Teresa Scassa - Blog

Displaying items by tag: Internet
Wednesday, 19 June 2013 12:48

Google Glass and the Privacy Gap

Canada’s Privacy Commissioner, Jennifer Stoddart, along a number of her international counterparts and the commissioners of B.C., Quebec and Alberta have issued a joint letter written to the CEO of Google raising concerns about privacy in relation to Google Glass. This product, still at the beta stage, consists of a kind of interactive mobile computer worn as eyeglasses. Among other things, the glasses have the capacity to record audio and video data, and will be able to run all manner of third party applications.

The Commissioners are justifiably concerned about a product that once launched might raise a host of new and troubling privacy issues. In the letter they call on Google to enter into a dialogue with data protection commissioners with a view to ensuring that the design of the product and of its applications respects privacy values.

What is interesting in this letter is the frank admission by the commissioners of their own precarious jurisdiction when it comes to this technology. While there is no doubt that Google Glass poses significant privacy risks, they are not necessarily ones which would fall within the scope of private sector data protection laws in Canada. These laws generally apply to organizations that collect, use and disclose personal information in the course of commercial activity. Certainly, some of the concerns raised in the letter fall within the scope of these laws. For example, the Commissioners demand to know what information Google might itself collect via Glass when it is in use by individuals. They also seek to know what information will be shared with third parties, including the developers of apps for this product. These are clearly questions that fall within the scope of data protection legislation, as Google is clearly an organization that collects, uses and discloses personal information in the course of commercial activity.

However, Glass will also have privacy implications as between the wearers of the technology and those persons who may fall within the field of view of the user. The Commissioners specifically address the use of this product to surreptitiously film or record individuals. This is a serious privacy concern. It is one that is already raised by the recording capacity of smartphones and tablets; the particular concern with Glass is that it will be possible to be even more surreptitious in making such recordings. Yet the privacy issues raised by this type of activity are not ones to which private sector data protection legislation would apply. For example, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) specifically does not apply to any individual in respect of personal information that the individual collects, uses or discloses for personal or domestic purposes and does not collect, use or disclose for any other purpose.” The scope of this exception is potentially very broad; the law would not apply, for example, to recordings made by individuals and posted to their Facebook accounts or to YouTube.

The Commissioners, of course, are well aware of this gap in their powers. In their letter they explicitly acknowledge it: “We are aware that these questions relate to issues that fall squarely within our purview as data protection commissioners, as well as to other broader, ethical issues that arise from wearable computing.” Nevertheless, they use the opportunity presented by the privacy issues within their mandates to raise the “broader ethical issues”.

This gap in jurisdiction over privacy is of growing importance. Where once high powered technologies of surveillance were only affordable by professionals, low cost, high powered technology is increasingly moving into the hands of ordinary individuals. In addition, the ability to disseminate audio and video recordings to a global audience – also something that was once only within the powers of established private sector corporations – is now something that can be done by any individual with an internet connection. As the corporate intermediaries become obsolete, so too do data protection laws that are framed exclusively around private sector actors engaged in commercial activity. The appropriate legislative response is not clear; legislated limits on how individuals can interact with and communicate information about themselves and their experiences would raise significant freedom of expression issues.

The data commissioners’ letter to Google is thus most interesting. Acknowledging both the limits of their powers and the enormous gap in the protection of the public in a rapidly changing information technology environment, they have chosen to publicly raise both privacy and ethical issues with Google. Law- and policy-makers should be watching and should be thinking about how this gap should be filled.

Published in Privacy

With little fanfare, the Canadian government has released its much awaited, newly revised Open Government Licence. The previous version that had been available on its Open Data site was a beta version on which public comments were invited. The government has also published its Open Government Licence Consultation Report, which summarizes and discusses the comments received during the consultation process.

The revised version of the licence is an improvement over its predecessor. Gone is the claim to database rights which do not exist in Canada. (These rights do exist in the UK, the Open Government Licence of which was a template for the Canadian licence). The new licence also discards the UK term “personal data” and replaces it with “personal information”, and it gives this term the meaning ascribed under the federal Privacy Act. The language used in the licence has been further simplified, making it even more accessible.

It should be noted that Alberta’s new open government licence – released as part of the launch of its open government portal earlier this year – is very similar to V2.0 of the federal government licence. There are some minor formatting differences, and a few changes in wording, most of which can be explained by the different jurisdiction (for example, the definition of “personal information” refers to Alberta’s Freedom of Information and Protection of Privacy Act). The similarities between the two licences are no coincidence. Although the Alberta licence was made public prior to the release of the federal government’s V2.0, work has been going on behind the scenes to move towards some form of federal/provincial consensus on the wording of open government licences with a view to ensuring that there is legal interoperability between data sets released by different governments in Canada. The efforts to reduce barriers to interoperability (whether legal or technical) are important to the ability of Canadians to work with and to integrate different data sets in new and innovative ways. Thus not only is the COGL V2.0 to be welcomed, so are the signs that cooperation and coordination may lead to a greater legal interoperability of open government licences across Canada.

The US government is in damage control mode after it was leaked to the press this week that it had established a massive surveillance program under which it obtained comprehensive communications data from telecommunications and technology companies. Privacy advocates have decried this secret and massive data mining exercise.

Canadians should not sit back complacently to watch this unfolding spectacle south of the border. It was only last year that our own government tried to introduce legislation that would have provided for the building of the physical and legal infrastructure for substantially increased Internet surveillance. Although Bill C-30 was ultimately defeated, there are nonetheless other laws already on the books that leave Canadians vulnerable to unwarranted and invisible surveillance. For years privacy advocates in Canada have been warning of legal provisions that allow police and national security agencies to seek personal information from private sector companies, and that allow these companies to hand over this information without a court order and with no accountability.

The first of these provisions is s. 7(3)(c.1) of the Personal Information Protection and Electronic Documents Act, which provides that an organization “may disclose personal information without the knowledge or consent of the individual” where the disclosure is made to a government actor that has made a request for the information, and has indicated that the information may be related to national security issues, may be relevant to an investigation related to the enforcement of any law, or is sought for the purpose of “administering” any federal or provincial law.

The second provision is s. 487.014 of the Criminal Code, which provides that no court order is required for a law enforcement official “to ask a person to voluntarily provide to the officer documents, data or information that the person is not prohibited by law from disclosing.” In other words, as long as no other law prohibits such a disclosure, the information may simply be handed over.

Both PIPEDA and the Criminal Code permit private sector companies in Canada to voluntarily disclose the personal information of their customers to police officers or national security officials without the knowledge or consent of the individuals in question, and without an order from a judge. Companies may still refuse to make such disclosures without being ordered to do so by a court, and while some do in some circumstances, plenty of others do not. According to the federal Privacy Commissioner, “We have no way of knowing for certain the number, scale, frequency of, or reasons for, such disclosures although we understand that they are substantial.”(The Case for Reforming the Personal Information Protection and Electronic Documents Act at p. 13). Nothing obliges companies to disclose to the public how many requests for information they receive or with how many they have voluntarily complied. Similarly, nothing obliges public authorities to disclose how many requests they make, to what companies, or for what types of information.

Given the vast amounts of personal information of increasingly fine detail that private sector companies collect about all of us, this should be a matter of some concern. Telecommunications companies can match our personal information to IP addresses, which in turn can be linked to all of our online activities. Telecommunications companies also have rich stores of data regarding our calling activities; in the case of smart phones, this information may also include fine-grained location information. Other companies gather our location information, as well as information about our purchases, transactions, conversations, friends, associates and activities. These vast stores of information in the private sector may be simply a request away from disclosure to authorities – and we may never know just how much information is being shared or in what circumstances.

In response to this highly troubling set of circumstances, the federal Privacy Commissioner, Jennifer Stoddart, recently called for reforms to PIPEDA that would impose some level of accountability where public authorities access information in this manner. In a document titled The Case for Reforming the Personal Information Protection and Electronic Documents Act the Commissioner recommended that the law be amended to require private sector organizations “to publicly report on the number of disclosures they make to law enforcement under paragraph 7(3)(c.1), without knowledge or consent, and without judicial warrant, in order to shed light on the frequency and use of this extraordinary exception.”

This call for greater transparency in determining just how often the personal information of Canadians is disclosed to government authorities without the knowledge or consent of the individual and without judicial authorization is well-timed. As disturbing as the news of the US surveillance program is, we should not lose sight of the fact that there are vast personal information resources that sit within easy reach of our own government and its officials – and that there are laws currently on the books that facilitate easy and virtually traceless access to it.

Published in Privacy

In case there was any doubt, the Office of the Privacy Commissioner of Canada (OPC) produced a report this week that confirms that Canada’s private sector data protection legislation is simply not up to the task of adequately protecting the personal information of Canadians. The report is aptly titled: The Case for Reforming the Personal Information Protection and Electronic Documents Act.

The introduction to this report makes plain the frustration of those charged with administering the Personal Information Protection and Electronic Documents Act (PIPEDA). Enacted with much fanfare in 2001, this statute contains a provision that requires that it be reviewed every 5 years to ensure that it remains adequate for the task of protecting the personal information of Canadians in commercial contexts. As the introduction to the Report notes, the first 5 year review ended with a Bill to amend the statute – this Bill died on the order paper and in spite of attempts to resuscitate it, it has never been passed. The second 5 year review has simply stalled. In the meantime, as the report notes, the personal data landscape has been dramatically transformed with the rise of social networking, mobile communications, increased cross-border data collection and sharing, and the growing use of personal information for the profiling and targeting of consumers

PIPEDA is a fairly tentative piece of legislation, giving only ombudsperson powers to the Privacy Commissioner, and favouring an approach that encourages compliance rather than mandating it. This new report issued by the Office of the Privacy Commissioner (OPC) makes it clear that this approach is no longer effective nor is it appropriate to the current data protection context. The Report notes that comparable jurisdictions have moved towards giving data commissioners more powers of enforcement, including order-making powers and the ability to impose fines or other administrative penalties on companies that play fast and loose with personal information. PIPEDA even lags behind the laws of those few provinces that have their own private sector data protection statutes: Commissioners in Quebec, B.C. and Alberta have order making powers, and Alberta also has mandatory data breach notification requirements. The report observes that not only is the toothless PIPEDA a difficult tool to use to gain compliance from large web-based collectors of personal information that are based outside of Canada, it also relies too heavily upon the willingness of domestic companies to take the Commissioner’s findings or audit reports seriously.

The OPC report identifies four pressure points based on their 12 years of experience with the legislation, and makes four recommendations for legislative reform to address each of these. The first pressure point is enforcement. The report explains how the lack of enforcement powers has hindered the ability of the OPC to address data protection issues. It notes, for example, that there is “nothing in the law that provides enough incentive for organizations to invest in privacy in significant ways.” (at p. 6). It notes as well that even when complaints lead to investigation and recommendations, companies may renege on agreements to change practices because there is nothing to compel them to do so. The report laments that other jurisdictions have taken steps to enhance their enforcement powers while nothing is done in Canada. As a result, the report recommends that stronger enforcement powers be added to the legislation. It identifies as possibilities: adding statutory damages powers to enhance the damages available to complainants who ultimately take their issues to Federal Court; giving the Commissioner order-making powers; and giving the Commissioner the power to impose administrative monetary penalties. Ideally, all three should be added. I note in particular that while statutory damages will improve the individual recourse under the Act, this on its own will not greatly improve compliance under the legislation (see my earlier blog post on individual recourse in privacy cases).

The second pressure point identified in the report is the lack of mandatory reporting for data breaches. The Report notes that as things currently stand, organizations who voluntarily report a data breach face negative publicity, while those who cover up breaches are insulated from reproach. A mandatory data breach reporting provision (which is what the report recommends) would ensure that Canadians are made aware of data breaches, would give Canadians a much clearer picture of the state of personal data security, and would create strong incentives for organizations to improve their privacy practices.

The third pressure point identified is an interesting and important one. PIPEDA contains a provision which allows organizations to voluntarily share personal information with police or other authorities without the consent of the individuals to whom the information relates. Given the increasingly high volumes of personal data in the hands of private sector actors, and the fine grain of detail of much of this information (for example, it may include detailed location information about the movement of individuals over extended periods of time), this should be a matter of great concern. At present there is little or no transparency about the number of requests made by law enforcement for this type of information, nor is there any transparency about the number of times private sector organizations voluntarily share information without insisting upon a warrant. The report’s third recommendation is to require organizations “to publicly report on the number of disclosures they make to law enforcement. . . without knowledge or consent, and without judicial warrant, in order to shed light on the frequency and use of this extraordinary exception.” (at p. 14)

The final pressure point identified in the report is that of demonstrating accountability. Although accountability of organizations for compliance with data protection laws is one of the privacy principles set out in PIPEDA, the report notes that the record of accountability of private sector actors is not all it should be. Not only does the OPC expend significant resources on investigations and audits, they are forced to invest additional resources in follow ups to ensure that there has been compliance with their recommendations. The report recommends that the accountability principle in PIPEDA be amended to require organizations to demonstrate, on the request of the OPC, that they are actually compliant with the law. Further, the report recommends that the law provide for “enforceable agreements” – in other words, undertakings by organizations to comply with the legislation that can be enforced by the OPC if compliance is not actually forthcoming.

Commissioner Jennifer Stoddart is approaching the end of the second term of her appointment. Her leadership of the OPC has been exemplary; she has taken it from a beleaguered and unstable agency to one that has proven its expertise and effectiveness. It has worked with great effectiveness with federal departments and agencies, it has developed effective strategies for public outreach and education, and it has worked tireless to improve data protection in the private sector. The Commissioner has also maintained a high level of communication and collaboration with other data commissioners in Canada and abroad. In short, she has done as much – perhaps more – than one could expect to address the privacy of Canadians in both the public and private sectors under two neglected and outdated privacy statutes. This report is notable for the frank and direct way it publicly addresses the deficiencies in Canada’s private sector data protection legislation. Since the mandated legislative review process set out in PIPEDA has proven utterly ineffective in doing so, the Commissioner has taken the initiative, addressing Canadians directly to explain in plain and direct terms what the problems are and how they might be fixed. Let us hope that the government is listening.

Published in Privacy

Years ago I visited what was then Czechoslovakia shortly after the collapse of communism in Eastern Europe. I remember commenting to a local on the difficulty of navigating the city with the available map. He laughed and remarked that the mapping policy of the government had been that if you were supposed to be somewhere, you knew how to get there. If you didn’t know how to get there, you weren’t supposed to be there. According to him, the official state maps implemented this policy. It was an interesting lesson in mapping as a method of social control.

Last week, a story in the Times of India announced that police in India had launched an investigation of Google for a mapathon it organized. The mapathon essentially invited Indians to contribute geographic information to the Google Earth platform with a view to creating richer and better maps of India. The company offered a variety of prizes and incentives to encourage participation.

The official Indian mapping agency, the Survey of India filed the complaint with the police, apparently alleging that the mapathon was both illegal and a threat to national security.

The case is an interesting one. It is certainly true that many states that are vulnerable to terrorism, seek to control public information about certain locations, facilities and installations as a security measure. Certainly, given recent events, no one would argue that the Indian government’s concerns about terrorism are exaggerated. At the same time, in our digital, interactive world, ordinary citizens walk around with powerful computing, recording and communication devices in their purses and pockets. All manner of easily accessible apps and tools exist to create vast repositories of multimedia information about just about anything. In this context, it seems rather futile to resist participatory mapping projects on security grounds. After all, if ordinary citizens can gather and share sensitive geographical data using their mobile phones, so can terrorists. A major company like Google may well be receptive to genuine security concerns over particular data added to their collaborative maps, and might be persuaded to modify, blur or generalize certain entries.

Perhaps the bigger concern in this context is not so much security, as it is the shifting of control over mapmaking from a national mapping organization to a multinational corporation with its headquarters in another country. For countries with a history of oppressive colonization, this may seem like a threatening development. The Survey of India describes its mission in nationalistic terms: “Survey of India bears a special responsibility to ensure that the country's domain is explored and mapped suitably, provide base maps for expeditious and integrated development and ensure that all resources contribute with their full measure to the progress, prosperity and security of our country now and for generations to come.” Maps have always been powerful political and social tools, and there is nothing neutral about how many states have chosen to represent geographic information. The loss of control over one’s national maps to an outside entity may well be experienced as a loss of sovereignty.

But of course, sovereignty, in this context also involves the imposition of one story over alternative narratives. Digital technologies and a globalized society open the doors to competing accounts of our physical, social and political spaces – and such accounts are increasingly difficult to control. This conflict between Google and the Survey of India is almost certainly about more than national security, and the outcome of any police investigation may do little to tell us who the winners or losers will ultimately be.

Friday, 08 February 2013 13:27

More on Privacy and Public Gun Permit Data

Recently I have blogged about the controversial interactive map created by the New York Journal News which showed the names and addresses of gun permit holders in two New York counties. I then followed this up with another posting about how the data on the map was substantially inaccurate. Both the map and its aftermath raise interesting issues about public data, open government and privacy rights.

This week, a New York court has given us more to think about on the issue of public government information and privacy. The New York Times sought access to an electronic copy of a database of the names and addresses of all residents of New York City who hold handgun licences. In Matter of New York Times Co. v. City of New York Police Dept., the appellate division of the New York State Supreme Court denied disclosure of the database notwithstanding that the information it contains is a matter of public record. The court stated: “The fact that Penal Law §400.00(5) makes the name and address of a handgun license holder “a public record” is not dispositive of whether respondent can assert the privacy and safety exemptions to FOIL [Freedom of Information Law] disclosure.” The court went further, noting that this was so “especially when petitioners seek the names and addresses in electronic form.” It also indicated that other case law supported the view that the disclosure of a person’s home address “implicates a heightened privacy concern.”

This decision is an interesting one in that it tackles head on the thorny problem of what to do with public record information that includes the personal information (names and addresses) of individuals. When made available in electronic form, this information can be used to create all manner of information maps (among other things) that might generate far greater privacy concerns than the original government record. The infamous gun permit map is an example of this. Consider also the Proposition 8 map – a map that plotted the names, addresses and donation amounts of all contributors to a campaign to ban gay marriage in California.

Open government and open data principles favour the disclosure of government information in digital “re-usable” formats to serve a variety of public purposes which include promoting transparency and accountability. While access to information legislation generally permits a government department or agency to refuse disclosure of third party personal information in response to an access request, this limitation does not apply to information that is already part of a public record. In Canada, the Personal Information Protection and Electronic Documents Act (which governs the private sector use of personal information) creates exemptions to rules around the collection, use and disclosure of “publicly available information”. According to the regulations, this category of information expressly includes “personal information that appears in a registry collected under a statutory authority and to which a right of public access is authorized by law”. While it is true that the exemption is limited to instances “where the collection, use and disclosure of the personal information relate directly to the purpose for which the information appears in the registry”, given that the information appears in the registry for purposes of transparency and accountability, republishing the information would likely fit within those purposes. In any event, newspapers are largely exempt from the application of this law where personal information is collected, used or disclosed for journalistic purposes. The result is a significant gap in Canadian privacy law when it comes to public registry data.

The Office of the Privacy Commissioner of Canada is already aware of the problems that open government and open courts principles may raise when it comes to the electronic dissemination of “public record” information. For example, the Commissioner has issued guidelines to administrative tribunals to assist them in their decision-making around the online publication of decisions that might contain detailed personal information. Clearly the OPC is of the view that open online access can change the privacy equation.

Balancing the interests of open government and privacy is a significant challenge – and not an easy one. I doubt we have heard the last on this issue.

 

Published in Privacy
Friday, 01 February 2013 13:21

Update on Gun Permit Holder Information Map

In a recent blog post I wrote about the issues raised by the mapping of public information. The issue that prompted this blog post was the creation, by the Journal News of New York State, of a map featuring the names and addresses of all gun permit holders in two counties. The map prompted outrage although it merely represented data made available to the newspaper on an access to information request.

A recent development in the story highlights another issue both with open data and with the mapping of public information. The Journal News reports that a substantial amount of the posted information was inaccurate. Apparently this was attributable to the fact that one of the two counties at issue did not require permit renewals, and thus contained a significant amount of outdated information. In fact, the data for this county was only about 25% accurate. The other county required renewals every five years, which made the data more current, though not entirely up-to-date.

The open data movement promises significant social and economic benefits. Making government data freely available in appropriate formats for reuse is meant to increase government transparency and accountability, and to provide individuals and the private sector with raw data for research or innovation. Many already use such information to create useful apps, or to develop information maps that place government data in an interactive and accessible geographic context.

One of the challenges, however, is ensuring that the data sets provided by government are accurate, complete and fit for the purpose to which they are put. Not only must governments ensure that they are providing current data and appropriate updates, they must also include the meta data necessary for users to understand the scope and limitations of the data set.

Where the data includes personal information (including home addresses) it would seem that the onus should be even higher on governments to ensure that the information being provided is current, or that the limitations of the data set are clearly identified. Of course, there is also an onus on the party using the information to ensure that they understand the limits of the data set.

Voltage Pictures LLC has brought a motion in Federal Court seeking a court order that would compel Internet Service Provider Teksavvy Solutions Inc. to disclose the identities of customers using certain IP addresses that have been linked to Internet file-sharing of works in which Voltage owns the copyright. If the court were to order the disclosure, the identified individuals could be sued for copyright infringement by Voltage.

The University of Ottawa’s Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC) has brought a motion to intervene in the proceedings. CIPPIC has an established track record in representing the public interest in cases of this kind; they have argued for a balance between individuals’ privacy interests in their online activities and copyright holders interests in previous litigation. The Federal Court has adjourned its hearing of Voltage’s motion in order to consider the issue of CIPPIC’s intervention.

Published in Privacy

A New York newspaper created a furore by publishing, in the wake of the tragic school shooting in Newtown, Connecticut, an interactive online map that displayed the names and addresses of residents holding permits for guns. The newspaper obtained the data through an access to information request. The map was accompanied by an article with the title: “The gun owner next door: What you don't know about the weapons in your neighborhood." The map and article provoked outrage. Gun owners were concerned about their privacy, and one news agency ran an interview with a retired burglar who suggested that the map would make burglars’ work much easier. A blogger responded to the map by creating another map which featured the names and addresses of the staff of the newspaper. The newspaper has reportedly had to hire armed guards to protect its main office.

This is, of course, not the first time that controversial information maps have been created by news agencies or by others. In California, for example, information about election donors is a matter of public record. Someone used this information to publish a map detailing the names, addresses and contribution amounts of individuals who had donated to a campaign to amend the State’s constitution to prohibit gay marriage.


Widely available Web 2.0 tools and resources have made it easy for almost anyone to create online maps. The ability to present information in a geographical context is an attractive option. Information maps are visually appealing, and can reveal patterns and permit connections that might not be evident from data presented in the form of lists or plain text. For example, Patrick Cain, a Canadian journalist, has been creating innovative and fascinating information maps for many years. Perhaps one of his most useful maps is his annual map of busted grow-ops in Toronto. There are real risks associated with purchasing a house which was once used for a grow op, and there is no obligation on sellers to disclose this information. The grow-op maps provide important and easily accessible information for those searching for a new home.

 

While there is no doubt that information maps can be useful and important, there are also potential risks. There is a great deal of publicly available information collected by different levels of government. For example, many registers of public documents, and decisions of administrative tribunals are already accessible to the public. The Privacy Commissioner of Canada has expressed concerns about the consequences of placing this sort of information online; in the past, public access was available only to those who took the trouble to show up at specific sites to view the entries in the register. This implicitly limited access to this information. While some of this public information might be very usefully presented to the public in map form (see, for example, the maps of crime reports in Ottawa) other information may have serious privacy or security consequences if disclosed online and in map form.

 

Privacy and data protection laws in Canada do not offer a great deal of protection in this regard. While governments are bound by privacy legislation that protects against the disclosure of personal information in the context of access to information requests, a great deal of other government information is part of public registers. Individuals who disclose information on maps for personal, non-commercial purposes may be exempt from the application of national or provincial private sector data protection laws, and these laws also create exceptions for information that is collected, used or disclosed for “artistic, literary or journalistic purposes”. (I recently published a law journal article on this issue.)Thus, for example, a news outlet in Canada that did something comparable to the New York-based newspaper described above might well be insulated from recourse under data protection laws because of their “journalistic purposes” in doing so.

 

There is, of course, a tricky balance to be struck. Personal privacy and individual security are important values, but so are those served by open government (transparency, accountability) and by the freedom of expression. Indeed, the Supreme Court of Canada is expected to rule sometime in the coming year on the constitutionality of the exception for journalistic purposes in Alberta’s private sector data protection legislation. That decision may give us some guidance on the tricky balance between freedom of expression and the protection of privacy. In the meantime governments must continue to examine how best to achieve the goals of openness while at the same time protecting individual privacy and security.

Note: this piece was first published by me at:http://www.bloggingforequality.ca/2013/01/information-maps-freedom-of-expression.html

A recent decision of the Federal Court has caused a small stir over language that, taken at face value, would have a dramatic impact on trademark law in Canada. In Homeaway.com, Inc. v. Hrdlicka, Justice Hughes considered an application to have the respondents registered trademark VRBO, for vacation real estate listing services, expunged from the register. The applicant was the owner of the U.S. based website VRBO.com, which offers vacation real estate listings on a worldwide basis. The applicant argued that the respondent’s trademark registration was invalid as Hrdlicka was not the person entitled to register the mark in Canada.

 

The person entitled to register a trademark in Canada is the one who has first used it or made it known in this country. The “making known” provision of the Trade-marks Act is designed to protect well-known foreign trademarks from being registered by Canadian businesses with the likely consequence of creating confusion among Canadian consumers already familiar with the foreign mark. Unfortunately, as Justice Hughes noted in his decision, the “making known” provisions were drafted in the technological dark ages and specifically refer to marks that have been made known through the print or broadcast media. Notwithstanding this, there is still hope for a foreign trademark owner that has actually used its trademark in Canada; if they were the first to use the mark in this country, then they are the party entitled to register it.

 

The Trade-marks Act contains a definition of “use” that varies depending on whether the mark is registered for wares or services. In this case, the VRBO mark related to services. For a mark to be used in relation to services, it must be “used or displayed in the performance or advertising of those services.” (s. 4(2)) The VRBO mark appears on the VRBO website and in its URL. However, the case law also makes it clear that for there to be use in Canada, it is not sufficient for there to be advertising featuring the mark in Canada, the services must also be offered in Canada.

 

This is where the decision of the Federal Court has caused confusion and controversy. In discussing “use”, Justice Hughes makes the apparently bold statement that “a trade-mark which appears on a computer screen website in Canada, regardless where the information may have originated from or be stored, constitutes for Trade-marks Act purposes, use and advertising in Canada.” (at para 22) On the one hand, the statement offers nothing particularly surprising – it is not controversial to find that use on a website can constitute “advertising” for the purposes of determining use in relation to services under s. 4(2). However, the statement falls short in that it fails to clarify that this finding is limited to use in relation to services; a mark being featured on a web site is, on its own, not a use in relation to wares. Further, the statement appears to conflate the issue of whether featuring a mark on a website is advertising with the broader issue of whether a trademark has been used in Canada. As noted earlier, the person entitled to register the mark is the person who has first used the mark in Canada, and the case law is clear that for this to happen the services in question must not just be advertised in Canada – they must also be offered in Canada.

 

Although the statement taken at face value is controversial, the decision in the case is not particularly troubling. Indeed, Justice Hughes is aware of the importance of the services being offered in Canada, even though he does not refer to the relevant case law. He finds that HomeAway not only advertised its services in Canada, it entered into contracts with Canadians to list their vacation properties, and the site was used by Canadians to find vacation rental properties. It is just unfortunate that the rather elliptical way in which the decision was framed can lead to the impression that a trademark will be considered to be “used” in Canada simply by virtue of the fact that it can be seen on websites accessible to Canadians over the Internet. This is certainly not true in the case of wares, and is only true, in the case of services, if the services are also genuinely available to Canadians.

Published in Trademarks
<< Start < Prev 1 2 3 4 Next > End >>
Page 1 of 4

Canadian Trademark Law

Published in 2015 by Lexis Nexis

Canadian Trademark Law 2d Edition

Buy on LexisNexis

Electronic Commerce and Internet Law in Canada, 2nd Edition

Published in 2012 by CCH Canadian Ltd.

Electronic Commerce and Internet Law in Canada

Buy on CCH Canadian

Intellectual Property for the 21st Century

Intellectual Property Law for the 21st Century:

Interdisciplinary Approaches

Purchase from Irwin Law