drt 6455 eCommerce Lawlesson 3 – eCommerce and

Liability

associate professorfaculty of law

university of montrealuniversity of montreal chair

in e-Security and e-Business law www.gautrais.com

2

Liability

• Current Liabilities

• Future Liabilities

3

Liability

• ISP (Internet Services Provider) • Transmission services • Retention services• Archiving services • Editor • Certification • Blogger ? • Payment

4

Liability

• ISP (Internet Services Provider) (Hosting services) • Definition.• General exemption Regime

5

Liability

• ISP (Internet Services Provider) (Hosting services) • 22 AELFIT

– A service provider, acting as an intermediary, that provides document storage services on a communication network is not responsible for the activities engaged in by a service user with the use of documents stored by the service user or at the service user's request.

– However, the service provider may incur responsibility, particularly if, upon becoming aware that the documents are being used for an illicit activity, or of circumstances that make such a use apparent, the service provider does not act promptly to block access to the documents or otherwise prevent the pursuit of the activity.

• Idem for Referral services (as Google) • Idem in

– Unites States – European Union

6

• eBay Cases– April 2008 in France = Hermes v. eBay (see

Manara Comment – french) • Not an editor • Not a ISP• In the middle = reinforced ISP liability

– 2000 in USA = Hendrickson c. eBay• VERO (Verified Rights Owner) application• No liability for ISP (under exception)

7

Tyffany c. eBay, (2008) (US)

8

Liability

• Transmission services (art. 36) • Definition• General exemption Regime. Its action is

limited to an purely technical function.

9

Liability• Transmission services• 36.  A service provider, acting as an intermediary, that provides

communication network services exclusively for the transmission of technology-based documents is not responsible for acts of service users performed with the use of the documents transmitted or stored during the normal course of the transmission for the time required for the efficiency of the transmission.However, the service provider may incur responsibility, particularly if the service provider otherwise participates in acts performed by service users1) by being the sender of a document ;2) by selecting or altering the information in a document ;3) by determining who transmits, receives or has access to a document ; or4) by storing a document longer than is necessary for its transmission.

• Idem as in others countries – European Union – USA

10

Liability• Retention (art. 37) • Illustrations: 2 mains situations:

– « cache » function– Retention for controling access reasons (as for security reasons).

• General exemption Regime. (similar to the one applies to retention services providers)

• Possible liability if:

11

Liability

• Archiving (art. 26)

12

Liability

• Editor

• Old as tge press

• But similar to TV

• 1457 CCQ– Fault– Damage – Causal link

• Higher Liability

13

Liability

• Certification (47 and f.)

14

Liability

• And what’s happen with blog? • Qualification • Who control? Vaillancourt v. Lagacé (2005)

– Moderation -> editor – Non-moderation -> ISP

• What’s happen in others countries?– Similar in USA– Différent in France

• But there are some recommendations in the same direction. (Forum des droit sur Internet)

15

Liability

• Blog OK Corral à Saint-Adèle– Liability concerning the text itself - Balance between

liberty of expression / libel • Arguments for the blogger

– Politican person – Verification process – Permit to the politician to send a response on his blog

• Arguments for the Mayor– 1457 CCQ– Judicial trend in Quebec

– Liability concerning the commentaries • Moderation• Non moderation

16

Payment Liability

Card issuer Card issuer

merchantbuyer

(consumer)(card user)

17

Payement Liability

Banque Laurentienne du Canada c. Abdul-Wahab, 2001 IIJCan 151 (QC C.S.)

•[45]  Ceci dit, lorsque le numéro de carte est communiqué par téléphone, Internet ou autrement, sans présentation formelle de la carte, il revient au commerçant d’assumer le risque de la transaction, et non à l’institution financière avec laquelle il a signé une convention de services de paiement au point de vente.  En effet, les différentes étapes prévues au manuel d’exploitation visent à réduire au minimum les fraudes et sont sous le seul contrôle du commerçant : présentation de la carte, signature du relevé et vérification des signatures apparaissant au relevé et à l’endos de la carte.  Si ces trois étapes sont remplies et si un numéro d’autorisation est obtenu, le commerçant a rempli sa part du contrat et si de bonne foi[2], a droit au paiement[3].

•[46]  En somme, quand le commerçant prend sur lui de modifier les méthodes d’exploitation, même lorsqu’il est de bonne foi, il doit en assumer les conséquences, car lui seul est en mesure de faire les vérifications additionnelles que peut requérir une transaction à distance et prendre les dispositions appropriées avant de remettre les biens commandés.

18

Payement Liability

147511 Canada Inc. c. Banque Laurentienne du Canada, 2003 IIJCan 30449 (QC C.S.)

[32] Les incidents et les manquements ont été suffisamment nombreux et importants pour justifier les craintes exprimées par les témoins entendus à l'initiative de Banque Laurentienne et l'intervention immédiate. [33] Il n'était pas nécessaire que Banque Laurentienne fasse la preuve de fraude ou de mauvaise foi de La Compagnie et de ses représentants pour justifier sa décision.  Le non respect des conditions d'utilisation, même en toute bonne foi, était suffisant.[34] Le retrait du terminal constituait le seul remède dont Banque Laurentienne disposait pour se protéger et, selon la convention intervenue, elle pouvait agir comme elle l'a fait.  Dans les circonstances spécifiques du présent dossier, son comportement ne constituait pas un comportement abusif.

19

Liability - Future

• Proactive attitude of Personal Information holder – Canadian Report (2005)

• Option I – Truncate (partially blank out) payment card numbers • Option II – Verify the identity of persons and organizations accessing credit

reports• Option III – Do not disclose social insurance numbers (SINs) on credit reports

or use them as a unique identifier for consumers• Option IV – Allow consumers to place freezes on their credit reports• Option V – Require organizations that store personal information to notify

individuals and credit bureaus in cases of security breaches• Option VI – Require credit bureaus to place fraud alerts on consumers’ credit

reports incases of security breaches or upon the request of an identity theft victim• Option VII – Require credit lenders to disclose details of fraudulent debts to

victims• Option VIII – Require credit bureaus to block information about fraudulent debts

appearing on a consumer’s credit report• Option IX - Make organizations liable for damages• Option X – Inform victims of their rights

– English Report fronm the House of Lords (2007)

20

In the News …

• McAfee Virtual Criminality Report (December 09, 2008) – More risks– More fears – More laws – More education – More technology – More liability

21

example

• Non Legal solution

– Difficulties for laws application – SquareTrade …– Rating system

• Efficient but …• Some problems • And eBay change the rules