regulation of internet commerce
class five - january 11, 2008
professor michael geist
university of ottawa, faculty of law
special guest appearance by:
Jennifer Stoddart
Privacy Commissioner of Canada

Key CDRP Provisions
Confusing Similarity Prong
• Confusingly similar if resembles mark in appearance, sound, or ideas
such that likely to be mistaken for mark
• Mark based largely on Trademark Act definition
– Can be registered or unregistered
• Rights requires use in Canada
• Problem: Highly legalistic

Key CDRP Provisions
Bad Faith Prong
• Exhaustive list of bad faith indicia:
– Registered or acquired domain primarily for purpose of resale, lease, etc.
to Complainant or Complainant’s competitor
– Registered or acquired domain primarily to prevent Complainant from
registering and engaged in pattern of such activity
– Registered or acquired domain primarily to disrupt Complainant’s
business and Registrant & Complainant are competitors
• Problem: Doesn’t account for new business models, leads to some odd
reasons

Key CDRP Provisions
Legitimate Interest Prong
Complainant must also affirmatively show that the registrant
has no legitimate interest
Problem: Asks them to prove a negative

Key CDRP Provisions
Legitimate Interest Prong
If Confusion, Bad Faith and No Legitimate Interest are proven, onus falls to
Registrant to prove legitimate interest :
• Registrant has rights in the Mark
• Good faith commercial use - domain descriptive or generic
• Good faith non-commercial use including news reporting and criticism
• Legal name of registrant
• Geographical location of Registrant’s non-commercial activity or place of
business

Key CDRP Provisions
Canadian Issues
• CDRP only open to those who meet Canadian
Presence Requirements
• Canadian law governs all disputes
• Actions brought in either English or French

Key CDRP Provisions
Of Note…
• Reverse Hijacking clause -- up to $5000 in damages
– Never applied
• Domains can be transferred or cancelled
– Typically transferred, rarely cancelled
• 60 days to implement
• Three member panels for all contested cases
• Two dispute resolution providers - BCIAC and Resolution Canada

CDRP Revisions?
• Standing
– Non-trade words
– Personal names
• Procedural Changes
– Default Judgment
– Appeals
– Mediation
• Simplified test
• Rights, Fairness
• Improved quality

Whois

Whois

Whois
Two Key Issues:
• What information is collected?
• What information is displayed?
– To whom?
– In what circumstances?

Whois
ICANN Registrar Agreement
At its expense, Registrar shall provide an interactive web page and a port 43 Whois
service providing free public query-based access to up-to-date (i.e., updated at least
daily) data concerning all active Registered Names sponsored by Registrar for each TLD
in which it is accredited. The data accessible shall consist of elements that are
designated from time to time according to an ICANN adopted specification or policy.
Until ICANN otherwise specifies by means of an ICANN adopted specification or
policy, this data shall consist of the following elements as contained in Registrar's
database:

Whois
ICANN Registrar Agreement
3.3.1.1 The name of the Registered Name;
3.3.1.2 The names of the primary nameserver and secondary nameserver(s) for the Registered Name;
3.3.1.3 The identity of Registrar (which may be provided through Registrar's website);
3.3.1.4 The original creation date of the registration;
3.3.1.5 The expiration date of the registration;
3.3.1.6 The name and postal address of the Registered Name Holder;
3.3.1.7 The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the
Registered Name; and
3.3.1.8 The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the
Registered Name.

Whois
Required Provisions in Service Agreements with Registrants
Registrar shall require all Registered Name Holders to enter into an electronic or paper
registration agreement with Registrar including at least the following provisions:
3.7.7.1 The Registered Name Holder shall provide to Registrar accurate and reliable contact details
and promptly correct and update them during the term of the Registered Name registration,
including: the full name, postal address, e-mail address, voice telephone number, and fax
number if available of the Registered Name Holder; name of authorized person for contact
purposes in the case of an Registered Name Holder that is an organization, association, or
corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8.

Whois
Required Provisions in Service Agreements with Registrants
Registrar shall require all Registered Name Holders to enter into an electronic or paper
registration agreement with Registrar including at least the following provisions:
3.7.7.2 A Registered Name Holder's willful provision of inaccurate or unreliable information, its willful
failure promptly to update information provided to Registrar, or its failure to respond for over
fifteen calendar days to inquiries by Registrar concerning the accuracy of contact details
associated with the Registered Name Holder's registration shall constitute a material breach of the
Registered Name Holder-registrar contract and be a basis for cancellation of the Registered Name
registration.

Whois
Intersection with:
• Intellectual property
• Security/Law Enforcement
• Privacy
• Spam/Phishing
• Free Speech
• Government

CIRA Whois
• The information available on WHOIS about dot-ca domain names registered by individuals (not
businesses or organizations) will be limited to several pieces of technical information,
including server Internet Protocol Names/Numbers, registration date, expiration date, “last
changed” date, and the name of the Registrar. Registrants that are not individuals, such as
businesses and organizations, will be required to make all of the technical and contact
information collected at the time of registration publicly available through the WHOIS.
• Individual Registrants may opt into “complete” WHOIS publication when they register or at any
time afterward.
• Unless an individual Registrant opts into “complete” WHOIS publication this information
will be kept private by CIRA except under special circumstances. These special
circumstances are limited to official and legitimate requests by law enforcement agencies,
judicial bodies, as well as if the domain name is subject to a proceeding under CIRA’s Dispute
Resolution Policy.

CIRA Whois
• Since the new WHOIS Policy limits the amount of personal information
about dot-ca domain name holders (registrants) available to the public it is
now more difficult for interested parties to correspond with registrants.
CIRA is looking for feedback on their proposal to establish an
administrative process (rather than an electronic or automated process) for
passing correspondence from interested parties to Registrants. However,
CIRA will not guarantee that messages are read and/or responded to. This
solution will protect Registrant privacy, facilitate settlement of disputes and
help to reduce spam.

Background on the Law
Personal Information Protection and Electronic Documents Act
• Codification of Canadian Standards Association Model
Code for Protection of Personal Information
• CSA Model Code based on OECD guidelines
• PIPEDA creates mandatory obligations & enforcement
mechanisms

Background on the Law
Personal Information Protection and Electronic Documents Act
• Introduced October 1, 1998 as Bill C-54
• Government fails to enact - reintroduces as C-6 in October
1999
• House passes October 26, 1999
• Senate amends December 1999
• House passes amended law April 4, 2000
• Royal Assent on April 13, 2000

Background on the Law
Personal Information Protection and Electronic Documents Act
Application - Timing
• Federally regulated businesses subject to law January 1, 2001
• Disclosure across provincial/national boundaries for consideration subject to
law January 1, 2001
• Personal health information from federally regulated businesses subject
January 1, 2002
• Everything else subject January 1, 2004
• Provinces encouraged to enact their own legislation (Quebec already had own
statute; BC and Alberta pass in 2004; Ontario passes health in 2004)

Background on the Law
Personal Information Protection and Electronic Documents Act
Application - Subject matter
• Personally identifiable information only - includes information about employees
• Public domain exception
– Telephone Directory
– Professional or Business Directory
– Registry Collected under Statutory Authority
– Court Record
– Information Appearing in the Media Where the Individual has Provided the Information
• Federal Privacy Act exempt
• Name, Title, Business address or Telephone number of an employee exempt - not email though

The Key Provisions
Personal Information Protection and Electronic Documents Act
10 PRINCIPLES --
1 1. Accountability
• organization is accountable for personal information
• Includes privacy point person, training staff
• 2. Identifying Purposes
• purpose of collection must be clear
• Identify any new purposes
• Grandfathering issue
• 3. Consent
• individual has to give consent to collection, use, disclosure
• “meaningful” consent -- will depend upon circumstances

The Key Provisions
Personal Information Protection and Electronic Documents Act
10 PRINCIPLES (cont.) --
• 4. Limiting Collection
• collect only information required for identified
purpose
• 5. Limiting Use, Disclosure and Retention
• consent required for other purposes
• Destroy or anonymize information once no longer
needed
• 6. Accuracy
• keep as accurate as necessary for identified purpose

The Key Provisions
Personal Information Protection and Electronic Documents Act
10 PRINCIPLES (cont.) --
7. Safeguards
• protection and security required
8. Openness
• policies should be available
• Clear language
9. Individual Access
– info available upon request, inaccuracies corrected
10. Challenging Compliance
– ability to challenge all practices