Teresa Scassa - Blog

Teresa Scassa

Teresa Scassa

Is there any such thing as a free app? In Albilia v. Apple inc, Justice Pierre Nollet of the Quebec Superior Court authorized a class action law suit against Apple in relation to the collection of personal information by third party application (app) developers via Apple devices such as the iPhone and the iPad.

The petitioner alleges that Apple encourages and supports the development of third party apps as a means of bolstering the popularity and sales of its devices. He also alleges that Apple permits third party app developers to harvest personal the information of users from their devices without their knowledge or consent. In particular, he alleges that such information may include precise location information, the unique device identifier, the user’s name, gender, age, postal code and time zone, information about activities performed using the app. He also alleges that this ongoing harvesting of personal information uses up the resources of the devices without the permission of the device owners. The class action is similar to two others that have been filed in the United States against Apple.

Although the petitioner initially sought to certify a Canada-wide class of affected persons, the judge limited the class to Quebec residents. He did so because the petitioner had failed to establish that the laws in relation to privacy across Canada were equivalent to those in Quebec. Indeed, although there are some similarities, it is fair to say that both the Civil Code of Quebec and the Quebec Charter of Human Rights and Freedoms offer both different and quite likely more extensive protection for privacy than do the laws in the common law provinces and territories.

Justice Nollet ultimately certified two classes for the law suit. The first consists of:

all residents in Quebec who have purchased or otherwise acquired an iPhone or iPad (“iDevice”) and who have downloaded free Apps from the App Store onto their iDevices since December 1, 2008 through to the present.

A second class relates specifically to concerns about the collection of geolocation information. This class consists of:

all residents in Quebec who have purchased or otherwise acquired an iPhone and turned Location Services off on their iPhones prior to April 27, 2011 and have unwittingly, and without notice or consent transmitted location data to Respondents’ servers.

The questions to be explored in the class action law suit include issues regarding whether the respondent Apple facilitated profiling of individual users or disclosed personal information without users’ consent to third party app developers. Other issues include whether location information could be collected from devices even after the location services functions are turned off by the user. The litigation also involves issues relating to consent by users to information gathering practices by both Apple and app developers. In bringing his motion the petitioner referred to a recent study by Eric Smith that detailed the information collecting practices of iPhone apps.

The collection of personal information from mobile devices – including data about a user’s online activities and detailed location information – raises significant privacy concerns. Many “free” apps may use information gathering as a means of generating a revenue stream; the information gathered may have nothing to do with the functions of the app itself. Users of mobile devices may not be sufficiently aware of the detailed location information that can be collected and shared when the location functions of their device are turned on; alternatively, they may turn these functions on specifically to enable certain useful features of their device without realizing that the same information may also be collected and used by apps whose functions are completely unrelated to their location. As with many other contexts, the user who downloads apps may have little time or attention to allocate to reading the detailed user agreements and privacy policies that may accompany their new apps. While courts may continue to insist that users are bound by these agreements, there is a growing concern that the sheer number, complexity and length of such agreements makes informed consumer consent virtually impossible on a consistent basis.

Class action law suits advance with glacial speed, and it is not likely that the questions raised in this dispute will be answered any time soon. Yet it is important that they be asked both here and in other contexts. The burden of privacy, in particular of protecting one’s personal information from unwanted profiling and surveillance, is becoming increasingly challenging for individuals. Not only is it difficult to grasp the full range of information that is being collected, by whom, and for what purposes, as we engage in perfectly ordinary day-to-day activities, secondary access to this information by third parties, including police and other state authorities is not at all transparent. In addition to greater scrutiny of data collection practices, attention must also be paid to the issue of consent, which is increasingly becoming a fiction in the face of turgid and impenetrable legal texts accompanying every small piece of software in our lives.

Last year Canada (finally) responded to the changes wrought by the internet and amended the Copyright Act to address, among other things, the creation, reproduction and dissemination of works in a digital environment. The Supreme Court of Canada has also recently re-emphasized the need to interpret the law in a technologically neutral manner. These developments, however, may still not be enough to prepare us for the new wave of digital reproduction technology that is coming with 3-D printing. As was the case with other digital reproduction technologies, 3-D printing technology is now moving from very expensive devices predominantly in the hands of corporate owners, to increasingly inexpensive technology on the verge of becoming popularized among ordinary consumers. This shift is similar to those which we have already seen with respect to personal and mobile computing.

Three-dimensional objects of widely varying complexity can now be printed using this technology using a variety of materials. A recent news story has even reported on the potential for this technology to print organs for transplant. The printers are evolving to use a wide range of materials that go well beyond the initial plastics and polymers.

Three-dimensional printing is likely to present some significant challenges for intellectual property regimes. This is certainly the thrust of a recent article on the subject in the World Intellectual Property Review (WIPR). Unlike 2-D printing, which is predominantly useful in reproducing works protected by copyright, 3-D printing affects copyright, patent, industrial design and trademark law. We are not far from a future where individuals widely use online file sharing networks to widely distribute plans that will allow for the reproduction of all manner of 3-D objects, including utilitarian objects, replacement parts, jewellery, toys, guns, uniquely configured, eye-catching products, miniatures and action figures based on copyright protected characters from books or movies.

Canada’s IP laws – like those of other countries – may not be fully ready to deal with the challenges posed by affordable and accessible 3-D printing. In the first place, the reproduction of 3-D objects may implicate one or more IP statutes. Three-dimensional objects that are artistic in nature are often protected by copyright law; the drawings or plans for the making of three-dimensional objects may also be protected as artistic works under copyright law. The visual appearance and design features of utilitarian objects can be protected through industrial design registration. Three-dimensional features of objects may, if they are distinctive of their trade source, be protected as trademarks. Functional 3-D items may also be protected under patent law. Clearly, there is IP protection available for 3-D items, but it is highly fragmented which will likely make it harder for individuals and companies to understand the parameters of legal activity. Further, while copyright law has been substantially revised to deal with the challenges posed by easy digital reproduction and the online dissemination of works, the other regimes have not received attention in this regard. Much has also been done to address the different ways in which copyright law may be infringed online – this includes a number of important new defences to copyright infringement that seek to create balance, along with an adjustment of statutory damages available where copying is non-commercial in nature. The other IP laws in Canada are not well adapted to copying by private individuals for non-commercial purposes. Three-dimensional printing may thus bring with it a paradigm shift which will no doubt create tensions between IP owners and users that may ultimately have to be addressed by the legislature. Yet we are still grappling with old-tech IP reform. For example, a new IP Bill C-56, currently before Parliament, addresses counterfeiting under both the trademark and copyright regimes, but the focus of these amendments is on the movement of goods across borders, and on enhancing the available measures to stop the importation of infringing works. Just as the law is moving towards addressing the flow of counterfeit goods across the border, counterfeiting may soon shift to digitally networked 3-D printers, the online dissemination of plans and designs, and small scale reproduction of works by multiple and widely dispersed individuals.

Wednesday, 03 July 2013 09:48

Band’s Logo Attracts Provincial Ire

The Alberta rock band named Jr. Gone Wild has been in the news after Alberta’s Department of Culture ordered it to stop using a modified version of the province’s official emblem as part of the band’s logo. A photo of the band’s logo can be viewed along with the Edmonton Journal article on this issue.

A law titled the Emblems of Alberta Act makes it an offence to use “for commercial or business purposes” the armorial bearings of Alberta without consent. It is also an offence to use “any design so nearly resembling the armorial bearings of Alberta or any portion of them as to be calculated to deceive”. Although the band is using the arms for commercial purposes (it is selling T-Shirts emblazoned with its logo), it is not clear that this use of the modified design is calculated to deceive anyone. It remains an open question whether anyone viewing the logo would be led to believe that the band is in any way the official rock band of Alberta.

The Minister of Culture has also enacted regulations governing official emblems. According to these regulations, the emblem can be reproduced, used or displayed for non-commercial purposes so long as the use or display is in good taste. Commercial use is also permitted under certain conditions. These are that the use:

 

(a)    is free from any implication that the commercial or business purposes have any approval or accreditation from the Government,

(b)    is based on original drawings obtained from the Government, and

(c)    conforms, in the opinion of the Minister, to good taste.

The regulations are not clear about whether a modified version of the emblem can be used at all. For example, it is not clear whether the “good taste” requirement relates to modifications, or simply to the context in which the emblem is to be used. According to the story in the Edmonton Journal, it is not yet clear whether the band will change its logo and dispose of its unsold merchandise, or whether it will disregard the Minister’s order.

It is not unusual for governments to pass laws to protect their official emblems and insignia. For example there are similar statutes in Saskatchewan (with much stiffer penalties), and in Manitoba. There is certainly a public interest in ensuring that people are not misled into believing that certain products or services have been offered or endorsed by the government when they have not. Provincial arms, crests and flags are also listed as prohibited marks under s. 9(1)(e) of the Trade-marks Act. This means that these marks, or ones “so nearly resembling as to be likely to be mistaken” for them may not be adopted or used “in connection with a business, as a trade-mark or otherwise”. Thus there is ample law to protect against misuse of these signs or symbols.

The question is, of course, what the limits of freedom of expression are when it comes to the insignia of government, or other public symbols. According to the report in the Edmonton Journal, the band sees itself as “just doing art”. Artistic expression is, of course, protected expression in Canada. Yet like other of Canada’s civil liberties, it is subject to “reasonable limits demonstrably justified in a free and democratic society.

The Royal Canadian Mint recently backed down from a demand for licensing fees from a musician who used images of the penny on his album cover. There was also considerable controversy in Nova Scotia in the mid-2000’s when a company charged with the maintenance and operation of the Bluenose II began demanding licensing fees from local businesses who used the name or image of the iconic schooner. Of course, in each of these cases it was the symbol or name itself that was used, and not a modified version. And, while iconic, the penny and the Bluenose are not official insignia of government. The question remains as to how the balance should be struck between the public interest in the protection of official arms and insignia and the public interest in the freedom to use these insignia as a vehicle for expression.

Wednesday, 19 June 2013 12:48

Google Glass and the Privacy Gap

Canada’s Privacy Commissioner, Jennifer Stoddart, along a number of her international counterparts and the commissioners of B.C., Quebec and Alberta have issued a joint letter written to the CEO of Google raising concerns about privacy in relation to Google Glass. This product, still at the beta stage, consists of a kind of interactive mobile computer worn as eyeglasses. Among other things, the glasses have the capacity to record audio and video data, and will be able to run all manner of third party applications.

The Commissioners are justifiably concerned about a product that once launched might raise a host of new and troubling privacy issues. In the letter they call on Google to enter into a dialogue with data protection commissioners with a view to ensuring that the design of the product and of its applications respects privacy values.

What is interesting in this letter is the frank admission by the commissioners of their own precarious jurisdiction when it comes to this technology. While there is no doubt that Google Glass poses significant privacy risks, they are not necessarily ones which would fall within the scope of private sector data protection laws in Canada. These laws generally apply to organizations that collect, use and disclose personal information in the course of commercial activity. Certainly, some of the concerns raised in the letter fall within the scope of these laws. For example, the Commissioners demand to know what information Google might itself collect via Glass when it is in use by individuals. They also seek to know what information will be shared with third parties, including the developers of apps for this product. These are clearly questions that fall within the scope of data protection legislation, as Google is clearly an organization that collects, uses and discloses personal information in the course of commercial activity.

However, Glass will also have privacy implications as between the wearers of the technology and those persons who may fall within the field of view of the user. The Commissioners specifically address the use of this product to surreptitiously film or record individuals. This is a serious privacy concern. It is one that is already raised by the recording capacity of smartphones and tablets; the particular concern with Glass is that it will be possible to be even more surreptitious in making such recordings. Yet the privacy issues raised by this type of activity are not ones to which private sector data protection legislation would apply. For example, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) specifically does not apply to any individual in respect of personal information that the individual collects, uses or discloses for personal or domestic purposes and does not collect, use or disclose for any other purpose.” The scope of this exception is potentially very broad; the law would not apply, for example, to recordings made by individuals and posted to their Facebook accounts or to YouTube.

The Commissioners, of course, are well aware of this gap in their powers. In their letter they explicitly acknowledge it: “We are aware that these questions relate to issues that fall squarely within our purview as data protection commissioners, as well as to other broader, ethical issues that arise from wearable computing.” Nevertheless, they use the opportunity presented by the privacy issues within their mandates to raise the “broader ethical issues”.

This gap in jurisdiction over privacy is of growing importance. Where once high powered technologies of surveillance were only affordable by professionals, low cost, high powered technology is increasingly moving into the hands of ordinary individuals. In addition, the ability to disseminate audio and video recordings to a global audience – also something that was once only within the powers of established private sector corporations – is now something that can be done by any individual with an internet connection. As the corporate intermediaries become obsolete, so too do data protection laws that are framed exclusively around private sector actors engaged in commercial activity. The appropriate legislative response is not clear; legislated limits on how individuals can interact with and communicate information about themselves and their experiences would raise significant freedom of expression issues.

The data commissioners’ letter to Google is thus most interesting. Acknowledging both the limits of their powers and the enormous gap in the protection of the public in a rapidly changing information technology environment, they have chosen to publicly raise both privacy and ethical issues with Google. Law- and policy-makers should be watching and should be thinking about how this gap should be filled.

With little fanfare, the Canadian government has released its much awaited, newly revised Open Government Licence. The previous version that had been available on its Open Data site was a beta version on which public comments were invited. The government has also published its Open Government Licence Consultation Report, which summarizes and discusses the comments received during the consultation process.

The revised version of the licence is an improvement over its predecessor. Gone is the claim to database rights which do not exist in Canada. (These rights do exist in the UK, the Open Government Licence of which was a template for the Canadian licence). The new licence also discards the UK term “personal data” and replaces it with “personal information”, and it gives this term the meaning ascribed under the federal Privacy Act. The language used in the licence has been further simplified, making it even more accessible.

It should be noted that Alberta’s new open government licence – released as part of the launch of its open government portal earlier this year – is very similar to V2.0 of the federal government licence. There are some minor formatting differences, and a few changes in wording, most of which can be explained by the different jurisdiction (for example, the definition of “personal information” refers to Alberta’s Freedom of Information and Protection of Privacy Act). The similarities between the two licences are no coincidence. Although the Alberta licence was made public prior to the release of the federal government’s V2.0, work has been going on behind the scenes to move towards some form of federal/provincial consensus on the wording of open government licences with a view to ensuring that there is legal interoperability between data sets released by different governments in Canada. The efforts to reduce barriers to interoperability (whether legal or technical) are important to the ability of Canadians to work with and to integrate different data sets in new and innovative ways. Thus not only is the COGL V2.0 to be welcomed, so are the signs that cooperation and coordination may lead to a greater legal interoperability of open government licences across Canada.

The US government is in damage control mode after it was leaked to the press this week that it had established a massive surveillance program under which it obtained comprehensive communications data from telecommunications and technology companies. Privacy advocates have decried this secret and massive data mining exercise.

Canadians should not sit back complacently to watch this unfolding spectacle south of the border. It was only last year that our own government tried to introduce legislation that would have provided for the building of the physical and legal infrastructure for substantially increased Internet surveillance. Although Bill C-30 was ultimately defeated, there are nonetheless other laws already on the books that leave Canadians vulnerable to unwarranted and invisible surveillance. For years privacy advocates in Canada have been warning of legal provisions that allow police and national security agencies to seek personal information from private sector companies, and that allow these companies to hand over this information without a court order and with no accountability.

The first of these provisions is s. 7(3)(c.1) of the Personal Information Protection and Electronic Documents Act, which provides that an organization “may disclose personal information without the knowledge or consent of the individual” where the disclosure is made to a government actor that has made a request for the information, and has indicated that the information may be related to national security issues, may be relevant to an investigation related to the enforcement of any law, or is sought for the purpose of “administering” any federal or provincial law.

The second provision is s. 487.014 of the Criminal Code, which provides that no court order is required for a law enforcement official “to ask a person to voluntarily provide to the officer documents, data or information that the person is not prohibited by law from disclosing.” In other words, as long as no other law prohibits such a disclosure, the information may simply be handed over.

Both PIPEDA and the Criminal Code permit private sector companies in Canada to voluntarily disclose the personal information of their customers to police officers or national security officials without the knowledge or consent of the individuals in question, and without an order from a judge. Companies may still refuse to make such disclosures without being ordered to do so by a court, and while some do in some circumstances, plenty of others do not. According to the federal Privacy Commissioner, “We have no way of knowing for certain the number, scale, frequency of, or reasons for, such disclosures although we understand that they are substantial.”(The Case for Reforming the Personal Information Protection and Electronic Documents Act at p. 13). Nothing obliges companies to disclose to the public how many requests for information they receive or with how many they have voluntarily complied. Similarly, nothing obliges public authorities to disclose how many requests they make, to what companies, or for what types of information.

Given the vast amounts of personal information of increasingly fine detail that private sector companies collect about all of us, this should be a matter of some concern. Telecommunications companies can match our personal information to IP addresses, which in turn can be linked to all of our online activities. Telecommunications companies also have rich stores of data regarding our calling activities; in the case of smart phones, this information may also include fine-grained location information. Other companies gather our location information, as well as information about our purchases, transactions, conversations, friends, associates and activities. These vast stores of information in the private sector may be simply a request away from disclosure to authorities – and we may never know just how much information is being shared or in what circumstances.

In response to this highly troubling set of circumstances, the federal Privacy Commissioner, Jennifer Stoddart, recently called for reforms to PIPEDA that would impose some level of accountability where public authorities access information in this manner. In a document titled The Case for Reforming the Personal Information Protection and Electronic Documents Act the Commissioner recommended that the law be amended to require private sector organizations “to publicly report on the number of disclosures they make to law enforcement under paragraph 7(3)(c.1), without knowledge or consent, and without judicial warrant, in order to shed light on the frequency and use of this extraordinary exception.”

This call for greater transparency in determining just how often the personal information of Canadians is disclosed to government authorities without the knowledge or consent of the individual and without judicial authorization is well-timed. As disturbing as the news of the US surveillance program is, we should not lose sight of the fact that there are vast personal information resources that sit within easy reach of our own government and its officials – and that there are laws currently on the books that facilitate easy and virtually traceless access to it.

In case there was any doubt, the Office of the Privacy Commissioner of Canada (OPC) produced a report this week that confirms that Canada’s private sector data protection legislation is simply not up to the task of adequately protecting the personal information of Canadians. The report is aptly titled: The Case for Reforming the Personal Information Protection and Electronic Documents Act.

The introduction to this report makes plain the frustration of those charged with administering the Personal Information Protection and Electronic Documents Act (PIPEDA). Enacted with much fanfare in 2001, this statute contains a provision that requires that it be reviewed every 5 years to ensure that it remains adequate for the task of protecting the personal information of Canadians in commercial contexts. As the introduction to the Report notes, the first 5 year review ended with a Bill to amend the statute – this Bill died on the order paper and in spite of attempts to resuscitate it, it has never been passed. The second 5 year review has simply stalled. In the meantime, as the report notes, the personal data landscape has been dramatically transformed with the rise of social networking, mobile communications, increased cross-border data collection and sharing, and the growing use of personal information for the profiling and targeting of consumers

PIPEDA is a fairly tentative piece of legislation, giving only ombudsperson powers to the Privacy Commissioner, and favouring an approach that encourages compliance rather than mandating it. This new report issued by the Office of the Privacy Commissioner (OPC) makes it clear that this approach is no longer effective nor is it appropriate to the current data protection context. The Report notes that comparable jurisdictions have moved towards giving data commissioners more powers of enforcement, including order-making powers and the ability to impose fines or other administrative penalties on companies that play fast and loose with personal information. PIPEDA even lags behind the laws of those few provinces that have their own private sector data protection statutes: Commissioners in Quebec, B.C. and Alberta have order making powers, and Alberta also has mandatory data breach notification requirements. The report observes that not only is the toothless PIPEDA a difficult tool to use to gain compliance from large web-based collectors of personal information that are based outside of Canada, it also relies too heavily upon the willingness of domestic companies to take the Commissioner’s findings or audit reports seriously.

The OPC report identifies four pressure points based on their 12 years of experience with the legislation, and makes four recommendations for legislative reform to address each of these. The first pressure point is enforcement. The report explains how the lack of enforcement powers has hindered the ability of the OPC to address data protection issues. It notes, for example, that there is “nothing in the law that provides enough incentive for organizations to invest in privacy in significant ways.” (at p. 6). It notes as well that even when complaints lead to investigation and recommendations, companies may renege on agreements to change practices because there is nothing to compel them to do so. The report laments that other jurisdictions have taken steps to enhance their enforcement powers while nothing is done in Canada. As a result, the report recommends that stronger enforcement powers be added to the legislation. It identifies as possibilities: adding statutory damages powers to enhance the damages available to complainants who ultimately take their issues to Federal Court; giving the Commissioner order-making powers; and giving the Commissioner the power to impose administrative monetary penalties. Ideally, all three should be added. I note in particular that while statutory damages will improve the individual recourse under the Act, this on its own will not greatly improve compliance under the legislation (see my earlier blog post on individual recourse in privacy cases).

The second pressure point identified in the report is the lack of mandatory reporting for data breaches. The Report notes that as things currently stand, organizations who voluntarily report a data breach face negative publicity, while those who cover up breaches are insulated from reproach. A mandatory data breach reporting provision (which is what the report recommends) would ensure that Canadians are made aware of data breaches, would give Canadians a much clearer picture of the state of personal data security, and would create strong incentives for organizations to improve their privacy practices.

The third pressure point identified is an interesting and important one. PIPEDA contains a provision which allows organizations to voluntarily share personal information with police or other authorities without the consent of the individuals to whom the information relates. Given the increasingly high volumes of personal data in the hands of private sector actors, and the fine grain of detail of much of this information (for example, it may include detailed location information about the movement of individuals over extended periods of time), this should be a matter of great concern. At present there is little or no transparency about the number of requests made by law enforcement for this type of information, nor is there any transparency about the number of times private sector organizations voluntarily share information without insisting upon a warrant. The report’s third recommendation is to require organizations “to publicly report on the number of disclosures they make to law enforcement. . . without knowledge or consent, and without judicial warrant, in order to shed light on the frequency and use of this extraordinary exception.” (at p. 14)

The final pressure point identified in the report is that of demonstrating accountability. Although accountability of organizations for compliance with data protection laws is one of the privacy principles set out in PIPEDA, the report notes that the record of accountability of private sector actors is not all it should be. Not only does the OPC expend significant resources on investigations and audits, they are forced to invest additional resources in follow ups to ensure that there has been compliance with their recommendations. The report recommends that the accountability principle in PIPEDA be amended to require organizations to demonstrate, on the request of the OPC, that they are actually compliant with the law. Further, the report recommends that the law provide for “enforceable agreements” – in other words, undertakings by organizations to comply with the legislation that can be enforced by the OPC if compliance is not actually forthcoming.

Commissioner Jennifer Stoddart is approaching the end of the second term of her appointment. Her leadership of the OPC has been exemplary; she has taken it from a beleaguered and unstable agency to one that has proven its expertise and effectiveness. It has worked with great effectiveness with federal departments and agencies, it has developed effective strategies for public outreach and education, and it has worked tireless to improve data protection in the private sector. The Commissioner has also maintained a high level of communication and collaboration with other data commissioners in Canada and abroad. In short, she has done as much – perhaps more – than one could expect to address the privacy of Canadians in both the public and private sectors under two neglected and outdated privacy statutes. This report is notable for the frank and direct way it publicly addresses the deficiencies in Canada’s private sector data protection legislation. Since the mandated legislative review process set out in PIPEDA has proven utterly ineffective in doing so, the Commissioner has taken the initiative, addressing Canadians directly to explain in plain and direct terms what the problems are and how they might be fixed. Let us hope that the government is listening.

Is it “legal” to post your fan fiction tribute to Star Trek online? Or to post a video of your children cavorting to a pop song? The recent amendments to Canada’s Copyright Act have, among other things, added an exception to the basic rules of infringement for user-generated content (UGC). According to this exception, user-generated content is some form of work (literary, artistic, dramatic or musical) that would be eligible for copyright protection in its own right, and that is built upon or integrates the copyright protected work of another. This would clearly seem to cover both of the examples given above. Recognizing that individuals now interact with digital works for all kinds of private and expressive purposes, the federal government has moved these activities from the realm of copyright infringement, and legitimized them – so long as the resultant UGC is non-commercial and has no substantial adverse effect (financial or otherwise) on the original.

The UGC exception is not the only new exception in the Act to normalize activities which, prior to the amendments, were considered infringing. For example, it used to be an infringement of copyright in Canada to record television shows to watch at a later time, and to make copies of legally acquired works so that they could be stored in electronic form, put on an MP3 player, or used for some other private purpose. These were activities in which Canadians routinely engaged, and sensibly, new exceptions now render them non-infringing. The UGC exception is also not the only new exception to carve out more room for expressive interactions with works. The fair dealing provision, which used to apply only to the fair use of works for the purposes of research, private study, criticism, comment or news reporting, now also permits the fair use of works for the purposes of education, parody or satire. The UGC exception thus fits within a framework of exceptions that normalize how people commonly interact with works and that encourage creative engagement with works – within certain limits.

During the debates on the amendments to the Copyright Act, the UGC exception was referred to as the “You Tube” exception, because it seemed that the paradigmatic act contemplated by this section was the home video posted on You Tube that incidentally incorporated a popular song. Yet the exception has potentially enormous breadth: there are so many ways in which existing copyright works can be incorporated into new works. The exception permits not just the making of these ‘mashups’, it permits the non-commercial dissemination of the new work. Translations and adaptations of existing works would appear to meet the definition of UGC. Compilations (mix tapes, anthologies, etc) would also seem to qualify. Those who create maps using the data sets of others and post them online may also find comfort in the UGC exception. Perhaps unwittingly, this exception appears to give great scope for the creation and distribution of works based upon the work of others. Of course, other than being non-commercial, the dissemination must not have no substantial adverse effect (financial or otherwise) on the work(s) incorporated into the UGC – it remains to be seen how much limiting effect these ‘weasel words’ will have.

[For a more detailed discussion of the UGC exception in Canada’s Copyright Act, I invite you to read my chapter on the subject in Michael Geist’s new collection of essays on copyright law, titled The Copyirght Pentalogy: How the Supreme Court of Canada Shook the Foundations of Canadian Copyright Law. Published by the University of Ottawa Press, this book and all its chapters is also available free online under a Creative Commons licence.]

Privacy is big news these days, particularly when it comes to online activity. Internet users are increasingly being tracked by websites they visit, by advertisers on those sites, and by their mobile apps. Profiling practices are ubiquitous. Information and activities on social networking sites are mined by “big data” for purposes that are hardly transparent to users. It is in this context that the Standing Committee on Access to Information, Privacy and Ethics has just released its report on Privacy and Social Media in the Age of Big Data.

The report outlines many of the challenges and issues facing individuals and regulators in the social media context. There are significant issues around how consumer consent is obtained to the collection, use and disclosure of their personal information, the unlimited nature of information collected, the uses to which harvested information is put, and the length of time information is retained. Some testimony before the Committee specifically addressed the added challenges raised by the collection of the personal information of children. Issues of accountability, transparency and security are also considered in the report, and the Committee heard testimony regarding the practices of specific social media companies, and the measures being adopted by the Federal Trade Commission in the US.

Given the broad scope of the inquiry and the importance of the issues, the Committee’s recommendations are a letdown. The first three recommendations consist largely of statements urging the Privacy Commissioner of Canada to develop new guidelines to address privacy challenges with social media. The recommendations which follow encourage both government and social media companies to support education, to promote safe online activities and to support digital literacy. While guidelines and education clearly have a role to play, the recommendations do not go far enough, and in particular, they ignore the sorry state of Canada's private sector data protection law.

During the course of its inquiry, the committee heard plenty of evidence about the lack of movement on long overdue legislative reform to the Personal Information Protection and Electronic Documents Act (PIPEDA), and about how the proposed amendments to this law in Bill C-12, which has languished for some time now, may already be out of date. The Committee also heard evidence about the need for enhanced powers of enforcement for the federal Privacy Commissioner who managed to do her job admirably well with largely only the power to cajole and encourage compliance. That the recommendations of the Committee are entirely silent on the need to amend PIPEDA to add data breach notification requirements, the power to levy fines, order-making powers or other enforcement measures is simply stunning.

One can be grateful, at least, for the recommendations contained in the Supplemental Report of the New Democratic Party of Canada. The NDP members of the Committee clearly took away a different message from these hearings than did the other members. The NDP makes a number of recommendations for legislative amendments that would enhance the enforcement power of the Privacy Commissioner. These include recommendations for legislative change to require companies to notify the Privacy Commissioner in cases of serious breaches of data security, to enhance the enforcement powers of the Commissioner, and to implement “do not track” functions. Indeed, earlier this year, the NDP’s Charmaine Borg (who sits on the Standing Committee) introduced a private members bill (Bill C-475) that would amend PIPEDA so as to implement some of these recommendations around data breach notification and enforcement powers.

The soft approach to privacy protection has not proven adequate to deal with the pervasive, intensive and ubiquitous data collection practices which have become the norm in our digitized society. The almost daily accounts of data breaches and their negative impacts on individuals are evidence of the failure of gentle encouragement to achieve regulatory compliance with even the most basic privacy norms. It is past time to update and upgrade Canada’s data protection legislation. It is most disappointing to see a Standing Committee report that can study these issues and conclude only that gentle encouragement is still the path to follow.

If there is any need for further evidence that the official marks provision in s. 9(1)(n)(iii) of the Trade-marks Act is in dire need of reform, then it can be found in the advertisement by Canada Post in 2005 of official marks in the words POSTAL CODE and CODE POSTAL.

Official marks are a special species of trademark available only to “public authorities.” In theory, a public authority is an entity that is under the control of a federal or provincial government and that acts for the public benefit. While a regular business would have to choose a trademark that does not create confusion with existing registered trademarks, a public authority can pick pretty much any mark it chooses. Further, unlike other businesses, public authorities can choose marks that are generic or descriptive. The adoption of “POSTAL CODE” and “CODE POSTAL” is a case in point. These words are generic: there really are no other words to describe the thing to which they refer – the postal code.

Public authorities also enjoy substantial procedural advantages when it comes to official marks: there is no opposition proceeding for official marks, there is no examination, and there are no registration fees. Once a public authority asks the Registrar to advertise an official mark (and has demonstrated that the mark has been adopted and used) the mark is protected. No one else may adopt, use or register the same mark, or one closely resembling it. Once advertised, such marks live on until voluntarily withdrawn, or removed from the register as a result of costly legal proceedings. For an example of the dysfunction of official marks, consider the fact that both the province of Nova Scotia (no doubt a public authority) and the Bluenose II Preservation Trust Society (almost certainly not a public authority) currently have the identical official mark BLUENOSE on the trademark register.

Official marks have a long history of abuse. The Federal Court has been kept busy trying to establish some standards for official marks – these are entirely absent from the legislation. Thus the court has established a test to aid in determining who qualifies as a “public authority”, has determined that public authorities must be Canadian, and has also set a test to determine whether certain official marks have been adopted and used by the public authority seeking to monopolize them. While the court has done its best, the entire system is flawed and is desperately in need of review.

This brings us back to POSTAL CODE. Canada Post, a public authority, has claimed official mark status for the very words in French and English that describe that series of numbers and letters that form a part of each address for mail delivery purposes. There is no obvious need for Canada Post to monopolize this term. There is no obvious public interest in having it monopolized. Yet ongoing litigation between Canada Post and Canadian company Geolytica suggests that Canada Post may be attempting to use a monopoly in the term POSTAL CODE/CODE POSTAL to make it more difficult for others to compete with it in the area of postal code related products or services. Geolytica, which offers a free online postal code look-up directory and other for-fee services through its Geocoder website is being sued by Canada Post for copyright infringement, and – surprise, surprise – for infringement of its official marks.

The recent report of the House of Commons Standing Committee on Industry, Science and Technology on the Intellectual Property Regime in Canada recommends amendments to the Trade-marks Act to narrow the definition of public authorities to help prevent abuse of official marks “to avoid stifling innovation and distorting markets”. Yet it is important to keep in mind that the problem is not just with those who wrongly claim to be public authorities. Actual public authorities might also use official marks to stifle innovation and distort markets – arguably this is what is happening with the POSTAL CODE/CODE POSTAL mark. Perhaps the reform of the official marks provision needs to be even more profound. Abolishing the category of official marks is a policy option that would require public authorities to play by the same trademark rules as all other businesses. With this as the default position – and with, perhaps, some clear exceptions for the names of government agencies or departments – we might finally see an end to the abuse of official marks.

<< Start < Prev 21 22 23 24 25 26 27 28 29 30 Next > End >>
Page 25 of 37

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law