Publications

At a time when some are demanding that artificial intelligence (AI) research and advanced systems development be temporarily suspended and others want to close Pandora’s box, it is appropriate to ask what effect chat technology (ChatGPT, Bard and others) will have on businesses and workplaces. Some companies support its use, others prohibit it, but many have yet to take a stand. We believe that all companies should adopt a clear position and guide their employees in the use of such technology. Before deciding what position to take, a company must be aware of the various legal issues involved in using this type of artificial intelligence. Should a company decide to allow its use, it must be able to provide a clear framework for it, and, more importantly, for the ensuing results and applications. Clearly, such technological tools have both significant advantages likely to cause a stir—consider, for example, how quickly chatbots can provide information that is both surprising and interesting—and the undeniable risks associated with the advances that may arise from them. This article outlines some of the risks that companies and their clients, employees and partners face in the very short term should they use these tools. Potential for error and liability The media has extensively reported on the shortcomings and inaccuracies of text-generating chatbots. There is even talk of “hallucinations” in certain cases where the chatbot invents a reality that doesn’t exist. This comes as no surprise. The technology feeds off the Internet, which is full of misinformation and inaccuracies, yet chatbots are expected to “create” new content. They lack, for the time being at least, the necessary parameters to utilize this “creativity” appropriately. It is easy to imagine scenarios in which an employee would use such technology to create content that their employer would then use for commercial purposes. This poses a clear risk for the company if appropriate control measures are not implemented. Such content could be inaccurate in a way that misleads the company’s clients. The risk would be particularly significant if the content generated in this way were disseminated by being posted on the company’s website or used in an advertising campaign, for example. In such a case, the company could be liable for the harm caused by its employee, who relied on technology that is known to be faulty. The reliability of these tools, especially when used without proper guidance, is still one of the most troubling issues. Defamation Suppose that such misinformation concerns a well-known individual or rival company. From a legal standpoint, a company disseminating such content without putting parameters in place to ensure that proper verifications are made could be sued for defamation or misleading advertising. Thus, adopting measures to ensure that any content derived from this technology is thoroughly validated before any commercial use is a must. Many authors have suggested that the results generated by such AI tools should be used as aids to facilitate analysis and decision-making rather than to produce final results or output. Companies will likely adopt these tools and benefit from them—for competitive purposes, in particular—faster than good practices and regulations are implemented to govern them. Intellectual property issues The new chatbots have been developed as extensions to web search engines such as Google and Bing. Content generated by chatbots may be based on existing copyrighted web content, and may even reproduce substantial portions of it. This could lead to copyright infringement. Where users limit their use to internal research, the risk is limited as the law provides for a fair dealing exception in such cases. Infringement of copyright may occur if the intention is to distribute the content for commercial purposes. The risk is especially real where chatbots generate content on a specific topic for which there are few references online. Another point that remains unclear is who will own the rights to the answers and results of such a tool, especially if such answers and results are adapted or modified in various ways before they are ultimately used. Confidentiality and privacy issues The terms and conditions of use for most chatbots do not appear to provide for confidential use. As such, trade secrets and confidential information should never be disclosed to such tools. Furthermore, these technologies were not designed to receive or protect personal information in accordance with applicable laws and regulations in the jurisdictions where they may be used. Typically, the owners of these products assume no liability in this regard. Other issues There are a few other important issues worth considering among those that can now be foreseen. Firstly, the possible discriminatory biases that some attribute to artificial intelligence tools, combined with the lack of regulation of these tools, may have significant consequences for various segments of the population. Secondly, the many ethical issues associated with artificial intelligence applications that will be developed in the medical, legal and political sectors, among others, must not be overlooked. The stakes are even higher when these same applications are used in jurisdictions with different laws, customs and economic, political and social cultures. Lastly, the risk for conflict must also be taken into consideration. Whether the conflict is between groups with different values, between organizations with different goals or even between nations, it is unclear whether (and how) advances in artificial intelligence will help to resolve or mitigate such conflicts, or instead exacerbate them.   Conclusion Chat technologies have great potential, but also raises serious legal issues. In the short term, it seems unlikely that these tools could actually replace human judgment, which is in and of itself imperfect. That being said, just as the industrial revolution did two centuries ago, the advent of these technologies will lead to significant and rapid changes in businesses. Putting policies in place now to govern the use of this type of technology in your company is key. Moreover, if your company intends to integrate such technology into its business, we recommend a careful study of the terms and conditions of use to ensure that they align with your company’s project and the objectives it seeks to achieve with it.

In Society of Composers, Authors and Music Publishers of Canada v. Entertainment Software Association1 (the “SOCAN Decision”), the Supreme Court of Canada ruled on the obligation to pay a royalty for making a work available to the public on a server, where it can later be streamed or downloaded. At the same time, it clarified the applicable standard of review for appeals where administrative bodies and courts share concurrent first instance jurisdiction and revisited the purpose of the Copyright Act2and its interpretation in light of the WIPO Copyright Treaty3. The Supreme Court also took the opportunity to reiterate the importance of the principle of technological neutrality in the application and interpretation of the Copyright Act. This reminder can also be applied to other artistic mediums and is very timely in a context where the digital visual arts market is experiencing a significant boom with the production and sale of non-fungible tokens (“NFTs”). In 2012, Canadian legislators amended the Copyright Act by adopting the Copyright Modernization Act4. These amendments incorporate Canada’s obligations under the Treaty into Canadian law by harmonizing the legal framework of Canada’s copyright laws with international rules on new and emerging technologies. The CMA introduced three sections related to “making [a work] available,” including section 2.4(1.1) of the CMA. This section applies to original works and clarifies section 3(1)(f), which gives authors the exclusive right to “communicate a work  to the public by telecommunication”: 2.4(1.1) Copyright Act. “For the purposes of this Act, communication of a work or other subject-matter to the public by telecommunication includes making it available to the public by telecommunication in a way that allows a member of the public to have access to it from a place and at a time individually chosen by that member of the public.” Before the CMA came into force, the Supreme Court also found that downloading a musical work from the Internet was not a communication by telecommunication within the meaning of section 3(1)(f) of the CMA5, while streaming was covered by this section.6 Following the coming into force of the CMA, the Copyright Board of Canada (the “Board”) received submissions regarding the application of section 2.4(1.1) of the Copyright Act. The Society of Composers, Authors and Music Publishers of Canada (“SOCAN”) argued, among other things, that section 2.42.4(1.1) of the Copyright Act required users to pay royalties when a work was published on the Internet, making no distinction between downloading, streaming and cases where works are published but never transmitted. The consequence of SOCAN’s position was that a royalty had to be paid each time a work was made available to the public, whether it was downloaded or streamed. For each download, a reproduction royalty also had to be paid, while for each stream, an additional performance royalty had to be paid. Judicial history The Board’s Decision7 The Board accepted SOCAN’s interpretation that making a work available to the public is a “communication”. According to this interpretation, two royalties are due when a work is published online. Firstly,  when the work is made available to the public online, and secondly, when it is streamed or downloaded. The Board’s Decision was largely based on its interpretation of Section 8 of the Treaty, according to which the act of making a work available requires separate protection by Member States and constitutes a separately compensable activity. Federal Court of Appeal’s Decision8 Entertainment Software Association, Apple Inc. and their Canadian subsidiaries (the “Broadcasters”) appealed the Board’s Decision before the Federal Court of Appeal (“FCA”). Relying on the reasonableness standard, the FCA overturned the Board’s Decision, affirming that a royalty is due only when the work is made available to the public on a server, not when a work is later streamed. The FCA also highlighted the uncertainty surrounding the applicable review standard in appeals following Vavilov9 in cases where administrative bodies and courts share concurrent first instance jurisdiction. SOCAN Decision The Supreme Court dismissed SOCAN’s appeal seeking the reinstatement of the Board’s Decision. Appellate standards of review The Supreme Court recognized that there are rare and exceptional circumstances that create a sixth category of issues to which the standard of correctness applies, namely concurrent first instance jurisdiction between courts and administrative bodies. Does section 2.4(1.1) of the Copyright Act entitle the holder of a copyright to the payment of a second royalty for each download or stream after the publication of a work on a server, making it publicly accessible? The copyright interests provided by section 3(1) of the Copyright Act The Supreme Court began its analysis by considering the three copyright interests protected by the Copyright Act, or in other words, namely the rights provided for in section 3(1): to produce or reproduce a work in any material form whatsoever; to perform the work in public; to publish an unpublished work. These three copyright interestsare distinct and a single activity can only engaged one of them. For example, the performance of a work is considered impermanent, allowing the author to retain greater control over their work than reproduction. Thus, “when an activity allows a user to experience a work for a limited period of time, the author’s performance right is engaged. A reproduction, by contrast, gives a user a durable copy of a work”.10 The Supreme Court also emphasized that an activity not involving one of the three copyright interests under section 3(1) of the Copyright Act or the author’s moral rights is not protected by the Copyright Act. Accordingly, no royalties should be paid in connection with such an activity. The Court reiterated its previous view that downloading a work and streaming a work are distinct protected activities, more precisely  downloading is considered reproduction, while streaming is considered performance. It also pointed out that downloading is not a communication under section 3(1)(f) of the Copyright Act, and that making a work available on a server is not a compensable activity distinct from the three copyright interests.11 Purpose of the Copyright Act and the principle of technological neutrality The Supreme Court criticized the Board’s Decision, opining that it violates the principle of technological neutrality, in particular by requiring users to pay additional fees to access online works. The purpose of the CMA was to “ensure that [the Copyright Act] remains technologically neutral”12 and thereby show, at the same time, Canada’s adherence to the principle of technological neutrality. The principle of technological neutrality is further explained by the Supreme Court: [63] The principle of technological neutrality holds that, absent parliamentary intent to the contrary, the Copyright Act should not be interpreted in a way that either favours or discriminates against any form of technology: CBC, at para. 66. Distributing functionally equivalent works through old or new technology should engage the same copyright interests: Society of Composers, Authors and Music Publishers of Canada v. Bell Canada, 2012 SCC 36, [2012] 2 S.C.R. 326, at para. 43; CBC, at para. 72. For example, purchasing an album online should engage the same copyright interests, and attract the same quantum of royalties, as purchasing an album in a bricks-and-mortar store since these methods of purchasing the copyrighted works are functionally equivalent. What matters is what the user receives, not how the user receives it: ESA, at paras. 5-6 and 9; Rogers, at para. 29. In its summary to the CMA, which precedes the preamble, Parliament signalled its support for technological neutrality, by stating that the amendments were intended to “ensure that [the Copyright Act] remains technologically neutral”. According to the Supreme Court, the principle of technological neutrality must be observed in the light of the purpose of the Copyright Act, which does not exist solely for the protection of authors’ rights. Rather, the Act seeks to strike a balance between the rights of users and the rights of authors by facilitating the dissemination of artistic and intellectual works aiming to enrich society and inspire other creators. As a result, “[w]hat matters is what the user receives, not how the user receives it.”13 Thus, whether the reproduction or dissemination of the work takes place online or offline, the same copyright applies and leads to the same royalties. What is the correct interpretation of section 2.4(1.1) of the Copyright Act? Section 8 of the Treaty The Supreme Court reiterated that international treaties are relevant at the context stage of the statutory interpretation exercise and they can be considered without textual ambiguity in the statute.14 Moreover, wherethe text permits, it must be interpreted so as to comply with Canada’s treaty obligations, in accordance with the presumption of conformity, which states that a treaty cannot override clear legislative intent.15 The Court concluded that section 2.4(1.1) of the Copyright Act was intended to implement Canada’s obligations under Section 8 of the Treaty, and that the Treaty must therefore be taken into account in interpreting section 2.4(1.1) of the Act. Although Section 8 of the Treaty gives authors the right to control making works available to the public, it does not create a new and protected “making available” right that would be separately compensable. In such cases, there are no “distinct communications” or in other words, “distinct performances”.16 Section 8 of the Treaty creates only two obligations: “protect on demand transmissions; and give authors the right to control when and how their work is made available for downloading or streaming.”17 Canada has the freedom to choose how these two objectives are implemented in the Copyright Act, either through the right of distribution, the right of communication to the public, the combination of these rights, or a new right.18 The Supreme Court concluded that the Copyright Act gives effect to the obligations arising from Section 8 of the Treaty through a combination of the performance, reproduction, and authorization rights provided for in section 3(1) of the Copyright Act, and by respecting the principle of technological neutrality.19 Which interpretation of section 2.4(1.1) of the Copyright Act should be followed? The purpose of section 2.4(1.1) of the Copyright Act is to clarify the communication right in section 3(1)(f) of the Copyright Act by emphasizing its application to on-demand streaming. A single on-demand stream to a member of the public thus constitutes a “communication to the public” within the meaning of section 3(1)(f) of the Copyright Act.20 Section 2.4(1.1) of the Copyright Act states that a work is performed as soon as it is made available for on-demand streaming.21 Therefore, streaming is only a continuation of the performance of the work, which starts when the work is made available. Only one royalty should be collected in connection with this right: [100] This interpretation does not require treating the act of making the work available as a separate performance from the work’s subsequent transmission as a stream. The work is performed as soon as it is made available for on-demand streaming. At this point, a royalty is payable. If a user later experiences this performance by streaming the work, they are experiencing an already ongoing performance, not starting a new one. No separate royalty is payable at that point. The “act of ‘communication to the public’ in the form of ‘making available’ is completed by merely making a work available for on?demand transmission. If then the work is actually transmitted in that way, it does not mean that two acts are carried out: ‘making available’ and ‘communication to the public’. The entire act thus carried out will be regarded as communication to the public”: Ficsor, at p. 508. In other words, the making available of a stream and a stream by a user are both protected as a single performance — a single communication to the public. In summary, the Supreme Court stated and clarified the following in the SOCAN Decision: Section 3(1)(f) of the Copyright Act does not cover download of a work. Making a work available on a server and streaming the work both involve the same copyright interest to the performance of the work. As a result, only one royalty must be paid when a work is uploaded to a server and streamed. This interpretation of section 2.4(1.1) of the Copyright Act is consistent with Canada’s international obligations for copyright protection. In cases of concurrent first instance jurisdiction between courts and administrative bodies, the standard of correctness should be applied. As artificial intelligence works of art increase in amount and as a new market for digital visual art emerges, driven by the public’s attraction for the NFT exchanges, the principle of technological neutrality is becoming crucial for understanding the copyrights attached to these new digital objects and their related transactions. Fortunately, the issues surrounding digital music and its sharing and streaming have paved the way for rethinking copyright in a digital context. It should also be noted that in decentralized and unregulated digital NFT markets, intellectual property rights currently provide the only framework that is really respected by some market platforms and may call for some degree of intervention on the part of the market platforms’ owners. 2022 SCC 30. R.S.C. (1985), c. C-42 (hereinafter the “Copyright Act”). Can. T.S. 2014 No. 20, (hereinafter the “Treaty”). S.C. 2012, c. 20 (hereinafter the “CMA”). Entertainment Software Association v. Society of Composers, Authors and Music Publishers of Canada, 2012 SCC 34. Rogers Communications Inc. v. Society of Composers, Authors and Music Publishers of Canada, 2012 SCC 35. Copyright Board of Canada, 2017 CanLII 152886 (hereinafter the “Board’s Decision”). Federal Court of Appeal, 2020 FCA 100 (hereinafter the “FCA’s Decision”). Canada (Minister of Citizenship and Immigration) v. Vavilov, 2019 SCC 65. SOCAN Decision, par. 56. Ibid, para. 59. CMA, Preamble. SOCAN Decision, para. 70, emphasis added by the SCC. Ibid, paras. 44-45. Ibid, paras. 46-48. Ibid, paras. 74-75. Ibid, para. 88. Ibid, para. 90. Ibid, paras. 101 and 108. Ibid, paras. 91-94. Ibid, paras. 95 and 99-100.

While the Canadian government has said it intends to pass legislation dealing with cybersecurity (see Bill C-26 to enact the Critical Cyber Systems Protection Act), many companies have already taken significant steps to protect their IT infrastructure. However, the Internet of Things is too often overlooked in this process. This is in spite of the fact that many devices are directly connected to the most important IT infrastructure for businesses. Industrial robots, devices that control production equipment in factories, and devices that help drivers make deliveries are just a few examples of vulnerable equipment. Operating systems and a range of applications are installed on these devices, and the basic operations of many businesses and the security of personal information depend on the security of the devices and their software. For example: An attack could target the manufacturing equipment control systems on the factory floor and result in an interruption of the company’s production and significant recovery costs and production delays. By targeting production equipment and industrial robots, an attacker could steal the blueprints and manufacturing parameters for various processes, which could jeopardize a company’s trade secrets. Barcode scanners used for package delivery could be infected and transmit information to hackers, including personal information. The non-profit Open Web Application Security Project (OWASP) has released a list of the top ten security risks for the Internet of Things.1 Leaders of companies that use this kind of equipment must be aware of these issues and take measures to manage these risks. We would like to comment on some of the risks which require appropriate policies and good company governance to mitigate them. Weak or unchangeable passwords: Some devices are sold with common or weak initial passwords. It is important to ensure that passwords are changed as soon as devices are set up and to keep tight control over them. Only designated IT personnel should know the passwords for configuring these devices. You should also avoid acquiring equipment that does not allow for password management (for example, a device with an unchangeable password). Lack of updates: The Internet of Things often relies on computers with operating systems that are not updated during their lifetime. As a result, some devices are vulnerable because they use operating systems and software with known vulnerabilities. Good governance includes ensuring that such devices are updated and acquiring only devices that make it easy to perform regular updates. Poor management of the fleet of connected devices: Some companies do not have a clear picture of the Internet of Things deployed in their company. It is crucial to have an inventory of these devices with their role in the company, the type of information they contain and the parameters that are essential to their security. Lack of physical security: Wherever possible, access to these devices should be protected. Too often, devices are left unattended in places where they are accessible to the public. Clear guidelines should be provided to employees to ensure safe practices, especially for equipment that is used on the road. A company’s board of directors plays a key role in cybersecurity. In fact, the failure of directors to monitor risks and to ensure that an adequate system of controls is in place can expose them to liability. Here are some elements of good governance that companies should consider practising: Review the composition of the board of directors and the skills matrix to ensure that the team has the required skills. Provide training to all board members to develop their cyber vigilance and equip them to fulfill their duties as directors. Assess cybersecurity risks, including those associated with connected devices, and establish ways to mitigate those risks. The Act to modernize legislative provisions respecting the protection of personal information sets out a number of obligations for the board of directors, including appointing a person in charge of the protection of personal information, having a management plan and maintaining a register of confidentiality incidents. For more information, you can read the following bulletin: Amendments to Privacy Laws: What Businesses Need to Know (lavery.ca) Lastly, a company must at all times ensure that the supplier credentials, passwords and authorizations that make it possible for IT staff to respond are not in the hands of a single person or supplier. This would put the company in a vulnerable position if the relationship with that person or supplier were to deteriorate. See OWASP top 10

Earlier this month, Canadian Heritage Minister Pablo Rodriguez introduced Bill C-18 (Online News Act) in Parliament. This bill, which was largely inspired by similar legislation in Australia, aims to reduce bargaining imbalances between online platforms and Canadian news outlets in terms of how these “digital news intermediaries” allow news content to be accessed and shared on their platforms. If passed, the Online News Act would, among other things, require these digital platforms such as Google and Facebook to enter into fair commercial agreements with news organizations for the use and dissemination of news related content on their platforms. Bill C-18, which was introduced on April 5, 2022, has a very broad scope, and covers all Canadian journalistic organizations, regardless of the type of media (online, print, etc.), if they meet certain eligibility criteria. With respect to the “digital news intermediaries” on which the journalistic content is shared, Bill C-18 specifically targets online communication platforms such as search engines or social media networks through which news content is made available to Canadian users and which, due to their size, have a significant bargaining imbalance with news media organizations. The bill proposes certain criteria by which this situation of bargaining imbalance can be determined, including the size of the digital platform, whether the platform operates in a market that provides a strategic advantage over news organizations and whether the platform occupies a prominent position within its market. These are clearly very subjective criteria which make it difficult to precisely identify these “digital news intermediaries.” Bill C-18 also currently provides that the intermediaries themselves will be required to notify the Canadian Radio-television and Telecommunications Commission (“CRTC”) of the fact that the Act applies to them. The mandatory negotiation process is really the heart of Bill C-18. If passed in its current form, digital platform operators will be required to negotiate in good faith with Canadian media organizations to reach fair revenue sharing agreements. If the parties fail to reach an agreement at the end of the negotiation and mediation process provided for in the legislation, a panel of three arbitrators may be called upon to select the final offer made by one of the parties. For the purposes of enforceability, the arbitration panel’s decision is then deemed, to constitute an agreement entered into by the parties. Finally, Bill C-18 provides digital platforms the possibility of applying to the CRTC for an exemption from mandatory arbitration provided that their revenue sharing agreements meet the following criteria: Provide fair compensation to the news businesses for news content that is made available on their platforms; Ensure that an appropriate portion of the compensation would be used by the news businesses to support the production of local, regional and national news content; Do not allow corporate influence to undermine the freedom of expression and journalistic independence enjoyed by news outlets; Contribute to the sustainability of Canada’s digital news marketplace; Ensure support for independent local news businesses, and ensure that a significant portion of independent local news businesses benefit from the deals; and Reflect the diversity of the Canadian news marketplace, including diversity with respect to language, racialized groups, Indigenous communities, local news and business models. A bill of this scope will certainly be studied very closely by the members of Parliament, and it would not be surprising if significant amendments were made during this process. We believe that some clarifications would be welcome, particularly as to the precise identity of businesses that will be considered “digital information intermediaries” for the purposes of the Online News Act.

Ransomware has wreaked so much havoc in recent years that many people forget about other cybersecurity risks. For some, not storing personal information makes them feeling immune to hackers and cyber incidents. For others, as long as their computers are working, they do not feel exposed to no malware. Unfortunately, the reality is quite different. A new trend is emerging: malware is being released to collect confidential information, including trade secrets, and then such information is being sold to third parties or released to the public.1 The Pegasus software used to spy on journalists and political opponents around the world has been widely discussed in the media, to the point that U.S. authorities decided to include it on their trade blacklist.2 However, the use of spyware is not limited to the political sphere. Recently, a California court ordered a U.S. corporation, 24[7].ai, to pay $30 million to one of its competitors, Liveperson.3 This is because 24[7].ai installed competing technology on mutual client websites where LivePerson’s technology already is installed. Liveperson alleged in its lawsuit that 24[7].ai installed spyware that gathered confidential and proprietary information and data regarding Liveperson’s technology and client relationships. In addition, the software which 24[7].ai allegedly installed removed some features of Liveperson’s technology, including the “chat” button. In doing so, 24[7].ai interfered in the relationship between Liveperson and its clients. This legal saga is ongoing, as another trial is scheduled to take place regarding trade secrets related to a Liveperson client.4 This legal dispute illustrates that cybersecurity is not only about personal information, but also about trade secrets and even the proper functioning of business software. A number of precautions can be taken to reduce the risk of cybersecurity incidents. Robust internal policies at all levels of the business help maintain a safe framework for business operations. Combined with employee awareness of the legal and business issues surrounding cybersecurity, these policies can be important additions to IT best practices. In addition, employee awareness facilitates the adoption of best practices, including systematic investigations of performance anomalies and the use of programming methods that protect trade secrets. Moreover, it may be advisable to ensure that contracts with clients provide IT suppliers with sufficient access to conduct  the necessary monitoring for the security of both parties. Ultimately, it is important to remember that the board of directors must exercise its duty with care, diligence and skill while looking out for the best interests of the business. Directors could be held personally liable if they fail to meet their obligation to ensure that adequate measures are implemented to prevent cyber incidents or if they ignore the risks and are wilfully blind. Thus, board members must be vigilant, be trained in and aware of cybersecurity in order to integrate it into their risk management approach. In an era in which intellectual property has become a corporation’s most important asset, it goes without saying that it is essential to put in place not only the technological tools, but also the procedures and policies required to adequately protect it! Contact Lavery for advice on the legal aspects of cybersecurity. See Page, Carly, “This new Android spyware masquerades as legitimate apps,” Techcrunch, November 10, 2021. https://techcrunch.com/2021/11/10/android-spyware-legitimate-apps; Page, Carly, “FBI says ransomware groups are using private financial information to further extort victims,” Techcrunch, November 2, 2021. https://techcrunch.com/2021/11/02/fbi-ransomware-private-financial-extort. Gardner, Frank, “NSO Group: Israeli spyware company added to US trade blacklist,” BBC News, November 3, 2021. https://www.bbc.com/news/technology-59149651. Claburn, Thomas, “Spyware, trade-secret theft, and $30m in damages: How two online support partners spectacularly fell out,” The Register,June 18, 2021. https://www.theregister.com/2021/06/18/liveperson_wins_30m_trade_secret. Brittain, Blake, “LivePerson wins $30 million from [24]7.ai in trade-secret verdict,”Reuters, June 17, 2021. https://www.reuters.com/legal/transactional/liveperson-wins-30-million-247ai-trade-secret-verdict-2021-06-17.

Do you have the right to copy source code written and developed by someone else? The answer to this question depends on the situation; however, even in the context of open innovation, intellectual property rights will be the starting point for any analysis required to obtain such an answer. In the software industry, open-source licences allow anyone to access the source code of corresponding software, free of charge and with few restrictions. The goal is generally to promote the improvement of this code by encouraging as many people as possible to use it. Linus Torval, the programmer of the Linux kernel (certainly one of the most well-known open-source projects) recently stated that without the open-source approach, his project would probably not have survived.1 However, this approach has legal consequences: Vizio was recently hit with a lawsuit alleging non-compliance with an open-sourceGPL licence used in the SmartCast OS software embedded in some of its televisions. It is being sued by Software Freedom Conservancy (“SFC”), an American non-profit promoting and defending open-source licences. As part of its lawsuit, SFC alleges, among other things, that Vizio was required to distribute the SmartCast OS source code under the above-mentioned open-source GPLlicence, which Vizio failed to do, thereby depriving consumers of their rights2. In Canadian law, section 3 of the Copyright Act3 gives the author the exclusive right to produce or reproduce all or any substantial part of an original work. This principle has been adopted by all signatories of the 1886 Berne Convention, i.e., almost every country in the world. A licence agreement, which may inter alia confer the right to reproduce the work of another person, can take different forms. It also establishes the extent of the rights conferred and the terms and conditions of any permitted use. However, not all open-source licences are equivalent. Many allow creators to attach various conditions to the right to use the code that has been made available. Under these licences, anyone may use the work or software, but subject to the following constraints, depending on the type of licence in effect: Obligation to display: An open-source licence may require disclosure of certain information in the software or in the source code itself, such as the following: The author’s name or pseudonym, or even maintaining the anonymity of the author, depending on their wishes, and/or a citation of the title of the work or software; The user licence of the redistributed open-source work or software; A modification note for each modified file; and A warranty disclaimer. Contribution obligations: Some licences require the sharing of any modifications made to the open-source code, with said modifications being under the same licence conditions. In some cases, this obligation extends to any software that incorporates the open-source code. In other words, code derived from open-source material can itself become open-source. This obligation to contribute can generally be categorized as follows: Any redistribution must be done under the original licence, making the result open-source as well; Any redistribution of the code, modified or not, must be done under the original licence, but other code may be associated or added without being subject to the open-source licence; or Any redistribution is done without any sharing constraints. Ban on commercialization: Some licences prohibit any use for commercial purposes. Apache v2 Level of obligation to contribute upon redistributionAny redistribution of the software, modified or not, or with added components, must be done under the terms of the original licence. Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedYes BSD Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Copyright notice Warranty disclaimer Commercial use permittedYes CC BY-NC 4.0 Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedNo CC0 1.0 Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Licence of the redistributed open-source software Commercial use permittedYes GPLv3 Level of obligation to contribute upon redistributionAny redistribution of the software, modified or not, or with added components, must be done under the terms of the original licence Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedYes, but sub-licensing is not allowed LGPLv3 Level of obligation to contribute upon redistributionAny redistribution of the software, modified or not, must be done under the terms of the original licence. New components can be added, but not integrated, under other non-open-source licences Mandatory elements to display Licence of the redistributed open-source software Identification of any changes made to the code Copyright notice Warranty disclaimer Commercial use permittedYes MIT Level of obligation to contribute upon redistributionAny redistribution of the software can be done without any obligation to share. Mandatory elements to display Licence of the redistributed open-source software Copyright notice Warranty disclaimer Commercial use permittedYes It is important to make programming teams aware of the issues that can arise when using modules governed by what are known as “viral licences” (such as the CC BY-NC 4.0 licence) in the design of commercial software. Such software could lose significant value if such modules are incorporated, making it difficult or even impossible to commercialize said software. In the context of open innovation where developers want to share their code, in particular to encourage collaboration, it is important to understand the scope of these different licences. The choice of the appropriate licence must be made based on the project’s objectives. Also, keep in mind that it is not always possible to change the licence used for the distribution of the code once said distribution has commenced. That means the choice of licence can have long-term consequences for any project. David Cassel, Linus Torvalds on Community, Rust and Linux's Longevity, The NewStack, Oct. 1, 2021, online: https://thenewstack.io. See the SFC press release: https://sfconservancy.org/copyleft-compliance/vizio.html. RSC 1985, c. C-42.

Bill 64, also known as the Act to modernize legislative provisions as regards the protection of personal information, was adopted on September 21, 2021, by the National Assembly of Québec. This new bill amends some 20 laws relating to the protection of personal information, including the Act respecting Access to documents held by public bodies and the Protection of personal information ("Access Act"), the Act respecting the protection of personal information in the private sector (“ARPIPS”) and the Act to establish a legal framework for information technology (“AELFIT”). While these changes will affect both public bodies and private businesses, this article focuses exclusively on the new requirements for public bodies covered by the Access Act.  We have prepared an amended version of the Access Act in order to reflect the exact changes brought about by Bill 64. 1. Strengthening consent mechanisms and increasing individual control over personal information By way of Bill 64, some important changes were made to the notion of consent when disclosing personal information to public bodies. From now on, any time an individual’s consent is required by the Access Act, public bodies must ensure that the concerned individual’s consent is given separately from any other disclosed information (s. 53.1). Furthermore, any consent to the collection of sensitive personal information (e.g., health or financial information that gives rise to a reasonable expectation of privacy) will have to be expressly obtained from the data subject (s. 59). The amended Access Act now also provides that minors under the age of 14 must have a parent or a guardian consent to the collection of their personal information. For minors over the age of 14, consent can be given either directly by the minor or by their parent or guardian (s. 53.1). The right to data portability is one of the new rights enforced by Bill 64. These added provisions to the Access Act allow data subjects to obtain data that a public body holds on them in a structured and commonly used technological format and to demand that this data be released to a third party (s. 84). Whenever a public body renders a decision based exclusively on automated processing of personal information, the affected individual must be informed of this process. If the decision produces legal effects or otherwise affects the individual concerned, upon request, the public body must also disclose to the individual (i) the personal information used in reaching the decision, (ii) the reasons and main factors leading to the decision, and (iii) the individual’s right to have this personal information rectified (s. 65.2).  Furthermore, public bodies that use technology to identify, locate or profile an individual must now inform the affected individual of the use of such technology and the means that are available to them in order to disable such functions (s. 65.0.1). 2. New personal data protection mechanisms Public bodies will now be required to conduct a privacy impact assessment whenever they seek to implement or update any information system that involves the collection, use, disclosure, retention or destruction of personal data (s. 63.5). This obligation will effectively compel public bodies to consider the privacy and personal information protection risks involved in a certain project at its outset. In fact, the Access Act now states that every public body must create an access to information committee, whose responsibilities will include offering their observations in such circumstances. 3. Promoting transparency and accountability for public bodies The changes brought about by Bill 64 also aim to increase the transparency of processes employed by public bodies in collecting and using personal data, as well as placing an emphasis on accountability. As such, public bodies will now have to publish on their websites the rules that govern their handling of personal data in clear and simple language (s. 63.3). These rules may take the form of a policy, directive or guide and must set out the various responsibilities of staff members with respect to personal information. Training and awareness programs for staff should also be listed. Any public body that collects personal information through technological means will likewise be required to publish a privacy policy on their website. The policy will have to be drafted in clear and simple language (s. 63.4). The government may eventually adopt regulations to specify the required content of such privacy policies. Moving forward, public bodies will also have to inform data subjects of any personal data transfer outside of the province of Quebec (s. 65). Any such transfer will also need to undergo a privacy impact assessment, which will include an analysis of the legal framework applicable in the State where the personal information will be transferred (s. 70.1). Furthermore, any transfer of personal data outside of Quebec must be subject to a written agreement that takes into account, in particular, the results of the privacy impact assessment and, if applicable, the agreed-upon terms to mitigate the risks identified in the assessment (s. 70.1). A public body that wishes to entrust a person or body outside of Quebec with the task of collecting, using, communicating or retaining personal information on its behalf will have to undertake a similar exercise (s. 70.1 (3)). 4. Managing confidentiality incidents Where a public body has reason to believe that a confidentiality incident (which is defined in Bill 64 as the access, use, disclosure or loss of personal information) has occurred, public bodies will be required to take reasonable steps to mitigate the injury caused to the affected individuals and to reduce the risk of further confidentiality incidents occurring in the future (s. 63.7). In addition, where the confidentiality incident poses a risk of serious harm to the affected individuals, these individuals and the Commission d’accès à l’information (“CAI”) must be notified (unless doing so would interfere with an investigation to prevent, detect or suppress crime or violations of law) (s. 63.7). Public bodies must now also keep a register of confidentiality incidents (s. 63.10), a copy of which must be sent to the CAI upon request. 5. Increased powers for the CAI Bill 64 also grants the CAI an arsenal of new powers aiming to ensure that public bodies, as well as private companies, comply with privacy laws. For example, in the event of a confidentiality incident, the CAI may order any public body to take appropriate action to protect the rights of affected individuals, after allowing the public body to make representations (s. 127.2). Furthermore, the CAI now has the power to impose substantial administrative monetary penalties, the value of which may reach up to $150,000 for public bodies (s. 159). In the event of repeat offences, fines will be doubled (s. 164.1). 6. Coming into force The amendments made by Bill 64 will come into force in several stages. Most of the new provisions of the Access Act [DM1] will come into force two years after the date of assent, which was granted on September 22, 2021. However, some specific provisions will take effect one year after that date, including: The requirements regarding actions to be taken in response to confidentiality incidents (s. 63.7) and the powers of the CAI upon disclosure by an organization of a confidentiality incident (s. 137.2); and The exception to disclosure without consent for research purposes (s. 67.2.1). Conclusion The clock is now ticking for public bodies to implement the necessary changes in order to comply with the new privacy requirements outlined in Bill 64, which received official assent on September 22, 2021. We invite you to consult our privacy specialists to help ensure proper compliance with the new requirements of the updated Access Act. The Lavery team would be more than pleased to answer any questions you may have regarding the upcoming changes and the potential impacts on your org

Bill 64, also known as the Act to modernize legislative provisions respecting the protection of personal information, was adopted on September 21, 2021, by the National Assembly of Québec. It amends some 20 laws relating to the protection of personal information, including the Act respecting access to documents held by public bodies ("Access Act"), the Act respecting the protection of personal information in the private sector ("Private Sector Act") and the Act respecting the legal framework for information technology. While the changes will affect both public bodies and private businesses, this publication will focus on providing an overview of the new requirements for private businesses covered by the Private Sector Act. We have prepared an amended version of the Private Sector Act in order to reflect the exact changes brought about by Bill 64. Essentially, the amended Private Sector Act aims to give individuals greater control over their personal information and promote the protection of personal information by making businesses more accountable and introducing new mechanisms to ensure compliance with Québec’s privacy rules. The following is a summary of the main amendments adopted by the legislator and the new requirements imposed on businesses in this area. It is important to note that, for the most part, the new privacy regime will come into effect in two years. 1. Increasing transparency and individual control over personal information The new Private Sector Act establishes the right of individuals to access information about themselves collected by businesses in a structured and commonly used technological format. Data subjects will now also be able to require a business to disclose such information to a third party, as long as the information was not “created or inferred” by the business (s. 27). This right is commonly referred to as the “right to data portability.” Businesses now have an obligation to destroy personal information once the purposes for which it was collected or used have been fulfilled. Alternatively, businesses may anonymize personal information in accordance with generally accepted best practices in order to use it for meaningful and legitimate purposes (s. 23). However, it is important that the identity of concerned individuals can never again be inferred from the retained information. This is a significant change for private businesses which, under the current law, can still retain personal information that has lapsed. In addition, Bill 64 provides individuals with a right to “de-indexation.” In other words, businesses will now have to de-index any hyperlink that leads to an individual’s personal information where dissemination of such personal information goes against the law or a court order (s. 28.1). Additionally, whenever a business uses personal information to render a decision based exclusively on an automated processing of such information, it must inform the concerned individual of the process at the latest when the decision is made (s. 12.1). The individual must likewise be made aware of their right to have the information rectified (s. 12.1). Bill 64 provides that the release and use of nominative lists by a private company for commercial or philanthropic prospecting purposes are now subject to the consent of concerned data subjects. Furthermore, in an effort to increase transparency, businesses will now be required to publish their rules of governance with respect to personal information in simple and clear terms on their website (s. 3.2). These rules may take the form of a policy, directive or guide and must, among other things, set out the various responsibilities of staff members with respect to personal information. In addition, businesses that collect personal information through technology will also be required to adopt and publish a privacy policy in plain language on their website when they collect personal information (s. 8.2). The amended Private Sector Act further provides that businesses that refuse access to information requests, in addition to giving reasons for their refusal and indicating the relevant sections of the Act, must now assist applicants in understanding why their request was denied when asked to (s. 34). 2. Promoting privacy and corporate accountability Bill 64 aims to make businesses more accountable for the protection of personal information, as exemplified by the new requirement for businesses to appoint a Chief Privacy Officer within their organization. By default, the role will fall upon the most senior person in the organization (s. 3.1). In addition, businesses will be required to conduct privacy impact assessments (“PIA”) for any information system acquisition, development or redesign project involving the collection, use, disclosure, retention or destruction of personal information (s. 3.3). This obligation forces businesses to consider the privacy and personal information protection risks involved in a project at its outset. The PIA must be proportionate to the sensitivity of the information involved, the purpose for which it is to be used, its quantity, distribution and medium (s. 3.3). Businesses will likewise be required to conduct a PIA when they intend to disclose personal information outside Québec. In these cases, the purpose of the PIA will be to determine whether the information will be adequately protected in accordance with generally accepted privacy principles (s. 17). The extra-provincial release of personal information must also be subject to a written agreement that takes into account, among other things, the results of the PIA and, if applicable, the terms and conditions agreed to in order to mitigate identified risks (s. 17(2)). The disclosure of personal information by businesses for study, research or statistical purposes is also subject to a PIA (s. 21). The law is substantially modified in this regard, in that a third party wishing to use personal information for such purposes must submit a written request to the Commission d'accès à l'information (“CAI”), attach a detailed description of their research activities and disclose a list of all persons and organizations to which it has made similar requests (s. 21.01.1 and 21.01.02). Businesses may also disclose personal information to a third party, without the consent of the individual, in the course of performing a service or for the purposes of a business contract. The mandate must be set out in a written contract, which must include the privacy safeguards to be followed by the agent or service provider (s. 18.3). The release of personal information without the consent of concerned individuals as part of a commercial transaction between private companies is subject to certain specific requirements (s. 18.4). The amended Private Sector Act now defines a business transaction as “the sale or lease of all or part of an enterprise or its assets, a change in its legal structure by merger or otherwise, the obtaining of a loan or other form of financing by it, or the taking of a security interest to secure an obligation of the enterprise” (s. 18.4). Bill 64 enshrines the concept of “privacy by default,” which means that businesses that collect personal information by offering a technological product or service to the public with various privacy settings must ensure that these settings provide the highest level of privacy by default, without any intervention on behalf of their users (s. 9.1). This does not apply to cookies. Where a business has reason to believe that a privacy incident has occurred, it must take reasonable steps to reduce the risk of harm and the reoccurrence of similar incidents (s. 3.5). A privacy incident is defined as “the access, use, disclosure or loss of personal information” (s. 3.6). In addition, businesses are required to notify concerned individuals and the CAI for each incident that presents a serious risk of harm, which is assessed in light of the sensitivity of the concerned information, the apprehended consequences of its use and the likelihood that it will be used for a harmful purpose (s. 3.7). Companies will furthermore be required to keep a confidentiality incident log that must be made available to the CAI upon request (s. 3.8). 3. Strengthening the consent regime Bill 64 modifies the Private Sector Act to ensure that any consent provided for in the Act is clear, free and informed and given for specific purposes. This means that consent must be requested for each of the purposes of the collection, in simple and clear terms and in a clearly distinct manner, to avoid consent being obtained through complex terms of use that are difficult for individuals to understand (art. 14). The amended Private Sector Act now provides that minors under the age of 14 must have a parent or a guardian consent to the collection of their personal information. For minors over the age of 14, consent can be given either directly by the minor or by their parent or guardian (s. 14). Within an organization, consent to the disclosure of sensitive personal information (e.g., health or other intimate information) must be expressly given by individuals (s. 12). 4. Ensuring better compliance The Private Sector Act has likewise been amended by adding new mechanisms to ensure that businesses subject to the Private Sector Act comply with its requirements. Firstly, the CAI is given the power to impose hefty dissuasive administrative monetary penalties on offenders, which can be as high as $10,000,000 or 2% of the company's worldwide turnover (s. 90.12). In the event of a repeat offence, the fine will be doubled (s. 92.1). In addition, when a confidentiality incident occurs within a company, the CAI may order it to take measures to protect the rights of affected individuals, after allowing the company to make observations (s. 81.3). Secondly, new criminal offences are added to the Private Sector Act, which may also lead to the imposition of severe fines. For offending companies, such fines can reach up to $25,000,000 or 4% of their worldwide turnover (s. 91). Finally, Bill 64 creates a new private right of action. Essentially, it provides that when an unlawful infringement of a right conferred by the Private Sector Act or by articles 35 to 40 of the Civil Code of Québec results in prejudice and the infringement is intentional or the result of gross negligence, the courts may award punitive damages of at least $1,000 (s. 93.1). 5. Coming into force The amendments made by Bill 64 will come into force in several stages. Most of the new provisions of the Private Sector Act will come into force two years after the date of assent, which was granted on September 22, 2021. However, some specific provisions will take effect one year after that date, including: The requirement for businesses to designate a Chief Privacy Officer (s. 3.1); The obligation to report privacy incidents (s. 3.5 to 3.8); The exception for disclosure of personal information in the course of a commercial transaction (s. 18.4); and The exception to disclosure of personal information for study or research purposes (s. 21 to 21.0.2). Finally, the provision enshrining the right to portability of personal information (s. 27) will come into force three years after the date of official assent. The Lavery team would be more than pleased to answer any questions you may have regarding the upcoming changes and the potential impact of Bill 64 on your business. The information and comments contained in this document do not constitute legal advice. They are intended solely for the use of the reader, who assumes full responsibility for its content, for their own purposes.

Behind every video game, there is intellectual property (IP) which is worth protecting to optimize monetisation of the game. As discussed in Studios and designers: Are you sure that you own the intellectual property rights to your video games, the first step for studios and designers is to make sure that they own all IP rights on the video game. The next step is to identify what type of IP protection is available between trademarks, copyrights and patents and then put in place an IP strategy to protect these assets in Canada and abroad. Below is a summary of the types of protection to consider to fully protect a video game. Trademarks The name of a video game is a valuable asset, with a potential to become internationally famous. Just think about Call of Duty, Fortnite, Minecraft and Assassin’s Creed or, for the more nostalgic, classic games such as Super Mario. Pokémon and Pacman. Trademarks have this power to evoke unique and captivating experience in the gaming world. In this industry, experience shows that a video game may become an instant international success, since it is an online market with powerful gaming influencers. For this reason, being proactive with trademark protection is key. What does it mean? First, clearance searches should be made as soon as you decide on the name of your game, in the most important markets where you anticipate sales. The idea here is to make sure that your brand is not conflicting with other marks so that you may use it and register it in your main market. Once the mark is cleared, you may then proceed with filing. Here again, the earlier the better as trademark protection is, in most countries, granted to the first-to-file. Filing before your project becomes public is therefore strongly recommend. As for the scope of the application, it should of course cover the game itself but also potential merchandising goods, either because it is part of the business plan to monetize the brand, or as a defensive strategy. Apart from the main brand, other aspects of the game may qualify as trademarks and be protectable. For instance, a sound or sequence of sounds associated with starting a console or a game could potentially be registered as trademarks. The names and image of characters in a game may also be protected, especially for merchandising goods.  In short, for studios and designers involved in the video game industry, trademark registration is key to getting the most value out of a video game. This begins with a well-orchestrated protection strategy to minimize risk of conflicts and to build a solid and valuable brand. Copyrights A video game is a mix of literary, artistic and musical works which are protected by copyright, including computer program behind a game’s architecture is also explicitly protected by law.1 The protection offered by the Copyright Act (“CA”) applies as soon as a work is created, without the need for registration. This protection extends to the 176 member countries of the Berne Convention. Although the protection of a work by copyright is automatic, copyright owners may register their right with the Canadian Intellectual Property Office (“CIPO”) at any time. In particular, registration makes it easier to prove ownership of the right in the event of a dispute in that it creates the presumption that the person named in the registration owns the copyright. Copyright protection applies to the entirety of the game, as well as to its various components. Any infringement of these rights by a third party may give rise to a copyright infringement claim if the work or a substantial part of it is copied, unless a defense such as fair dealing is applicable. In this respect, the following activities may qualify as fair dealing: research and private study, education, parody as well as criticism or review and news reporting. Is video game live streaming copyright infringement? In recent years, the phenomenon of video game live streaming has really taken off. Video gamers film or record their computer screens and broadcast them on platforms such as YouTube and Twitch to show their characters, strategies and tactics for completing certain levels of a game. Some live streaming video gamers, who make this their living, have achieved celebrity status and have thousands of followers. Is live streaming a video game without express permission copyright infringement? The courts have yet to rule on whether live streaming games online constitutes a copyright infringement to communicate the work to the public by telecommunication under section 3(1)(f) of the Act. Faced with this widely popular trend, some studios accept this practice because positive reviews from such gamers can boost game sales. Others criticize the fact that they profit from video games without copyright owners receiving any compensation. Chances are that live streaming is not the highest priority of the video industry who is more concerned by the illegal downloads and counterfeits, which may explain why the courts have not yet had the opportunity to rule on video game live streaming. Patents Patents protect the functional aspects of an invention. The owner of a patent may prevent anyone from making, using or commercializing the patented innovation from the date the patent is obtained. Three aspects are taken into consideration before granting a patent:2 Novelty – The invention must be different or be innovative compared to anything that has been done before, anywhere in the world. Utility – The invention must have a useful function and economic value. Inventiveness – The invention must not be obvious to a person skilled in the field. In Canada, it is not possible to patent an abstract idea, but it is possible to patent the physical embodiment of that idea, provided that it meets the criteria of novelty, utility and inventiveness. Canadian patents in the video game industry Patents obtained in the video game industry mainly relate to consoles, controllers, headsets and other gaming accessories. The video game industry has proved to be innovative with the development of inventions that are both fun and useful. In 2012, Nike patented an invention to encourage physical activity among video game players.3 The patent describes a device placed in a gamer’s shoe when the gamer is physically active and connected to a video game. The energy spent by the gamer gives energy to the virtual character. Once the character’s energy is depleted, the gamer must engage in physical activity again. Are game play mechanics patentable? Certain aspects of a video game are less easy to patent, in particular the game play mechanics, which are a distinctive aspect from the standpoint of gamers when choosing a video game. The game play mechanics consists in the virtual experience of a video game: character movement, the interaction of the player with the game, the way the player moves through the levels of the game, etc. Unique and well-developed game play mechanics can be a great asset for a developer wanting to market new versions of a game. Gamers will go back to a familiar game to get immersed in a new experience. This makes patenting such an experience appealing for a studio. Given that game play mechanics are developed using computer code, it might seem that even if the criteria of novelty, utility and inventiveness were met, this type of invention could not be physically embodied and thus could not be patented. To be patented, game play mechanics must have a physical component in addition to the code itself. Consider a patent describing a video game in which a gamer’s heartbeat is integrated into the game,4 which is a good illustration of physical embodiment. Such transposition of a gamer’s vital signs is done physically through a heart monitor worn by the gamer and connected to the game. As all these aspects were described in the invention, this type of inventive game play mechanics was considered patentable. In the United States, the criteria for patents are similar to those in Canada, meaning that abstract game play mechanics would have to be linked to a physical aspect in order to be patentable.   Conclusion Implementing an IP protection strategy prior to launching a video game can prevent conflicts, increase the value of assets and strongly position a company in the market to maximize profits. Copyright Act, section 2. “A guide to patents,” Canadian Intellectual Property Office, Government of Canada, 2020-02-24. Patent No. 2,596,041, issued February 9, 2006. Patent No. 2,208,932, issued June 26, 1997.

For the time being, there are no specific laws governing the use of artificial intelligence in Canada. Certainly, the laws on the use of personal information and those that prohibit discrimination still apply, no matter if the technologies involved are so-called artificial intelligence technologies or conventional ones. However, the application of such laws to artificial intelligence raises a number of questions, especially when dealing with “artificial neural networks,” because the opacity of the algorithms behind these makes it difficult for those affected to understand the decision-making mechanisms at work. Such artificial neural networks are different in that they provide only limited explanations as to their internal operation. On November 12, 2020, the Office of the Privacy Commissioner of Canada (OPC) published its recommendations for a regulatory framework for artificial intelligence.1 Pointing out that the use of artificial intelligence requiring personal information can have serious privacy implications, the OPC has made several recommendations, which involve the creation of the following, in particular: A requirement for those who develop such systems to ensure that privacy is protected in the design of artificial intelligence systems; A right for individuals to obtain an explanation, in understandable terms, to help them understand decisions made about them by an artificial intelligence system, which would also involve the assurance that such explanations are based on accurate information and are not discriminatory or biased; A right to contest decisions resulting from automated decision making; A right for the regulator to require evidence of the above. It should be noted that these recommendations include the possibility of imposing financial penalties on companies that would fail to abide by this regulatory framework. Moreover, contrary to the approach adopted in the General Data Protection Regulation and the Government of Quebec’s Bill 64, the rights to explanation and contestation would not be limited solely to automated decisions, but would also cover cases where an artificial intelligence system assists a human decision-maker. It is likely that these proposals will eventually provide a framework for the operation of intelligence systems already under development. It would thus be prudent for designers to take these recommendations into account and incorporate them into their artificial intelligence system development parameters as of now. Should these recommendations be adopted, it will also become necessary to consider how to explain the mechanisms behind the systems making or suggesting decisions based on artificial intelligence. As mentioned in these recommendations, “while trade secrets may require organizations to be careful with the explanations they provide, some form of meaningful explanation should always be possible without compromising intellectual property.”2 For this reason, it may be crucial to involve lawyers specializing in these matters from the start when designing solutions that use artificial intelligence and personal information. https://www.priv.gc.ca/en/about-the-opc/what-we-do/consultations/completed-consultations/consultation-ai/reg-fw_202011/ Ibid.

The year 2020 will have been difficult for the vast majority of industries, and in particular for the arts, entertainment and recreation industry. The video game industry, however, is growing in leaps and bounds. For example, Nintendo and PlayStation have each set record sales for their games released in 2020, including Animal Crossing:New Horizons and The Last of UsPart II. Over the past few decades, the number of video game players has never stopped increasing.  The year 2020 will surely be no exception, especially considering the COVID-19 pandemic.  Playing a video game is not only a way to have fun: it is also a way to stay connected with a community that shares the same interests. The world of video games is so popular that the Government of Canada teamed up with the Entertainment Software Association of Canada (“ESAC”) to launch the #CrushCOVID campaign, using ESAC’s and its members’ social media platforms to share mobilization and awareness messages about public health measures. The video game industry is an economic powerhouse in Canada. According to the latest ESAC report, the industry contributed an estimated $4.5 billion to Canada’s GDP in 2019 — up 20% from 20171 — and these figures will likely continue to rise. This video game boom has a decisive impact on the value of companies innovating in this field. A number of recent transactions illustrate this. For instance, last September, Microsoft acquired Bethesda Softworks, one of the largest video game publishers, for US$7.5 billion. Microsoft also bought the Swedish company Mojang Studios, which designed the legendary game Minecraft, for US$2.5 billion in 2014. Closer to home in Montreal, Beat Games was bought by Facebook following the launch of its virtual reality game, Beat Saber, while Typhoon Studios was bought by Google. A successful video game may be lucrative in various ways, between the sale of video games themselves and merchandising goods, such as clothing and accessories, figurines, as well as game-inspired TV series with giants such as Netflix, Amazon Prime, HBO and Hulu, which are always on the lookout for hit TV series. Protecting its intellectual property (“IP”) on a video game is key to monetize all investment put into the development of a game. Doing so is even more crucial in the context where video game commercialization knows no borders, and a game can become an international success overnight. In short, any company should ask itself the following questions before launching its video game, to better position itself in relation to potential investors, licensees or partners, as well as competitors and counterfeiters: Does my company own all of the IP rights on the video game? What kind of IP protection applies and where should IP be protected? Let’s look at the first question. Does my company own all of the IP rights on the video game? Designing a video game usually involves a team of creators, including ideators, programmers, writers, visual and sound effects designers. All these people contribute to the creation of the work that is the video game and the underlying IP. For instance, Ubisoft worked with muralists and graphic designers for its recent game, Watch Dogs: Legion. They designed nearly 300 works to create a post-Brexit urban London. The initiative earned Ubisoft praise even before the game’s release last October.2 Depending on their contribution to the game’s design and their status as employees or consultants, these creators may qualify as authors. As such, they may be considered co-owners of the copyright on the video game. Generally, the copyrights developed by employees in the course of their employment belong to the employer,3 while a consultant remains the owner of the copyrights, unless otherwise agreed upon in writing. Thus, a company behind a video game must make sure that its consultants assigns their IP rights to ensure that it retains full ownership of the copyright. What happens if a consultant has not assigned the copyrights to the company? Can the consultant claim co-ownership of the entire game, or are the consultant’s rights limited to the part he created, such as specific drawings, or music for a particular scene? This is an important question which may have an impact on profit sharing. In Seggie c. Roofdog Games Inc.,4the Superior Court held that a person (non-employee) whose contribution to a game is minimal cannot be considered as a co-author of the entire video game, insofar as: The contribution is limited to a few images; These images are distinguishable from the rest of the work; and The parties had no common intention of creating a collaborative work. Seggie was therefore denied the compensation of 25% of the profits generated by the game that he had claimed. However, the court recognized that Seggie held a copyright on the works he specifically created and which were incorporated into the game, and granted him a compensation of $10,000. Incidentally, this compensation is in our opinion arguable, given that Seggie had agreed to work pro bono for his friend. This decision shows how important it is to have a copyright assignment signed by any person contributing to the conception of a work, regardless of the extent of their involvement. Waiver of moral rights In addition to the assignment of copyrights, the company owning a video game should also ensure that the authors sign a waiver of their moral rights, so as not to limit the potential to modify the game or to associate it with another product or a cause. Indeed, the authors of a work have moral rights that enable them to oppose the use of their work in connection with another product or a cause, service or institution to the prejudice of their honour or reputation. An example would be the use of music or a character from a video game to promote a cause or product, or a television series derived from the game whose script could potentially harm the author’s reputation. To make sure you have plenty of leeway to exploit the commercial potential of the game, a waiver of moral rights should be signed by any employee and consultant involved in the creation of the video game. Conclusion Launching a video game requires a huge investment in terms of resources, time and creativity. In order to develop an effective protection strategy, the first step is to make sure that you own all rights. Then, you are in a position to fully protect and enjoy your IP rights. The next article in this series will discuss the significance and application of these IP rights—i.e., trademarks, copyrights and patents—to the video game industry. “The Canadian Video Game Industry 2019,” Entertainment Software Association of Canada, November 2019, [online]. CLÉMENT, Éric, “Le talent montréalais en vedette dans un nouveau jeu d’Ubisoft,” published in La Presse+, October 21, 2020, edition. Copyright Act, subsection 13(3). Seggie c. Roofdog Games Inc., 2015 QCCS 6462.

The COVID-19 pandemic has been not only causing major social upheaval but disrupting business development and the economy as well. Nevertheless, since last March, we have seen many developments and new projects involving self-driving vehicles (SDV). Here is an overview. Distancing made easy thanks to contactless delivery In mid-April 2020, General Motors’ Cruise SDVs were dispatched to assist two food banks in the delivery of nearly 4,000 meals in eight days in the San Francisco Bay Area. Deliveries were made with two volunteer drivers overseeing the operation of the Level 3 SDVs. Rob Grant, Vice President of Global Government Affairs at Cruise, commented on the usefulness of SDVs: “What I do see is this pandemic really showing where self-driving vehicles can be of use in the future.  That includes in contactless delivery like we’re doing here.”1 Also in California in April, SDVs operated by the start-up Nuro Inc. were made available to transport medical equipment in San Mateo County and Sacramento.  Toyota Pony SDVs were, for their part, used to deliver meals to local shelters in the city of Fremont, California.  Innovation: The first Level 4 driverless vehicle service In July 2020, Navya Group successfully implemented a Level 4 self-driving vehicles service on a closed site. Launched in partnership with Groupe Keolis, the service has been transporting visitors and athletes on the site of the National Shooting Sports Centre in Châteauroux, France, from the parking lot to the reception area.  This is a great step forward—it is the first trial of a level 4 vehicle, meaning that it is fully automated and does not require a human driver in the vehicle itself to control it should a critical situation occur. Driverless buses and dedicated lanes in the coming years In August 2020, the state of Michigan announced that it would take active steps to create dedicated road lanes exclusively for SDVs on a 65 km stretch of highway between Detroit and Ann Arbour.  This initiative will begin with a study to be conducted over the next three years. One of the goals of this ambitious project is to have driverless buses operating in the corridor connecting the University of Michigan and the Detroit Metropolitan Airport in downtown Detroit. In September 2020, the first SDV circuit in Japan was inaugurated at Tokyo’s Haneda Airport. The regular route travels 700 metres through the airport.  A tragedy to remind us that exercising caution is key  On March 18, 2018, in Tempe, Arizona, a pedestrian was killed in a collision with a Volvo SUV operated by an Uber Technologies automated driving system that was being tested. The vehicle involved in the accident, which was being fine-tuned, corresponded to a Level 3 SDV under SAE International Standard J3016, requiring a human driver to remain alert at all times in order to take control of the vehicle in a critical situation. The investigation by the National Transportation Safety Board determined that the vehicle’s automated driving system had detected the pedestrian, but was unable to classify her as such and thus predict her path. In addition, video footage of the driver inside the SDV showed that she did not have her eyes on the road at the time of the accident, but rather was looking at her cell phone on the vehicle’s console. In September 2020, the authorities indicted the driver of the vehicle and charged her with negligent homicide. The driver pleaded not guilty and the pre-trial conference will be held in late October 2020.  We will keep you informed of developments in this case.   In all sectors of the economy, including the transportation industry and more specifically the self-driving vehicles industry, projects have been put on hold because of the ongoing COVID-19 pandemic. Nevertheless, many projects that have been introduced, such as contactless delivery projects, are now more important than ever. Apart from the Navya Group project, which involves Level 4 vehicles, all the initiatives mentioned concern Level 3 vehicles. These vehicles, which are allowed on Quebec roads, must always have a human driver present. The recent charges against the inattentive driver in Arizona serve as a reminder to all drivers of Level 3 SDVs that regardless of the context of an accident, they may be held liable. The implementation of SDVs around the world is slow, but steadily gaining ground. A number of projects will soon be rolled out, including in Quebec. As such initiatives grow in number, SDVs will become more socially acceptable, and seeing these vehicles as something normal on our roads is right around the corner.   Financial Post, April 29, 2020, “Self-driving vehicles get in on the delivery scene amid COVID-19,”.

As distribution channels with a global reach, websites are a powerful tool for doing business, and during the pandemic, they even play a critical role. A website consists of a set of webpages accessible from an address hosted on a server through the internet or an intranet. A website is a collection of various elements protected by intellectual property laws. We will focus on the following: Copyright It protects an original work (i.e., the author’s own creative work), insofar as it involves the exercise of skill and judgment. This exclusive right allows the owner to produce or reproduce the work in any material form, to perform, represent or publish it, and to exercise other exclusive rights. A website may include the following works: the content of screen page, graphic designs, animation, texts, still and animated images, sounds, databases (which comprise a collection of works, data or other independent elements), software, as for example the ones relating to the creation, operation and launch of the website, computer programs, photographs, cartoons, videos. Ownership of Copyright Copyright is the author’s property, unless the author (i) has assigned his or her right, or (ii) has created the work in the course of his or her employment, in which case the copyright belongs to the employer. It is important to identify the various copyright owners of the works appearing on a website. If a company mandates an external firm to develop a website (website developer), the company will not immediately own the copyright to the website. A development contract entered into with a website developer will usually include a provision regarding the ownership of copyright. It is often provided that the assignment of intellectual property rights to the client who has commissioned a website will take place after payment for said website has been made in full. This poses a problem when the website developer does not complete the website or when a dispute arises over the course of the mandate. Stock Photos Generally speaking, websites that offer photographs do not transfer the copyright of the photographs to the users. They grant a licence to use (a right to use) for a limited time and for a specific purpose. The conditions of these licences must therefore be read carefully. Assignment of Rights An assignment must be in writing in order to transfer the copyright to the company that commissioned the website. Moral Rights Moral rights allow the author or performer (even if he or she is not the copyright owner) to: Claim authorship of the work; Claim respect for the integrity of the work (to protect the work against distortion, mutilation or modification or to prevent use that prejudice the honour or reputation of the author or performer or if the work is associated with a product or service without the consent of the author or performer). Recognition of Copyright in Other Countries Given that Canada is a party to the Berne Convention, copyright owned by a Canadian national, such as a company incorporated in Canada or a Canadian citizen, is recognized in other countries members of the Convention , and said copyright need not be registered in those other countries to acquire rights. In Canada, copyright registration is not mandatory, but it does give rise to a presumption of law that it is advisable to register, at the very least, for works that are important to the business, in order to more effectively  act against  infringement. Copyright infringement is the reproduction of an entire protected work or any substantial part of it without permission. In the same manner that website contents owned by the copyright owner may not be copied without permission, one must ensure that he or she does not import or publish on his or her website any work protected by copyright without first obtaining permission. Domain Name Some domain names are protected by trademark laws, and some are not. This depends on the nature of the domain name and the use made of it. Merely registering a domain name does not create a right that could prohibit the use of a conflicting domain name or trademark. Using a distinctive domain name could confer upon its owner the right to oppose the subsequent use by third parties of a confusing domain name, trademark or trade name. Effective domain name arbitration mechanisms exist for .com and for .ca in the event of misappropriation of a conflicting domain name. Trademark A website owner using a trademark on his or her website in order to identify his or her products or services should protect said trademark by registration. Without listing all the benefits of registering a trademark, suffice it to say that registering one’s rights is significantly less costly than trying to recover said rights once they have been appropriated by a third party. The trademark owner may oppose any confusing third party’s trademark, trade name or domain name (the test of confusion takes into account various factors) if his or her rights precede those of the other. In the case of unauthorized appropriation of a third party’s logo or figurative mark, the owner may, in many cases, not only invoke trademark infringement but also copyright infringement. Right to One’s Image and Privacy The Civil Code of Québec provides that every person is the holder of personality rights, such as the right to life, the right to the inviolability and integrity of his person, and the right to the respect of his name, reputation and privacy. Similar provisions exist in other legislation, such as the Quebec Charter of Human Rights and Freedoms and the Canadian Charter of Rights and Freedoms. The law is similar in other Canadian provinces, and comparable legislation exists in various countries around the world. Thus, as a general rule, a website owner may not: (i) Publish, for example, a photograph or image of a person without that person’s consent. This rule must be weighed against the rule relating to public interest in the right to freedom of expression and the right to information; (ii) Damage a person’s reputation; (iii) Imply or suggest that a person endorses a product or service without that person’s consent. The Civil Code of Québec further provides that the use of a person’s correspondence, manuscripts or other documents without his or her consent constitutes an invasion of his or her privacy. Trade Secret Various components of a website may be protected by trade secret if a confidentiality agreement was signed and the information remains secret. This could be the case with the website coding.   Many people have preconceived ideas about intellectual property in the world of e-commerce. Often, they wrongly assume that since they commissioned their website, they own its intellectual property rights or that they can post a photo of a product copied from another website without authorization because they sell the product. Although it is easy, fast and free to access, a website is governed by a legal framework regarding intellectual property, with which website operators must comply. We did not cover the wide array of rights that are involved in a website in just a few lines. For example, for some websites, there may be patent and industrial design issues to deal with. All these legal considerations are not self-evident. Several rules must be followed to avoid engaging in illegal practices, to avoid the unpleasant surprise of discovering that you do not own the intellectual property rights to parts or all of the website, and to avoid facing threats of legal action for violating the rights of third parties. Furthermore, all the work invested in the creation and operation of the website may not provide any additional value to your company if the intellectual property rights have been neglected, even though in many cases it is a significant asset to the company. It is important to become familiar with these rules, protect your rights and resolve legal pitfalls-ideally before launching a website. If the issue of intellectual property rights is only addressed after launching the website, there may still be time to seek protection or to attempt to overcome legal problems.  Whether the website is already online or is about to be launched, an audit should be carried out to determine the situation and, if necessary, obtain protection, sign contracts and find solutions to problems that could lead to illegal or disadvantageous situations.