Canada’s online legal magazine.
CPAC Beyond Politics
Osgoode Professional LLM

Archive for ‘ulc_ecomm_list’

Privacy Not Protected by Short Passwords?

The Commission nationale de l’informatique et des libertés (CNIL – the French privacy authority) has recently found a company in breach of its duty to protect the personal information of its employees because the company used unduly short passwords that were too easy to guess and that were not changed often enough. (See the story on Le Village de la Justice)

According to the CNIL, the employer should have had a password policy that required longer passwords composed of letters, numbers and special characters, and that also required that the passwords be changed frequently.

It was not demonstrated that . . . [more]

Posted in: Substantive Law: Foreign Law, Technology: Office Technology, ulc_ecomm_list

E-Signatures and Assents

Is clicking ‘OK’ on a web site the equivalent of a signature, or just an act of assenting with legal effect, e.g. to accept an offer to contract? Is there a useful or meaningful distinction any more between a signature and an act of assent (at least when the signature is intended to show assent)?

Recently an appellate court in the US found that clicking OK to a web form satisfied the requirements of the Copyright Act (US) that a transfer of copyright had to be in writing and signed by the transferor. The court relied on the Electronic Signatures . . . [more]

Posted in: Substantive Law: Foreign Law, Technology: Internet, ulc_ecomm_list

Search Engines and the Right to Be Forgotten

Some time ago it was reported that a Spanish court had ordered Google to delete records of people’s private information on the ground that the applicable privacy laws gave them a ‘right to be forgotten’.

The Advocate General of the European Court of Justice published an opinion on this topic last month. In short, he opined that the EU Privacy Directive did not include a right to be forgotten, and that search engines did not control personal information in any event so were not subject to rules about handling personal information as ‘controllers’ under the Directive (or the national laws . . . [more]

Posted in: Technology: Internet, ulc_ecomm_list

Adjudicators and Their Facebook Friends … Not So Fast?

Are there rules in Canada about, or practical examples of, judges or tribunal adjudicators being ‘friends’ on Facebook or otherwise connected by social media with counsel or parties to a dispute before them? What should be done?

The American Bar Association has an ethics opinion that is summed up in this high-level principle:

A judge may participate in electronic social networking, but as with all social relationships and contacts, a judge must comply with relevant provisions of the Code of Judicial Conduct and avoid any conduct that would undermine the judge’s independence, integrity, or impartiality, or create an appearance of

. . . [more]
Posted in: Practice of Law, Technology: Internet, ulc_ecomm_list

Electronic Real Estate Transactions (More …)

At the end of my previous post on the application of the E-Commerce Act to land transactions, I mentioned ‘measures that might be useful to ensure that the change does not increase the risk of real estate fraud’. (None of this affects the *registration* of land transfers by electronic means.)

I have recently had drawn to my attention a set of technical specification for electronic signatures in land transactions adopted by OACIQ, the Quebec governing body for real estate brokers (the equivalent of the Real Estate Council in Ontario and some other jurisdictions). These are very detailed, though in principle . . . [more]

Posted in: Substantive Law: Legislation, Technology, ulc_ecomm_list

Cell Phones – Good for Tracking People?

It seems that law enforcement agencies are commonly using the records of people’s cell phones to establish where the people (or at least their phones) were at material times.

A US court decision has recently refused to admit such evidence, as not being properly based on science. One expert quoted in the article calls this use ‘junk science’.

Have there been attacks on the use of cell phone records in Canada on the ground that they are not reliable indicators of location? Should there be?

The US case referred to tracking by use of the relation of the phone to . . . [more]

Posted in: Technology, Technology: Internet, ulc_ecomm_list

Verifying That Emails Are Received

When does the law require you to follow up an email to see if it was received? Is that a matter of prudence only, i.e. if you really have to know, you had better follow up? Are you liable for negligence for not following up, in important cases, or all cases, if the message was not received?

A recent Swiss case – in the Federal Supreme Court – held that senders of emails have a duty to verify receipt in almost all cases. On the facts of the case, the result may be OK: an agent for a taxpayer emailed . . . [more]

Posted in: Technology: Internet, ulc_ecomm_list

Regulatory Jurisdiction

A recent Ontario Superior Court case gives some interesting guidance on regulatory jurisdiction over Internet activities. Civil jurisdiction is not completely resolved, but there are lots of cases, and criminal jurisdiction is also ‘known’ to some extent. What regulators can do or should do is often harder. I speculated a bit on that topic in a presentation on jurisdiction a few years ago: (pages 15 – 20).

In Ontario College of Pharmacists v. 1724665 Ontario Inc., 2013 CanLII 13655 (ON SC), the court held that a call centre in Ontario that was acting for a company in Belize . . . [more]

Posted in: Substantive Law, ulc_ecomm_list

Consumer Protection and EULAs

The Law Commissions of Scotland, England and Wales have proposed a clarification of British law about unfair terms in consumer contracts, to ensure that that law applies to end-user licence agreements for software and online services (EULAs).

Canadian jurisdictions do not (so far as I know) have legislation with ‘unfair terms’ in the name, while the UK has implemented the EU Directive on Unfair Terms. (French courts held a decade ago that online contracts, notably the AOL (2004) and Tiscali (2005) subscriber agreements, were subject to the comparable French law – and invalidated a large proportion of the . . . [more]

Posted in: Substantive Law: Legislation, Technology: Internet, ulc_ecomm_list

EU Goes for ODR

The European Union is adopting regulations on alternative dispute resolution (ADR) and online dispute resolution (ODR), according to a press release and associated documents, including a draft ODR regulation. This is aimed at consumer e-commerce in particular.

I have not yet found in the documents answers to some questions that occur to me off the cuff. (The answers may be in there somewhere – feel free to provide via comments.)

  • Who pays? It appears to be taxpayer-funded, rather than relying on user fees. There is mention of a cost of 4.6 million Euros (annually?).
  • What law applies? This list
. . . [more]
Posted in: Practice of Law, Substantive Law: Foreign Law, ulc_ecomm_list

Drinking in …. Privacy?

The Liquor Control Board of Ontario (LCBO) regulates the sale of alcohol products in Ontario. Fans of wine not available on the shelves of the LCBO’s outlets may form wine clubs that order particular wines through the LCBO. Until recently, the LCBO collected the names and addresses of all the members of the clubs placing these orders.

Acting on a complaint by a manager/member of such a club, the Information and Privacy Commissioner of Ontario recently ordered that the LCBO stop collecting this personal information. In response, the LCBO stopped filling orders from the wine clubs.

According to the CBC . . . [more]

Posted in: Miscellaneous, ulc_ecomm_list

Network, Information and Critical Infrastructure Security – Duties and … Barriers?

The EU last week published a draft directive on network security that requires communications operators (including utilities, banks etc) to report threats or attacks on their operations to national security agencies. In the US, President Obama is about to issue an Executive Order on critical infrastructure security that will provide for notices of imminent threats to operators of such operations. (Drafts of the Order have been circulating for months.)

Any word on official Canadian attention to such matters?

Do you know of any legal barriers that would prevent especially state-based operators of information systems (whether ‘critical’ or not) from defending . . . [more]

Posted in: Technology, ulc_ecomm_list