Canadian Cases: Examining Enforceability of Website Terms, Electronic Identity and Unsolicited Electronic Messages
by Graeme Crombie Andy Matthews Christopher Young Richard Wells Alison Lindsay Hugh Parris Kate Cruickshank
Published: October, 2011
Submission: October, 2011
Related Articles in
Latest Firm's Press
Binding Browsing: British Columbia Supreme Court confirms enforceability of "browse wrap" agreements in Century 21 v Zoocasa
The Supreme Court of British Columbia’s recent decision in Century 21 Canada Limited Partnership v Rogers Communications Inc 2011 BCSC 1196 represents an important development in the application of contract law to the Internet.
It considered, and upheld, the enforceability of "browse wrap" agreements, a topic not yet considered by the New Zealand courts. A browse wrap agreement purports to bind the user of a website upon their progression into the site from the page on which notice of the terms is given. There is no specific act on the part of the user to bind them to the terms, other than the continued use of the website. This is in contrast to "shrink wrap" agreements, where acceptance of contractual terms is conveyed by removal of a plastic wrapper and "click wrap" agreements, where acceptance is indicated by clicking an "Accept" button after reading the terms.
The key points to take from Punnett J’s decision on these points are that:
In considering these points, Punnett J states that "consideration will also be given to whether the user is an individual consumer or a commercial entity and in addition a one-time user or a frequent user of the site".
In discussing these elements the Court points out two issues that may be relevant in the future. These are the reasonableness of the terms forming the alleged contract and the contractual terms exceeding copyright that need to be considered. These issues did not arise in this case for a few reasons, in particular because Zoocasa had conceded reasonableness and Zoocasa was a commercially and internet savvy business.
The third element is consideration (ie a promise of benefit or undertaking a burden). Punnett J was satisfied that consideration was given by Century 21 for the contract. The website contained information on real estate in Canada, and according to Punnett J, the consideration was the benefit of the information on the website.
The fourth element is intention to create a binding contract. Punnett J had no difficulty with that element, finding that Zoocasa’s conduct was sufficient.
Electronic Identity Verification Bill
On 30 August 2011 the Government introduced the Electronic Identity Verification Bill. Its purpose is to facilitate secure interactions over the Internet between individuals and participating agencies.
Participating agencies are defined by the Bill as organisations that are declared by the Governor-General by Order in Council to be participating agencies. Under the Bill, any organisation, whether part of the State sector or not, will be eligible to be a participating agency.
The Bill proposes to facilitate interactions through the use of an electronic identity credential. An identity credential contains an individual’s identity information, namely full name, sex and date and place of birth, including any changes to them since birth.
Applications for an identity credential are to be made to the chief executive of the Department of Internal Affairs. Under the Bill, the chief executive will determine how an application is made, what proof of identity is required (which could include a requirement for a photograph) and what fee is to be paid. A key feature of the process is the checks the chief executive may undertake in order to ensure an individual only ever has one identity credential. There are two types of check provided for under the Bill:
-information matching by DIA against information in the various existing Government identity databases (eg registers of births, deaths and marriages, passports); and
-where the individual consents, a confirmation undertaken by another agency carried out pursuant to a confirmation agreement. Such confirming agencies must be declared by the Governor-General by Order in Council. The Bill proposes that both public and private sector agencies would be eligible to be confirming agencies.
Once an individual has an identity credential, the Bill proposes that the individual can use it to verify his or her identity electronically to meet the identification requirements of a participating agency. If a participating agency has paid fees (yet to be specified) the identity verification service run by DIA can provide an identity credential and the participating agency can use it to verify the identity of the individual. While not explicit in the Bill, in our view, the individual would need to consent to the use of the identity credential before the service can provide it to a participating agency.
All usage information concerning an identity credential will be maintained in the electronic identity credential database.
The Bill proposes a number of wide powers are reserved for the chief executive, such as to:
-set standards or specifications that participating agencies must comply with in respect of the use of identity credentials by those agencies;
-require reporting by participating agencies in the use of identity credentials;
-delegate the chief executive’s functions, duties and powers within the State sector; and
-(with the consent of the Minister) engage third parties to perform the chief executive’s functions, duties and powers.
Under the Bill, the decisions of the chief executive would be subject to a reconsideration process. Reconsideration is final, except that judicial review is still permissible. The Bill proposes giving the Privacy Commissioner the power to require the chief executive to report on the operation of the service or any confirmation agreement. The Bill contains a number of technical provisions addressing situations in which the chief executive may amend, cancel, suspend and revoke an identity credential.
The Bill proposes a number of offences relating to the identity verification service and identity credentials (eg misuse of systems). These offences carry penalties varying from 2 to 10 years imprisonment and fines varying from $50,000 to $250,000 depending on the seriousness of the offence.
Finally, the Bill proposes that, aside from acts of bad faith or gross negligence (not defined), the Crown, the chief executive and the employees and agents involved in the service are protected from any criminal or civil liability arising from acts and omissions in relation to the service and any use of an identity credential to verify an individual’s identity. If the Bill is enacted in its current form, this protection from liability may, in our view, affect uptake of the service as organisations may be less willing to rely on a service where they have no recourse if mistakes occur as a result of negligence by the service.
We will continue to monitor this Bill as it passes through Parliament.
Unsolicited Electronic Messages Order 2011
On 19 September 2011 this Order was passed by the Governor-General. It removes facsimiles from the Schedule to the Unsolicited Electronic Messages Act 2007 from 21 October 2011. This has the effect of bringing facsimiles within the scope of that Act.
As a result, that from that date:
-it will be unlawful to send an unsolicited commercial electronic message (as defined) by facsimile; and
-commercial electronic messages must have accurate sender information and a functional unsubscribe facility.
For more information on the requirements of that Act please see our April 2007 newsletter.
New Top Level Domain Name ".xxx"
You may recall that in our August newsletter we identified the launch of a new top level domain ".xxx" which is targeted at the adult entertainment industry.
Prior to the launch of the domains, there is a "sunrise" period until 28 October 2011 during which trade mark owners can apply to reserve the domain names prior to the general release.
If you have not already done so, we suggest you consider applying to reserve the ".xxx" equivalent for your key brand names to protect them from being registered and used by an unrelated third party and potentially creating a damaging association with your brand.
Importantly, to be able to reserve a domain name and prevent it being registered for ".xxx" the applicant must be the owner of a registered word or graphical trade mark and the entire textual component of the registration must correspond to the domain name applied for. The trade mark owner must be able to provide evidence (if requested) of use of the trade mark in the country where it is registered.
If an application to reserve the ".xxx" domain name is successful, that domain name will no longer be available to be registered. A reservation is not the same as a traditional domain name registration, the domain name will show a plain page stating that the domain is reserved from use through the ICM registry’s rights protection programme.
Related Articles in
- Preventive Compliance Plans in Consumer Law Matters: A Tool to be Considered in Data Protection Issues
- Year in review 2021: Data Protection (GDPR)
- Leveraging Fintechs and Big Data in a Fair Lending Focused 2022
- Year in review 2021: Technology, Media and Telecom
Latest Firm's Press
WSG Member: Please login to add your comment.