal data is overlooked as an element of the contract between the company and the individual. It is treated as a matter governed by the tangential privacy policies. This lack of transparency regarding the quid pro quo makes it the consumer’s sole responsibility to manage their personal information. Concerns that excessive amounts of personal information are being collected can then be met by assertions that people just don’t care about privacy. To regard the sharing of personal data as part of a consumer contract for services, by contrast, places both competition law and consumer protection concerns much more squarely in the forefront. In my view, it is time to explicitly address these concerns.

Another social harm potentially posed by big data is of course, discrimination. Oscar Gandy has written about this in his most recent book. We understand how racial profiling leads to injustice in the application of criminal laws. Profiling, whether based on race, sex, sexual orientation, religion, ethnicity, socio-economic status or other grounds, is a growing concern in how we are offered goods or services. Through big data, corporations develop profiles of our tastes and consumption habits; they channel these back to us in targeted advertising, recommendations and special promotions. When we search for goods or services, we are presented first with those things which we are believed to want. We are told that profiling is good because it means we don’t have to be inundated with marketing material for products or services that are of little interest. Yet there is also a flip side to profiling. It can be used to characterize individuals as unworthy of special discounts or promotional prices; unsuitable for credit or insurance; uninteresting as a market for particular kinds of products and services. Profiling can and will exclude some and privilege others.

I have argued that big data alters the data protection paradigm, and that social networking services, along with many other “free” internet services are major players in this regard. To conclude my remarks, I would like to focus on the following key points.

1) The collection, use and disclosure of personal information is no longer simply an issue of privacy, but raises issues of consumer protection, competition law, and human rights;

2) The nature and volume of personal information collected from social media sites and other “free” internet services goes well beyond transaction information and relates to the activities, relationships, preferences, interests and location of individuals;

3) Data protection law reform is overdue, and may now require a reconsideration or modification of the consent-based approach, particularly in contexts where personal data is treated as a resource and personal data collection extends to movements, activities and interests;

4) Changes to PIPEDA should include greater powers of enforcement for data protection norms, which might include order-making powers, and the power to levy fines or impose penalties in the case of egregious or repeated transgressions.

Published in Privacy

Insurance Corp. of British Columbia v. Stainton Ventures Ltd. is a recent decision of the British Columbia Supreme Court that addresses the issue of the use of trademarks in domain names. The plaintiff in the case, the Insurance Corp. of British Columbia (ICBC) objected to the use by the defendant Stainton Ventures Ltd. of its ICBC mark in its domain names, on its website, and on a booklet which it produced for sale. The defendant, through its website and booklet, offered advice on how to deal with B.C.’s motor vehicle insurer.

The defendant’s website was initially established in 2006 with the URLs <fightICBC.ca> and <fightICBC.com>. The site provided information about dealing with ICBC, and also listed the names and contact information of health care professionals. At the time, ICBC contacted the listed health care professionals and drew their attention to the listings. The defendant received feedback from a number of these professionals, who apparently objected to the rather adversarial domain name of the website. It subsequently changed its business cards, website references and other materials to ICBCadvice, and registered the new domain names of <icbcadvice.ca> and <icbcadvice.com>. In 2008, it began offering for sale from its website a publication titled ICBC Claim Guide.

In 2009 the defendant received its first cease and desist letter regarding the use of the ICBC acronym. Justice Grauer of the B.C. Supreme Court noted that although it was only in 2008 that there was an actual commercial offering from the site, it was clear from the outset that the site had served a marketing function for the defendant’s law practice. After receipt of the cease and desist letter, the title of the claim guide was changed to ICBCadvice Claim Guide. No other concessions were made by the defendant.

The plaintiff applied by way of summary trial for declarations that the defendant was infringing its rights in its official mark ICBC, that it was passing off its wares and services as those of ICBC, and that it was in violation of s. 52 of the Competition Act for having made false or misleading representations. The court ruled against ICBC on all counts.

The first issue was whether the defendant had infringed the plaintiff’s rights in ICBC’s official mark “ICBC”. Section 11 of the Trade-marks Act provides that “No person shall use in connection with a business, as a trade-mark or otherwise, any mark adopted contrary to section 9 or 10 of this Act....” Section 9(i)(n)(iii) prohibits the adoption of a mark “in connection with a business, as a trade-mark or otherwise, any mark consisting of, or so nearly resembling as to be likely to be mistaken for” an official mark. Justice Grauer rejected the plaintiff’s argument that the defendant’s mark was identical to its ICBC mark because it reproduced the ICBC mark. Instead, he chose to consider whether “ICBCadvice” so nearly resembles “ICBC” as to likely be mistaken for it. Justice Grauer was persuaded by the defendant’s argument that there was no evidence of confusion on the part of visitors to the website. He noted: “The evidence just does not support the contention that through its domain names, the defendant either intended or accomplished the redirection to its site of traffic looking for ICBC’s own website...” (at para 25). Further, he found that drivers in B.C., who were very familiar with the ICBC mark, would not likely be confused into thinking that the ICBCadvice domain names were linked to the official mark. He concluded that “they would take it as identifying the subject-matter of the site, not whose site it is” (at para 26). However Justice Grauer does not consider whether consumers would be likely to think that the subject matter of the site (advice about ICBC) emanated from the insurance company itself, as opposed to some other party. In fact, the official ICBC site also provides advice to customers on how to proceed with making a claim.

Justice Grauer noted that he also would not have found the “fighticbc” domain names to be infringing. There would seem to be at least an argument that “fighticbc” is much less likely to be confusing than “icbcadvice”, since ICBC is less likely to advocate fighting itself than it might be to provide advice to motorists on how to proceed with a claim. The discussion in this respect is unsatisfying. While most domain name cases seem to reject domain names for critical websites that merely use the unmodified trademark of the target company, there is still a lack of clarity as to what kind of modifying language will suffice to make it clear that the site to which the domain name resolves is not that of the target company. In addition, the case law around domain names and critical sites usually involves non-commercial criticism or protest sites; the impact of the commercial dimensions of the defendant’s site in this case is not fully discussed. While I do not necessarily disagree with the outcome of this case, it would have been helpful to have a closer consideration of these key issues.

Justice Grauer did find that the original version of the defendant’s commercial claim guide violated s. 11 of the Trade-marks Act. Its cover featured ICBC in large type with “Claim Guide” below in a much smaller font. However, the revised cover, which reads “ICBCadvice Claim Guide” passed muster. He made an order restraining the distribution of the original guide, but not the revised version.

Justice Grauer dismissed the passing off arguments relating to the website and the domain names. Although it was clear that ICBC had goodwill in its mark, he found that the “ordinary average automobile insurance customer” would not be confused into believing there was a business connection between the defendant’s website and the complainant. Once again, his analysis seems to focus almost exclusively on the issue of actual confusion. He wrote: “I cannot see how an average customer would be deceived into thinking that the website is somehow associated with or approved by ICBC. There is no evidence of either actual confusion or likelihood of confusion, and as noted, a likelihood of confusion is not so obvious that evidence is unnecessary” (at para 44). He rejected the plaintiff’s argument that search engines would turn up the defendant’s site in any search using the term “ICBC”. He wrote: “The behaviour of search engines is not, in my view, evidence of anything other than the operation of an algorithm, and search-engine marketing. It is certainly not evidence of confusion” (at para 46). He went on to ask: “Is the public so naive as to assume that every hit returned to a search for “ICBC” is somehow associated with or endorsed by the Insurance Company of British Columbia? I suspect that the Industrial and Commercial Bank of China would be rather distressed if that proved to be so” (at para 46). In his view, “the average customer of normal intelligence would not be led astray, and would have no difficulty recognizing that ICBCadvice.com would probably relate to how to deal with ICBC in an arm’s length or even adversarial sense, rather than in a manner endorsed by ICBC” (at para 48). Justice Grauer also quickly dismissed the claims of false and misleading representations under the Competition Act.

Published in Blog

The globalized and decentralized Internet has become the new locus for a wide range of human activity, including commerce, crime, communications and cultural production. Activities which were once at the core of domestic jurisdiction have moved onto the Internet, and in doing so, have presented numerous challenges to the ability of states to exercise jurisdiction. In writing about these challenges, some scholars have characterized the Internet as a separate “space” and many refer to state jurisdiction over Internet activities as “extraterritorial”. Rob Currie and I have recently published an article in the Georgetown Journal of International Law that explores these challenges in the context of the overall international law of jurisdiction, rather than focusing on any one substantive area. We argue that while the Internet may push at the boundaries of traditional principles of jurisdiction in public international law, it has not supplanted them. We explore the principles of jurisdiction, including the evolving concept of “qualified territoriality”, and demonstrate how they continue to apply in the Internet context. We also examine how states exercise their authority with respect to Internet activities by addressing governance issues, by engaging in normative ordering for the Internet, and by extending the reach of their domestic laws to capture Internet-based activities. The article concludes by offering a set of “first principles,” in the form of policy precepts, to guide the evolution of public international law norms and to address problems particular to the context of the global Internet.  You can find it here: http://gjil.org/wp-content/uploads/archives/42.4/zsx00411001017.PDF.

Published in Extraterritoriality

Stephen Coughlan, Robert Currie, Hugh Kindred and Teresa Scassa, Global Reach, Local Grasp: Constructing Extraterritorial Jurisdiction in the Age of Globalization, Prepared for the Law Commission of Canada, May 31, 2006.

Published in Reports/Consultations

“Routine Border Searches of Laptop Computers” (2008) 5:7 Can. Privacy L. Rev. 72-74.

“Social Networking, Privacy and Civil Litigation: Recent Developments in Canadian Law”, forthcoming in (2011) 7:7 Can. Privacy L. Rev.

<< Start < Prev 1 2 3 4 Next > End >>
Page 3 of 4

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law