Google wins AdWords case

Google has won a major legal victory, with the European Court of Justice (the EU’s highest court) ruling that Google can continue to sell other companies’ trade marks as AdWords keywords (it was the use of the Loius Vuitton trade mark by a competitor that sparked the suit). This is seen as a major setback to the ability of companies to protect their brands. But the ruling does not green-light all manner of trade mark infringement. Advertisers must still not engage in misleading, deceptive or other infringing conduct in relation to a trade mark. The Court said (via press release):

Google has not infringed trade mark law by allowing advertisers to purchase keywords corresponding to their competitors’ trade marks. Advertisers themselves, however, cannot, by using such keywords, arrange for Google to display ads which do not allow internet users easily to establish from which undertaking the goods or services covered by the ad in question originate.

The Court said it will still be up to EU member courts to assess, on a case by case basis, whether the particular way in which an advertiser has used its AdWords is confusing or deceptive – if so, standard trade mark infringement remedies will apply. Whether the service provider (i.e. Google in this case) could be found liable would depend on:

“whether the role played by that service provider is neutral, … is merely technical, automatic and passive, pointing to a lack of knowledge of, or control over, the data which it stores. If it proves to be the case that it has not played an active role, that service provider cannot be held liable for the data which it has stored at the request of an advertiser, unless, having obtained knowledge of the unlawful nature of those data or of that advertiser’s activities, it failed to act expeditiously to remove or to disable access to the data concerned”.

Service provider role recognised

The ruling draws a clear distinction between the service provider – which would avoid liability if it played merely a “neutral”, “passive” role – and the user of the service (i.e. the advertiser). There seems to be a growing acceptance of the need to make this distinction with online services. Other recent examples include an earlier UK ruling on defamation (again involving Google) and the iiNet case in Australia (currently under appeal).

This ruling applies only to Europe. Other trade mark claims have been brought and settled elsewhere, and further challenges will no doubt arise. But this ruling by the EU’s highest court is a strong endorsement of Google’s position. Due to the conforming nature of the internet, and the relatively consistency of trade mark law globally, the decision is likely to influence any challenge against Google in New Zealand.

Changing expectations of privacy

The BBC reports on how the expanding use of online social networking is redefining “reasonable expectations” of privacy for everyone. It cites Dr Kieron O’Hara of the University of Southhampton:

“As more private lives are exported online, reasonable expectations are diminishing. When our reasonable expectations diminish, as they have, by necessity our legal protection diminishes”.

The reason is that the law attempts to balance the “reasonable expectations” of privacy with other considerations, such as freedom of information and free speech. In New Zealand, the Bill of Rights Act 1990, section 14, enshrines this freedom (as best it can, given the unsatisfactory state of that Act):

“14. Freedom of expression: Everyone has the right to freedom of expression, including the freedom to seek, receive, and impart information and opinions of any kind in any form”.

That right remains strong, but there is no doubt that “reasonable expectations” of privacy are rapidly shifting. In the article Dr O’Hara gives the example of an embarrassing photo taken at a party:

“A decade ago, he said, there would have been an assumption that it might be circulated among friends. But now the assumption is that it may well end up on the internet and be viewed by strangers.”

Another prime example is Google’s Street View. A decade or two ago there may have been some expectation of privacy when walking in the street (although as Katrine Evans of the University of Wellington, now Assistant Privacy Commissioner, notes there is a “considerable body of [precedent] which states that innocuous photographs of people in public places will not attract the protection of the common law”).

Today, Street View routinely photographs people in the streets; there is no doubt that this sort of occurrence will be a permanent part of our lives in some shape or form. Street View has various privacy measures in place (e.g. blurring faces) but there have been cases of people caught in compromising situations and a number of court cases have been fought or are pending.

A while ago I blogged (Don’t expect privacy in cyberspace) about a US case where a girl’s public MySpace rant – ostensibly intended only for her friends – was republished in a newspaper. She claimed a breach of privacy. The Court said:

“[The student’s] affirmative act [of publishing her post on MySpace] made her article available to any person with a computer and thus opened it to the public eye. Under these circumstances, no reasonable person would have had an expectation of privacy regarding the published material”.

The US Court’s ruling was quite sensible, however it highlights the point that not only are expectations of privacy rapidly changing, but the avenues for disseminating private information (and thereby possibly redefining what constitutes reasonable expectations) are also expanding. This is happening at the same time that the law in many common law jurisdictions (e.g. UK, US, Canada, Australia & New Zealand) is still relatively unsettled and developing. The societal changes of “the Facebook generation” has already been recognised in data loss / information security incidents, and is equally relevant in privacy law.

It is worth noting that in New Zealand’s current leading case on privacy (Hosking v Runting [2005] 1 NZLR 1) the actual existence of a tort of privacy was only accepted by a 3-2 decision. Since that time, other jurisdictions have expanded their privacy laws more liberally than the Hosking case’s relatively narrow scope. Most recently the 2008 Max Mosley case in the UK (argued on the basis of breach of confidence and “unauthorised disclosure of personal information”) has thrown up a number of related issues likely to be explored in a future New Zealand case.

Due to reasons of cost, substantial court cases involving breaches of privacy are rare. It seems likely that, whatever currently a “reasonable expectation” of privacy is, it will have changed again by the time the next case is argued.

Website defamation

A recent case in the UK (MIS Limited v Google) found Google not liable for defamatory statements in its search results (see link to full article below).

The judgment is a pragmatic and well-reasoned one that will reassure website operators. It backs up a similarly pragmatic decision in the New Zealand High Court last year (Sadiq v Baycorp, albeit only a “procedural” decision).

The risk of liability for third-party defamation can be one that lurks at the back of the mind for many website owners. It is certainly an issue to be aware of. On blogs and forums, the risk of someone posting a defamatory comment is probably the main legal risk present. This risk cannot be limited by terms and conditions.

The importance of the Google case is the pragmatic, realistic appoach taken by the UK High Court. It said:

“It is fundamentally important to have in mind that [Google] has no role to play in formulating the search terms. Accordingly, it could not prevent the snippet appearing in response to the user’s request unless it has taken some positive step in advance.”

What the judge is saying is that there is no reasonable way, within its existing website functionality and operational/business model, that Google could prevent the defamation from appearing in its search terms. In contrast, had the judge been so inclined, there are plenty of “unreasonable ways” that Google could have prevented/mitigated the defamation, such as:

  • Having an employee check every search snippet
  • Disable search snippets
  • Allow users to delete a search snippet, etc.

These are clearly unreasonable, disproportionate and would harm Google considerably. The Court found nothing wrong with Google saying, in effect, “this is how our system works, yes it will repeat defamation where it exists, but we cannot help that without significantly changing our technology and business model.”

The Court took a similarly pragmatic approach to the notice-and-takedown process:

“It may well be that [Google’s] ‘notice and take down’ procedure has not operated as rapidly as [the plaintiff] would wish, but it does not follow as a matter of law that between notification and ‘take down’ [Google] becomes or remains liable as a publisher of the offending material. While efforts are being made to achieve a ‘take down’ in relation to a particular URL, it is hardly possible to fix [Google] with liability on the basis of authorisation, approval or acquiescence.”

A very useful statement to have on the judicial record. This compares with the implied demand by the plaintiff that, in effect, any allegation of defamation should be met by an immediate, no-questions-asked take-down by Google, followed by a fuller review.

Full article:

Avoiding defamation for third party web content