Teresa Scassa - Blog

Teresa Scassa

Teresa Scassa

Copyright law is meant to provide limited monopoly rights to creators of works in order to serve the public interest. That public interest is in providing incentives to create new works and to disseminate them publicly. A recent Ontario Supreme Court decision raises the issue of whether the application of Canadian copyright law in the digital context is properly adapted to these purposes.

Trader Corporation v. CarGurus Inc. involved a dispute between two companies that provide digital marketplaces to consumers searching for new and used vehicles. Trader is the incumbent company in Canada, and operates digital marketplaces at autotrader.ca and autohebdo.net. CarGurus is a well-established American company that entered the Canadian market in early 2015. Both companies engage in very similar businesses – their websites provide listings of cars that are available for sale, complete with photographs of those vehicles. In the U.S., CarGurus populates its website with data from commercial partners that provide it with listings from dealers; it also scrapes car dealer websites for additional listings. Copyright law is not a practical barrier to this latter practice since most dealers are happy with the added publicity for the cars they sell. After all, the product is not the listing, but rather the car. If a dealer objects to the listing appearing on CarGurus’ site, CarGuru will remove it. On entering the market in Canada, CarGurus adopted a similar business model.

One difference between the context in the US and in Canada – a difference that was apparently not known to CarGurus – is that in Canada, Trader offers dealers the option to have a Trader’s trained photographer take photos of their cars for the dealer listings. Most dealers take their own photos; the Court found that Trader’s photos accounted for only 5% of the total number in Canadian dealer listings. Yet, though few in number, these photos are significant. Unlike the context in the US, where dealers owned copyright in their photos and were unlikely to object to these photos being used by CarGurus to reach a broader market for the cars, in Canada, Trader – a digital marketplace – was in a position to object to the use of its photos by a competing digital marketplace when dealer listings were scraped. This key difference between the US and Canadian contexts was not known to CarGurus at the time it commenced operations in Canada.

In addition to operating its digital marketplaces, Trader also licenses its data to other companies, including competing websites. When CarGurus entered the Canadian marketplace, Trader sent it a copy of its license agreement. However, CarGurus decided not to license the data because there were “a number of terms that were of great concern to CarGurus as they were designed to prevent CarGurus from effectively competing with Trader in the Canadian marketplace” (at para 12, citing testimony of CarGurus’ Senior Vice-President of Business Development.) CarGurus, confident in its US business model, proceeded on the assumption that individual dealers owned the copyrights in their photographs, and that they could deal with any objections on a dealer-by-dealer basis. Instead, they were sued by Trader.

In pursuing CarGurus, Trader sought three main things: a declaration that CarGurus had infringed its copyright; statutory and punitive damages for infringement; and a permanent injunction preventing CarGurus from using Trader’s photos.

The issue of copyright infringement was relatively straightforward. Photographs are copyright-protected works. CarGurus argued, without success, that Trader’s photos lacked sufficient originality, as the photographers had been trained to take photos in a particular way and according to specifications and thus did not independently exercise the skill and judgment required to meet the threshold for originality. The Court noted that “the fact that the photographers receive training and follow standardized procedures does not eliminate the use of their skill and judgment in taking the photos, nor does it reduce the exercise of taking the photos to a simple mechanical exercise.” (at para 24) Justice Conway also rejected the argument that there had been a merger of idea and expression in the photos of cars. She stated: “I do not consider that there is such a limited number of ways to photograph vehicles for sale that affording Trader copyright protection would somehow give it a monopoly on photographing vehicles for sale.” (at para 25)

Having established that Trader had copyright in its photographs, the next issue was whether there was a viable defense to infringement. CarGurus first argued that its use was fair dealing. Justice Conway accepted that the copying could be for the statutory purpose of “research” when considered from the perspective of the end user who is searching for a car to purchase. However, she found that CarGuru’s dealing with the works could not be characterized as “fair”. This was because the photos were widely disseminated over the internet, and because CarGurus used the photos in their entirety. Further, she found that CarGurus had alternatives to the dealing – it could have taken its own photographs of the cars. Justice Conway found that the ultimate effect of CarGurus’ use of the photos “was to compete squarely with Trader in the Canadian digital marketplace arena.” (at para 39) As a result, she ruled that the fair dealing defense was not available.

CarGurus also argued that it should benefit from the relatively new statutory defense for operators of “information location tools”. Section 41.27 of the Copyright Act limits a plaintiff’s remedies to an injunction where a suit is brought against an operator of “any tool that makes it possible to locate information that is available through the Internet or another digital network.” As Justice Conway noted, the exemption was added to the Act in 2012 to protect providers of such tools because of the public interest in being able to easily “use and navigate the internet” (at para 43). Justice Conway – the first judge to interpret this provision – found that CarGurus did not qualify for the exception because their site did not help users locate information on the internet. While browsers allow users to search for content and provide links to relevant content (and thus qualify as information location tools) CarGurus located information and gathered it on its own website and then made it available to users. She ruled that this type of activity fell outside the exception. She noted that initially CarGurus did not even provide the dealer name and information associated with different listings; to access these, the user had to use CarGurus as a go-between. It did eventually provide information on the dealers, including the URLs for their websites. However, Justice Conway noted that “while the addition of that information might have assisted the user in conducting its own additional searches or contacting the Dealer where the vehicle was located, CarGurus was still not providing a tool that enabled the user to get the online location of that vehicle information.” (at para 50).

Trader sought statutory damages for infringement. In the case of commercial infringement, the statutory damages provisions allow for a range of damages between $500 and $20,000 for all infringements relating to each work. Because the court had found that CarGurus had copied 152,532 of Trader’s photographs, even using the lowest amount in the range would lead to an award of over $76 million dollars. This is an outrageous amount of money in the circumstances, and so Justice Conway used her judicial discretion, provided for in s. 38.1(5), to lower the amount of the statutory damages award. She noted that “Trader has suffered no monetary damages and has lost no business as a result of the infringement.” (at para 56).

Justice Conway took into account a number of factors in adjusting the statutory damages award. She noted that CarGurus did not scrape data from Trader’s site; rather it scraped data from the sites of dealers. It used a business model it had used successfully in the US, and had sought legal advice before entering the Canadian market. It was unaware that some of the photos it was scraping were taken by Trader employees – and in fact, she noted that Trader had not apprised CarGurus of this fact until well into its back and forth with CarGurus over its activities. In Trader’s initial contacts with CarGurus in June 2015 it had asserted a violation of copyright in its autotraders.ca site; the issues regarding the photographs were not raised until December 2, 2015. She also took into account the fees charged by Trader under its license agreements for use of all of its photographs – whether its own or those supplied by dealers. She noted that had CarGurus entered into this agreement it would have had to pay only $17,535 for the photos during the infringement period. She also noted that during the relevant period CarGurus had not made a profit in Canada. She nevertheless expressed the view that CarGurus did not carry out appropriate due diligence in seeing whether its business model was transferable from the US to Canada. In the end, she awarded statutory damages in the amount of $2 per photo, for a total of $305,064. She declined to award punitive damages.

Justice Conway also declined to order a permanent injunction against CarGurus. She noted that the company had already removed all of Trader’s photos from its site. It had also undertaken not to reproduce other Trader photos in the future provided there was a way for it to identify which photos are those of Trader. Rather than continuing to scrape dealer websites, CarGurus was now obtaining its photos from “feed providers” who had already been told not to provide any Trader photos to CarGurus. In declining to issue the injunction, Justice Conway made the point that “the practical effect of any such injunction would be for CarGurus to clear with Trader in advance the rights to any Canadian photos it wishes to use, or enter into a license agreement with Trader on mutually acceptable terms.” (at para 70). She agreed with counsel for CarGurus that this would effectively force CarGurus “to enter into Trader’s syndication agreement or cease operating in Canada.” (at para 70).

This case raises – but does not really confront – interesting issues around the enforcement of copyrights in publicly available content on the internet. There are very clear tensions here between protection against unfair competition and the suppression of competition in the marketplace, where the scraping of content has indirect and immaterial effects but the enforcement of copyright can hamper or limit competition. It is not that Justice Conway’s decision is unsupportable in law – it offers an eminently reasonable interpretation of the applicable provisions. The question is whether the law finds the right balance. As Justice Conway notes, Trader could not demonstrate actual losses as a result of CarGurus’ conduct. The car dealers whose cars were the subject of the photos were not prejudiced; and none of the scraped content was taken from Trader’s site. The takeaway for companies in a similar position to Trader might be that they should deliberately salt online sites with some of their own copyright protected content (as little as 5% of overall content is clearly enough) in order to stifle the efforts of data aggregators to build independent marketplaces. It is a way to use copyright law to achieve purposes that have nothing to do with protecting creators of works or providing incentives to create new ones. It is not clear that the result is in the public interest – and, to return to the opening of this post – it is the public interest that copyright is ultimately meant to serve.

Tuesday, 04 April 2017 15:50

Privacy and IMSI Catchers

A major investigative report by Brigitte Bureau of Radio Canada (CBC English language version here) has revealed what has long been suspected – that Canadian police forces are using IMSI Catchers to harvest substantial amounts of telecommunications data with uncertain oversight and no transparency. The issue is one that should trouble all Canadians, reminding us not to become complacent about the health of our free and democratic society.

The cell phones we carry with us are in constant quiet interaction with nearby cellphone towers – ensuring a quick connection when we need one. As part of this process, our phones communicate their unique identifiers to these towers. An IMSI catcher (also known as a Stingray) will simulate a cell phone tower and will encourage all cell phones in the area to communicate with it. As it does so, it harvests and stores these identifiers. In this way, data is collected about phones in the vicinity, which can, of course, be ultimately linked to specific individuals. Although a police force may deploy an IMSI catcher in the context of a specific investigation with a target suspect or suspects in mind, the harvesting of data is indiscriminate and will affect all individuals with cell phones in the vicinity. In cities, this can mean thousands of individuals at a time.

While it would be foolish to dismiss the importance of the role played by law enforcement and national security in our societies, it would be equally foolish to passively accept surveillance without the safeguards of oversight, transparency and accountability. The Criminal Code contains an entire section devoted to the rules that govern how law enforcement officials may carry out investigations, including detailed rules governing warrants for the interception of telecommunications, production orders for data, tracking warrants (including tracking of cell phones), and general warrants. These provisions require police to go before a judge or a justice of the peace to make their case for the surveillance, and to have the boundaries of the search established. This authorization procedure acts as a safeguard to ensure a proper balance between the rights of individuals and the collective interest, and to ensure that surveillance does not become routine, ubiquitous, and unrestrained. Unfortunately, there remain question marks around the application of these provisions to technologies such as IMSI catchers: some question whether a warrant is need at all (see discussion below); others argue that the technology merits a lower threshold for obtaining a warrant. In addition, it should be noted that there is no guarantee that any warrant obtained will specify what must happen to the data that is collected about individuals who are not the target of an investigation. In other words, there are no guarantees that such data will be destroyed once it is found not relevant to the particular investigation for which the warrant was obtained.

It has long been suspected that police forces in Canada have been using IMSI catchers in their investigations. Either because such use was being carried out without warrants, or because the warrants remained sealed from public view, this usage has been invisible to ordinary Canadians. It is also quite possible that much of this activity has taken place with no oversight at all. In fact, police forces have been evasive in responding to questions about IMSI catcher use. What the Radio Canada reports reveal is that IMSI catchers are in fact being used in Canada, and that such use is entirely non-transparent. We should be extremely concerned.

Arguments for obscurity around law enforcement use of IMSI catchers have two main threads. The first is that such devices do not impact privacy and therefore warrant neither transparency nor oversight measures. This is nonsense. The IMSI catchers are used in order to detect the location and movement of specific individuals. Beyond this, they capture a vast amount of data that can be used to detect the location and movement of anyone in the area of the IMSI catcher. This has privacy implications not just for those who are the targets of the police investigation but for all who are caught up in the dragnet. Without transparency and oversight no one will know what data about them has been collected by police, to what uses this data is put, or how long it will be retained. The second thread is the assertion that if police disclose what they are doing, the bad guys will stay one step ahead of them. However, it is fairly clear that those engaged in organized criminal activity are well aware of the existence and potential use of IMSI catchers. Transparency does not have to mean making public announcements that an IMSI catcher is currently in use in a particular location. Arguments that transparency will undermine investigations are spurious and should not be used to justify extensive covert use of surveillance technologies by police that impact on tens of thousands of ordinary citizens.

In August 2016, CIPPIC, the Munk School of Global Affairs and the Telecom Transparency Project issued a report (Gone Opaque? An Analysis of Hypothetical IMSI Catcher Overuse in Canada) on suspected but unconfirmed IMSI catcher use in Canada. The report provides a detailed overview of the technology, and examines how the use of IMSI catchers in other countries – including the United States – has been made more transparent and accountable. It is interesting to note that the growing body of law in the US that regulates IMSI catcher use evolved out of a similar cloud of deliberate evasion and obscurity that was brought to public attention by the activities of investigative journalists.

After reviewing the measures put in place in other jurisdictions to provide a legal framework for the use of IMSI catchers, the authors of Gone Opaque highlighted a number of legal safeguards that should be considered by Canadian policy makers. In the first place, the use of IMSI catchers should be subject to judicial oversight through the warrant provisions of the Criminal Code, and the threshold should be set to require police to demonstrate that they have reasonable and probably grounds to believe that an offence has or will be committed, as opposed to the much lower threshold of a “reasonable suspicion”. There should also be transparency mechanisms in place which can include statistical reporting on the incidence and scope of use, as well as the provision of some form of notification to all individuals who have been subject to IMSI catcher surveillance. Gone Opaque also discusses imposing proportionality measures such as limiting the use of IMSI catchers only to serious crimes or where other investigatory measures are not likely to be effective. There should also be limits placed on the scope of data collection, as well as on the retention and re-use of data – particularly data that is not related to the crime under investigation.

There is reason to be concerned that the covert use of IMSI catchers circumvents the safeguards put in place by Parliament in the Criminal Code. The provisions of the Criminal Code that deal with warrants and production orders in the context of data and telecommunications are far from perfect, but they do attempt to provide some measure of transparency and oversight when it comes to the exercise of state surveillance and tracking powers. To the extent that IMSI catchers are used in order to circumvent the Criminal Code procedures, and under the unjustifiable claim that they do not impact on privacy rights, Canadians should be outraged. Canadians should also demand much more when it comes to transparency and accountability around the warranted use of technologies that capture large quantities of personal information of ordinary individuals engaged in their daily activities.

 

 

The furore in Canada over the cancellation of the long-form census and the subsequent elation over its reinstatement in 2016 illustrates that – well – that Canadians get excited about odd things, such as being counted for statistical purposes. Of course, not all Canadians are enthusiastic about the census. Each census period a few objectors refuse to complete the long-form census, and some are even prosecuted for their refusal. While some opposition has been based on the past involvement of defense contractor Lockheed Martin in conducting the census (this involvement apparently ended for the 2016 census), other objections have been linked to privacy concerns. Perhaps because of the extensive measures in place to protect census privacy, these concerns have gained little traction either publicly or in the courts, although they did provide the former conservative government with an excuse to cancel the long-from census.

A recent Federal Court decision considers issues of privacy and the census in a somewhat different context. In O’Grady v. Canada (Attorney General), the objection was not to the census itself, but rather to the secondary use of census data for medical research. The applicant, Kelly O’Grady, objected to an agreement that had been entered into between Statistics Canada and McGill University’s Faculty of Medicine in 2011. This agreement, like others of its kind, provided the legal framework by which medical researchers could use Stats Canada data in population health research. The McGill project seeks to assess infant mortality and newborn health in Canada by linking perinatal outcomes with risk factors related to socioeconomic status, ethno-cultural background, and environmental conditions. The researchers needed to link a sample of births from the national birth record database with data from the 1996 and 2006 national censuses.

The collection and maintenance of census data is governed by the Statistics Act, which also establishes Statistics Canada. Stats Canada does not simply hand over data of this kind to researchers. Under the terms of the agreement with McGill, Stats Canada would make the linkages between the records, and then would provide researchers with access only to de-identified information. Further, only those researchers who were either employees or deemed employees of Stats Canada would have access to the data. Under the Statistics Act, “deemed employees” are individuals who are brought under the umbrella of the Act, who must swear oaths of office that affirm that they will comply with the Act and maintain confidentiality, and who are subject to penalties under the Act for any breaches of their obligations.

The applicant objected to the use of the census data under the terms of the Agreement. She argued that it violated of the Statistics Act and the federal Privacy Act. She argued that census data could only be shared with express consent of those who had shared their personal information, and this had not been obtained. Further, she maintained that under the Privacy Act government institutions can only share information without consent in narrowly limited circumstances, and only where the disclosure is consistent with the purposes for which the information had been collected. She argued that the census information had not been collected for medical or public health research, and therefore could not be disclosed for these purposes.

The applicant had complained to the Office of the Privacy Commissioner in 2012, arguing that her personal information had been improperly used in the study. In a 2014 decision, the Privacy Commissioner agreed that the applicant’s census data constituted her personal information, and also found that census information was being used in the study for purposes that went beyond those for which it was collected. However, the Commissioner had noted that the Statistics Act expressly permitted Stats Canada to use its data in this way. Perhaps more importantly, the Commissioner found that the applicant’s own personal information had not been used in the study. The Applicant had given birth within a period that would have been captured by the study, but she did so in Ontario, and the Ontario data had been excluded from the study because of concerns regarding its quality. The Commissioner concluded that the applicant’s complaint was not well-founded.

The fact that the applicant’s personal information had been excluded from the study was an important factor. The Federal Court found that the exclusion of her data meant that she had not been – nor could she ever be – personally affected by the study, and ruled that she did not have standing to bring this application. Further, Justice Russell noted that “[t]he issues she raises and argues can only really be decided on a set of facts that includes an applicant or applicants who were directly affected, or who may be directly affected by the Study when it is eventually released” (at para 52). He noted that there was, as yet, simply no indication that any personal information had been or would be improperly disclosed as a result of the study. He also observed that there was “no indication that the Applicant’s position is anything more than her own personal position, born of her academic interests and her social activism” (at para 52).

Despite ruling that the applicant had no standing in the matter, Justice Russell nevertheless considered the merits of the application. He found that it was clear that Stats Canada had not disclosed any personal information – whether of the applicant or any other person. Only employees and deemed employees of Stats Canada had access to the raw data for the purposes of creating the data linkages. The linked data was accessible only to employees or deemed employees of Stats Canada. Other members of the McGill research team only saw non-confidential aggregate data. Justice Russell noted that the applicant had provided no evidence to show how the aggregate data could be linked to specific individuals. Although the applicant had argued that postal code data was going to be provided to the researchers in order to enable them to assess environmental factors, Justice Russell ruled that the applicant’s claim that the postal code data could be used to re-identify individuals was nothing more than an assertion. Further, he noted that there was no evidence that any postal code data had been revealed to anyone who was not an employee or deemed employee of Stats Canada.

Justice Russell also considered the argument that the disclosure of the data violated the Privacy Act because it was not for a purpose for which it had been collected. He agreed that the census data was personal information. However, he found that while the specific purpose of using the data for this study was not formed at the time of its collection during the 1996 or 2006 censuses, the purpose of the study “is to compile and analyse statistics related to the health and welfare of Canadians”, and this was a consistent with both the purpose of the census and the mandate of Stats Canada. There was therefore no inconsistency with the terms of the Privacy Act.

Although he dismissed the application, Justice Russell cautioned that this was primarily because it both involved an applicant with no standing and was premature. It was premature in the sense that it was too early to know if any personal information might be improperly disclosed. He stated that his decision “should not prevent anyone whose personal information is inappropriately used or disclosed from bringing the matter before the Court in the future” (at para 86). The bottom line, therefore, is that individuals whose interests are directly affected by inappropriate actions by Stats Canada or by researchers will have recourse to the courts. However, there is little room to raise broader privacy arguments about the use in principle of Stats Canada data in appropriate research.

 

Note: The following are my speaking notes for my appearance on February 23, 2026 before the House of Commons Standing Committee on Access to Information, Privacy and Ethics (ETHI). ETHI is currently engaged in a review of PIPEDA. My colleague Dr. Florian Martin-Bariteau also appeared before the same committee. His remarks are found here.

Thank you for the invitation to meet with you today and to contribute to your study of the Personal Information Protection and Electronic Documents Act. I am a professor at the University of Ottawa, Faculty of Law, where I hold the Canada Research Chair in Information Law. I am appearing in my personal capacity.

We are facing a crisis of legitimacy when it comes to personal data protection in Canada. Every day there are new stories about data hacks and breaches, and about the surreptitious collection of personal information by devices in our homes and on our persons that are linked to the Internet of Things. There are stories about how big data profiling impacts the ability of individuals to get health insurance, obtain credit or find employment. There are also concerns about the extent to which state authorities access our personal information in the hands of private sector companies. PIPEDA, as it currently stands, is inadequate to meet these challenges

My comments are organized around the theme of transparency. Transparency is fundamentally important to data protection and it has always played an important role under PIPEDA. At a fundamental level, transparency means openness and accessibility. In the data protection context it means requiring organizations to be transparent about the collection, use and disclosure of personal information; and it means the Commissioner must be transparent about his oversight functions under the Act. I will also argue that it means that state actors (including law enforcement and national security organizations) must be more transparent about their access to and use of the vast stores of personal information in the hands of private sector organizations.

Under PIPEDA, transparency is at the heart of the consent-based data protection scheme. Transparency is central to the requirement for companies to make their privacy policies available to consumers, and to obtain consumer consent to collection, use or disclosure of personal information. Yet this type of transparency has come under significant pressure and has been substantially undermined by technological change on the one hand, and by piecemeal legislative amendment on the other.

The volume of information that is collected through our digital, mobile and online interactions is enormous, and its actual and potential uses are limitless. The Internet of Things means that more and more, the devices we have on our person and in our homes are collecting and transmitting information. They may even do so without our awareness, and often on a continuous basis. The result is that there are fewer clear and well-defined points or moments at which data collection takes place, making it difficult to say that notice has been provided and consent obtained in any meaningful way. In addition, the number of daily interactions and activities that involve data collection have multiplied beyond the point at which we are capable of reading and assessing each individual privacy policy. And, even if we did have the time, privacy policies are often so long, complex, and vague that reading them does not provide much of an idea of what is being collected and shared, with or by whom, or for what purposes.

In this context consent has become a joke, although unfortunately the joke is largely on the consumer. The only parties capable of saying that our current consent-based model still works are those that benefit from consumer resignation in the face of this ubiquitous data harvesting.

The Privacy Commissioner’s recent consultation process on consent identifies a number of possible strategies to address the failure of the current system. There is no quick or easy fix – no slight changing of wording that will address the problems around consent. This means that on the one hand, there need to be major changes in how organizations achieve meaningful transparency about their data collection, use and disclosure practices. There must also be a new approach to compliance that gives considerably more oversight and enforcement powers to the Commissioner. The two changes are inextricably linked. The broader public protection mandate of the Commissioner requires that he have necessary powers to take action in the public interest. The technological context in which we now find ourselves is so profoundly different from what it was when this legislation was enacted in 2001 that to talk of only minor adjustments to the legislation ignores the transformative impacts of big data and the Internet of Things.

A major reworking of PIPEDA may in any event be well be overdue, and it might have important benefits that go beyond addressing the problems with consent. I note that if one was asked to draft a statute as a performance art piece that evokes the problems with incomprehensible, convoluted and contorted privacy policies and their effective lack of transparency, then PIPEDA would be that statute. As unpopular as it might seem to suggest that it is time to redraft the legislation so that it no longer reads like the worst of all privacy policies, this is one thing that the committee should consider.

I make this recommendation in a context in which all those who collect, use or disclose personal information in the course of commercial activity – including a vast number of small businesses with limited access to experienced legal counsel – are expected to comply with the statute. In addition, the public ideally should have a fighting chance of reading this statute and understanding what it means in terms of the protection of their personal information and their rights of recourse. As it is currently drafted PIPEDA is a convoluted mishmash in which the normative principles are not found in the law itself, but are rather tacked on in a Schedule. To make matters worse, the meaning of some of the words in the Schedule, as well as the principles contained therein are modified by the statute so that it is not possible to fully understand rules and exceptions without engaging in a complex connect-the-dots exercise. After a series of piecemeal amendments, PIPEDA now consists in large part of a growing list of exceptions to the rules around collection, use or disclosure without consent. While the OPC has worked hard to make the legal principles in PIPEDA accessible to businesses and to individuals, the law itself is not accessible In a recent case involving an unrepresented applicant, Justice Roy of the Federal Court expressed the opinion that for a party to “misunderstand the scope of the Act is hardly surprising.”

I have already mentioned the piecemeal amendments to PIPEDA over the years as well as concerns over transparency. In this respect it is important to note that the statute has been amended so as to increase the number of exceptions to the consent that would otherwise be required for the collection, use or disclosure of personal information. For example, paragraphs 7(3)(d.1) and (d.2) were added in 2015, and permit organizations to share personal information between themselves for the purposes of investigating breaches of an agreement or actual or anticipated contraventions of the laws of Canada or a province, or to detect or supress fraud. These are important objectives, but I note that no transparency requirements were created in relation to these rather significant powers to share personal information without knowledge or consent. In particular, there is no requirement to notify the Commissioner of such sharing. The scope of these exceptions creates a significant transparency gap that undermines personal information protection. This should be fixed.

PIPEDA also contains exceptions that allow organizations to share personal information with government actors for law enforcement or national security purposes without notice or consent of the individual. These exceptions also lack transparency safeguards. Given the huge volume of highly detailed personal information, including location information that is now collected by private sector organizations, the lack of mandatory transparency requirements is a glaring privacy problem. The Department of Industry, Science and Economic Development has created a set of voluntary transparency guidelines for organizations that choose to disclose the number of requests they receive and how they deal with them. It is time for there to be mandatory transparency obligations around such disclosures, whether it be public reporting or reporting to the Commissioner, or a combination of both. It should also be by both public and private sector actors.

Another major change that is needed to enable PIPEDA to meet the contemporary data protection challenges relates to the powers of the Commissioner. When PIPEDA was enacted in 2001 it represented a fundamental change in how companies were to go about collecting, using and disclosing personal information. This major change was made with great delicacy; PIPEDA reflected an ombuds model which allowed for a light touch with an emphasis on facilitating and cajoling compliance rather than imposing and enforcing it. Sixteen years later and with exabytes of personal data under the proverbial bridge, it is past time for the Commissioner to be given a new set of tools in order to ensure an adequate level of protection for personal information in Canada.

First, the Commissioner should have the authority to impose fines on organizations in circumstances where there has been substantial or systemic non-compliance with privacy obligations. Properly calibrated, such fines can have an important deterrent effect, which is currently absent in PIPEDA. They also represent transparent moments of accountability that are important in maintaining public confidence in the data protection regime.

The toolbox should also include the power for the Commissioner to issue binding orders. I am sure that you are well aware that the Commissioners in Quebec, Alberta and British Columbia already have such powers. As it stands, the only route under PIPEDA to a binding order runs through the Federal Court, and then only after a complaint has passed through the Commissioner’s internal process. This is an overly long and complex route to an enforceable order, and it requires an investment of time and resources that places an unfair burden on individuals.

I note as well that PIPEDA currently does not provide any guidance as to damage awards. The Federal Court has been extremely conservative in damage awards for breaches of PIPEDA, and the amounts awarded are unlikely to have any deterrent effect other than to deter individuals who struggle to defend their personal privacy. Some attention should be paid to establishing parameters for non-pecuniary damages under PIPEDA. At the very least, these will assist unrepresented litigants in understanding the limits of any recourse available to them.

Thank you for your attention, and I welcome any questions.

The Federal Court of Canada has ordered a Romanian company and its sole proprietor to cease publishing online any Canadian court or tribunal decisions containing personal information. It has also awarded damages against the company’s owner. The decision flows from an application made pursuant to s. 14 of the Personal Information Protection and Electronic Documents Act (PIPEDA). The applicant had complained to the Privacy Commissioner of Canada regarding the activities of the defendant and his website Globe24h.com. The Commissioner ruled the complaint well-founded (my comment on this finding is here). However, since the Commissioner has no power to make binding orders or to award damages, the applicant pursued the matter in court. (Note that the lack of order-making powers is considered by many to be a weakness of PIPEDA, and the Commissioner has suggested to Parliament that it might be time for greater enforcement powers.)

Globe24h.com is a Romania-based website operated by the respondent Radulescu. The site re-publishes public documents from a number of jurisdictions, including Canada. The Canadian content is scraped from CanLII and from court and tribunal websites. This scraping is contrary to the terms of use of those sites. The Canadian court websites and CanLII also prevent the indexing of their websites by search engines; this means that a search for an individual by name will not turn up court or tribunal decisions in which that individual is named. This practice is meant to balance the privacy of individuals with the public interest in having broad access to court and tribunal decisions. Such decisions may contain considerable amounts of personal information as they may relate to any kind of legal dispute including family law matters, employment-related disputes, discrimination complaints, immigration proceedings, bankruptcy cases, challenges to decisions on pensions or employment insurance, criminal matters, disputes between neighbors, and so on. In contrast, the Globe24h.com website is indexed by search engines; as a result, the balance attempted to be struck by courts and tribunals in Canada is substantially undermined.

The applicant in this case was one of many individuals who had complained to the Office of the Privacy Commissioner (OPC) after finding that a web search for their names returned results containing personal information from court decisions. The applicant, like many others, had sought to have his personal information removed from the Globe24h website. However, the “free removal” option offered by the site could take half a year or more to process. The alternative was to pay to have the content removed. Those who had opted to pay for removal found that they might have to pay again and again if the same information was reproduced in more than one document or in multiple versions of the decision hosted on the Globe24h web site.

The first issue considered by the Federal Court was whether PIPEDA could apply extraterritorially to Globe24h.com. In general, a country’s laws are not meant to apply outside its boundaries. Although the Federal Court referred to the issue as one of extraterritorial application of laws, it is more akin to what my co-authors and I have called extended territoriality. In other words, PIPEDA will apply to activities carried out in Canada and with impacts in Canada – even though the actors may be located outside of Canada. The internet makes such situations much more common. In this case, Radulescu engaged in scraping data from websites based in Canada; the information he collected included personal information of Canadians. He then, through his company, charged individuals fees to have their personal information removed from his website. The Court found that in these circumstances, PIPEDA would apply.

It was clear that the respondent had collected, used and disclosed the personal information of the applicant without his consent. Although Radulescu did not appear before the Federal Court, he had interacted with the OPC during the course of the investigation of the complaint against Globe24h. In that context, he had argued that he was entitled to benefit from the exception in PIPEDA which permitted the collection, use and disclosure of personal information without consent where it is for journalistic purposes. There is little case law that addresses head-on the scope of the “journalistic purposes” exception under PIPEDA. Justice Mosely found that the criteria proposed by the Canadian Association of Journalists, and supported by the OPC, provide a “reasonable framework” to define journalistic purposes:

 

. . . only where its purpose is to (1) inform the community on issues the community values, (2) it involves an element of original production, and (3) it involves a “self-conscious discipline calculated to provide an accurate and fair description of facts, opinion and debate at play within a situation.” (at para 68)

Justice Mosley found that “journalistic purposes” required something more than making court decisions available for free over the internet without any value-added content. He also noted that the statutory exception applies only where the collection, use or disclosure of personal information is for journalistic purposes and for no other purpose. Here, he found that the respondent had other purposes – namely to profit from charging people to remove their personal information from the website.

The respondent had also argued that he was entitled to benefit from the exception to the consent requirement because the information he collected, used and disclosed was ‘publicly available’. This exception is contained in PIPEDA and in regulations pertaining to publicly available information. While court and tribunal decisions fall within the definition of publicly available information, the exception to the consent requirement is only available where the collection, use or disclosure of the information relates “directly to the purpose for which the information appears in the record or document.” (Regs, s. 1(d)). In this case, Justice Mosley found that the respondent’s purpose did not relate directly to the reasons why the personal information was included in the decisions. Specifically, the inclusion of personal information in court decisions is to further the goals of the open courts principle, whereas, in the words of Justice Mosley, the respondent’s purpose “serves to undermine the administration of justice by potentially causing harm to participants in the justice system.” (at para 78)

PIPEDA contains a requirement that limits data collection, use or disclosure by an organization to only where it is “for purposes that a reasonable person would consider are appropriate in the circumstances.” (s. 5(3)). Justice Mosely noted that the Canadian Judicial Council’s policies on the online publication of court decisions strongly discourages the indexing of such decisions by search engines in order to strike a balance between open courts and privacy. This led Justice Mosely to conclude that the respondent did not have a bona fide business interest in making court decisions available in a way that permitted their indexing by search engines. Therefore the collection, use and disclosure of this information was not for purposes that a reasonable person would consider to be appropriate.

Having found that the respondent had breached PIPEDA, Justice Mosley next considered the issue of remedies. The situation was complicated in this case by the fact that the respondent is based in Romania. This raised issues of whether the court should make orders that would have an impact in Romania, as well as the issue of enforceability. The applicant was also pursuing separate remedies in Romania, and Justice Mosley noted that a court order from Canada might assist in these objectives. The OPC argued that it would be appropriate for the Court to make an order with a broader impact than just the applicant’s particular circumstances. The number of other complaints received by both CanLII and the OPC about personal information contained in decisions hosted on the Romanian site were indicative of a systemic issue. Justice Mosley was also influenced by the OPC’s argument that a broad order could be used by the applicant and by others to persuade search engines to de-index the pages of the respondent’s websites. Accepting that PIPEDA enabled him to address systemic and not just individual problems, Justice Mosely issued a declaration that the respondent had violated PIPEDA, and ordered that he remove all Canadian court and tribunal decisions that contain personal information. He also ordered that the respondent take steps to ensure that these decisions are removed from search engine caches. The respondent was also ordered to refrain from any further copying or publishing of Canadian court or tribunal decisions containing personal information in a manner that would violate PIPEDA.

The applicant also sought damages for breach of PIPEDA. Damages awards have been a weak spot under PIPEDA. The Federal Court has been extremely conservative in awarding damages; this tendency has not been helped by the fact that the overwhelming majority of applications have been brought by self-represented litigants. In this case, Justice Mosley accepted that the breach was egregious, and noted the practice of the respondent to profit from exploiting the personal information of Canadians. He also noted that the level of disclosure of personal information was extensive because of the bulk downloading and publishing of court decisions. Finally, he noted that the respondent “has also acted in bad faith in failing to take responsibility and rectify the problem” (at para 103). In the circumstances, one might have expected an order of damages far in excess of the modest $5000 ultimately ordered by Justice Mosely. This amount seems disproportionate to the nature of the breach, as well as to the impact it had on the applicant and the extensive steps he has had to take to try to address the problem. Even though recovering any amount from the respondent might be no more than a pipe dream in the circumstances, the amount set in this case would seem to lack any deterrent effect and is hardly proportionate to the nature of the breach.

Overall, this decision is an important one. It confirms the application of PIPEDA to the collection, use or disclosure of personal information of Canadians that is linked to Canada, even where the respondent is located in another country. It also provides clarification of the exceptions to consent for journalistic purposes and for publicly available information. In this regard, the court’s careful reading of these exceptions prevents them from being used as a broad licence to exploit personal information. The court’s reasoning with respect to its declaration and its order is also useful, particularly as it applies to the sanctioning of offshore activities. The only weakness is in the award of damages; this is a recurring issue with PIPEDA and one that may take legislative intervention to address.

Note: the following are my speaking notes for my appearance before the Standing Committee on Transport, Infrastructure and Communities, February 14, 2017. The Committee is exploring issues relating Infrastructure and Smart Communities. I have added hyperlinks to relevant research papers or reports.

Thank you for the opportunity to address the Standing Committee on Transport, Infrastructure and Communities on the issue of smart cities. My research on smart cities is from a law and policy perspective. I have focused on issues around data ownership and control and the related issues of transparency, accountability and privacy.

The “smart” in “smart cities” is shorthand for the generation and analysis of data from sensor-laden cities. The data and its accompanying analytics are meant to enable better decision-making around planning and resource-allocation. But the smart city does not arise in a public policy vacuum. Almost in parallel to the development of so-called smart cities, is the growing open government movement that champions open data and open information as keys to greater transparency, civic engagement and innovation. My comments speak to the importance of ensuring that the development of smart cities is consistent with the goals of open government.

In the big data environment, data is a resource. Where the collection or generation of data is paid by taxpayers it is surely a public resource. My research has considered the location of rights of ownership and control over data in a variety of smart-cities contexts, and raises concerns over the potential loss of control over such data, particularly rights to re-use the data whether it is for innovation, civic engagement or transparency purposes.

Smart cities innovation will result in the collection of massive quantities of data and these data will be analyzed to generate predictions, visualizations, and other analytics. For the purposes of this very brief presentation, I will characterize this data as having 3 potential sources: 1) newly embedded sensor technologies that become part of smart cities infrastructure; 2) already existing systems by which cities collect and process data; and 3) citizen-generated data (in other words, data that is produced by citizens as a result of their daily activities and captured by some form of portable technology).

Let me briefly provide examples of these three situations.

The first scenario involves newly embedded sensors that become part of smart cities infrastructure. Assume that a municipal transit authority contracts with a private sector company for hardware and software services for the collection and processing of real-time GPS data from public transit vehicles. Who will own the data that is generated through these services? Will it be the municipality that owns and operates the fleet of vehicles, or the company that owns the sensors and the proprietary algorithms that process the data? The answer, which will be governed by the terms of the contract between the parties, will determine whether the transit authority is able to share this data with the public as open data. This example raises the issue of the extent to which ‘data sovereignty’ should be part of any smart cities plan. In other words, should policies be in place to ensure that cities own and/or control the data which they collect in relation to their operations. To go a step further, should federal funding for smart infrastructure be tied to obligations to make non-personal data available as open data?

The second scenario is where cities take their existing data and contract with the private sector for its analysis. For example, a municipal police service provides their crime incident data to a private sector company that offers analytics services such as publicly accessible crime maps. Opting to use the pre-packaged private sector platform may have implications for the availability of the same data as open data (which in turn has implications for transparency, civic engagement and innovation). It may also result in the use of data analytics services that are not appropriately customized to the particular Canadian local, regional or national contexts.

In the third scenario, a government contracts for data that has been gathered by sensors owned by private sector companies. The data may come from GPS systems installed in cars, from smart phones or their associated apps, from fitness devices, and so on. Depending upon the terms of the contract, the municipality may not be allowed to share the data upon which it is making its planning decisions. This will have important implications for the transparency of planning processes. There are also other issues. Is the city responsible for vetting the privacy policies and practices of the app companies from which they will be purchasing their data? Is there a minimum privacy standard that governments should insist upon when contracting for data collected from individuals by private sector companies? How can we reconcile private sector and public sector data protection laws where the public sector increasingly relies upon the private sector for the collection and processing of its smart cities data? Which normative regime should prevail and in what circumstances?

Finally, I would like to touch on a different yet related issue. This involves the situation where a city that collects a large volume of data – including personal information – through its operation of smart services is approached by the private sector to share or sell that data in exchange for either money or services. This could be very tempting for cash-strapped municipalities. For example, a large volume of data about the movement and daily travel habits of urban residents is collected through smart card payment systems. Under what circumstances is it appropriate for governments to monetize this type of data?

Note: This is Part 2 of my discussion of the B.C. Court of Appeal’s decision in Vancouver Community College v. Vancouver Career College (Burnaby) Inc. Part 1 can be found here. The initial post considered issues around official marks as well as the first element of the tort of passing off in which the plaintiff must establish that they have acquired goodwill/reputation in a mark. This post considers the remaining two elements: the likelihood of confusion and the likelihood of damage.

As noted in my earlier post, the B.C. Court of Appeal found that the appellant, the Vancouver Community College had considerable goodwill in the mark VCC. I was critical of this decision as it seems to conflate the official marks protection obtained by the Community College with the acronym as a trademark for the purposes of the passing off analysis. The Court of Appeal’s finding regarding the scope of the Community College’s rights in the mark VCC influences its reasoning with respect to the issue of confusion, which is the second element in the tort of passing off.

The alleged passing off in this case arose out of new marketing strategies adopted by the respondent Vancouver Career College in 2009. At that point it adopted VCCollege as a trademark and registered VCCollege.ca as a domain name for its website. The appellant Vancouver Community College objected to the use by the respondent of the acronym VCC in its “internet presence”. It also objected to the Career College’s bidding on keywords that included “VCC” and “Vancouver Community College.” It argued that the result of these activities was passing off. Because the official marks arguments had been separated from the passing off claim, the Court of Appeal considered only the issue of passing off with respect to the use of “VCC”.

The Court of Appeal summarized the essence of keyword advertising for the purposes of this case in these terms: “a bid on a keyword will make it more likely that the bidder’s advertisement with its domain name, linking to its website, will appear on the first search page revealed to the searcher.” (at para 19). The Court acknowledged that bidding on keywords in order to drive traffic to one’s website is legitimate, so long as it stays within the bounds of what is permissible. In the passing off context, the issue is whether the use of the keywords results in consumer confusion. When presented with a link in an ad on a search results page, the searcher has the option of following the link to the website to which it resolves. American case law on keyword advertising has focussed on the issue of confusion, rather than on the simple use of protected words as keywords. These cases have considered how the resulting ads are displayed on the page (e.g., whether they are in a location or font that distinguishes them from search results) and whether their content or presentation is misleading. The Court of Appeal does not address this case law or these issues in its confusion analysis.

The Court of Appeal found that “”VCC” was the keyword that generated the most “clicks” to the respondent’s website, such that the respondent’s advertisements appeared almost always in searches for VCC (over 97% of the time), and the respondent’s text advertisements always displayed VCCollege.ca in the web address line of the advertisement.” (at para 22) However, as I noted in Part 1 of my discussion of this case, VCC is an acronym shared by both the respondent and the appellant. As an acronym, it is a weak mark. The Community College led evidence of confusion among some students searching for the Community College. The trial judge had given this evidence relatively little weight, particularly in a context in which VCC was also the acronym for the respondent’s name. He noted that the respondent’s web site made it evident that it was the site for the Career College.

The Court of Appeal was critical of the trial judge for assessing confusion at the moment at which a student searching for VCC arrived at the landing page for the Career College – as opposed to when the student received the results of a browser search using VCC as a key word. According to the Court of Appeal, the authorities support a finding that first impressions are what matters in the confusion analysis. The Court of Appeal relied heavily upon Masterpiece Inc. v. Alavida Lifestyles Inc., a Supreme Court of Canada (SCC) decision involving an assessment of confusion under the Trade-marks Act. In that case, the SCC appeared to confirm that so-called “initial interest confusion” was actionable. In the internet context, initial interest confusion arises where a party’s trademarks have been used in such a way (in domain names or metatags, for example) that a person searching for the products or services of one company ends up at the website of another by mistake. In the early days of the internet, courts were more likely to find initial interest confusion to be actionable per se; more recently, courts in the United States have given searchers more credit for being able to find their way around the internet, and have looked for other evidence of uses of the marks that contribute to confusion. A searcher who quickly realizes they have made their way to a website other than the one for which they were searching is not confused. However, some have still maintained that initial interest confusion should be actionable because even if the consumer is not confused, they might still decide, once presented with similar goods or services from an alternate source, that they are happy enough to acquire them from that source rather than the one for which they were originally searching. In such circumstances, the use by a defendant of a competitor’s trademarks to draw business away from them is said to cause harm that should be actionable. In Masterpiece, the SCC stated that the diversion of consumers “diminishes the value of the goodwill associated with the trademark and business the consumer initially thought he or she was encountering in seeing the trademark. Leading consumers astray in this way is one of the evils that trademark law seeks to remedy.” (at para 73) While this has been taken by some to address initial interest confusion on the internet, it should be noted that Masterpiece did not deal with either the internet context or with passing off.

Whichever view one takes on initial interest confusion, the problem in this case is that the appellant used the appropriate acronym for its name as a key word and its domain name was one in which it would doubtless be found to have a ‘legitimate interest’ under domain name dispute resolution policies. According to the Court of Appeal, the confusion required for a finding of passing off “is fully established by proof that the respondent’s domain name is equally descriptive of the appellant and contains the same acronym long associated to it.” (at para 71) This approach gives excessive scope to what should be – in the context of passing off – relatively weak rights in VCC. The acronym is obvious and appropriate for both the Vancouver Community College and the Vancouver Career College. While the Community College may have acquired goodwill in the acronym, its highly descriptive nature necessarily limits the scope of the goodwill and does not, without more, allow it to preclude its use by the Career College, itself in business for 20 years. Weak marks deserve limited protection in passing off. Having tolerated the presence of the Vancouver Career College since 1997, the action in passing off with respect to its use of its acronym online seems misdirected.

The Court of Appeal found that the appellant had suffered damage to its goodwill. This flowed in part from “the lack of power to control the use of the marks to which the goodwill attached by unauthorized users” (at para 75). To characterize the Vancouver Career College as an “unauthorized user” of the appropriate acronym for its own name seems problematic. Essentially, the Court of Appeal would carve out an absolute monopoly for the appellant in VCC for use in association with education services notwithstanding the fact that the acronym is shared by two parties with names that are highly descriptive of similar services and that share the same acronym. In such circumstances, it is appropriate to require something more in the respondent’s conduct on which to base a finding of passing off.

Of course, the appellant is not without its nuclear option – the VCC official mark, although it is clear that there are other difficulties with the official marks claim. As noted in Part 1, official marks give the kind of absolute protection for entirely descriptive marks that the appellant is clearly seeking. While the official mark issues in this case have yet to be resolved, it is unfortunate that the passing off analysis seems to have been carried out under the shadow of the official mark. The result is an analysis peculiar to the circumstances of this case that would be dangerous to extend to other cases of passing off.

 

Note: As I started to write this post, which comments on the recent B.C. Court of Appeal decision in Vancouver Community College v. Vancouver Career College (Burnaby) Inc., I realized that it was going to be far too long for a single post. I have decided to divide the issues in two. This first post will focus on the official mark question and the issue of goodwill (the first element in a passing off action). A second post will later deal with issues of confusion and damages in passing off.

The BC Court of Appeal has recently ruled in a case that involves allegations of online trademark infringement. The parties raised issues around the purchase of keyword advertising, the use of trademarks in metatags and domain names, and the infringement of official marks. However, the Court’s decision ultimately addresses only a subset of these issues, and refers the question of official marks back to the trial court because of deficiencies in the factual record. The Court of Appeal’s decision focuses on passing off. In doing so, it touches on some questions unique to the internet context.

The dispute involves two educational institutions with very similar names and a shared acronym. The appellant Vancouver Community College is a post-secondary institution with official designation under B.C.’s College and Institute Act. It began its existence as the Vancouver City College in 1964, changing its name to Vancouver Community College in 1974. The respondent is a private career college called Vancouver Career College. It has operated under that name since 1997. Over time it has expanded its operations considerably. It is regulated under the province’s Private Training Act. Not only do both institutions share the identical acronym VCC, the only difference in their full names is with respect to the middle of the three words used in each. Both names are highly descriptive, and, as such, are inherently weak trademarks.

Because of its links to government, Vancouver Community College has taken advantage of the official marks provisions of the Trade-marks Act. These provisions allow a “public authority” to circumvent the usual requirements for trademark registration in order to protect a name or mark. The protection available for official marks is more extensive and more enduring than trademark protection, and the scheme is controversial. While a business would not be allowed to register a trademark that is entirely descriptive without being able to demonstrate that it had acquired secondary meaning, the official marks regime is indiscriminate when it comes to marks. The Vancouver Community College claimed ‘VCC’ as an official mark in January 1999 and also holds the official mark ‘Vancouver Community College’ since 2005. Both dates are later than the adoption by Vancouver Career College of its name – and quite possibly its adoption of the acronym VCC. Case law supports the view that the rather generous protection for official marks is only prospective; uses of the same or highly similar marks that predate the publication of the official marks are permitted to continue, although their use cannot expand to new products or services. The trial judge had found that the prior use of its own name and acronym by the Vancouver Career College insulated it from claims that it violated the Vancouver Community College’s official marks. The Court of Appeal ruled that the factual record was not sufficient to decide the issue. They sought additional facts as to the extent and nature of the use of each of the marks, whether the use by the respondent of the acronym had so expanded as to negate the defence of prior use, as well as facts relating to whether prior use had been abandoned by the time the official marks were published. In addition, because the Court of Appeal had concluded that the Career College’s prior use was tortious, it speculated as to whether the tortious adoption of a mark could count as prior use. It is an interesting question, but as I will discuss below, the Court of Appeal’s conclusions on the tort of passing off are not entirely satisfactory. At this point, it should be noted that there is some circularity around the issue of passing off and official marks. The Community College’s ability to obtain an official mark appears to bolster its claim to goodwill/reputation in the Court of Appeal’s reasoning. Yet official marks receive no scrutiny by the Registrar; they can be descriptive, generic, or confusing with existing marks – there really are few boundaries. As a result, the two analyses must be kept distinct. There may be a violation of rights in an official mark without there being a sufficient factual basis to support a finding of passing off. The threshold for the first is much lower than the second since all that needs to be shown is the existence of an official mark. For passing off it is necessary to establish sufficient goodwill/reputation – in other words, a plaintiff has to show that a mark distinguishes it as the source of particular goods or services.

A plaintiff in a passing off case must establish three elements: goodwill, a likelihood of confusion and a likelihood of damage. The first element requires the plaintiff to prove that they have acquired goodwill in a particular mark (whether it be a name, design, acronym, or some other indicium). In this case, the mark at issue is VCC which is an acronym for both Vancouver Community College and for Vancouver Career College. The law of passing off is not particularly generous to those who lack imagination or forethought in coming up with names. Names that are entirely descriptive make poor trademarks. The law is reluctant to provide a kind of monopoly over terms that simply describe a product or service. Both college names share “Vancouver” and “College” – both institutions are based in Vancouver and are of a kind typically referred to as “colleges”. The middle word is different but starts with the same letter, leading to two identical acronyms. As a result, the Community College’s acronym, on the face of it, is very weak. It deserves almost no protection from the law of passing off unless it is able to show that it has acquired such a level of distinctiveness through use by the Community College, that the public now associates VCC with its particular services. Further, even if it succeeds in showing acquired goodwill, it is not necessarily entitled to have the defendant’s use of its mark enjoined. The defendant might still be capable of using the same descriptive mark so long as, in doing so, it takes steps to ensure there is no confusion.

The trial judge had concluded that the Vancouver Community College did not have goodwill in the VCC mark. This was in part based on his finding that ‘VCC’ had been little used by the Community College between 1990 and 2013. The trial judge referred to the added level of distinctiveness required for an entirely descriptive mark as “secondary meaning”, and he was correct to do so. Nevertheless, the Court of Appeal took issue with this approach. It opined that because what was at issue was the name of the college, it was not necessary to establish secondary meaning. Instead, it framed the question as whether the acronym VCC “carried sufficient distinctiveness in its primary sense to be recognized as designating the appellant and the educational services it provides.” (at para 40) This argument seems to either miss the point that the name of the college is entirely descriptive as well, or it conflates the name of the college with its status as a public institution. Unlike the B.C. University Act, which limits use of the term “university” to only specified institutions, the College and Institute Act gives no special protection to the term “college”. The Court of Appeal emphasized the public nature of the Community College and found that: “Its public character establishes a level of public awareness of the role it plays in the community” (at para 47). As a public institution, the Community College has access to official marks protection. Yet the huge boondoggle that is official marks protection should only count once – in the context of an official marks analysis – and should not be used to shape a passing off analysis that requires that marks be shown to be sufficiently distinctive to have acquired goodwill or reputation as a condition of their protection.

“Vancouver Community College” effectively describes a community college located in Vancouver. It is entirely descriptive. The acronym VCC similarly lacks inherent distinctiveness. In fact, it could stand for Vancouver Civic Centre, Vancouver Chamber of Commerce, Vancouver City Centre, or, in this case Vancouver Career College – to give just a few examples. The Court of Appeal’s decision sets a low threshold for goodwill/reputation in the face of a rather common acronym for a highly descriptive name. While it found sufficient evidence of an association by the public between VCC and the Community College, noting that the acronym was used in media reports, brochures, calendars and other materials, and it was the name of the SkyTrain station near the appellant’s campus. However, the extent of this association (or whether there is also a public association between VCC and the Career College) is not at all clear from the facts.

It may ultimately be that the Community College has acquired sufficient goodwill in ‘VCC’ to support an action in passing off. My difficulty with the resolution of this issue is with the road taken to get there. The Court of Appeal never acknowledged the weakness of either Vancouver Community College or VCC as marks in the context of the passing off analysis. While it is still possible to find that such a weak mark as VCC had acquired sufficient goodwill to provide a basis for an action in passing off, the inherent descriptiveness of the mark is relevant to the rest of the passing off analysis. For example, courts have found that minor differences in presentation of goods or services, or the use of disclaimers may sufficiently reduce any possibility of confusion between similar descriptive marks. The interweaving of the official marks issues with the passing off issues is perhaps to blame here. The Court of Appeal seems to be giving the Community College credit for being a public institution, and its burden of establishing goodwill seems to be lightened as a result. This approach ignores the very special (i.e., ‘anomalous ‘ or ‘problematic’) character of official marks.

Note: Part 2 of this comment is now available here.

 

 

 

 

This post is based upon a presentation I gave at a panel organized jointly by the Centre for Law, Technology and Society and the Centre for Health Law, Policy and Ethics at the University of Ottawa on February 1, 2017.

Canada is on the cusp of passing new legislation and enacting new regulations that will put us among a growing number of countries that have made plain packaging mandatory for tobacco products. Bill S-5, currently before the Senate, will amend the Tobacco Act to enable regulations to dictate the appearance of tobacco packaging. While the regulations are not currently available, it is to be expected that they will contain measures similar to those already introduced in Australia and Britain. Essentially plain packaging means prescribing a plain colour, size and configuration for all tobacco packages. In addition, packages will be used to convey graphic images and public health warnings. The only permitted use of tobacco trademarks will be of word marks consisting of the brand name and sub name in a prescribed font, colour and type-size. Tobacco trademarks consisting of logos, crests, images, colour, shape, configuration, or design will no longer be capable of use on tobacco product packaging.

Plain packaging is a movement driven by the World Health Organization’s Framework Convention on Tobacco Control, of which Canada is a signatory. Interestingly, however, the treaty does not require signatories to implement plain packaging. Article 11 of the Convention addresses packaging, but merely requires that false and deceptive elements on packaging be banned (e.g. using “mild” to designate cigarettes that are every bit as harmful as regular cigarettes); that health warnings take up 30-50% of packaging surface; and that packages contain information about constituent ingredients and product emissions. Canada’s current packaging regulations are consistent with these requirements. Plain packaging is merely mentioned as something that signatory states “should consider” in paragraph 46 of the Guidelines for Implementing Article 11 of the Convention. Thus, it is important to underline that Canada is not under an international obligation to introduce plain packaging legislation.

While the link between smoking and serious illness/death seems uncontestable, and the reduction of smoking is clearly an important public health objective, there is reason to question the wisdom of the plain packaging approach. Australia was the first country to introduce plain packaging in 2011. Its legislation survived a constitutional challenge (it was argued to be an illegal expropriation of trademark owners’ rights), and is currently being challenged before the World Trade Organization (WTO) as a violation of Australia’s obligations under the TRIPS Agreement. Although considerable sums of money have been spent on defending Australia’s statute, the evidence emerging as to the beneficial impact of the legislation is ambivalent.

Plain packaging measures in Canada are also likely to face legal challenges. Restrictions on the use of trademarks in the 1988 Tobacco Products Control Act were found by the Supreme Court of Canada to be a violation of the freedom of expression of trademark owners that could not be justified under s. 1 of the Canadian Charter of Rights and Freedoms. These provisions were struck down by the Court. Provisions related to the use of tobacco trademarks in sponsorship activities in a reconstituted Tobacco Act were also challenged for violating the freedom of expression, but the Supreme Court in 2007 found that the violation was justified as rationally connected to a pressing and substantial government objective, and that it minimally impaired the rights concerned. The takeaway from these cases is that restrictions on the use of tobacco trademarks (such as those necessary to implement plain packaging) clearly violate the freedom of expression. In any court challenge, therefore, the issue will be whether the measures can be justified under s. 1 of the Charter as a “reasonable limit, demonstrably justified in a free and democratic society”. It is important to remember that plain packaging restrictions are extreme and the evidence linking plain packaging to harm reduction is ambivalent. It is not obvious at the outset that such measures would survive a Charter challenge.

Trademark owners have also objected that the restrictions will harm their ability to acquire and maintain trademark rights in relation to tobacco products. Bill S-5 contains provisions that indicate that non-use of tobacco trademarks resulting from plain packaging regulations will not be a basis for the invalidation of existing registered trademarks. However, this does not settle the question. Trademark rights cannot be acquired (or maintained) at common law without use, and the law does nothing to address this category of rights. Further, certain kinds of trademarks (distinguishing guises, three-dimensional marks and other non-traditional subject marks soon to become registrable in Canada) cannot be registered until they have acquired distinctiveness through use. Plain packaging regulations might therefore constitute a bar to the registration of certain types of trademarks for use in relation to tobacco products.

Canada’s existing international obligations under both the TRIPS Agreement and the NAFTA may lead to further challenges to the introduction of plain packaging. The creation of an impediment to the registration of certain types of trademarks for tobacco products may violate Article 15 of TRIPS, and there is an open and ongoing debate as to whether plain packaging laws also violate Article 20 which provides that “The use of a trademark in the course of trade shall not be unjustifiably encumbered by special requirements, such as use with another trademark, use in a special form or use in a manner detrimental to its capability to distinguish the goods or services of one undertaking from those of other undertakings.. . “. Australia’s legislation has been challenged under TRIPS, and a decision on its compliance with that treaty may be imminent.

For its part, Article 1110 of the NAFTA provides that no member state can take a measure that is “tantamount to expropriation” of an investment except in limited circumstances which include a requirement to pay compensation. It is not clear whether a U.S.-based tobacco company could succeed before a NAFTA tribunal in arguing that the plain packaging laws amounted to an expropriation of their investment in their trademarks. The domestic challenge to Australia’s legislation turned on a property rights clause in the Australian constitution, and raised the question of whether the plain packaging was an expropriation of trademark rights. The majority of the court found that it did not, but of course that decision would not be binding on a NAFTA tribunal.

The plain packaging regulations on the horizon for Canada are being introduced in the face of considerable uncertainty as to their legality both under Canada’s constitution and Canada’s international trade obligations. The extensive resources required to defend such measures should be weighed carefully not just against the likelihood of success of any challenges, but also against the public health benefits that are likely to flow from further changes to how tobacco products are packaged in Canada.

It is perhaps also worth noting that there have been rumblings about plain packaging measures for other products considered harmful to public health, such as alcoholic beverages and junk food. The issues raised in relation to tobacco products have much broader implications, making this file one to watch.

On January 24, 2017, Justice Peacock of the Quebec Superior Court certified a class action law suit against Uber Technologies and three of its related companies. The plaintiff, a Quebec taxi driver and permit holder, represents a class of plaintiffs consisting of individuals and companies who are holders of taxi permits and/or licences to drive taxis in designated regions of Quebec since October 28, 2013. That date marks the moment when UberX services became available in Quebec.

The law suit seeks compensation from Uber and its related companies for damages alleged to have been suffered by the plaintiffs as a result of Uber’s unlicensed and unauthorized operations in Quebec. The alleged damages include the loss of revenue suffered by drivers and permit owners, as well as the loss of value of taxi permits. Because the Quebec government authorized a pilot project in Quebec in the fall of 2016 which provides a framework for UberX to be legally deployed in the province, Justice Peacock restricted the period during which damages could be claimed to between October 28, 2013 and October 15, 2016 – the period of Uber’s alleged unauthorized operations in Quebec.

The certification of a class action law suit is far from a decision on the merits of the case. At this early stage, the court’s role is to filter out applications that are entirely without merit. The plaintiff need only show that he or she has an arguable case. Justice Peacock found that the representative plaintiff in this case had met that threshold. He framed the questions to be decided in the lawsuit as whether the defendants, through their activities in Quebec, had violated laws, including those relating to the taxi business. If so, it would be necessary to determine whether they had engaged in unfair competition. If they are found to be at fault, the court would have to determine the appropriate quantum of damages for both drivers and permit owners, both in terms of lost revenue and devaluation of permits.

Justice Peacock noted that, while not determinative of the issues in this case, a judge in another Quebec case had recently found that Uber drivers were acting outside the law by offering taxi services without the proper permits. Justice Peacock found that this earlier decision at least lent some credence to the view that the class plaintiff had an arguable case. He also found that there was sufficient evidence to support the argument that the class had suffered both lost revenues and lost value of their permits. Noting that the court could take judicial notice of the law of supply and demand, he observed that the value of a taxi permit in Quebec would necessarily be devalued if a considerable number of UberX drivers began offering services in competition with taxis.

Uber Technologies, the California-based company responsible for the development of the Uber app argued that it should not be joined as a defendant in the suit since its only connection to the province of Quebec was via the availability of its app in virtual app stores. It argued that this was too tenuous a connection to give rise to the court’s jurisdiction. Further, it argued that its actions in developing an app were not per se illegal. The court dismissed this argument noting that under Quebec law, courts may take jurisdiction over a matter where a fault is committed in Quebec or where harm is caused in that province. In this case, Justice Peacock noted, if the app developed by Uber Technologies was used to facilitate the commission of the delict (tort) of unfair competition in Quebec, then this in and of itself could be actionable.

Although the class action lawsuit by Quebec taxi drivers and permit holders has cleared an initial hurdle, it is a long way from being over. The case will be interesting to watch as municipalities across Canada struggle to address the challenges posed by the rise of ride-sharing services such as UberX and their disruption of incumbent taxi industries.

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
Page 2 of 25

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law