Website Terms of use: Jurisdiction clauses

November 9, 2010 · Posted in compliance, Guest Blogger, legal, rights · Comment 

Thanks to Paul Foley of IIA Member Company McKeever Rowan for the following overview of a case where a company’s website terms of use saved the day.

In providing a service over the internet into other EU countries, from a website hosted in Ireland, an internet service provider will typically want to ensure that if there is a dispute with a user of the service, that the dispute can be litigated in Ireland.

Gavel
Photo owned by walknboston (cc)

The Brussels Regulation (which determines which courts have jurisdiction in civil and commercial disputes between companies and individuals) at article 2 provides (subject to some exceptions including that set out in article 23) that a person (legal or natural) may only be sued in the member state in which he or she is domiciled.

Billigfluege.de Gmbh ( “defendant”) a German service provider was engaged in screen scraping  of Ryanair’s web site, (gathering flight data  from the Ryanair site and reproducing it on their price comparison site and selling it for a fee) a practice which Ryanair alleged was in breach of the site’s terms of use, clearly accessible through a hyperlink on the front page of Ryanair’s website.

One of the terms of use (clause 7) provided that the courts of Ireland were to have exclusive jurisdiction in any dispute involving the terms of use. This was consistent with article 23 of the Brussels Regulation, which allows as an exception to article 2 for parties to a contract to agree that a particular EU member state court would have jurisdiction in the event of a dispute.

Ryanair took proceedings for breach (under a number of headings) of their terms of use in the Irish High Court against the defendant.

The defendant argued that Ryanair’s terms of use could not form the basis of a contract because all of the traditional features of a legally binding contract were absent including that there was no consideration and accordingly Ryanair could not rely on article 23.

One of the issues that a previous decision of the European court of justice had argued, was that an EU member state court could have exclusive jurisdiction where there was a validly concluded jurisdiction clause, even where there was a dispute as to the validity of the agreement in which the clause was included.

In a decision of the Irish High Court (which is the subject of an appeal to the Irish Supreme Court, which is  imminent), the judge decided that i) the Ryanair terms of use had been fairly brought to the attention of defendant (they were clearly accessible through a link on the front page of the site ); ii) the provision of information by Ryanair through their terms of use policy, which offer of information was accepted by the defendant when accessing the site and lifting the information,  constituted valid consideration; and  iii) the defendants had used the site and made a profit on the information obtained and by doing so had clearly assented to the terms of use.  Accordingly the judge found that the exclusive jurisdiction clause in the terms of use had contractual effect and that the Irish courts had authority to determine the dispute. The judge did not go so far as to declare the remainder of the terms of use legally valid.

The judgement provides some encouragement to web site owners, that if their web site terms are sufficiently well drafted (including incorporating a home state jurisdiction clause), and are brought properly to the attention of site users, that the onerous provision of article 2 of the Brussels Regulation can be avoided and home state jurisdiction maintained.  It remains to be seen whether the Supreme Court will uphold this decision.

Tags: , , , , , ,

Broadcasting Bill 2008 concerns the IIA

May 11, 2009 · Posted in Lobbying · Comment 

documentI have just posted a news item on our site in relation to the Broadcasting Bill 2008. This issue was brought to my attention and the attention of Fergal, IIA CEO, via various avenues so thanks to anyone who got in touch late last week.

The Broadcasting Bill 2008, if enacted as is, could create confusion and a possible loophole for an added tax on both consumers and business users of the internet. However, we hope to be corrected and that this is not the case! Please use the comments below to contribute. Check out our news item on the IIA site to get more details. We would like to ensure that those debating this issue are aware of this lack of clarity and clear it up now. I imagine the government would have a hard time justifying a licence fee on all devices capable of accessing the type of content described in the bill particularly considering the lack of availability of adequate broadband for many.

Also there is a lively discussion going on over on Mark Dennehy’s blog on this topic. You can also check out the Broadcasting Bill itself online. (PDF, 1.21mb)

Tags: , , , ,

Protect us from all anxiety

June 4, 2008 · Posted in Uncategorized · 8 Comments 

One of the many things I have been doing since I began working here in the Irish Internet Association has been responding to queries that come in from members and from the general public. In order to do this I have to try very hard to keep abreast of the kind of issues that are concerning our members. One of our newer members originally contacted me with a query about data protection legislation and I felt terribly ignorant when he seemed to know more than I did. Happily he still joined the IIA!

So last week I gratefully accepted an invitation from the Institute of International and European Affairs to attend their event “Perspectives on privacy in the Internet Age” with presentations by Peter Fleisher, Chief Privacy Counsel, Google Inc., and Billy Hawkes, Data Protection Commissioner. There was also a brief presentation from the floor by Inspector Pat Burke of An Garda Síochána. Here is a brief synopsis but please if you were present and feel I am misrepresenting anyone, I would welcome corrections and clarifications. Thanks!

Both Peter and Billy opened their presentations quoting Scott McNealy’s now infamous and eight year old comment “You have zero privacy anyway. Get over it.” although it became quickly clear that neither of them are even remotely as blasé as McNealy was way back then when it comes to privacy and data protection.

It\'s the Google logo!Both of the speakers talked about how, now that information storage is so cheap, it’s actually more cost effective to keep rather than delete information. Fleisher suggested that corporations who are required to comply with privacy and data protection legislation could deal with this in a number of ways:

  • Time based anonymisation: forgetfulness should be programmed in so that once information reaches the time limit required by law, it is forgotten by the database.
  • Include privacy controls so that users can choose what level of privacy they wish to set for the information that they are storing or publishing online.
  • Education: Corporations like Google have a responsibility to educate users about privacy and data protection in a clear and accessible manner.

However Google’s biggest difficulty in relation to privacy legislation is that they are required to comply to location based regimes as he called them. Even within the EU and based on the EU directive countries could set their own time limits for data retention and Google has to comply to all of these while in reality all of this data exists in the cloud rather than any specific location. He also pointed out that in the US there are 39 Security Breach laws each with their own details because the legislation that governs privacy in the US is not federal.

In relation to education Fleisher told us that Google have developed a selection of videos about privacy which have been viewed by half a million viewers. He suggested that corporations might consider video as a more personable approach to privacy statement than the current privacy statements that can now be found on most websites. Fleisher said that the APEC privacy framework was, so far, Google’s preferred framework with it’s emphasis on preventing harm and focus on accountability. 

He finished up by reminding us that the big question should be what do we want technology to do for us rather than what is technology doing to us?

Data Protection CommissionerBilly Hawkes, the Data Protection Commissioner, had some very interesting statistics about data protection in Ireland and attitudes to data protection and privacy among Irish citizens. Firstly he pointed out that only 10% of companies in Ireland transfer data outside the EU so there may not be currently a requirement for global laws. Citing the Eurobarometer 2008: Data Protection in the European Union: Citizens’ Perceptions, he pointed out that Irish people were slightly more concerned about privacy than the EU average but were also among those most opposed to monitoring of internet usage. All these details can be accessed via the Eurobarometer website. (PDF) Nora Owen, who chaired the session, in her summing up made particular reference to Hawkes use of the phrase “function creep”. He used this when referring to the reasons why data is being kept. Does less privacy and more monitoring equal enhanced security for citizens? Does it equal less crime.

When talking about the future he suggested that corporations should include privacy by design or commission privacy enhancing technology. Similar to Fleisher he emphasised the need to educate people about revealing information, making the point that privacy rights are technology neutral.

Inspector Pat Burke from An Garda Síochána also added from the floor that through their cooperation with the Data Protection Commissioner and always operating within the law and with the right to do proper, legitmate investigation they have had some success in tackling crime which uses the Internet as a platform such as child pornography, internet fraud and identity theft. They have also been able to tackle transnational crimes such as human and child trafficking.

Questions from the floor were put by TJ McIntyre from Digital Rights Ireland and Mark Kelly of Irish Council for Civil Liberties who asked if Google would use a human rights framework to which Fleisher responded that Google are very focussed on the ethical use of the Internet and while they were forced into  “the odious concept of censorship” in China, their search results in China include a statement that the results have been filtered. They also will not offer Gmail in China. Brian Greene also made the point that 90% of people using the internet are consumers rather than content producers and there are issues when corporations get and retain data about consumers. Fleisher clarified that Google comes in two flavours: plain ol’ search or search enhanced via logging into your Google account where Google gets to know you and offers you results based on your search history. It’s the consumers choice which search to use.

An interesting afternoon and do you know what? The lunch was delicious too!

As I mentioned at the top of the post I’m new to a lot of these issues so I would really appreciate any comments or clarifications via the comments below.

Tags: , , , , , , , , , , , , , ,