Friday, July 31, 2009

British Court Finds Google Not Liable for Defamatory Search Results

A court in the United Kingdom ruled that Google is not liable for defamatory material that appears in its search results because it is not a "publisher" of such material. The court equated Google to a library catalogue, which would not be held liable for the content of the books it lists. The UK has traditionally been friendly to libel claimants, so this decision -- though consistent with rulings in the US and EU -- is an important precedent for search engines.

© Copyright 2009 Steptoe & Johnson LLP

Canada Joins Europe In Scrutinizing Social Networking Sites' Privacy Practices

The Office of the Privacy Commissioner of Canada has found that some of Facebook's most popular features -- including third-party applications and the tagging of photos with names and email addresses -- violate the data protection principles of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Those principles require organizations that use the personal information of Canadians to, inter alia, implement procedures to protect such information; identify the purposes for which it is collected; collect and retain it only where necessary for these purposes; and obtain the data subject's consent prior to its "collection, use, or disclosure." In its report, the Privacy Office found that Facebook failed to abide by these principles, citing several unresolved violations of PIPEDA. The Office stated that it would reassess Facebook's compliance with PIPEDA and the report's recommendations in 30 days. Along with a recent EU Article 29 Data Protection Working Party opinion (on which we previously reported) advising all social networking sites that handle the personal data of EU residents that they must comply with the EU Data Protection Directive, this report indicates that the increasing scrutiny of social networking sites' data protection policies around the world could force significant changes in the way such sites operate.

© Copyright 2009 Steptoe & Johnson LLP

Friday, July 24, 2009

Court fines owner of construction-worker database

The Information Commissioner's Office (ICO) has issued a press release indicating that Ian Kerr, owner of a firm trading as the Consulting Association, has been fined £5,000 by Knutsford Crown Court for breaching the Data Protection Act 1998 (DPA), and has been ordered to pay costs of £1,187. Mr Kerr had pleaded guilty to failing to notify as a data controller at Macclesfield Magistrates Court, which transferred the case for sentencing to the Crown Court (see Legal update, Owner of construction-worker database pleads guilty to data protection offences). An ICO investigation revealed that Mr Kerr had been operating a database for over 15 years containing details on 3,213 construction workers, including information about their trade union activity and employment history, which was used by over 40 construction companies to vet individuals for employment. The ICO also indicated in its press release that it intends to serve enforcement notices on 17 construction companies who were involved in using the database maintained by Mr Kerr. It said preliminary enforcement notices had been sent out, with formal enforcement action to follow shortly, subject to any representations made by the companies. Source: ICO press release, 16 July 2009.

©Legal & Commercial Publishing Limited

Friday, July 17, 2009

MySpace Wins CDA Immunity in Assault Cases

A California Court of Appeal recently upheld a lower court's ruling that the Communications Decency Act (CDA) immunized MySpace against claims stemming from "its decision not to implement reasonable, basic safety precautions with regard to protecting young children from sexual predators." In four consolidated cases, several girls aged 13 to 15 who were sexually assaulted by men they met through MySpace (the Julie Does) and their parents or guardians sued MySpace for negligence, gross negligence, and strict product liability. The appellate court held that these claims were barred by section 230(c)(1) of the CDA, which states that "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider" and has generally been interpreted as immunizing websites against claims stemming from information posted by third parties. Finding that it was "undeniable that appellants s[ought] to hold MySpace responsible for the communications between the Julie Does and their assailants," the appellate court concluded that "section 230 immunity shields MySpace" from liability. Along with the Lori Drew ruling discussed above, the court’s dismissal of these claims against MySpace suggests that both users and providers of social networking websites may be able to skirt liability for some of the sites' more unsavory uses – at least for now. But if courts continue to throw out cases where social networking websites have been involved in incidents of stalking, bullying, or assault, the public backlash could lead Congress to narrow the scope of CDA immunity.

© Copyright 2009 Steptoe & Johnson LLP

UK: High Court considers role of search engine operator as publisher

The High Court has held that Google Inc. could not be regarded as the publisher of words alleged to be defamatory which appeared in search results. The search engine operator had been joined in proceedings for defamation because internet searches on certain terms, including one of the claimant's trading names (Train2Game), brought up a thread "Train2Game new SCAM for Scheidegger" from a bulletin board which the claimant said was defamatory of it. Eady J found that, given that the search results were generated automatically, and that Google Inc. had blocked access to specific URLs identified by the claimant, but had no control over formulating search terms, so that it could not otherwise remove offending material, it was unrealistic to attribute responsibility for publication to Google Inc., whether on the basis of authorship or acquiescence. Eady J also considered various arguments regarding the application of section 1 of the Defamation Act 1996 to the facts, and the potential relevance of the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013) to providers of search engine services. Case: Metropolitan International Schools Limited v (1) Designtechnica Corporation, (2) Google UK Limited, (3) Google Inc. [2009] EWHC 1765 (QB), 16 July 2009.

(source: practical law)

WIPO proposes paperless UDRP proceedings

ICANN has launched a 30-day consultation on a proposal from WIPO to allow for paperless UDRP proceedings by amending the UDRP implementation rules. In its proposal, WIPO explains that abolishing the requirement for hard-copy pleadings, in its view, will result in significant time and costs savings. However, it is proposing that notification of the proceedings is still sent by post to a respondent in case its e-mail address is incorrect or inactive. WIPO does not propose any changes to the UDRP itself. The consultation closes on 12 August 2009. Source: ICANN announcement, 13 July 2009

(source: practicallaw)