E-Commerce Law Week, Issue 416

How Canada Stopped Worrying and Learned to Love the USA PATRIOT Act
The USA PATRIOT Act is a favorite bugaboo among privacy advocates to our north, many of whom have directed their ire at Canadian firms that outsource data processing to U.S. entities. Thus far, however, these privacy advocates have had little success in stemming the flow of data to the south. In October 2005, Canada's privacy office found that a bank's use of a third-party service provider in the United States to handle data for its credit cards did not violate Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), regardless of whether such data might be subject to acquisition by the U.S. government under the Patriot Act. And in a ruling made public July 19, that office essentially reiterated its earlier decision, finding that a security system provider that shared customer contact information with its U.S. parent likewise did not violate PIPEDA. The office noted that Canada has laws similar to the Patriot Act, and that cooperation between Canada and the U.S. makes it possible that Canadian citizens' personal information would be provided to U.S. authorities in any event. Contrary to industry's initial fears, then, it appears that the Patriot Act will not result in a decrease in the cross-border exchange of data. But companies that handle data outsourced from Canada should keep an eye on their security and privacy practices to ensure that they remain PIPEDA compliant.

Getting to "Yes": Determining Customer Consent to Sharing of Personal Data
As our readers well know, companies whose security and privacy practices don't match their stated policies are at risk of drawing the attention of the Federal Trade Commission. But the FTC isn't the only sheriff in town. Discrepancies between policy and practice can also draw a civil suit, as demonstrated by a recent decision by a federal court in Oregon, Collegenet, Inc. v. XAP Corp. Collegenet, which provides college admission application services to students and universities, alleges that competitor XAP violated the unfair competition provisions of the Lanham Act (15 U.S.C. § 1125(a)) by "making false representations ... regarding the privacy of confidential information" that students provided XAP via its website. A key issue is whether students consent to XAP's sale of their data when they click "yes" in response to a general question asking if they would like to receive more information. Although the court declined to grant summary judgment to either party, its opinion suggests that courts will scrutinize promises of confidentiality closely, and that "consent" to data sharing will not be freely implied.

Blowing the Whistle on Unlicensed Software
Tips from current and former employees have led the Business Software Alliance (BSA) to collect "over $2 million in settlements" from 19 U.S. companies that were allegedly running unlicensed copies of software, according to a July 25 press release. The 19 companies also agreed to "delete any unlicensed copies, purchase any needed replacement software and strengthen [their] software management practices." While BSA clearly intends this latest "$2 Million Dollar Tuesday" to send a shiver down the spines of CFOs and IT managers across the country, the amounts paid in the settlements -- ranging from $55,000 to $300,000 -- may not prove the most frightening element of the press release. Rather, that honor may belong to the details about confidential, automated piracy reporting systems and generous rewards for whistleblowers which make "dropping the dime" on a non-compliant employer easier and more lucrative than ever.

Courts Still Searching for Decision on Sale of Trademarked Search Terms
In the late 1990s, search engine GoTo.com employed what was, at the time, a novel scheme for displaying results. While most search engines relied exclusively on proprietary algorithms to rank results according to relevance, GoTo auctioned off search terms to advertisers, listing paid links from the highest to the lowest bidder on any given search term. GoTo later became Overture Systems, which was purchased by Yahoo! in 2003. But the lucrative means of monetizing search that it invented, known as pay for performance (P4P), has become a cornerstone of the search industry -- and the source of a legal debate involving the sale of trademarked search terms. After conflicting decisions in GEICO v. Google, Inc., and Merck & Co., Inc., v. Mediplan Health Consulting, Inc., the most recent opinion, 800-JR Cigar, Inc. v. GoTo.com, Inc., returns to the roots of the P4P trademark controversy, but does not resolve the debate. In its July 17 ruling, the US District Court for New Jersey found that GoTo's sale of the search term "JR Cigar" to several of the plaintiff's competitors constituted a use of the mark "in commerce," but that material issues of fact regarding the level of "confusion in the marketplace" precluded summary judgment in JR's favor. The outcome in this case could have a significant impact on the business practices of Yahoo!, Google, and the rest of GoTo.com's P4P progeny. Nonetheless, with several similar cases moving forward in other districts, the outcome in GoTo.com is unlikely to be definitive.

Europeans Not Content to Leave Online Content Alone
Certain forms of online content have attracted legislative and regulatory attention in the United States -- in particular indecent and pornographic content, Internet gambling sites, and sites trading pirated copyrighted materials. But by and large U.S. lawmakers and regulators have been content to give relatively free rein to the vast majority of online content. In Europe, however, it is becoming apparent that broad regulation of online content is a much more substantial risk. Recent evidence includes a "Public Consultation on Content Online in the Single Market" ("Online Content Consultation") released last week by the Information Society and Media Directorate-General ("DG Information Society") of the European Commission. Under the EU Television Without Frontiers Directive adopted in 1989, various rules on broadcast content, including preferences for "European works," have long applied in EU member states. Now, the Online Content Consultation suggests that European regulators may have even grander designs for regulating online content. The outcome of the debate will have substantial implications for the future of European online business. Although the Online Content Consultation suggests that the answers to the questions it poses "are keys to growth and jobs in Europe," it rather seems to us that the regulatory drag from extensive content regulation could make the situation worse rather than better. Public responses to the Online Content Consultation are due by October 13, 2006.

Questions and comments on E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.