2012 proved to be an exciting year for Canadian advertising and marketing law, with industry regulators and the legislators trying to keep up with the ever-evolving technological times by issuing new guidelines and regulations to address the latest legal concerns raised by the digital era and consumers’ increasing use of e-commerce, social media sites and internet marketing.
Some of the most noteworthy highlights in Canadian advertising and marketing law in 2012 include the Supreme Court of Canada weighing in on misleading advertising, the Privacy Commissioner of Canada delving into the sphere of mobile apps, new federal rules to fight spam, unsolicited commercial electronic messages, identity theft, phishing and spyware, as well as the modernization of the Copyright Act to address numerous issues arising from the development of digital and Internet technology.
1. Richard v. Time Inc. - The Supreme Court Weighs in on False and Misleading Advertising
In February 2012, the Supreme Court of Canada issued a decision relating to misleading advertising, Richard v. Time Inc., 2012 SCC 8. While the case revolved around the interpretation of the Quebec Consumer Protection Act (Act) and the definition and standard to which the “average consumer” must be held for the purposes of determining whether a representation is false or misleading, it is likely to be of national significance. The Court’s decision may have an impact on the analogous provisions against false and misleading advertising contained in the federal Competition Act as well as various other provincial consumer protection legislation, particularly as misleading advertising cases rarely reach the level of the Supreme Court.
In this case, the Supreme Court heard an appeal of a decision by the Quebec Court of Appeal regarding an “Official Sweepstakes Notification” document that had been sent to the appellant, Mr. Richard, by Time Inc., along with a solicitation for a magazine subscription. The notification took the form of a letter addressed to the appellant, and signed by a fictional “Elizabeth Matthews, Director of Sweepstakes”. The document contained several prominent, bold face, and uppercase declarations that the recipient was the winner of a large cash prize, qualified with much less prominent conditional clauses indicating that this was only true if he held and returned the winning ticket:
“If you have and return the Grand Prize winning entry in time and correctly answer a skill testing question, we will officially announce that
OUR SWEEPSTAKES RESULTS ARE NOW FINAL: MR JEAN MARC RICHARD HAS WON A CASH PRIZE OF $833,337.00!”
The official rules of the sweepstakes stated that a winning number had been pre-selected and that the holder of the winning number would receive the prize only if they returned the entry form by the deadline.
The appellant claimed that he read the notification form thoroughly, and even went so far as to obtain a second opinion from the vice-president of his company, and was convinced that he had won a large prize. He returned the entry ticket, and at the same time subscribed to Time magazine. While his magazines arrived, the cash prize did not. After contacting Time and being informed that he did not hold the winning ticket, the appellant sought a declaration from the Quebec Superior Court that he was in fact the winner, along with punitive and compensatory damages.
At trial, the Superior Court found that the notification form did not amount to a contract, and as such, refused to order the payment of the prize. However, the trial court found that the document was “designed to mislead the recipient”, and that any qualifying language was “buried in a sea of text”. As a result, the court awarded $100,000 in punitive damages, along with $1,000 for any “moral injuries” suffered by the appellant.
On appeal, the Quebec Court of Appeal overturned the damages award, finding that there were no false or misleading representations in the document. While the exclamatory text may be designed to catch a reader’s attention, a careful reading of the document would dispel any impression that the reader was the winner of a prize. In reaching this finding, the Court of Appeal held that in assessing whether the general impression of an advertisement was false or misleading, one had to consider the “average consumer”, who had “an average level of intelligence, scepticism and curiosity”. Raising the bar for the general impression test for consumer protection cases, the Court held that consumers had to be suspicious of advertisements that seemed too good to be true. In passing, the Court noted that the appellant was a sophisticated businessman whom it suspected was well aware of his chances of winning from the very beginning.
The General Impression Test
The Supreme Court overturned the ruling of the Québec Court of Appeal, and issued an important ruling on the formulation of the “general impression” test for false or misleading advertising, and on the characteristics of the “average consumer”.
The Supreme Court affirmed that in considering whether advertising was false or misleading, one must consider not only the literal meaning of advertising copy but also the “general impression” created by the advertisement in the mind of an “average consumer”. The general impression test is applied by determining the “first impression” that an average consumer will have after contact with the entire advertisement. While the general impression does not result from a “rushed or partial” reading of the advertising copy, neither does it involve a minute dissection of the text. The Supreme Court stated that the courts must not approach advertisements as they would commercial contracts by reading them “several times, going over every detail to make sure they understand all its subtleties”. Instead a single reading of the entire advertisement, considering both the text itself as well as its layout and presentation, should be sufficient to assess the general impression created.
In assessing the “general impression” of an advertisement, the court must consider the viewpoint of an “average consumer”. The Supreme Court rejected the Court of Appeal’s description of an average consumer as a person with an “average level of intelligence, scepticism and curiosity”, instead holding that the average consumer must be considered “credulous and inexperienced”, to give effect to the legislative intention to protect vulnerable people through the means of consumer protection legislation. The Supreme Court stated that the expression "average consumer" did not “refer to a reasonably prudent and diligent person, let alone a well-informed person”. Instead, the “average consumer” was prepared to trust the general impression of an advertisement, but was capable of understanding its literal meaning, provided that the general layout of the copy did not render it unintelligible.
In applying this test, the Supreme Court held that the “Official Sweepstakes Notification” was misleading as it conveyed the general impression that the appellant had won the prize. As a result, it awarded the appellant $1,000 in compensatory damages for moral injuries; however, it reduced the award of punitive damages to $15,000.
While the decision in Richard v. Time Inc., was founded on the prohibition on “false and misleading” advertising in the Quebec Consumer Protection Act, similar prohibitions exist in the consumer protection legislation of most provinces, as well as at the federal level under the Competition Act. The Supreme Court’s formulation of the “general impression” test and the “average consumer” in Richard v. Time Inc. is likely to be highly persuasive on future courts considering false or misleading advertising in the context of competition law advertising cases.
2. Office Québécoise de la langue française Targeting English Marks on Commercial Signage in Quebec
In an effort to preserve the French landscape in Quebec, on November 13, 2011, the Office Québécois de la langue française (OQLF) officially launched its “A sign of respect of the law” (“Une marque de respect de la loi”) campaign.
The highly promoted television and online campaign aimed to inform marketers of the OQLF’s application of the Charter of the French Language (the “Charter”) and its Regulation respecting the language of commerce and business (the “Regulation”) to all businesses operating in Québec.
All businesses employing English marks on commercial signage in Quebec be warned: English-only trade-marks used to designate business names on commercial signage in Quebec must be accompanied by a French generic descriptor, phrase or expression. Although the OQLF appears to acknowledge the “recognized” trade-mark exception (whereby trade-marks recognized under the Trade-marks Act may be used in a language other than French in commercial signage), the OQLF limits this exception by stating that if such a trade-mark is used as the name of a business, it must be accompanied by a generic descriptive term or slogan in French.
According to the OQLF, businesses may identify themselves by using:
• An English trade-mark (i.e., a business name) accompanied by a French generic descriptive term;
• An English trade-mark accompanied by a French generic descriptive expression or slogan;
• A French version of the trade-mark displayed exclusively; or
• Both the English and French versions of the trade-mark, displayed with the French version being “markedly predominant.”
Readers who operate small businesses should note that the OQLF has established a financial assistance program to assist small businesses employing five to 99 persons in their compliance efforts. Up to 75 percent of the expenses incurred as a result of modifications to existing signage may be covered by the program, to a maximum of $50,000 per business.
As a last resort, the OQLF has stated that it may refer the files of non-compliant businesses to Quebec’s director of criminal and penal prosecutions so that legal proceedings may be initiated. Businesses that contravene the Charter or its Regulation may be liable to a fine ranging from $1,500 to $20,000 for a first offence, with fines doubling for any subsequent offence.
When endeavoring to comply with the requirements of the Charter and the Regulation, businesses are well-advised to carefully consider the potential consequences that any modifications to a trade-mark may have on the legal protection that it receives. Furthermore, businesses that choose to register a French version of a trade-mark will be precluded from invoking the “recognized” trade-mark exception to permit the exclusive use of the English mark in commercial advertising, product packaging and labelling, and commercial publications.
On October 9, 2012, six leading retailers and multinational chains challenged the OQLF’s interpretation by filing a Motion for Declaratory Judgment in the Superior Court of Québec, petitioning the Court to clarify whether their use of a registered non-French trade-mark on storefront signage violates the Charter or its Regulation. Although there is currently some doubt as to whether the OQLF’s current campaign and interpretation of the Charter and its Regulations will be upheld by the courts, one thing is certain: the OQLF’s current stance on the language of business names in Quebec will have widespread and financial consequences, reaching far beyond commercial signage.
3. Creating an App? There are Privacy Rules for That
On October 24, 2012, the Office of the Privacy Commissioner of Canada released the guidance document “Seizing Opportunity: Good Privacy Practices for Developing Mobile Apps,” which was developed in conjunction with the Offices of the Information and Privacy Commissioner of Alberta and British Columbia. This OPC guidance document is aimed at assisting app developers in Canada address the unique characteristics of the mobile space and the special challenges related to protecting privacy in this environment, such as the potential for comprehensive surveillance of individuals and the difficulty of conveying meaningful information about privacy on the small screen with intermittent user attention.
The OPC guidance document highlights the fact that privacy protection is not only the law, it makes good business sense. For instance, some surveys suggest that good privacy practices can be a competitive advantage, helping gain user trust and loyalty. In fact, it may even be a necessity — one survey showed that 57 per cent of app users in the United States either uninstalled an app or declined to install an app due to concerns with respect to sharing their personal information. In Canada, it appears that the majority of Canadians agree that protecting personal information will be one of the most important issues facing Canada in the next 10 years, with the overriding opinion being that businesses are requesting too much personal information, not keeping this information secure and selling the information to other organizations.
Key Privacy Considerations
Simply put: you are responsible for the personal information collected, used and disclosed through your app, regardless of the type of app you develop. Generally speaking, “personal information” means “information about an identifiable individual.” According to the Federal Court, where there is a serious possibility that an individual could be identified through the use of the information, whether alone or in combination with other available information, the information is about an identifiable individual.
Where you will be collecting, using and/or disclosing personal information through your app, the following considerations are particularly relevant according to the OPC guidance document:
3. Be selective and secure. Limit the collection of personal information to what is needed to carry out legitimate purposes — you may not need to collect personal information at all. If you are having difficulty explaining how a piece of information relates to the functioning of your app, rethink collecting it. Data should not be collected simply because it may be useful in the future and data should be deleted when it is no longer necessary for the original purpose identified. After deciding what information will be collected, have controls in place, appropriate to the sensitivity of the information, to ensure its security. Provide users with a clear and easy way to refuse an update, deactivate the app and delete all the data collected about them. Delete data automatically on deactivation or deletion of the app by a user.
4. Obtain meaningful consent. In addition to the difficulty of conveying information on a small screen, users can often suffer from “notice fatigue” and ignore notices or warnings they see too often. To reach users with the necessary information, put important details up front and embed links to the details. Also use visual cues such as graphics, colour and sound to draw a user’s attention to important information.
5. Timing is critical. Again, user attention in the smart phone world is intermittent and limited. Moreover, with so many apps available, users cannot be expected to remember information they were provided upon downloading an app. Therefore, it is important to be thoughtful and creative with respect to the timing of your privacy messages, not only telling users in advance what will happen with their information, but also informing users when they first use the app and throughout their app experience.
According to the Office of the Privacy Commissioner of Canada, with the increasing popularity of apps will likely come the increased scrutiny of the privacy practices of businesses operating in the mobile space, not only by regulators but also by consumers who are becoming increasingly informed, perceptive and influential. Therefore, implementing the recommendations set out in the OPC guidance document not only makes sense from a legal and business perspective, it may soon become a necessity.
The full OPC guidance document can be viewed at: http://www.priv.gc.ca/information/pub/gd_app_201210_e.asp
5. New Anti-Spam Legislation
Canada’s New Anti-Spam Legislation (CASL), is intended to address the sending of unsolicited “spam”, as well as other threats to electronic commerce, such as identity theft, phishing and spyware. Expected to come into force in late 2013/early 2014, CASL is intended to be technology neutral, and will apply to commercial electronic messages sent to “electronic addresses”, including email accounts, instant messaging accounts and other “analogous technologies”.
Under CASL, it will be necessary to have either the express or implied consent of the message recipient, in order to send unsolicited commercial electronic messages. However, in most cases, CASL will create a requirement for express consent to send commercial electronic messages, substantially narrowing the ability to rely on implied consent to prescribed classes of existing business or non-business relationships. Further, such commercial electronic messages will be required to contain prescribed information that identifies the person who sent them, or caused them to be sent, as well as an unsubscribe mechanism complying with the statutory and regulatory requirements.
The substantive requirements for compliance with CASL are found in regulations published by the Canadian Radio-television and Telecommunications Commission (CRTC), and Industry Canada, the latter of which had only published its regulations in draft form at the time of writing.
Disclosing the Person who Sends the Message
The CRTC regulations outline the specific information that will be required in electronic messages and the requirements for requests for consent to send electronic messages. When CASL comes into force, the CRTC regulations will require commercial electronic messages to include the following information:
- •The name of the person who sent the electronic message and, if different, the name of the person on whose behalf it was sent, as well as a statement identifying which person sent the electronic message and on whose behalf it was sent; and
- • The mailing address of one of those persons, as well as either the telephone number, email address or a web address of one of those persons.
Further, they prescribe that the unsubscribe mechanism required in such messages must be presented “clearly and prominently,” and capable of being readily performed. The unsubscribe mechanism must function through the same electronic means as the message (if practicable), and must specify an electronic address, or a link to a webpage, to which the request must be sent.
Where it is “not practicable” to include the above contact information and the unsubscribe mechanism in a commercial electronic message, the CRTC regulations include a key exception that will allow this information to be provided via a clearly and prominently labelled link to a website that contains them. This exception will likely be essential for messages subject to space constraints such as text messages and, potentially, for messages through social media platforms.
Requesting and Using Consent to Send Commercial Electronic Messages
The CRTC regulations provide that information required in a commercial electronic message must also be included in a request for consent to send such messages; however, it would also be necessary to identify the purposes for which consent is sought, and to state that consent may be withdrawn. The regulations state that a request for consent may be made orally or in writing. However, the onus on proving consent lies on the person claiming to have it. As such, if relying on an oral request for consent, it is important to have a means of evidencing it if challenged.
The Industry Canada regulations provide definitions of a “family relationship” and a “personal relationship,” thus determining the scope of a broad exception to CASL. Neither the consent nor the disclosure requirements will apply to electronic messages sent by or on behalf of someone with whom the recipient has a family relationship, defined as a blood relationship, marriage, common-law partnership, or adoptive relationship, and including persons connected by a blood relationship to such individuals. Similarly, the requirements for electronic messages will not apply to messages sent by or on behalf of someone with whom it is reasonable to conclude the recipient has a “personal relationship” established through voluntary two-way communications and considering elements such as shared interests, experiences or opinions, whether they had met in person, and the length of time since they had communicated, and provided the recipient has not indicated they do not wish to receive commercial messages from the sender.
The draft Industry Canada regulations also provide a number of key exceptions for messages sent in the ordinary course of business. These include messages sent by an employee, representative or contractor of an organization to another employee, representative or contractor of the organization, provided the message concerns the affairs of the organization. Similarly, messages sent between employees, representatives or contractors of two organizations with a business relationship that concern the affairs of the organizations, or the business role of the recipient, will be exempt. In addition, the draft regulations also provide a broad exception for messages sent in response to a request from the recipient or that are otherwise solicited by the recipient.
The draft Industry Canada regulations also specify the uses that may be made of consent obtained when the person on whose behalf it is sought is not known, as is frequently the case for third-party mailing lists. In such cases, the person who first obtained the consent may authorize the recipient of the list to use it. However, the ultimate user of the list must identify the person who obtained the consent in their electronic messages, and the unsubscribe mechanism must allow the recipient of the message to withdraw consent — not only from the person who sent the message, but also from the person who obtained the consent as well as any other person they authorized to use it.
While the CRTC regulations have been finalized, the Industry Canada regulations are currently in draft form, and may be amended prior to coming into force.
The CRTC will be the regulatory agency responsible for enforcing CASL and pursuing monetary penalties. Violations will be punishable by a potential administrative monetary penalty of up to $1,000,000 in the case of an individual, and up to $10,000,000 in the case of a corporation. In addition to this, CASL creates a private right of action that will permit individuals to seek compensation for damages suffered as a result of a violation, and specified monetary penalties in respect of each violation. This private right of action will create a serious risk of class action lawsuits against entities that issue mass email marketing campaigns without obtaining adequate consent from the recipients.
Preparing To Comply with CASL
A coming into force date for CASL has yet to be announced; however, it is expected to be late 2013/late 2014. After it comes into force, CASL allows for a three-year transition period (from the date on which the Act comes into force) during which businesses may rely on implied consent to send electronic messages to persons with whom they have an existing business relationship or non-business relationship that already includes the sending of electronic messages. In such cases, the recipient is still permitted to withdraw their consent at any time. Existing business relationships will include persons who purchased a good or service within the two years immediately prior to the electronic message, or who inquired about a good or service within six months prior to the message.
Apart from this exception, when CASL comes into force, it will require many businesses to reconsider their existing consents for electronic marketing, and to ensure that future requests for consent and electronic messages are in compliance. Businesses involved in electronic marketing should consider the following practices in preparation for CASL:
- • Review your existing consents to contact consumers. The onus of proving consent will be placed on the sender of the message. If you cannot establish express consent for the names on your list, there may be no choice but to purge the list or to seek additional express consent. It is currently uncertain whether existing express consent that is valid under the current privacy legislation will survive the coming into force of CASL.
- • Review the manner in which you are seeking express consent to ensure you are prepared to comply with CASL after it comes into force. Retain an accurate list of the consents you receive, and scrub it to remove persons who have withdrawn their consent.
- • Review your procedures for maintaining an accurate and current list of the consumers for whom you can establish implied consent through either an existing business relationship or an existing non-business relationship.
- • Review the categories of electronic messages you distribute to identify those that fall within exceptions to the consent requirements. Such exceptions are available for messages that solely: complete, facilitate or confirm a commercial transaction, provide warranty or recall information, or provide a quote or estimate in response to a request.
- • After CASL comes into force, ensure your electronic messages provide the prescribed information and contain a functional unsubscribe mechanism.
- • Honour unsubscribe requests within 10 business days.
- • Establish a CASL compliance policy to ensure that the classes of electronic messages you send are in compliance with CASL. A defense is available to persons who can establish they undertook due diligence to prevent violations.
- • Implement policies to train any staff and third-party suppliers involved in the dissemination of electronic messages to comply with CASL and your compliance policy. Also, inform them of the consequences for failing to comply.
- • In obtaining marketing lists from third-party providers, review the contracts to ensure they contain a representation and warranty backed by an indemnity that the list was assembled in compliance with CASL and that the provider will maintain the list in compliance with all CASL requirements including withdrawals of consent.
- • If you outsource electronic marketing to a third party, review and update your services contract to ensure it requires compliance with CASL.
6. New Copyright Legislation and Exceptions Forthcoming
On June 29, 2012, the Copyright Modernization Act (CMA) received Royal Assent. The CMA is intended to address numerous issues arising from the development of digital and Internet technology since the Copyright Act was last substantially revised in 1997. While most of the provisions of the CMA came into force on November 7, 2012, a limited number of provisions are not yet in force (most of which relate to reciprocity of copyright protection in World Intellectual Property Organization (WIPO) treaty countries, which will not come into force until each of the WIPO Copyright Treaty and WIPO Performances and Phonograms Treaty come into force in Canada).
New Rights for Creators and for Users
The CMA creates new rights for both creators and users of copyrighted materials.
For users, the CMA expands the existing exception of fair dealing to include situations when copyright material is used for the purpose of parody, satire or for education purposes. Additionally, it would be permissible to use an existing publicly available work to create a new work, provided this is done solely for non-commercial purposes, the source of the original work is credited, and the creation of the new work does not have a substantial adverse effect on the original work.
In addition to the new fair dealing exemption, the CMA provides a number of rights and exemptions to educational institutions and educators. Exemptions permitting educational institutions to reproduce, display or perform works in the classroom are rendered more technologically neutral by removing links to specific technologies. Further, a number of proposed amendments facilitate the use of new digital technologies in the classroom. These changes encourage the delivery of both lessons and course materials over the Internet, and permit the use of materials obtained from the Internet for educational purposes, provided the material was posted by the copyright owner without the expectation of compensation and is not protected by technological protection measures.
The CMA also provides legal sanction to several practices that have become widespread with the advent of digital technology (or for that matter video cassette recorders). Firstly, it permits the reproduction of a work for private purposes where the initial copy of the work is a lawful copy, not merely rented or borrowed, provided the individual making the copy does not circumvent a technological protection measure to create it. This right allows an individual to make backup copies of materials they have purchased legally, but would not permit them to distribute those copies. This provision also permit individuals to copy the work onto any medium or device they own, (for example, would permit copying a compact disc onto a computer or digital music player).
Additionally, the CMA includes a provision that allows “time shifting” in the case of recordings made for the purpose of viewing or listening to a program at a later time, provided the recording is kept no longer than is reasonably necessary, and the individual received the program legally. This provision does not apply to “on-demand” programs.
As for creators, performers benefit from expanded exclusive rights in their performances when embodied in sound recordings. This expansion includes a broader right of reproduction, making it available through digital distribution and the right to sell tangible copies of such sound recordings. Further, the CMA gives performers moral rights in their performances, similar to those enjoyed by other creators.
Additional changes eliminate the differential treatment of photographs under copyright law as compared to other works, by providing that the copyright in a photograph would be first owned by the author or the author's employer, as is the case for other works. A person who commissions a photograph would be permitted to make a personal or non-commercial use of it, unless they enter a contract that provides otherwise.
New Penalties and Enforcement Mechanisms
The CMA prohibits the circumvention of the technological protection measures used by rights-holders to secure and control their digital content. It also prohibits providing circumvention services to others, or dealing in technology designed to circumvent protection measures. Interestingly, these prohibitions appear to apply even when a user circumvents a technological protection measure for an otherwise permitted use of a work, such as fair dealing for the purpose of review or criticism.
The CMA also makes it an infringement of copyright for anyone to provide a service over the Internet or another digital network if they know or should know that the service is designed primarily to enable acts of copyright infringement. Whether infringement is established under this provision will be based on factors including how the service is promoted, the provider's knowledge of past infringements relating to the service, whether the service has significant uses other than copyright infringement, and whether the service would be economically viable if it were not used to enable acts of infringement.
While CMA strengthens the ability of copyright owners to protect their works, it also includes provisions that will result in non-commercial infringers of copyright facing considerably less exposure to statutory damages. The CMA reduces the range of possible statutory damages to awards of between $100 and $5,000 per infringer, which will cover all past infringements. The court would also be permitted to consider factors such as the hardship of the award to a non-commercial infringer and whether the infringement impacted the plaintiff. Infringement for commercial purposes will remain subject to potential statutory damage awards of between $500 and $20,000.
Finally, the CMA limits the liability of Internet Service Providers (ISPs) and operators of Internet search engines for copyright infringement carried out by their subscribers, as they act as mere conduits for material over the Internet. The CMA permits copyright owners to send a notice of claimed infringement to an ISP in a prescribed form. On receiving such a notice, the ISP would be obligated to forward it without delay to the alleged infringer identified in the notice, and to retain records that would help determine the identity of the alleged infringer for a period of six months to one year.
7. New Federal Guidelines for Online Behavioural Advertising
In June 2012, the Office of the Privacy Commissioner of Canada (OPC) announced a new policy position on online behavioural advertising, which it describes as “tracking consumers’ online activities over time in order to deliver advertisements targeted to their inferred interests”. The Guideline confirms that online behavioural advertising may be a reasonable purpose for which one may collect and use personal information, provided that it is carried out in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), and consumers are not required to consent to it as a condition of service.
The Guideline states that while certain individual pieces of information collected in the course of behavioural advertising may not themselves constitute “personal information”, where this information is aggregated in a manner that could identify an individual, it constitutes personal information and is subject to PIPEDA. Wherever personal information is collected, the knowledge and consent of the individual is required.
Depending on the sensitivity of the personal information collected, express opt-in consent may be required. However, the Guideline specifically states that opt-out consent may be acceptable where:
- • the personal information involved is not particularly sensitive;
- • the individual is provided with an easily used opt-out option that is immediate and persistent; and
- • the collection is limited to that necessary to meet the purpose disclosed, and the advertiser destroys the information or renders it non-identifiable as soon as possible after the purpose is achieved.
The Guideline indicates that where it is not reasonably possible for an individual to opt out of a particular technological collection of information, or where doing so renders a service unusable, then the information gathered by that technology should not be used for behavioural advertising. Likewise, as it is difficult to establish meaningful consent for children, they should not be targeted by behavioural advertising, and user tracking should not be implemented on websites targeted to children.