Permission Request:
We respectfully request your permission to send email messages from Field Law; similar to the one below. If you no longer wish to receive electronic messages, please click the unsubscribe button at the bottom of this message.
I agree to opt in to all Field Law e-mail campaigns.
To view a web version of this message, click here

BILL C-22 - MANDATORY REPORTING OBLIGATIONS

Area of Coverage - Intellectual Property

Bill C-22 (Mandatory Reporting of Internet Child Pornography by Persons Who Provide an Internet Service) (the “Act”) was passed in March, 2011 and was proclaimed in force as of December 8, 2011. Those caught by the Act now have certain statutory obligations to report online child pornography.

Structure of the Act
The Act makes it mandatory for providers of Internet services to report incidents of online child pornography. It is based on the existing anti-child-pornography provisions of the Criminal Code, so it does not create new offences relating to child-pornography. However, it does create new offences for contravention of the four mandatory reporting obligations. The punishments range from fines of $1,000 to $10,000 for individuals and at the most severe end of the spectrum, imprisonment of up to six months, and for corporations, fines from $10,000 to $100,000.

Who Is Caught by the Act?
The Act applies to persons “providing an Internet service to the public”. An “Internet service” is defined broadly as “a service providing Internet access, Internet content hosting or electronic mail.” Therefore, anyone providing Internet access, Internet content hosting or electronic mail to the public is caught by the mandatory reporting obligations. This language is broadly drafted, so it is not immediately clear what is intended by the legislation. The Act is ultimately subject to interpretation by the courts, and obviously it is too soon to benefit from any judicial guidance in this area. Legislative drafting notes, impact statements and government backgrounders provide some indication of how the legislation might be enforced.

Commercial ISPs (Internet Service Providers) are certainly caught. It has been reported that all of Canada’s major ISPs already voluntarily report child pornography when they encounter it and the Act codifies this industry practice. The Act also ensures that all those who provide Internet services to the public (not just ISPs) in Canada are held to the same standard.

Government background papers suggest that, besides traditional ISPs (such as, for example, Telus and Shaw), the Act also applies to those who provide email services (such as Google’s Gmail service, and Microsoft’s Hotmail or MSN, and other email providers such as Yahoo), social networking sites such as Facebook, Twitter, YouTube.com, Flickr.com, Picasa, LinkedIn, Google+, MySpace, and a range of other sites and services that are based on a social-networking model. The term “Internet content hosting services” is so broad that it is difficult to gauge what this is intended to capture: commercial hosting services provide “Internet content hosting services”, as do traditional ISPs, and retail and reseller sites such as Amazon.com, Kijiji.ca, Craigslist.ca, and arguably anyone who hosts any online content of third-parties.

There are many entities that provide Internet access, even though they may not provide email or Internet content hosting services. For example, public computers located at the libraries of colleges and universities, or public libraries, as well as WiFi access provided by cafés, hotels, shopping malls and other businesses can all be described as “providing Internet access” to the public. This would appear to be the case, even though these businesses and organizations are all providing internet access that is in turn provided by an ISP. Colleges, universities, public libraries, cafés, hotels and shopping malls are not really in the business of providing internet access; they merely make available internet access which is ultimately provided by a traditional ISP. However, the legislation is not drafted to apply only to those primarily in the business of providing internet access, but to apply to anyone who provides a “service providing Internet access....” Therefore, it should be assumed that these entities – colleges, universities, public libraries, cafés, hotels, shopping malls, etc. – are caught by the Act and could receive a report about child pornography under the Act.

The Act specifically states that it does not require or authorize anyone to actively seek out incidences of child pornography. In other words, the Act does not require those who provide an Internet service to the public to monitor their networks for this type of material.

What Are the Mandatory Reporting Obligations?
To reiterate, a service provider (i.e. someone caught by the Act by virtue of the fact that they provide an Internet service to the public) should be considered broadly to include ISPs, as well as the likes of Google, Microsoft, Yahoo, Facebook, Twitter, YouTube.com, Flickr.com, Picasa, LinkedIn, Google+, MySpace, Amazon.com, Kijiji.ca, Craigslist.ca, and colleges, universities, public libraries, cafés, hotels and shopping malls who provide internet access or WiFi.

Section 2 states that if a service provider is told about an Internet Protocol (IP) address or a Uniform Resource Locator (URL) where child pornography may be available to the public, that service provider must report that IP address or URL to the Canadian Centre for Child Protection (Cybertip.ca), which is the designated organization for receiving reports.

Under Section 3, if a service provider has reasonable grounds to believe that their Internet service is being or has been used to commit a child pornography offence, the service provider must notify the police.

Section 4 mandates the preservation of computer data related to the notification, for a period of 21 days after the notification is made.

Under Section 5, it is an offence for a service provider to disclose that they have made a report under Section 2 or a notification under Section 3.

Therefore, service providers who do not already have a procedure in place for handling such reports, should review and implement procedures and protocols to comply with the new mandatory reporting obligations.

Other Notes
There is companion legislation proposed or in force in other provinces, including Manitoba (in force) and Ontario (in force). In Alberta, Bill 202 (2010) is now the Mandatory Reporting of Child Pornography Act, S.A. 2010, cM-3.3. It received Royal Assent on April 22, 2010; however, it is not yet in force. The Alberta law contains similar but slightly different reporting obligations (“Any person who has reasonable and probable grounds to believe that a representation or material is child pornography shall immediately report the matter to a reporting entity.”)

For assistance in understanding the implications of the Act, and developing sound procedures to comply with reporting obligations, please contact our Intellectual Property and Technology Group.

Link to the legislation

Link to Cybertip.ca and announcement of reporting obligations

January 19, 2012

EDMONTON
2000 10235 - 101 STREET
EDMONTON AB T5J 3G1
PH 780 423 3003

CALGARY
400 THE LOUGHEED BUILDING
604 - 1 STREET SW
CALGARY AB T2P 1M7
PH  403 260 8500

YELLOWKNIFE
201, 5120 - 49 STREET
YELLOWKNIFE NT X1A 1P8
PH 867 920 4542

 

This E-Bulletin is a publication of Field Law's Intellectual Property Group.  For more information on our services and contacts, please see our webpage.

 

To subscribe/unsubscribe to Field Law Publications, please click the following link to submit your request: http://www.fieldlaw.com/publications_subscriptions.asp