De-Identification, Intermediary Liability & Gender Stereotypes – Friday Files

This week’s resources for weekend reading!

  • De-identification Guidelines. ICYMI the Ontario Information and Privacy Commissioner has developed a resource page for de-identification, which includes the IPC’s June 2016 De-identification Guidelines for Structured Data. The International Conference of Data Protection & Privacy Commissioners have shortlisted the Guidelines for the Global Privacy and Data Protection Awards 2017 in the Research Category. Read the De-identification Guidelines here.
  • Intermediary Liability and Online Marketing. Do social media platforms that display advertising have any potential liability for deceptive advertising? In the United States, section 230 of the Communications Decency Act provides that the a website or other Internet publisher will not be deemed to be the publisher of content that is provided by another information content provider. This is a key part of Google’s claim that the Canadian Supreme Court went to far in its world wide injunction (discussed in my blog post here). In Canada, the conventional wisdom has been that platforms are unlikely to be liable if it is clear from placement and context that the advertisement is a third-party advertisement and the platform has not had any involvement in the content of the advertisement or knowledge that it is deceptive. However, if there is actual knowledge (e.g. by being put on notice), the situation could change. If you are interested in these questions, Lavery, de Billy has an interesting discussion of this topic that you can locate here.
  • Gender Stereotypes. The UK Advertising Standards Authority has issued a report Depictions, Perceptions and Harm calling for stronger regulation of advertising containing stereotypical gender roles or characteristics. The report is based on qualitative research on the harms created by gender stereotyping. You can find the report here. Advertising Standards Canada has had guidelines on Gender Portrayal in one form or another since 1981. The current Guidelines contain six basic principles: (1) women and men should have equal representation in roles of authority; (2) women and men should be portrayed as decision-makers for purchases; (3) there should not be inappropriate use or exploitation of sexuality; (4) no sexual violence or domination; (5) women and men should be portrayed “in the full spectrum of diversity” and equally competent in activities; and (5) advertising should avoid language that misrepresents or offends or excludes men or women.

Prosecuting Deceptive Privacy Practices, FTC Weights in on Security, Cybersecurity and Event Planning

Here are this week’s suggestions for summertime weekend reading resources!

  • Using Consumer Protection Statutes to Protect Privacy: Most Canadian provincial consumer protection statutes prohibit false, misleading or deceptive representations (see e.g. s. 14 -17) of the Ontario Consumer Protection Act). If the product or services involve the collection and use of personal information, these provisions could theoretically apply to representations about the company’s personal information handling practices.  A deceptive practice could be prosecuted as a provincial offence. Fines for companies could be up to $250,000. Individual remedies are limited to rescission or damages (including exemplary damages). In the United States, several states have now expressly included misstatements regarding privacy practices in their consumer protection laws, signalling that State Attorney Generals are serious about prosecuting deceptive privacy practices as a consumer protection issue. Baker Hostettler has an interesting comparison of three state laws that you can access here.
  • FTC Provides Guidance on Security: The FTC has been criticized for failing to provide fair warning of what it expects companies to do to protect and secure consumer data. Clearly, the FTC has listened to businesses and is publishing a series of blog posts to describe lessens learned in its investigations and enforcement actions. Read the July 21 post “Stick with Security” here. Upcoming posts can be found here.
  • Cybersecurity, Conferences, Event Planning: Cybersecurity should be on the list of considerations for corporate event planning. I’ve written a short article for my upcoming presentation at IncentiveWorks 2017 conference in August. You can read it here.

Where did I agree to that? The problem of incorporation by reference

There are many reasons for incorporating provisions by reference in consumer contracts. For example, terms of service may make reference to rules for the acceptable use of the services. A purchase agreement may reference a separate document explaining refunds or shipping terms.

Incorporation by reference is not a good strategy when dealing with clauses excluding liability — unless they are backed up by specifically bringing these clauses to the attention of the consumer.

A recent case illustrates the point.  It involved some lost golf clubs. The golfer signed a membership application that stated: “I, the above member(s), agree to abide by the policy, rules and regulations” of the club. He was given a handbook. The membership handbook contained a provision that said the club was not responsible for golf clubs stored at the premises. Members needed to have their own insurance.

Was the handbook the policy, rules and regulations referred to in the agreement? Probably, but the court said the club hadn’t been clear. The court said that the club didn’t bring this to the member’s attention. The club couldn’t rely on it to exclude liability.

The outcome might have been different if the club had included the provision in the agreement, said that the handbook contained these kinds of terms, or had posted signage.

Interested in the case? You can find it here.