Is Google liable for defamation for not removing defamatory information in search results? Is Google liable for defamation as a secondary publisher by including hyperlinks to a website that contains defamatory materials when the hyperlink is included in search results? Finally, is Google liable for defamation when its Autocomplete and Related Search features produce suggested search inquires that are defamatory? According to the recent decision of an Australian Court in Duffy v Google Inc.,  SASC 170 (27 October 2015), yes to all, at least once Google has received notice of these activities and fails to stop them within a reasonable period of time.
Does by-passing a subscription paywall to access a news article violate the new prohibitions in the Copyright Act that make it an infringement to circumvent a technological protection measure (TPM)? Yes, according to a decision just released by an Ontario court in 395804 Ontario Limited (Blacklock’s Reporter) v Canadian Vintners Association, 2015 CanLII 65885 (ON SCSM). Can a defendant rely on the new fair dealing defense for education to excuse the copying if the defendant illegally accessed the work by circumventing a TPM to do so? No, the fair dealing defense cannot apply where a work is obtained illegally.
The territorial reach and enforcement jurisdiction of European Union’s data protection law has become a lot more important these days following the decision of the Court of Justice in the Schrems case. In a case decided just a few days before Schrems, the same court gave Directive 95/46/EC a broad reading holding that the laws of a Member State apply to data controllers in another Member State who operate a website that processes data of residents of the first Member State. The Court, however, construed the enforcement jurisdiction of supervisory authorities narrowly ruling they do not have the ability to impose penalties on controllers not established in the Member State. The judgment of the Court in Weltimmo s.r.o. v Nemzeti Adatvédelmi és Információszabadság Hatóság, Case C‑230/14, October 1, 2015 has significant repercussions for EU and non-EU businesses that operate websites that target residents of a Member State and potentially for the territorial reach of the “right to be forgotten”.
Schrems, what the CJEU decided and why it is a problem for Canadian and other non-EU businesses (updated)October 12th, 2015 by Barry Sookman No comments »
On October 6, 2015 the Court of Justice of the European Union (CJEU) released a bombshell, but not completely unexpected judgment, invalidating a decision of the European Commission that underpinned the EU-US privacy safe harbor. In Schrems v. Data Protection Commissioner  EUECJ C-362/14 (06 October 2015), the CJEU held that supervisory data authorities in Member States have the joint right with the EU Commission to review whether non-EU countries provide adequate protection to personal data transferred to them from the EU despite a decision by the EU Commission that such protection is provided. It also invalided Commission Decision 2000/520 which had found that transfers of personal data to the US from the EU provided adequate protection where the recipient complied with the EU-US Safe Harbour Principles.
EU’s highest court struck a major blow to the EU-US safe harbour earlier today in the closely watched case, Schrems v. Data Protection Commissioner  EUECJ C-362/14 (06 October 2015). The decision of the CJEU, which followed the earlier opinion of the Advocate General, is the worst privacy nightmare that could have been imagined by the thousands of US and EU based companies that rely on the safe harbour to transfer personal data to the US for processing. It affects giant social networks like Facebook, search engines like Google, cloud hosting providers, and thousands of other companies that do business in the EU and that transfer personal data to the US.
Last month, Robert Thomson, the CEO of News Corp., gave a keynote address at the 2015 Lowy Institute Media Awards dinner.
He spent a good part of that speech addressing challenges to the creative industries, and to media companies in particular, posed by powerful distribution channels – what he labels “distributionists” – such as Google.
Search engines make billions of dollars each year selling keywords to businesses to advertise their products and services online. Businesses often bid for keywords that are trade-marks or trade-names of their competitors. Understandably this has generated considerable litigation around the world against search engines such as Google and their customers, much of it unsuccessful.
The recent Canadian case, Vancouver Community College v. Vancouver Career College (Burnaby) Inc., 2015 BCSC 1470 affirmed that the owner of a trade-mark cannot succeed in a passing off action against a person who buys and uses the trade-mark of a competitor as a keyword unless, the person can prove that that use causes or is likely to cause confusion. The court made these types of cases difficult to pursue by also holding that the potential for confusion cannot arise before a searcher reaches the advertiser’s website.
The Digital Privacy Act was given a quick third reading in the House yesterday and was speedily given royal assent to become law earlier today. This law, which has been in the making since 2007, updates Canada’s comprehensive federal privacy legislation PIPEDA in quite significant ways. I previously summarized salient aspects of the law in my blog posts, Digital Privacy Act: Important work still to be done by the INDU Committee and Cyber threats, information sharing and The Digital Privacy Act.
I gave my annual presentation today to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covered the period from June 2014 to June 2015. The developments included cases from Canada, the U.S. the U.K. and other Commonwealth countries.
The developments were organized into the broad topics of: Online Agreements, Licensing/Technology Contracting, Privacy, Online Liability, Cyber-security and Copyright.
The cases referred to are listed below. My slides can be viewed after the case listing.
Nguyen v. Barnes & Noble, Inc., 763 F. 3d 1171 (9th.Cir. 2014)
This morning, Ryerson University and Deloitte announced a new certification framework based on Privacy by Design principles. Privacy by Design is a set of principles that builds privacy into the design, operation and management of a given system, business process or design specification. It is based on 7 Foundational Principles developed by Dr Ann Cavoukian, Executive Director of Ryerson’s Privacy and Big Data Institute and the former Information and Privacy Commissioner of Ontario.
Under the Privacy by Design framework, Ryerson will be responsible for certifying organizations that meet the necessary privacy criteria. Organizations must first undergo an assessment by Deloitte, Ryerson’s exclusive assessment arm for the certification framework, against the 7 Foundational Principles.