access to information Ambush Marketing big data citizen science confidential information copyright data breach notification data protection digital cartography ecommerce and internet law Electronic Commerce electronic commerce and internet law Extraterritoriality fair use Geospatial geospatial data intellectual property Internet internet law IP open data open government personal information Privacy proactive disclosure takings trademark law trademarks traditional knowledge transparency
Tuesday, 20 September 2016 14:25
The Ontario Supreme Court of Justice has just approved the settlement of a class action law suit against Home Depot over a data privacy breach that took place in 2014. Both the settlement agreement and the decision by Justice Perell offer some interesting insights into privacy class actions in Canada.
Between April 11, 2014 and September 13, 2014 Home Depot’s payment system was hacked by criminals who used malware to skim data from credit card purchases at self-serve stations. When Home Depot discovered the breach it notified potentially affected customers through the French and English press in Canada. It also sent out over half a million emails to potentially affected customers in Canada. The emails apologized for the breach, and confirmed that the malware had been eradicated. Customers were assured that they would not be held responsible for fraudulent charges to their credit card accounts and they were offered free credit monitoring and identity theft insurance.
Although the breach led to complaints against Home Depot being filed with the privacy commissioners of Alberta, Quebec, B.C. and Canada, the commissioners all concluded that Home Depot had not breached their respective private sector data protection statutes. The fact that Home Depot had acted quickly and decisively to notify customers and to offer them protection also clearly influenced Justice Perell in his decision on the settlement agreement. He noted that Home Depot “apparently did nothing wrong”, and that it “responded in a responsible, prompt, generous and exemplary fashion to the criminal acts perpetrated on it by the computer hackers.” (at para 74.)
After the breach, which affected customers in the U.S. and Canada, a number of class action lawsuits were filed in both countries. The U.S.-based suits were consolidated into a single action which led to a settlement. The U.S. agreement was used as a template for the Canadian settlement. Under the terms of the settlement agreement put before Justice Perell, Home Depot admitted no wrongdoing. In exchange for releasing their claims against Home Depot, class members would be entitled to access a settlement fund of $250,000 available to compensate them for any actual expenses incurred as a result of the data breach up to a maximum of $5000 per claimant. The agreement also provides for class members to access free credit monitoring to a cap of $250,000. Justice Perell noted that given the cost of bulk purchases of credit card monitoring, this amount would allow for between 2,500 and 5,000 of the class members to access credit monitoring. In order to be entitled to any funds or credit monitoring, class members would have to file a claim form by October 29, 2016. Under the terms of the agreement, Home Depot would assume the costs of notifying class members and of administering the funds. Any money not distributed from the funds at the end of the claims period could be used to offset these costs. Justice Perell approved these terms of the settlement agreement.
The agreement also provided for a sum of $360,000 plus HST to be paid to the class action lawyers for legal fees, costs and disbursements. Small sums were also provided for in the agreement as honoraria for the representative plaintiffs in the class, although Justice Perell declined to approve these amounts, noting that honoraria were not appropriate in this case. He noted that “Compensation for a representative plaintiff may only be awarded if he or she has made an exceptional contribution that has resulted in success for the class.” (at para 80)
In assessing the settlement agreement, Justice Perell made it clear that the value of the settlement for class members was at most $400,000. He noted that in terms of compensation very little might actually be paid out. No class members would have had to cover the cost of fraudulent credit card charges and, in the time since the breach, there were no documented cases of identity theft related to this breach. He noted that the only information obtained through the hack was credit card information; other identity details used in identity theft such as driver’s licence data or social insurance numbers, were never stolen. He thus found it “highly unlikely” that the $250,000 fund would be used for damage awards. He also expressed doubt whether, given the short deadline in the agreement, the $250,000 fund for identity theft insurance would be used up.
Given the modest value of the settlement agreement, Justice Perell would not approve the $360,000 bill for legal fees and disbursements. Instead, he set the amount at $120,000. He noted that to do otherwise would pay class counsel more than would be received by the class members. He noted as well that in his view the case against Home Depot was very weak: the data breach was the result of a criminal hack; the privacy commissioners had found no wrongdoing on the part of Home Depot; and Home Depot had not attempted to cover it up and instead had acted promptly to notify customers and to help them mitigate any possible harm. Further, he noted that “by the time the actions against Home Depot came to be settled, there were no demonstrated or demonstrable losses by the Class Members” (at para 101). Justice Perell observed that while class counsel may have incurred higher fees than what were being awarded, there is a degree of risk with any class proceeding. He noted that “class counsel should not anticipate that every reasonably commenced class action will be remunerative and a profitable endeavor.” (at para 103)
The result is interesting on a number of fronts. Clearly Home Depot found it less costly to settle than to proceed with the litigation even though Justice Perell seems to be of the view that they would have won their case. The case illustrates just how costly data breaches can be, even for companies that have done nothing wrong and are themselves victims of criminal activities. In terms of the class action law suit, as with many data breaches, proof of actual harm to the class members was difficult to come by, making losses quite speculative. Further, as litigation of this kind tends to proceed slowly, the lack of harm to class members becomes increasingly apparent in cases where there is no evidence that the illegal obtained data has been used by the malefactors. The result in this case suggests that in class action law suits related to privacy breaches, class members who do not suffer actual pecuniary loss should not expect significant payouts; and companies who are not at fault in the breach and who act promptly to assist affected customers may substantially reduce (or eliminate) their liability. These factors may affect decisions by class counsel to launch class action lawsuits where the link between the breach and actual harm is weak, or where defendants are not obviously at fault.
Monday, 12 September 2016 07:01
The U.S. Court of Appeals for the Ninth Circuit has applied U.S. trademark law (the Lanham Act) to the activities of a Canadian citizen operating a business in Vancouver. The court acknowledged that it was applying the Lanham Act extraterritorially, but ruled that it was justified in doing so on the facts of the case.
The extraterritorial application of trademark law is unusual. Registered trademarks are valid only in the country of registration. A Canadian who uses trademarks in Canada could normally only infringe another party's trademark rights if those rights have been acquired through registration or use in Canada. Countries normally get to decide which marks receive protection within their own borders, and a judgment from a foreign court would not be enforceable in Canada without a Canadian court’s approval. The decision in Trader Joe’s Company v. Hallatt, which applies U.S. law to U.S. registered trademarks used in Canada, is therefore quite unusual. However, the facts of the case are also unique.
Many Canadians will recognize the name Trader Joe’s. This grocery store chain, which operates exclusively in the U.S., has carved out a niche for itself as a purveyor of high quality fresh foods. A majority of the products sold in Trader Joe’s stores are branded with Trader Joe’s’ U.S.-registered trademarks. The company has no stores in Canada. It may have contemplated a possible expansion north of the border; in 2010 it took steps to register two of its trademarks in Canada. However, these registrations have not been perfected – quite probably because the company has not started to use the marks in Canada.
The defendant Hallatt is a Canadian citizen living in British Columbia who also has permanent resident status in the United States. In 2011 employees of a Trader Joe’s store in Washington State noticed that Hallatt was making several large purchases per week. It transpired that he was driving the purchased goods across the Canada/U.S. border in order to sell them in Canada. He later opened a store in Vancouver for this purpose. Originally called Transilvania Trading, he changed its name to Pirate Joe’s. He sold Trader Joe’s labelled merchandise at this store at prices considerably higher than in the U.S. After Trader Joe’s took steps to limit Hallatt’s access to their stores, he began to wear disguises to make his purchases. There was also some evidence that he hired people to purchase goods from Trader Joe’s that he could then bring into Canada. The court also found that he used a store sign that resembled Trader Joe’s’, and that the trade dress of his store also resembled that of the plaintiff company.
Trader Joe’s objected to this use of their trademarks and trade dress in Canada. They alleged that it could cause confusion among Canadian consumers who were familiar with the U.S. brand, and that the defendant’s activities might harm their trademarks because they had lost the ability to maintain their strict controls over product quality and freshness. They alleged that they had already received one complaint from a customer who had been made ill after eating Trader Joe’s food from Pirate Joe’s in Canada. They were also concerned about harm to their reputation because the food sold at Pirate Joe’s was overpriced and because the customer service did not meet their standards. Since Canadians would also cross the border and shop at Trader Joe’s stores in the U.S., harm to the store’s reputation from Pirate Joe’s activities in Canada could have an effect on the U.S.-based business.
The complex set of cross-border factors in this case motivated the Court to find that Hallatt had violated the Lanham Act. In the first place, they found that the “use in commerce” requirement of the Lanham Act had been met. Normally, where there is extraterritorial application of the Lanham Act, the plaintiff has to show that goods sold outside of the U.S. have made their way back into U.S. markets in order to show use in commerce. This was not the case here. However, the court was prepared to find that there was nevertheless an impact on U.S. commerce from the sale of the goods in Canada. This flowed from the potential reputational harm from the sale of products of compromised quality and from selling the goods at inflated prices. The court noted that Canadians were regular customers at the Trader Joe’s stores in northern Washington State (40% of credit card transactions at the Bellingham store were by non-residents of the U.S.). These customers might be confused by the sale of Trader Joe’s products in Canada, and might form a negative opinion of the company if the goods sold in Canada were overpriced or of inferior quality. The Court also found other links to the United States that could be used to ground a decision to apply the Lanham Act extraterritorially. The defendant travelled to the U.S. to purchase the goods and/or hired people based in the U.S. to purchase them for him. It also found that his activities might have been assisted to some extent by his landed immigrant status in the U.S.
International comity is a relevant consideration in deciding on extraterritorial application of a country’s laws. The idea is to interfere as little as possible with the sovereignty of another state. In this case, the court noted that there was no ongoing litigation in Canada over trademark issues on the same facts. It also noted that both parties in this case had ties to the United States; the defendant through his landed immigrant status. The Court also found that “an essential part” of Hallatt’s commercial venture took place in the U.S. Perhaps most importantly, the Court found that it was in a position to order the remedies sought by Trader Joe’s. The defendant had assets in the United States so that an award of damages could be enforced in the U.S. against those assets. A court in the U.S. could also order an injunction to stop Hallatt’s activities in purchasing the goods in the U.S. for export to Canada.
The particular facts of this case were clearly a central factor in the court’s decision to apply the Lanham Act extraterritorially. In this sense, then, the case does not signal a shift that would see U.S. courts hearing a flood of trademark infringement suits relating to U.S.-registered trademarks that happen to be used in Canada. Without the substantial links to the U.S. – and the deliberate attempt to trade on the goodwill of the U.S.-based company, the court would likely not have extended U.S. law in this case. Nevertheless, it is a warning to Canadian entrepreneurs that the exploitation of well-known U.S. trademarks, even if not registered in Canada, could, in the right circumstances, expose them to liability on either side of the border.
Wednesday, 07 September 2016 08:45
A new report from uOttawa’s Canadian Internet Policy and Public Interest Clinic (CIPPIC) prepared in collaboration with Carleton’s Geomatics and Cartographic Research Centre (GCRC) proposes a strategy for protecting traditional knowledge that is shared in the digital and online context. The report proposes the use of template licences that will allow Indigenous communities to set the parameters for information sharing consistent with cultural norms..
Traditional knowledge – defined by the World Intellectual Property Organization as “the intellectual and intangible cultural heritage, practices and knowledge systems of traditional communities, including indigenous and local communities” – is poorly protected by contemporary intellectual property (IP) regimes. At the root of the failed protection is the reality that Western IP systems were designed according to a particular vision of creativity and innovation rooted in the rise of the industrial revolution. It is a product of a particular social, economic and ideological environment and does not necessarily transplant well to other contexts.
The challenge of protecting indigenous cultural objects, practices and traditional knowledge has received considerable attention – at least on the international stage – as it is a problem that has been exacerbated by globalization. There are countless instances where multinational corporations have used traditional knowledge or cultural heritage to their profit – and without obvious benefit to the source communities. Internationally, the Nagoya Protocol on Access and Benefit Sharing seeks to provide a framework for the appropriate sharing of traditional knowledge regarding plant and genetic resources. Innovative projects such as Mukurtu provide a licensing framework for Indigenous digital cultural heritage. What CIPPIC’s report tackles is a related but distinct issue: how can Indigenous communities share traditional knowledge about themselves or their communities while still maintaining a measure of control that is consistent with their cultural norms regarding that information?
For years now, the GCRC has worked with Indigenous communities in Canada to provide digital infrastructure for cybercartographic atlases that tell stories about those communities and their land. These multimedia atlases offer rich, interactive experiences. For example, the Inuit Siku (Sea Ice) Atlas documents Inuit knowledge of sea ice. The Lake Huron Treaty Atlas is a complex multimedia web of knowledge that is still evolving. These atlases are built upon an open platform developed by the GCRC and that can be adapted by interested communities.
The GCRC sought out the assistance of CIPPIC to explore the possibility of creating a licensing framework that could assist Indigenous communities in setting parameters for the sharing and reuse of their traditional knowledge in these contexts. The idea was to reduce the burden of information management for those sharing information and for those seeking to use it through a series of template licences that can be adapted by communities to suit particular categories of knowledge and contexts of sharing. This is a complex task, and there remains much work to be done, but what CIPPIC proposes offers a glimpse into what might be possible.
Monday, 29 August 2016 09:43
A pair of interesting copyright lawsuits are making their way through the federal court and are worth watching for the novel issues they raise and the potential they have for shaping copyright law in Canada.
One of these is actually a series of lawsuits brought by the news service Blacklock’s Reporter against a total of 7 federal government departments and agencies and 3 Crown corporations and agencies. Blacklock’s provides articles on a subscription basis only; it accuses the various defendants of having accessed copies of its articles without having subscribed to the service and in breach of their copyrights. The defendants argue that Blacklock’s “employs a pattern of writing misleading or inaccurate articles about an organization with the expectation that these articles would be accessed and shared internally.” They then allege that Blacklock’s files access to information requests to uncover details of such access and distribution in order to issue claims for damages for copyright infringement. Essentially, they contend that Blacklock’s is engaged in copyright trolling. (Note that I wrote about an earlier law suit brought in Ontario small claims court by Blacklock’s against the Canadian Vintner’s Association here.)
The Federal Court has just upheld a prothonotary’s decision to streamline this litigation by issuing a stay of proceedings in 9 of the 10 lawsuits until certain legal issues have been aired and decided in the 10th. The decision is based on the view that since each of the cases raises similar issues, it would be more just and a more efficient use of resources to proceed in this way.
The defendants do not appear to deny having accessed the articles in question. Instead, they argue that the uses made of the articles in question were fair dealing (based on use of the material for “internal government reporting purposes”). They also raise the defense of copyright misuse. Copyright misuse relies on an argument that the copyright owner, through its conduct, is attempting to secure for themselves a broader right than it is entitled to by law. The defence now has a considerable track record in the United States, but remains novel in Canada. Clearly this litigation raises interesting arguments that make it worth following. The five-day trial for the case that is to go forward has been scheduled for September 2016.
A second case involves what is called a “reverse class action law suit” brought by Voltage Pictures against an as-yet unidentified group of defendants for copyright violation related to the downloading of films in which Voltage holds copyright. Typically a class action law suit is brought by a large group of plaintiffs who have all been harmed by the same wrong allegedly committed by a single defendant. The class action law suit allows plaintiffs to pool their efforts and it makes for a more efficient use of judicial resources. Class action law suits can also be used to hold defendants to account in cases where large numbers of people are negatively affected, but no single individual has suffered enough economic harm to make it worthwhile taking their case to court. In these ways, class action law suits improve access to justice. The reverse class-action law suit is quite another animal. In a reverse class-action law suit, there is a single plaintiff who essentially is arguing that it has been harmed by the actions of multiple defendants. Rather than sue each defendant individually, they proceed against a single defendant who is considered representative of the much larger class.
Voltage has recently succeeded in having a court compel Rogers Communications Inc. to reveal the name and address of a subscriber whose account has been linked by Voltage to allegedly illegal downloading activity. This will be the representative defendant in a law suit that may put the activities of thousands of other as yet unnamed ISP subscribers at issue. Of course, a court has yet to certify the reverse class action law suit.
Voltage’s strategy comes as both the courts and Parliament have put limits on the extent to which ordinary consumers can be targeted in copyright infringement lawsuits for non-commercial uses of works. By significantly limiting the damages available in such instances, Parliament made it deliberately difficult for copyright holders to launch law suits seeking massive amounts of damages against ordinary individuals – a practice that has become notorious in the United States. The “notice and notice” provisions of the Copyright Act also protect against sweeping accusations of copyright infringement that might otherwise limit freedom of expression by compelling the take down of content that might fall within the fair dealing exceptions to copyright infringement. Canadian courts have also been quite protective of individual privacy, requiring that a plaintiff establish a bona fide claim of copyright infringement before a court will issue an order compelling a service provider to produce customer name and address information that is linked to the allegedly infringing activity. The reverse class action lawsuit offers plaintiffs a work-around to some of these protective measures and could open the door to the large-scale pursuit of those who download unauthorized content over the internet. Both copyright owners and users’ rights advocates will be watching this case with interest.
Monday, 22 August 2016 06:55
A 2016 European Commission report titled Survey report: data management in Citizen Science projects provides interesting insights into how such projects manage the data they collect. Proper management is, of course, essential to ensure that the collected data can be used and reused by project leaders as well as by other downstream users. It is relevant as well to the protection of the privacy of citizen participants. The authors of this report surveyed a large number of citizen science projects. From the 121 responses received they distilled findings that explore the diversity of the citizen science projects, and that reveal a troubling lack of thorough data management practices. A significant shortcoming for many projects was the lack of appropriate data licences to govern reuse of either raw or aggregate data collected.
There has been growing pressure on those carrying out research using public resources to make the fruits of the research – including the research data – publicly available for consultation, verification or reuse. But doing so is not as simple as a binary open/closed choice. There are a number of different questions that researchers must address: Should the raw data be made open or only the aggregate data? Should it be immediately available or available only after an embargo period? Is all data suitable for release or should some be protected for public policy reasons (such as protecting privacy)? And what, if any, terms and conditions should be imposed on reuse?
On the issue of data licensing, Schade and Tsinaraki found that the conditions imposed on reuse by different projects varied. A majority of those who made data available believed that the data was in the public domain, while others imposed conditions such as non-commercial or share-alike restrictions. When asked which license they used to achieve these goals, 32 out of 56 respondents indicated that they used one of the commonly available template licences such as Creative Commons or Open Data Commons. A surprising number of respondents indicated that no particular licence was used. While data released in this way might be presumed to be “open”, the usefulness of the data might well be hampered by a lack of clarity regarding the scope of permitted reuse.
In addition to providing access to data, the authors of the Report asked whether citizen science researchers allowed open access to research results (presumably in the form of published papers and other output). While the overwhelming majority of projects indicated that they used open access options (ranging from public domain dedication to open access with conditions), Schade and Tsinaraki also found that 14 of the projects they considered used licences with terms that were not consistent with the reuse conditions that the researchers had identified. Clearly there is a need for greater support for projects in developing or choosing appropriate licences.
Although many of the projects indicated that they provided access to their data, the duration of that access was less certain. The authors found that 42% of projects intended to guarantee access to their data only within the lifespan of the project. The authors also found that 40% of projects that provide data access do not provide comprehensive metadata along with the data. This would certainly limit the value of the data for reuse. Both these issues are important in the context of citizen science projects, which are often granted-funded and temporally-limited. The ability to archive and preserve research data and to make it available for meaningful access and reuse should be part of researchers’ data management plans, and is something which should be supported by research institutions and funding agencies.
Overall, the Report provides data that suggests that the burgeoning field of citizen science needs more support when it comes to all aspects of data management. Proper data management practices will help citizen science researchers to meet their own objectives, to share their data effectively and appropriately, and to protect the rights and interests of participants.
Note: In 2015 I drafted a report, with Haewon Chung, for the Wilson Center Commons Lab titled Managing Intellectual Property Rights in Citizen Science. This report addresses many licensing issues related to the collection, sharing and reuse of citizen science data and outputs. It is available under a Creative Commons Licence.
Wednesday, 17 August 2016 06:28
Canada’s anomalous and downright dysfunctional official marks system is once again deserving of attention as the Rio Olympics unfold. The protection of Olympic marks in Canada reveals many of the deficiencies of this system.
Under the Trade-marks Act, “public authorities” in Canada can sidestep the whole process for application, review and registration of trademarks by simply asking the Registrar of Trade-marks to advertise whatever logo or word mark they have come up with for whatever undertaking they are engaged with. This includes the names and/or logos of government departments (eg: Heritage Canada & Design), the names and/or logos of municipalities (City of Windsor & Design) or even the names of publicly-funded institutions such as the National Gallery of Canada. At the other end of the spectrum are the myriad logos, slogans and words associated with government activities that are largely run as businesses, such as lotteries and casinos. Official marks are available to any ‘public authority’ and the meaning of this term has not always been clear. In the last 15 years or so the courts have tightened up the definition of a “public authority”, but nonetheless the register is crowded with official marks held by entities that were never entitled to hold them. These illegitimate official marks will remain protected unless someone spends their hard earned money to challenge them in court. This is just one of the ways in which the official marks regime is deeply flawed. The marks never expire; there is nothing in the Act that prevents them from being identical to or confusing with trademarks in which registered trademark owners may have invested a great deal of resources; and none of the limitations on the registrability of trademarks apply. There is also no mechanism (short of going to court) by which a mark can be removed from the Register by anyone other than the public authority once it is advertised. The Register is crowded with obsolete official marks. These marks stand in the way of new trademark registrations.
The Canadian Olympic Committee (COC) has long relied upon official marks to protect hundreds of marks relating to current and past Olympic Games and activities. Yet this protection was not enough for the IOC. In 2007, Canada enacted the Olympic and Paralympic Marks Act (OPMA) to fulfill a commitment made to the IOC in Vancouver’s bid for the 2010 Winter Olympics. Controversially, the OPMA added a new protection against ambush-marketing, and I have written about this aspect of the legislation elsewhere. But it also created a list of protected Olympics-related marks in Schedule 1. These marks are protected for as long as they remain on the Schedule. They include 39 basic Olympic and Paralympic related marks and logos. Further, the federal government can, by regulation, add new marks to the list whenever there is a need to do so. The OPMA also created a second schedule for the protection of Olympic marks related specifically to Games hosted by Canada. These marks would be protected only for the period of time set out in that schedule. In other words, they were limited to the period directly before and after the hosted event. There was no schedule for marks related to Olympic Games that were not hosted by Canada, such as the Rio Olympics.
In spite of this special legislation for Olympic-related marks, the COC still relies upon the official marks provisions of the Trade-marks Act to protect Olympics-related marks. Some of the marks found in Schedule 1 of the OPMA are also official marks under the Trade-marks Act (see, for example: FASTER HIGHER STRONGER, OLYMPIAD, OLYMPIC GAMES and OLYMPICS). This means that even if the federal government decided to remove these marks from this Schedule, they would still receive protection under the Trade-marks Act. The situation was much worse prior to 2014, when the COC (finally) withdrew from the Register of Trade-marks many of its official marks that also appeared in Schedules 1 and 2 of the OPMA, thus limiting the impact of the double-protection. Of course, this double protection endured for 7 years before being rectified, and it has not been completely corrected. Further, it was done purely voluntarily. Nothing in Canadian law prevents the COC from asking the Registrar of Trade-marks to advertise the same marks again as official marks. The legislative dysfunction is also evidenced by the surfeit of Olympic marks that are still protected as official marks including, for example, WINTER OLYMPIC GAMES, SUMMER OLYMPIC GAMES, OLYMPIC FLAME, OLYMPIC TORCH, and the list goes on. In addition, there is a pile of Olympic clutter on the Register, including marks and logos from past Olympiads such as the ones in Lake Placid, Calgary, Torino, Seoul – you get the picture.
For the Rio Games, the Canadian Olympic Committee has chosen to use the Trade-marks Act to protect two Rio-specific marks as official marks: Rio 2016, and Rio 2016 & Rings Design. Anyone who, misled by the title of the Olympics and Paralympics Marks Act, checked that statute to see what Olympic marks were protected and which ones were not, could be forgiven for missing those two – but forgiven they will not be if they use either of the marks.
There really are two issues here that need to be addressed. The first is that the federal government must do something about the hugely problematic category of official marks. That the official marks regime is dysfunctional is a well-known fact. The federal Liberals surely know this; when they were in opposition, MP Geoff Regan brought forward a private member’s bill to address the regime’s deficiencies.
The other problem is that the government has put in place two different regimes that can be used simultaneously to protect Olympic and Paralympic marks, and the (limited) checks and balances in one are not reflected in the other. The result is a mess of, well, Olympic proportions.
Friday, 05 August 2016 06:30
The BBC has reported that the U.S. Olympic Committee is taking a hard line against companies that use the twitter hashtag #Rio2016 in their tweets and who are not official sponsors of the Games. The USOC holds a registered trademark in the US for Rio2016. According to the BBC story, while the USOC is prepared to tolerate the non-commercial use of the hashtag in tweets by individuals, it draws the line at corporate use.
The move is hardly surprising – for decades now Olympic organizers have been trying to crack down on ambush marketing. Ambush marketing relies upon the creation of mental associations between a major event (in this case, the Olympics) and the products or services of non-sponsor companies. They can do so through trademark law, which protects the registered trademarks of the event, as well as through special laws prohibiting ambush marketing. These special laws have proven controversial because they ban the creation of “associations”, and such associations can be generated by using ordinary words that are descriptive of the event, its location or the year in which it is held.
Sponsors pay top dollars for sponsorship rights and insist upon a high degree of protection for this investment, and event organizers will insist that these revenues are necessary in order to make the games a success. Without the sponsorship money, the story goes, there would be no games. Thus everyone wins if sponsors’ rights are protected. The story is, however, a bit more complicated than that. There are many companies that invest, in one way or another, in amateur sporting associations and in athletes. A company that sponsored a promising young athlete for years, allowing her eventually to train and compete at the national level would find that when that athlete finally made it to the Olympics, they might run afoul of ambush marketing laws by publicly celebrating her achievement. “XYZ Corporation celebrates Jane Doe in her quest for Olympic Gold!” would, for example, most likely attract cease and desist letter.
The Twitter hashtag issue is both interesting and controversial. According to Twitter, hashtags are a device created on Twitter to allow for the indexing of key words or topics. In other words, hashtags facilitate conversations on a vast social network and allow people both to follow and to participate in those conversations. Thus, while Rio 2016 may be registered trademark of the USOC, #Rio2016 is an indexing term that allows people interested in the summer games to follow Twitter conversations on that subject. For the USOC to assert that non-sponsor companies cannot use the hashtag is to tell them that they cannot participate in those conversations. As such, their position likely goes too far. At least one U.S. court would seem to agree. In 2015 the U.S. federal district court in Eksouzian v. Albanese ruled that it was not trademark infringement to use a trademarked term in a hashtag “because hashtags are merely descriptive devices, not trademarks, unitary or otherwise, in and of themselves.”
Ironically, the push to crack down on so-called ambush-marketing may have its greatest impact on small businesses that do not have the resources to fight back when sent a cease-and-desist letter. As my co-authors and I noted in a 2011 article on ambush marketing, the real competitors of Olympic sponsors are generally large corporations with teams of lawyers that can help them design marketing campaigns that stay just on the right side of any anti-ambush marketing legislation.
Coverage of this issue can also be found in the article in Le Devoir by Boris Proulx “Ne sera pas Rio qui veut”.
Tuesday, 02 August 2016 07:20
Municipal police services in North America now commonly make digital crime maps available to the public online. These interactive maps allow individuals to choose a particular part of their city, as well as a window of time (crimes in the last 7, 14 or 21 days, for example). They can search for all mapped crimes in this time frame or can limit their search to particular types of crime. The results are returned in the form of icons on a map of the selected area. The icons represent different categories of criminal activity, and clicking on each icon will reveal basic information about the incident. The maps can be used for many purposes. For example, someone who is thinking of parking their vehicle overnight in a particular part of the city might search to see if there are many thefts of vehicles or thefts from vehicles in that area. Prospective home buyers or renters might also use the maps to assess the incidence of crime in neighborhoods they are considering. Most crime maps of this kind allow users to sign up for email alerts about crime in their neighborhood, and the maps also provide a means for individuals to send in tips about mapped crimes.
A police service that decides to offer an interactive crime map to the public can choose to create their own crime map (usually by hiring a tech services company to build one) (for examples of this option see the maps from Winnipeg or Halifax) or they can contract with one of a number of leading crime mapping companies in North America. These companies typically offer a range of data analytics services to police. Often the crime maps are offered for free, with the hope that the police service will purchase other analytics services. The 3 leading companies are all based in the United States, but they offer hosting on their platform to police services across North America.
In a new paper that has just been published in the International Journal of e-Planning Research, I look at the practice of crime-mapping in 3 Canadian municipalities – Ottawa, London and Saint John. The police services in each of these cities have contracted with a different one of the 3 leading U.S.-based crime mapping companies. In my paper I consider how these crime maps present particular narratives of crime in the city. These narratives may be influenced in subtle or not so subtle ways by the fact that the mapping platform is U.S.-based. These influences may show up in the rhetoric around the crime maps used by the host company, the crimes or other types of data chosen (or not chosen) for mapping, and the descriptions on the host platforms of the type of data featured on the maps. I also evaluate the quality of the mapped data, and explore how laws shape and constrain the use and reuse of crime data.
While the crime maps are superficially attractive and easy to use, there is reason to be concerned about their use. In my research for this paper, I learned that it is possible to access the maps either through the host company’s site or through the police service’s website. Depending on the route chosen, the messaging (including a description of the mapped data, the purpose of the map, and its limitations) is different. While disclaimers on the police services’ sites may warn of the limitations of the data provided, those who access through the host platform are unware of these deficiencies. The mapped data provide a very partial account of crime in the city, and critics of this type of crime mapping have raised concern both about the potentially misleading nature of the maps, and the particular narrative of urban crime they convey.
My paper also explores issues of control and ownership of the mapped data and the impact that this has on the ability of civil society groups either to critically assess the data or to create other tools and analytics that might combine crime data with other urban data. While the crime mapping platforms do not claim ownership of the data that they map (according to the sites, ownership rests with the police services), they do prohibit the scraping of data from their sites – and there is evidence of legal action taken to pursue data scrapers. In most cases, police services do not make the same data provided to the crime mapping companies available as open data. This allows the police service (in conjunction with the limitations built into the crime mapping platforms) to largely control how the data is presented to the public. At the same time, the presence of a publicly accessible crime map might itself be used by a police service as a justification for not making the same crime data available as open data. (I note that Vancouver, which hired a company to create its own crime map, also makes the mapped data available as open data (although it updates it with less frequency than the mapped data).
Ultimately, the paper asks whether this model of crime mapping advances or limits goals of transparency and accountability, and what lessons it offers about the use of private sector civic technologies to serve public sector purposes.
Note: The research behind this paper was recently featured by H.G. Watson in her article in J-Source titled “Reporters need to dig deeper into crime maps to tell the whole story”. The article also discusses April Lindgren’s interesting article on the relationship between police information and journalism titled “Covering Canadian Crime: What Journalists Should Know and the Public Should Question”.
Monday, 20 June 2016 07:10
The federal government has just released for public comment its open government plan for 2016-2018. This is the third such plan since Canada joined the Open Government Partnership in 2012. The two previous plans were released by the Conservative government, and were called Canada’s Action Plan on Open Government 2012-2014 and Canada’s Action Plan on Open Government 2014-2016. This most recent plan is titled Canada’s New Plan on Open Government (“New Plan”). The change in title signals a change in approach.
The previous government structured its commitments around three broad themes: Open Data, Open Information and Open Dialogue. It is fair to say that it was the first of these themes that received the greatest attention. Under the Conservatives there were a number of important open data initiatives: the government developed an open data portal, an open government licence (modeled on the UK Open Government Licence), and a Directive on Open Government. It also committed to funding the Open Data Exchange (ODX) (a kind of incubator hub for open data businesses in Canada), and supported a couple of national open data hackathons. Commitments under Open Information were considerably less ambitious. While important improvements were made to online interfaces for making access to information requests, and while more information was provided about already filled ATIP requests, it is fair to say that improving substantive access to government information was not a priority. Open dialogue commitments were also relatively modest.
Canada’s “New Plan” is considerably different in style and substance from its predecessors. This plan is structured around 4 broad themes: open by default; fiscal transparency; innovation, prosperity and sustainable development; and engaging Canadians and the world. Each theme comes with a number of commitments and milestones, and each speaks to an aspirational goal for open government, better articulating why this is an initiative worth an investment of time and resources.
Perhaps because there was so great a backlash against the previous government’s perceived lack of openness, the Liberals ran on an election platform that stressed openness and transparency. The New Plan reflects many of these election commitments. As such, it is notably more ambitious than the previous two action plans. The commitments are both deeper (for example, the 2014-2016 action plan committed to a public database disclosing details of all government contracts over $10,000; the New Plan commits to revealing details of all contracts over $1), and more expansive (with the government committing to new openness initiatives not found in earlier plans).
One area where the previous government faced considerable criticism (see, for example Mary Francoli’s second review of Canada’s open government commitments) was in respect of the access to information regime. That government’s commitments under “open information” aimed to improve access to information processes without addressing substantive flaws in the outdated Access to Information Act. The new government’s promise to improve the legislation is up front in the New Plan. Its first commitment is to enhance access to information through reforms to the legislation. According to the New Plan, these include order-making powers for the Commissioner, extending the application of the Access to Information Act to the Prime Minister and his Ministers’ Offices, and mandatory 5-year reviews of the legislation. Although these amendments would be a positive step, they fall short of those recommended by the Commissioner. It will also be interesting to see whether everything on this short list comes to pass. (Order-making powers in particular are something to watch here.) The House of Commons Standing Committee on Access to Information, Privacy and Ethics has recently completed hearings on this legislation. It will be very interesting to see what actually comes of this process. As many cynics (realists?) have observed, it is much easier for opposition parties to be in favour of open and transparent government than it is for parties in power. Whether the Act gets the makeover it requires remains to be seen.
One of the interesting features of this New Plan is that many of the commitments are ones that go to supporting the enormous cultural shift that is required for a government to operate in a more open fashion. Bureaucracies develop strong cultures, often influenced by long-cherished policies and practices. Significant change often requires more than just a new policy or directive; the New Plan contains commitments for the development of clear guidelines and standards for making data and information open by default, as well as commitments to training and education within the civil service, performance metrics, and new management frameworks. While not particularly ‘exciting’, these commitments are important and they signal a desire to take the steps needed to effect a genuine cultural shift within government.
The New Plan identifies fiscal transparency as an overarching theme. It contains several commitments to improve fiscal transparency, including more extensive and granular reporting of information on departmental spending, greater transparency of budget data and of fiscal analysis, and improved openness of information around government grants and other contributions. The government also commits to creating a single portal for Canadians who wish to search for information on Canadian businesses, whether they are incorporated federally or in one of the provinces or territories.
On the theme of Innovation, Prosperity and Sustainable Development, the New Plan also reflects commitments to greater openness in relation to federal science activities (a sore point with the previous government). It also builds upon a range of commitments that were present in previous action plans, including the use of the ODX to stimulate innovation, the development of open geospatial data, the alignment of open data at all levels of government in Canada, and the implementation of the Extractive Sector Transparency Measures Act. The New Plan also makes commitments to show leadership in supporting openness and transparency around the world.
The government’s final theme is “Engaging Canadians and the World”. This is the part where the government addresses how it plans to engage civil society. It plans to disband the Advisory Panel established by the previous government (of which I was a member). While the panel constituted a broad pool of expertise on which the government could draw, it was significantly under-utilized, and clearly this government plans to try something new. They state that they will “develop and maintain a renewed mechanism for ongoing, meaningful dialogue” between the government and civil society organizations – whatever that means. Clearly, the government is still trying to come up with a format or framework that will be most effective.
The government also commits in rather vague terms to fostering citizen participation and engagement with government on open government initiatives. It would seem that the government will attempt to “enable the use of new methods for consulting and engaging Canadians”, and will provide support and resources to government departments and agencies that require assistance in doing so. The commitments in this area are inward-looking – the government seems to acknowledge that it needs to figure out how to encourage and enhance citizen engagement, but at the same time is not sure how to do so effectively.
In this respect, the New Plan offers perhaps a case in point. This is a detailed and interesting plan that covers a great deal of territory and that addresses many issues that should be of significant concern to Canadians. It was released on June 16, with a call for comments by June 30. Such a narrow window of time in which to comment on such a lengthy document does not encourage engagement or dialogue. While the time constraints may be externally driven (by virtue of OGP targets and deadlines), and while there has been consultation in the lead up to the drafting of this document, it is disappointing that the public is not given more time to engage and respond.
For those who are interested in commenting, it should be noted that the government is open to comments/feedback in different forms. Comments may be made by email, or they can be entered into a comment box at the bottom of the page where the report is found. These latter comments tend to be fairly short and, once they pass through moderation, are visible to the public.
Wednesday, 15 June 2016 08:46
Yesterday I appeared before the House of Commons’ Standing Committee on Access to Information, Privacy and Ethics, along with Professor David Lyon of Queen’s University and Professor Lisa Austin of the University of Toronto. The Committee is considering long overdue reform of the Privacy Act, and we had been invited to speak on this topic.
All three of us urged the Committee to take into account the very different technological environment in which we now find ourselves. Professor Lyon cogently addressed the changes brought about by the big data context. Although the Privacy Act as it currently stands largely address the collection, use and disclosure of personal information for “administrative purposes” all three of us expressed concerns over the access to and use by government of information in the hands of the private sector, and the use of information in big data analytics. Professor Austin in particular emphasized the need to address not just the need for accuracy in the data collected by government but also the need to assess “algorithmic accuracy” – the quality/appropriateness of algorithms used to analyse large stores of data and to draw conclusions or predictions from this data. She also made a clear case for bringing Charter considerations into the Privacy Act – in other words, for recognizing that in some circumstances information collection, disclosure or sharing that appears to be authorized by the Privacy Act might nevertheless violate the Canadian Charter of Rights and Freedoms. There was also considerable discussion of information-sharing practices both within government and between our government and other foreign or domestic governments.
The Committee seemed very interested and engaged with the issues, which is a good sign. Reform of the Privacy Act will be a challenging task. The statute as a public sector data protection statute is sorely out of date. However, it is also out of context – in other words, it was drafted to address an information context that is radically different from that in which we find ourselves today. Many of the issues that were raised before the Committee yesterday go well beyond the original boundaries of the Privacy Act, and the addition of a few provisions or a few tweaks here and there will not come close to solving some of these privacy issues – many of which overlap with issues of private sector data protection, criminal law and procedure, and national security.
The notes related to my own remarks to the Committee are available below.
Written Notes for Comments by Professor Teresa Scassa to the House of Commons’ Standing Committee on Access to Information, Privacy and Ethics, June 14, 2016
Thank you for the opportunity to address this Committee on the issue of reform of the Privacy Act.
I have reviewed the Commissioner’s recommendations on Privacy Act reform and I am generally supportive of these proposals. I will focus my remarks today on a few specific issues that are united by the theme of transparency. Greater transparency with respect to how personal information is collected, used and disclosed by government enhances privacy by exposing practices to comment and review and by enabling appropriate oversight and accountability. At the same time, transparency is essential to maintaining public confidence in how government handles personal information.
The call for transparency must be situated within our rapidly changing information environment. Not only does technology now enable an unprecedented level of data collection and storage, enhanced analytic capacity has significantly altered the value of information in both public and private sectors. This increased value provides temptations to over-collect personal information, to share it, mine it or compile it across departments and sectors for analysis, and to retain it beyond the period required for the original purposes of its collection.
In this regard, I would emphasize the importance of the recommendation of the Commissioner to amend the Privacy Act to make explicit a “necessity” requirement for the collection of personal information, along with a clear definition of what ‘necessary’ means. (Currently, s. 4(1) of the Privacy Act requires only that personal information “relate directly to an operating program or activity of the institution”.) The goal of this recommendation is to curtail the practice of over-collection of personal information. Over-collection runs counter to the expectations of the public who provide information to government for specific and limited purposes. It also exposes Canadians to enhanced risks where negligence, misconduct or cyberattack result in data breaches. Data minimization is an important principle that is supported by data protection authorities around the world and that is reflected in privacy legislation. The principle should be explicit and up front in a reformed Privacy Act. Data minimization also has a role to play in enhancing transparency: not only do clear limits on the collection of personal information serve transparency goals; over-collection encourages the re-purposing of information, improper use and over-sharing.
The requirement to limit collection of information to specific and necessary purposes is tied to the further requirement on government to collect personal information directly from the individual “where possible” (s. 5(1)). This obviously increases transparency as it makes individuals directly aware of the collection. However, this requirement relates to information collected for an “administrative purpose”. There may be many other purposes for which government collections information, and these fall outside the privacy protective provisions of the Privacy Act. This would include circumstances that is disclosed to a government investigative body at its request in relation to an investigation or the enforcement of any law, or that is disclosed to government actors under court orders or subpoenas. Although such information gathering activities may broadly be necessary, they need to be considered in the evolving data context in which we find ourselves, and privacy laws must adapt to address them.
Private sector companies now collect vast stores of personal information, and this information often includes very detailed, core-biographical information. It should be a matter of great concern, therefore, that the permissive exceptions in both PIPEDA and the Criminal Code enable the flow of massive amounts of personal information from the private sector to government without the knowledge or consent of the individual. Such requests/orders are often (although not always) made in the course of criminal or national security investigations. The collection is not transparent to the individuals affected, and the practices as a whole are largely non-transparent to the broader public and to the Office of the Privacy Commissioner (OPC).
We have heard the most about this issue in relation to telecommunications companies, which are regularly asked or ordered to provide detailed information to police and other government agents. It should be noted, however, that many other companies collect personal information about individuals that is highly revelatory about their activities and choices. It is important not to dismiss this issue as less significant because of the potentially anti-social behaviour of the targeted individuals. Court orders and requests for information can and do encompass the personal information of large numbers of Canadians who are not suspected of anything. The problem of tower dump warrants, for example, was recently highlighted in a recent case before the Ontario Supreme Court (R. v. Rogers Communication (2016 ONSC 70))(my earlier post on this decision can be found here). The original warrant in that case sought highly detailed personal information of around 43,000 individuals, the vast majority of whom had done nothing other than use their cell phones in a certain area at a particular time. Keep in mind that the capacity to run sophisticated analytics will increase the attractiveness of obtaining large volumes of data from the private sector in order to search for an individual linked to a particular pattern of activity.
Without adequate transparency regarding the collection of personal information from the private sector, there is no way for the public to be satisfied that such powers are not abused. Recent efforts to improve transparency (for example, the Department of Innovation, Science and Economic Development’s voluntary transparency reporting guidelines) have focused on private sector transparency. In other words, there has been an attempt to provide a framework for the voluntary reporting by companies of the number of requests they receive from government authorities, the number they comply with, and so on. But these guidelines are entirely voluntary, and they also only address transparency reporting by the companies themselves. There are no legislated obligations on government actors to report in a meaningful way – whether publicly or to the OPC – on their harvesting of personal information from private sector companies. I note that the recent attempt by the OPC to audit the RCMP’s use of warrantless requests for subscriber data came to an end when it became clear that the RCMP did not keep specific records of these practices.
In my view, a modernization of the Privacy Act should directly address this enhanced capacity of government institutions to access the vast stores of personal information in the hands of the private sector. The same legislation that permits the collection of personal information from private sector companies should include transparency reporting requirements where such collection takes places. In addition, legislative guidance should be provided on how government actors who obtain personal information from the private sector either by request or under court order should deal with this information. Specifically, limits on the use and retention of this data should be imposed.
It is true that both the Criminal Code and PIPEDA enable police forces and investigative bodies under both federal and provincial jurisdiction to obtain personal information from the private sector under the same terms and conditions, and that reform of the Privacy Act in this respect will not address transparency and accountability of provincial actors. This suggests that issues of transparency and accountability of this kind might also fruitfully be addressed in the Criminal Code and in PIPEDA, but this is no reason not to also address it in the Privacy Act. To the extent that government institutions are engaged in the indirect collection of personal information, the Privacy Act should provide for transparency and accountability with respect to such activities.
Another transparency issue raised by the Commissioner relates to information-sharing within government. Technological changes have made it easier for government agencies and departments to share personal information – and they do so on what the Commissioner describes as a “massive” scale. The Privacy Act enables personal information sharing within and between governments, domestically and internationally, in specific circumstances – for investigations and law enforcement, for example, or for purposes consistent with those for which it was collected. (Section 8(2)(a) allows for sharing “for the purpose for which the information was obtained or compiled by the institution or for a use consistent with that purpose”). Commissioner Therrien seeks amendments that would require information-sharing within and between governments to take place according to written agreements in a prescribed form. Not only would this ensure that information sharing is compliant with the legislation, it would offer a measure of transparency to a public that has a right to know whether and in what circumstances information they provide to one agency or department will be shared with another – or whether and under what conditions their personal information may be shared with provincial or foreign governments.
Another important transparency issue is mandatory data breach reporting. Treasury Board Secretariat currently requires that departments inform the OPC of data security breaches; yet the Commissioner has noted that not all comply. As a result, he is asking that the legislation be amended to include a mandatory breach notification requirement. Parliament has recently amended PIPEDA to include such a requirement. Once these provisions take effect, the private sector will be held to a higher standard than the public sector unless the Privacy Act is also amended. Any amendments to the federal Privacy Act to address data security breach reporting would have to take into account the need for both the Commissioner and for affected individuals to be notified where there has been a breach that meets a certain threshold for potential harm, as will be the case under PIPEDA. The PIPEDA amendments will also require organizations to keep records of all breaches of security safeguards regardless of whether they meet the harm threshold that triggers a formal reporting requirement. Parliament should impose a requirement on those bodies governed by the Privacy Act to both keep and to submit records of this kind to the OPC. Such records would be helpful in identifying patterns or trends either within a single department or institution or across departments or institutions. The ability to identify issues proactively and to address them either where they arise or across the federal government can only enhance data security – something which is becoming even more urgent in a time of increased cybersecurity threats.
Canadian Trademark Law
Published in 2015 by Lexis Nexis
Electronic Commerce and Internet Law in Canada, 2nd Edition
Published in 2012 by CCH Canadian Ltd.
Intellectual Property for the 21st Century
Intellectual Property Law for the 21st Century: