After years of public and private discussions, Canada started implementing a new copyright law in recent years.
The law introduced great improvements in terms of fair use and non-commercial file-sharing, and also adopts a “notice-and-notice” policy for ISPs that goes into effect today, January 2nd.
Under the new law Internet providers are required to forward copyright notices they receive from rightsholders to their customers. Providers who do not comply, including VPN services, face damages up to $10,000.
The notice scheme creates a safe harbor for Internet providers, protecting them from copyright holder lawsuits. For Internet subscribers the effects are limited to warnings, which is less draconian than the “strikes” systems other countries have implemented.
University of Ottawa professor Michael Geist, who has been a critical follower of the copyright law changes, notes that despite its modesty people should be wary of the negative consequences these notices may have.
“I think they’re generally a good solution – proven effective when used informally and far less draconian than takedown systems. That said, there is the danger of potential abuse that will be need to be monitored,” Geist tells TF.
Among the most prominent concerns are the so-called settlement schemes where copyright holders ask pirating subscribers to pay a fee. These have become relatively common in the U.S. and are now expected to expand into Canada.
One of the companies that helps rightsholders to collect settlements is CEG TEK, and they are already gearing up to enter the Canadian market.
“We have been conducting tests in the Canada market and see positive results with ISPs. We look forward to a full-scale launch in the new year,” CEG TEK’s COO Kyle Reed informs TF.
These settlement notices are a “significant concern” according to Professor Geist. He says that the law currently doesn’t prohibit copyright holders from sending them in, but that subscribers’ identities are shielded.
“The law does not preclude the inclusion of a settlement demand, though Canada has a cap on liability for non-commercial infringement and the sender of the notice obviously does not know the identity of the subscriber,” Geist tells TF
“ISPs would seemingly be required to send these notifications, but there is nothing in the law that would stop them from advising subscribers on the context of these notices,” he adds.
The new notice-and-notice system also has a great impact on VPN providers. The new law requires them to identify pirating customers so they can forward the infringement notices.
To be able to do so the companies have to retain access logs for a minimum of six months. This mandatory data retention is expected to lead to a customer exodus as it makes it impossible for providers to guarantee people’s anonymity, a key feature of any VPN service.
As we pointed out before, the new law requires VPN providers to implement an extensive log retantion and notice policy to deal with takedown notices. This will prove to be quite costly or simply impossible, especially for smaller companies that are sometimes run by individuals.
Many VPN providers assign shared IP-addresses to their customers, so even if they wanted to there is no option to accurately identify a copyright infringer. These companies face potential legal issues.
During the months to come it will become apparent what impact the notice-and-notice system will have on businesses and customers.
Update: Several sources in the know have offered TF additional analyses to clear up some the confusion. Below are some of the most relevant comments regarding VPN providers.
1. There is disagreement to what extent VPNs are seen as a “means of telecommunication.” This description could be fought by VPN providers which would then mean that they are not bound to section 41.25(1)(a). For now, this remains undecided.
2. Section 41.26(1)(b) requires to retain data for six months from the moment a notice is received so “the identity of the person to whom the electronic location belongs to be determined.” This includes the IP-address/timestamp linking the infringement to a specific customer, but no other “logs” are required.
3. If a VPN doesn’t hold any information that can link an IP-address to a specific customer they have to explain that to the copyright holder. 41.26(3) suggests that this could lead to potential legal action.