1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Copyright v. Privacy: Voltage Pictures LLC v. John Doe and Jane Doe

The recent Federal Court of Canada decision in Voltage Pictures LLC v. John Doe and Jane Doe (2014 FC 161) has already received considerable attention for its approach to deterring so-called “copyright trolls”: plaintiffs with “improper motives” who file multitudes of infringement lawsuits to extort quick settlements.  While less headline-worthy, the decision is also important for its practical approach to weighing copyright against privacy rights.  The central question was: are individuals who are suspected of engaging in illegal P2P downloading entitled to expect that their ISP will shield their identity from the copyright owner?

In the result, the Court ordered Ontario-based ISP TekSavvy to disclose the names and addresses of some 2,000 subscribers suspected of unauthorized copying and sharing of Voltage’s movies, including The Hurt Locker.  To arrive at this result, the Court had to balance two competing rights that are sometimes considered to be “proprietary” by those who assert them:  copyright and privacy.

The Court’s legal balancing act engaged provisions of the Copyright Act and the Personal Information Protection and Electronic Documents Act (PIPEDA).  On the copyright side, the provisions at issue were sections 35 and 38, which the Court characterized as “a complete code for the recovery of damages for copyright infringement”.  Under the 2012 amendments to the Copyright Act, statutory damages for infringement range from $100 to $5000.  On the privacy side, the Court considered subsection 7(3) of PIPEDA, which (among other things) permits an organization to disclose personal information without knowledge or consent where the disclosure is required to comply with a court order or otherwise required by law.

The Court addressed the issues in two parts.  First, it determined that the plaintiff Voltage had established a bona fide claim, and that enforcement of its rights as a copyright holder outweighed the privacy interests of the subscribers.  Second, the Court considered how to ensure that privacy rights would be “invaded” as little as possible in the circumstances.  To do this, the Court considered case law in the United Kingdom and the United States.  One of the Court’s observations was that

[w]ith respect to privacy concerns, the cases in both jurisdictions suggest that such issues are of secondary importance as the law generally does not shield wrongdoing for reasons of privacy.

The Court concluded that it should give consideration to principles gleaned from Canadian cases, notably, the P2P file-sharing case BMG Canada Inc. v. Doe (2005 FCA 193), as well as cases from the U.S. and UK:

to weigh and balance the privacy rights of potentially innocent users of the internet versus the right of copyright holders to enforce their rights.  The Court ought to balance these rights in assessing the remedy to be granted.

Having determined that an order would be made to obtain subscriber contact information, the Court “built in” important qualifications “to protect or minimize the invasion of the privacy interests of internet users”.  Therefore, the order provides that:

  • disclosure is limited to the names and addresses associated with IP numbers (and not telephone numbers or email addresses);
  • the released information will remain confidential and may be used only in connection with the claims in the present action; and
  • the plaintiff may not disclose any of the information obtained to the general public by making or issuing a media statement.

For an interesting counterpoint on the balance between disclosure and privacy for ISP subscribers, see also our earlier post, The Fake Facebook Profile and the Veiled Victim.

, ,

Copyright v. Privacy: Voltage Pictures LLC v. John Doe and Jane Doe

How Canada’s Anti-Spam Enforcers will Cooperate, Coordinate, Share Information

Canada’s Anti-Spam Legislation (CASL) brings with it new legal violations and penalties, some of which become effective as of July 1, 2014.   The Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner of Canada will have new enforcement roles with respect to these violations and penalties, in the following areas:

CRTC: spamming, traffic rerouting (altering transmission data without authorization);  malware (installation of “computer programs” without consent)

Competition Bureau: fraud (false and misleading representations online, e.g. websites and addresses)

Office of the Privacy Commissioner: harvesting (using computer system to collect addresses without consent); invasion of privacy (unauthorized access to computer system to collect personal information without consent).

On January 23, 2014, the Competition Bureau announced that it had entered into a memorandum of understanding (MOU) with the Office of the Privacy Commissioner of Canada and the CRTC the regarding the implementation of their mandates under CASL.  The MOU is dated October 22, 2013.

Nature of the MOU

The MOU fleshes out the already detailed CASL provisions on “consultation and disclosure of information” among the agencies, and with foreign states.  The provisions of CASL itself, and the requirements of the MOU, suggest that all concerned are aware that coordination will not be an easy task.  For example, CASL requires the agencies to provide the Minister of Industry with “any reports that he or she requests” on how they are co-ordinating efforts on their mandated areas.  The MOU requires agency officials to meet “at least quarterly” to discuss enforcement activities and any other matters “of mutual interest” relating to CASL.

While the MOU is not intended to be legally binding or enforceable by the courts, it does represent these three agencies’ agreement on how they intend to co-ordinate their responsibilities.  Among other things, that will affect how each agency’s staff will approach their enforcement activities on the ground.

Notification

Each agency will notify the others with respect to enforcement activities – including the conduct under investigation and CASL provisions at issue – that ”may potentially affect” the others’ interests under CASL.

Enforcement Cooperation, Coordination and Information Sharing

The agencies will consult with each other, and may share information related to their enforcement activities.  Where those activities potentially overlap, they will “seek to coordinate their efforts”, whether jointly or alongside one another.  The agencies will also coordinate involvement in information requests and arrangements with foreign agencies.  Once the Private Right of Action (PRA) becomes effective as of July 1, 2017, when an agency is informed of a PRA initiated by a third party, that agency will notify the others.

Criminal Law Enforcement by the Commissioner of Competition

The Commissioner of Competition has authority under CASL to pursue enforcement activities under CASL’s criminal provisions.  Under the MOU, the Commissioner is to notify the other agencies where a decision has been made on that front.  That will in turn halt any cooperation and information sharing among the agencies on that enforcement activity.

Competing interests and Confidentiality

The MOU is not intended to override an agency’s obligations under existing laws, including the Access to Information Act.  This extends to sharing information.  Agencies will make “best efforts to share what information they can, consistent with their interests and legal obligations”.  The agencies commit to maintaining confidentiality of information received from another agency “to the fullest extent allowed by law”, and will use that information only for enforcement activities under the MOU – unless the agency that provided the information agrees to the use of the information for other purposes.

Conclusion

The MOU is another indication, in a long line of communications, guidelines, and statements, that the implementation process for CASL will be very new territory, not only for stakeholders, but for the enforcement agencies themselves.

, ,

How Canada’s Anti-Spam Enforcers will Cooperate, Coordinate, Share Information

6 Month Countdown to Canada’s Anti-Spam Legislation (CASL)

Canada’s Anti-Spam Legislation (CASL) has been a long time coming.  The Government of Canada announced today that most of CASL’s provisions will enter into force on July 1, 2014.  That will be 10 years from the time the Government of Canada launched its Anti-Spam Action Plan. 

In recent years, a steadily increasing number of organizations within and outside Canada have been monitoring CASL’s status.  Among the reasons:  CASL is a new regime, contains a private right of action,  provides for significant administrative monetary penalties (maximum $10 million), and is broader in scope than the anti-spam laws of the US and other countries.  Some organizations have already begun to take steps and adopt practices intended to allow them to comply with CASL.

As of today, with the publication of the long-awaited Industry Canada Regulations, the CASL “rulebook” now includes the following legislation, regulations and guidance documents.  

Affected organizations will be relying on certain limited provisions under CASL to phase in requirements, intended to allow businesses to get ready and to adjust to the new regime.  These include the 6-month “implementation period” until July 1, 2017, and the 3-year “transitional period” until July 1, 2017, during which existing business relationships will be grandfathered, for consent purposes. 

While the above provide a bit of breathing room, there is a great deal to be done for organizations affected by CASL.  This may involve: auditing online communications processes, contact lists, and database practices; updating forms and procedures that document consent; updating customer service processes; reviewing and updating contracts that deal with third-party communications; and providing information and training for employees, management and the Board of Directors.  Affected organizations should proceed with their review and compliance work as soon as possible. 

We will be updating this blog regularly with posts on compliance tips and new developments.  You may be interested in the Slideshare presentation Comparing CASL to CAN-SPAM, which summarizes how the Canadian and US anti-spam regimes differ, considering their respective scope, standard of consent, application, and penalties.

, ,

6 Month Countdown to Canada’s Anti-Spam Legislation (CASL)

Canadian Advertisers Self-Regulate Online Behavioural Advertising

Call to Action on OBA

The Office of the Privacy Commissioner (OPC) is aware of the challenges associated with balancing privacy in the online advertising environment, and wants the ad industry to step up.  On the day Privacy Commissioner of Canada Jennifer Stoddart announced the publication of a new set of guidelines on Privacy and Online Behavioural Advertising in late 2011, she said that:

[t]o best address these complexities, all stakeholders in the advertising community, including website operators and browser developers, have a role to play to ensure that the issues of transparency and meaningful consent are addressed.

The following year, the OPC followed up with more specific expectations in its Policy Position on Online Behavioural Advertising.

Industry Response: Self-Regulation

Led by the Digital Advertising Alliance of Canada (DAAC), the advertising industry has responded with the Canadian Self-Regulatory Program for Online Behavioural Advertising, with a website geared to consumers and companies alike at http://youradchoices.ca/.  The Program is not quite “made-in-Canada”, nor should it be, considering the need to integrate data governance solutions across borders.  It is based on the U.S. Digital Advertising Alliance (DAA) OBA Ad Choices program and principles.  It also shares some common principles and approaches with the European Advertising Standards Alliance (EASA) OBA Framework.  For consistency and broad consumer recognition, the “Ad Choices” program in participating countries use the identifying icon consisting of a lower case letter “i” within a blue triangle. 

The DAAC Program has been tailored to meet the requirements of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), as well as the OPC guidelines.  The non-profit industry body Advertising Standards Canada (ASC) will be responsible for monitoring compliance, dealing with complaints, initiating investigations, and publishing reports.  The OPC will no doubt be watching closely – particularly as the program takes its first steps in Canada – to come to its own conclusions on whether industry self-regulation is meeting its expectations under PIPEDA and its OBA guidelines.  However, once the Program has matured and proved itself, there is precedent for a regulator to stand down and consider the self-regulatory body to be at least the “first resort” for complaints in the area.  The Canadian Radio-television and Telecommunications Commission (CRTC) generally takes this position with the ASC’s review of advertising standards.

The Canadian Self-Regulatory Program for Online Behavioural Advertising incorporates the following principles:

  1. Education [both individuals and businesses]
  2. Transpearency [clear, meaningful, prominent notice to consumers]
  3. Consumer Control [the ability to exercise choice with respect to the collection, use and disclosure of data for OBA purposes]
  4. Data Secutity  [safeguards, data retention, and treatment of OBA data]
  5. Sensitive Data  [children and sensitive personal information]
  6. Accountability [accountability program is managed and operated by the ASC in accordance with its Online Behavioural Advertising Compliance Procedure]

Self-regulation does not, however, cover the whole OBA territory.  Certain types of activities are expressly excluded from the Program, such as “online advertising of entities within a web site they own or control” and “contextual advertising”, including ads based on the content of a web page being visited, a consumer’s current visit to a web page, and a search query. 

While legal compliance may have been the main driver for the implementation of the new Program, the DAAC also points to the benefits for consumers: 

As an online consumer, you can find out more about online behavioural advertising and how it helps provide you with more relevant ads on the websites that you visit. You’ll learn how online behavioural advertising supports the content, products and services that you use on the web, what online ad choices you have, and how to use browser controls to enhance your privacy.

In short, while the Office of the Privacy Commissioner has noted that some consumers find OBA “creepy”, the DAAC and its member associations know that many consumers don’t mind OBA as long as it’s transparent:  they don’t want to see irrelevant ads, and they’re OK with the idea of the right ads “finding them”.

It’s early days for the DAAC Program.  As it rolls out and expands, Canadians will become increasingly familiar with the Ad Choices icon appearing on web pages.  Advertisers – and the OPC - have a lot at stake in that little blue icon.

, , , , ,

Canadian Advertisers Self-Regulate Online Behavioural Advertising

A road-map to sending “commercial electronic messages” under CASL

Let’s take stock of the information currently available on Canada’s Anti-Spam Legislation (CASL).  First, there is the Act itself.  Next, there are:

If you still have questions about the circumstances in which you can send a CEM (commercial electronic message) under CASL, you are not alone. 

The following one-page overview is intended as a guide to the various scenarios contemplated under CASL.  As an “at a glance” reference, it is not intended as legal advice, and is not a substitute for consulting CASL and the various regulations and bulletins noted above.  It should, however, serve as a high level road-map through the maze.

CASL Overview Image

, , , ,

A road-map to sending “commercial electronic messages” under CASL