Post a comment
Print articleGetting the Deal Through
October, 2009 - Valerie C. Mann
| How can the government’s attitude and approach to internet issues best be described?
The Canadian government recognises that in a global economy and it pursues a general policy to ensure that broadband internet access is essential infrastructure in the country and tax dollars are being spent to ensure that the urban/rural divide in access is bridged. Although controversial, to revise the Copyright Act in part to address internet related concerns such as downloading of copyright material.
Which regulatory bodies are responsible for the regulation of e‑commerce and internet access tariffs and charges? Regulation is generally light in The Electronic Commerce Branch of Industry responsibility for policy implementation in the areas of privacy, security, authentication and various online threats such as identity theft. The branch also works with Statistics Canada to monitor usage of information and communications technologies. There are no tariffs and charges in The Canadian Radio-television and Telecommunications Commission (the CRTC), which has regulatory responsibility for the Telecommunications Act and the Broadcasting Act, has pronounced on more than one occasion that it will not regulate the internet. However, the trend towards viewing content that would otherwise be subject to CRTC oversight under the Broadcasting Act may be revisited in the future. The CRTC also periodically reviews such things as internet service providers’ traffic management policies. What tests or rules are applied by the courts to determine the jurisdiction for internet‑related transactions (or disputes) in cases where the defendant is resident or provides goods or services from outside the jurisdiction? Jurisdictional issues can be a challenge. Case law has generally supported exclusive jurisdiction clauses unless there is a specific reason to overrule them. The burden of establishing a specific reason rests with the plaintiff and the threshold to be surpassed is beyond the mere ‘balance of convenience’. Otherwise, traditional common law principles have been used by the courts to determine jurisdictional issues, which in an online environment have proved more challenging to apply. For example, factors such as ‘substantial connection’ test will look to the location of the vendor, the intermediaries and the end-user. Legislation, such as consumer protection legislation may also be applied to determine whether certain aspects of online commerce are in compliance. For example, depending upon the wording of the provincial legislation, the courts may be willing to apply such laws both where the consumer is located in the province, even if the vendor is not or where the vendor is located in the province and the end-user is not. Contracting on the internet 5 Is it possible to form and conclude contracts electronically? If so, how are contracts formed on the internet? Explain whether ‘click wrap’ contracts are enforceable, and if so, what requirements need to be met. Electronic contracts are enforceable in almost all jurisdictions in conferring upon electronic transactions the same legal status as paper-based contracts. All of the common law requirements for the formation of a contract, including offer, acceptance and consideration apply. Click-wrap agreements have generally been found to be enforceable in as does ‘accessibility’ of the terms of contract. The Supreme Court of contractual terms and conditions were only reached by hyperlink. In its finding, the court stated that as long as the terms were ‘reasonably accessible’ they were enforceable, and determined that a document accessed only by hyperlink was sufficient to meet that test. 6 Are there any particular laws that govern contracting on the internet? Do these distinguish between business‑to‑consumer and business‑tobusiness contracts? Each of the provinces and territories in of the dealing with electronic commerce. Each of these acts deal primarily with confirming the legal status of electronic-based records or signatures (other than certain specific types of contracts, such as wills) as well as records retention and confirming the formation and operation of contracts by means of electronic record or activity in electronic form (eg, clicking on some form of icon indicating acceptance of an offer). In addition, most provinces and territories also have their own consumer protection laws and many have passed regulations in respect of internet agreements or contracting. Such regulations deal with required disclosure by a vendor with respect to itself and the goods and contract in question, as well as providing for rules surrounding the ability of a consumer to cancel an internet contract. 7 How does the law recognise or define digital or e‑signatures? At both the federal and provincial level, legislation is in place to specifically recognise electronic transactions, including the requirement of execution. Generally speaking, Canadian law is enabling and ‘technology-neutral’. Rather than requiring evidence of the reliability of individual signatures or electronic signature certification, the legislation presumes reliability when the system that produces or stores the signature is reliable. Under PIPEDA, the federal legislation, an electronic signature is defined as a ‘signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document. PIPEDA further defined ‘secure electronic signature’ as an electronic signature that results from the application of a technology or process that meets certain tests prescribed by regulation, which relate to reliability attributes of the technology to identify the individual. PIPEDA stipulates that if there is a requirement under federal law for a signature, it is satisfied by an electronic signature. At the provincial level, most provinces and territories have passed enabling legislation that confirms the efficacy of electronic contracts, including the fulfilment of execution of that contract by way of digital signature. In Act defines ‘electronic signature’ as ‘information in electronic form that a person has created or adopted in order to sign a record and that is in, attached to or associated with the record.’ There are certain records that will not recognise such electronic signatures, such as wills, powers of attorney or documents that create or transfer an interest in land. Record or data retention in different statutes. PIPEDA also provides specifically for retention of electronic contracts. If there is a requirement under a provision of a federal law to retain a document, that requirement is satisfied by the retention of an electronic document if the document is retained for the period required by such federal law in the format in which it was made, sent or received or in a format that does not change the information contained in the document, and that the record is capable of being read by anyone entitled to access, and finally if the electronic document was sent or received, then information identifying the origin of the document and destination of the document must also be retained. Similar requirements are contained in provincial legislation. For example, the British Columbia Electronic Transactions Act contains provisions that require the retained record to be in the format it was created in, accessible and readable and that identifies the origin and destination of the record. Examples of federal laws requiring document retention: the Income Tax Act, the Customs Act and the Act. Security 9 What measures must be taken by companies or ISPs to guarantee the security of internet transactions? There is no particular specified technology that must be in place for ISPs to guarantee the security of internet transactions, but there are legal obligations to maintain security through compliance with provincial electronic transactions legislation and applicable consumer protection legislation must be adhered to. If the Technical Assistance for Law Enforcement in the 21st Century Act, which has been introduced by the government of the day is passed into law, ISPs will be required to install ‘intercept-capable’ equipment on their networks and provide police with ‘timely access’ to subscribers’ personal information, including names, street addresses, and IP addresses. 10 As regards encrypted communications, can any authorities require private keys to be made available? Are certification authorities permitted? Are they regulated and are there any laws as to their liability? At present, there is no governmental oversight over encryption, certification or authorisation operations. The federal government’s stated position with respect to cryptography is to ‘support the growth of electronic commerce; allow Canadian producers to export their products globally within the framework of international arrangements; and [ensure measures are present] to maintain the capability of law enforcement agencies to ensure public safety.’ The government does have various search and seizure rights under the Criminal Code, the Competition Act and other legislation, subject to the general requirements for the application of warrants, which could include the requirement for disclosure of encryption keys. The federal government is currently considering new legislation to amend the Competition Act and the Criminal Code that would facilitate law enforcement (including the Canadian Security Intelligence Service) interceptions of internet transmissions with a warrant for live data or a production order for historical data and which would require ISPs to retain data related to particular investigations. The federal government through Industry the Principles for Electronic Authentication, a set of guidelines developed by various public and private entities. These principles are not law. The principles focus on the participants in the authentication process in particular in connection with risk management, privacy and disclosure management. What procedures are in place to regulate the licensing of domain names? Is it possible to register a country‑specific domain name without being a resident in the country? which is operated by the Canadian Internet Registration Authority (CIRA), a not-for-profit Canadian corporation. CIRA develops and implements domain name policy, facilitates dispute resolution and licenses domain name registrars. CIRA also represents member of the Internet Corporation for Assigned Names and Numbers (ICANN). To register for a .ca domain name, the registrant must have a Canadian presence. To fulfil this requirement, the registrant must fit within one of 15 categories as follows: • Canadian citizen; • permanent resident of • legal representative of Canadian citizens or permanent residents (eg, an executor); • corporation incorporated under Canadian federal, provincial or territorial law; • trust established in • partnership registered in • Canadian unincorporated association; • Canadian trade union; • Canadian political party; • Canadian educational institution; • Canadian library, archive or museum; • Canadian hospital; • her majesty the queen and her successors; • Indian band recognised by the Indian Act ( • aboriginal peoples indigenous to • government or government entities in by a federal or provincial ministry, for example or a Crown corporation). However, notwithstanding the nexus required above, if a registrant does not fit into any such category, a registrant may still qualify for registration if the registrant is the owner of a trademark or an official mark (as defined) that is the subject of a registration under the Trade Marks Act ( application to register a .ca domain name consisting of or including the exact word component of that registered trademark. 12 Do domain names confer any additional rights (for instance in relation to trademarks or passing off) beyond the rights that naturally vest in the domain name? Beyond the right to use the .ca domain name, the granting of the domain name does not confer any additional rights in connection with a trademark or otherwise in terms of common law marks. Under the Canadian Dispute Resolution Policy administered by CIRA a registrant must submit to a proceeding if a complainant submits that the registrant’s dot-ca domain name is confusingly similar to a registered Canadian trademark in which: • the complainant had rights prior to the date of registration of the domain name and continues to have such rights; • the registrant has no legitimate interest in the domain name; and • the registrant has registered the domain name in bad faith. The terms ‘marks’, ‘rights’, ‘confusingly similar’ and ‘legitimate interests’ are all prescribed by the policy. Conversely, the fact that a registrant has the domain name will be a factor in an infringement case, but typically as supporting evidence of the ‘use’ of the registrant’s trademarks, whether registered or common law. Will ownership of a trademark assist in challenging a ‘pirate’ registration of a similar domain name? Again, registration in inappropriate registrations of a domain name. CIRA’s CDRP defines three instances that constitute ‘bad faith’ registration by a third party: where the domain name has been registered primarily for the purpose of: [S]elling, renting, licensing or otherwise transferring the Registration to the Complainant, or the Complainant’s licensor or licensee of the Registrant registered the domain name, or acquired the Registration, primarily for the purpose of valuable consideration in excess of the Registrant’s actual costs in registering the domain name, or acquiring the Registration; the Registrant registered the domain name or acquired the Registration in order to prevent the Complainant, or the Complainant’s licensor or licensee of the Mark from registering the Mark as a domain name, provided that the Registrant, alone or in concert with one or more additional persons has engaged in a pattern of registering domain names in order to prevent persons who have Rights in Marks from registering the Marks as domain names; or the Registrant registered the domain name or acquired the Registration primarily for the purpose of disrupting the business of the Complainant, or the Complainant’s licensor or licensee of the Mark, who is a competitor of the Registrant. CDRP Policy To use this dispute resolution mechanism to force the transfer of the ‘bad faith’ registration, the complainant must have a Canadian registered trademark. Advertising 14 What rules govern advertising on the internet? Advertising generally is governed by both federal and provincial laws. Federally, advertising laws are contained within the Competition Act, RSC 1985, c.C-34; the Consumer Packaging and Labelling Act, RSC 1985, c.C-38; the Textile Labelling Act, RSC 1985, c.T-10; the Precious Metals Marking Act, RSC 1985, c.P-19; and the Food and Drugs Act, RSC 1985, c.F-27, all of which fall under the responsibility of the federally appointed agency, the Competition Bureau. The Competition Act is the general over-arching legislation that applies to all advertising, regardless of the platform or method of delivery and whether or not advertising is made to consumers or business customers. Contravention of the advertising related provisions, based principally on misrepresentations in advertising, can be prosecuted by the Competition Bureau as an offence, or can be dealt with under the civil sections of the Competition Act, including by the application of administrative monetary penalties. Although not law, Canadian Code of Advertising Standards is administered by a national not-for-profit advertising self-regulatory body called Advertising Standards Canada. The ASC’s members include consumer packaged goods companies, advertising agencies and advisers. Provincially, legislation revolves around consumer protection such as the Business Practices and Consumer Protection Act, SBC 2004, C-2 which addresses all communications or conduct by a supplier that has the capability, tendency or effect of deceiving or misleading a consumer. Where such consumer protection legislation applies specifically to internet-created contracts, such as is the case for the information, an express ability to accept or decline the agreement in favour of the consumer and the requirement for delivery of a written copy of the agreement within a stipulated time frame. 15 Are there any products or services that may not be advertised or types of content that are not permitted on the internet? In addition to the general compliance requirements under the Competition Act and other more specific legislation cited above, any advertising of illegal substances, or anything that contains other illegal materials such as child pornography or hate literature or anything that leads to a determination that such advertising contravenes human rights legislation will be subject to the sanctions in applicable law, including under the Criminal Code. Financial services 16 Is the advertising or selling of financial services products to consumers or to businesses via the internet regulated, and if so by whom and how? Financial services are governed federally for institutions that are governed by federal legislation such as the Bank Act, and provincially for institutions governed by provincial legislation such as, in British products may be governed by applicable securities laws in Federally, oversight of financial institutions broadly described as ‘deposit-taking institutions’, ‘insurance companies’ and pension plans is by the Office of Superintendant of Financial Institutions (OSFI). The OSFI’s mandate is to supervise such institutions and to ensure that sound financial practices are in place and exercise their powers to intervene to protect the rights and interests of depositors, policyholders and pension plan members. As well, certain provincial legislation addresses consumer credit issues including disclosure of terms of credit arrangements and rights and obligations of borrowers and guarantors. Defamation 17 Are ISPs liable for content displayed on their sites? There are no statutory provisions in on ISPs or exempting ISPs from liability for content on the internet. Generally speaking the courts have found that it is the person posting the content, not the ISP, that is responsible and liable for that content. In particular, the Supreme Court of the Society of Composers, Authors and Music Publishers of (the case is known as the Tariff 22 case), found that ISPs simply provide the means for the telecommunication of published materials, and, accordingly are shielded from liability under section 2.4(1)(b) of the Copyright Act, which provides that ‘a person whose only act in respect of the communication of a work or other subject-matter to the public consists of providing the means of telecommunication necessary for another person to so communicate the work or other subject-matter does not communicate that work or other subjectmatter to the public.’ 18 Can an ISP shut down a web page containing defamatory material without court authorisation? While ISPs in dissemination’ of content, and therefore that they are not liable for having defamatory material posted, there is a ‘chill’ effect to not having any specific statutory provisions that exempt the ISP from liability, and therefore, the threat of litigation will often result in the ISP removing content that is alleged to be defamatory, and the ISP can generally do so under its contractual terms of service with customers. In addition, there is no certainty that an ISP will not be found liable on the grounds either that the ISP did not meet the test of innocent disseminator or because it was effectively negligent in failing to know about the defamation. To preserve their defence, an ISP may remove content on notice that it is defamatory lest they become liable for being made aware of such content and not taking prudent steps to eliminate the continued dissemination of that content to third parties. Can a website owner link to third‑party websites without permission? There is no requirement for permission to link to another’s website. The website link itself is simply to an address. 20 Can a website owner use third‑party content on its website without permission from the third‑party content provider? A website owner will be subject to applicable Copyright Act requirements and will not be able to simply use content that has been developed and is owned by others on its site. All literary work that qualifies as such (that is is original, for example) including work that is written for display via the internet, is covered by the protections of the Copyright Act. 21 Can a website owner exploit the software used for a website by licensing the software to third parties? If the website owner owns, or otherwise licenses and has the right to sub-license the software, then it may license or otherwise exploit that software through agreements governed generally by contract. 22 Are any liabilities incurred by links to third‑party websites? If a link to a website results in the further publication of a copyrighted work, the party linking may be found to be liable under the Copyright Act. The mere fact of linking does not provide exposure to liability, however, most parties are concerned about reputational risk associated with linking to content that is not monitored for inappropriate content. Website owners in conditions posted to their sites with respect to their policies regarding linking to their site. Data protection and privacy 23 What legislation defines ‘personal data’ within the jurisdiction? The Personal Information Protection and Electronic Documents Act (PIPEDA) defined ‘personal information’ as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organisation. The Privacy Act ( of extending the present laws of individuals with respect to personal information about themselves held by a government institution, defines ‘personal information’ as ‘information about an identifiable individual that is recorded in any form’, and includes information relating to the race, national or ethnic origin, colour, religion, age or marital status of the individual and information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved. 24 Does a website owner have to register with any controlling body to process personal data? May a website provider sell personal data about website users to third parties? The processing of personal data is subject to applicable privacy laws, either federally under PIPEDA or under provincial legislation such as the Personal Information Privacy Act, no registration process, nor any controlling body. There are national and, for provinces with privacy legislation, provincial, privacy commissioners, but their role is to advocate for privacy issues. For example, the privacy commissioner of and reports to the house and the senate. Her mandate is to investigate complaints, conduct audits, pursue court actions under federal laws, report on personal information handling practices and support and promote public awareness and understanding of privacy issues. advertising of illegal substances, or anything that contains other illegal materials such as child pornography or hate literature or anything that leads to a determination that such advertising contravenes human rights legislation will be subject to the sanctions in applicable law, including under the Criminal Code. |
Footnotes: |
