Quebec IT Framework Act Decision Impact on Search Engines

Intermediary liability
Table of Contents Hide
  1. Introduction
  2. Facts
  3. Superior Court Decision
  4. Court of Appeal Decision
    1. The Court’s Interpretation of Quebec’s IT Framework Act
    2. The Court Refused to apply Crookes
    3. Territorial Scope of Injunctive Relief
  5. Comments and criticisms

In A.B. c. Google, 2026 QCCA 157, the Quebec Court of Appeal held that Google could incur liability under Quebec’s Act to establish a legal framework for information technology (the “IT Framework Act”) for refusing to de-index hyperlinks to defamatory content after acquiring knowledge of its unlawful character. The Court distinguished the Supreme Court’s decision in Crookes v. Newton, interpreted section 22 of the IT Framework Act as imposing obligations on intermediaries once they become aware of unlawful activity, and upheld a de-indexing injunction limited to Quebec.

The decision is one of the most important Canadian appellate rulings addressing intermediary liability for search engines. While it responds to serious reputational harm, the Court’s interpretation of the IT Framework Act as a source of liability for search engines – rather than merely providing a safe harbour – is open to serious doubt.

Introduction

The Quebec Court of Appeal’s decision in A.B. v. Google LLC represents one of the most significant Canadian appellate rulings to date addressing the liability of search engines for indexing unlawful third-party content. The Court upheld Google’s liability for refusing to de-index hyperlinks to demonstrably false and defamatory allegations and awarded punitive damages of $1.5 million. It also affirmed that Quebec courts can issue injunctions requiring search engines to cease indexing unlawful content within Quebec.

The decision is important for several reasons. First, it significantly expands potential intermediary liability under Quebec civil law. Second, it interprets Quebec’s IT Framework Act as imposing affirmative obligations on intermediaries once they acquire knowledge of unlawful content. Third, it provides important guidance on the territorial scope of injunctive relief affecting Internet intermediaries. Fourth, it distinguishes the Supreme Court’s decision in Crookes v. Newton, raising important questions about the interaction between Quebec civil law and common law principles governing liability for defamation and for making hyperlinks available. It also more broadly likely expands the liability not only of search engines but also other Internet intermediaries. Last it potentially raises compliance issues with the Article 19.17 of the CUSMA.

Facts

The plaintiff was a businessman whose reputation was harmed by false allegations posted on ripoffreport.com accusing him of child molestation. The allegations were false, as not contested by Google.

Google indexed the webpage, making it accessible through searches of the plaintiff’s name. After receiving notice and evidence that the allegations were false, Google initially de-indexed the content. However, after the Supreme Court’s decision in Crookes v. Newton, Google revised its policy and refused to fully de-index the page. Instead, Google removed snippets and cached content but maintained the bare hyperlink.

The plaintiff sued Google in Quebec seeking damages and injunctive relief.

Superior Court Decision

The Quebec Superior Court held that Google was liable under a combination of Article 1457 of the Civil Code of Québec and Section 22 of the IT Framework Act.

The trial court held that once Google became aware that its indexing services were facilitating access to defamatory content, it had an obligation to act. By continuing to index the page, Google committed a fault under Quebec’s civil law.

The trial court awarded compensatory damages and issued an injunction requiring Google to prevent the hyperlink from appearing in search results accessible in Quebec.

Google had argued that even if Quebec’s law applied, it had to be interpreted consistently with Article 19.17.2 of the Canada-United States-Mexico Agreement (CUSMA). Specifically, Google argued that CUSMA requires that the Civil Code liability be constructed as broadly as s.230 of the Communications Decency Act (CDA), a  law that provides wide immunity to service providers and which would shield Google from defamation claims brought against it in the United States. The court rejected Google’s arguments for reasons I explained in my blog on the trial court decision.

Court of Appeal Decision

The Quebec Court of Appeal upheld Google’s liability but modified the damages. It reduced compensatory damages but awarded punitive damages of $1.5 million, concluding that Google’s conduct constituted an unlawful and intentional interference with the plaintiff’s rights.

The Court held that section 22 of the IT Framework Act imposes obligations on intermediaries once they become aware that their services are facilitating unlawful activity, subject to specific defenses such as proof of diligence. While intermediaries are not required to proactively monitor content, they must act promptly once they acquire knowledge of unlawful activity.

The Court’s Interpretation of Quebec’s IT Framework Act

Section 22 of the IT Framework Act provides:

A service provider, acting as an intermediary, that provides document storage services on a communication network is not responsible for the activities engaged in by a service user with the use of documents stored by the service user or at the service user’s request.

However, the service provider may incur responsibility, particularly if, upon becoming aware that the documents are being used for an illicit activity, or of circumstances that make such a use apparent, the service provider does not act promptly to block access to the documents or otherwise prevent the pursuit of the activity.

Similarly, an intermediary that provides technology-based documentary referral services, such as an index, hyperlinks, directories or search tools, is not responsible for activities engaged in by a user of such services. However, the service provider may incur responsibility, particularly if, upon becoming aware that the services are being used for an illicit activity, the service provider does not act promptly to cease providing services to the persons known by the service provider to be engaging in such an activity.(emphasis added)

The Court interpreted the search engine sagfe harbour as establishing a form of conditional immunity that may be lost if the intermediary fails to act after acquiring knowledge of unlawful activity. But, it went further holding that once Google became aware that its indexing services were facilitating access to defamatory content, it was required to act or become liable under the IT Framework Act.

Google argued that the IT Framework Act provided it with a safe harbour until it acquired knowledge of illicit activity. After that it could lose the benefit of the safe harbour, but its liability in that event would need to be established under Article 1457 of the Quebec Civil Code. It argued that it had no such liability because the Supreme Court of Canada held in Crookes v Newton that merely publishing hyperlinks was not a publication of defamatory content at common law. The Court summarized Google’s argument as follows:

[53]      According to Google, this provision, read jointly with section 27 of the same Act,[46] does not impose any specific duty or standard of behaviour on it, but, on the contrary, grants it immunity, thus shielding it from liability, even if it committed a fault under article 1457 C.C.Q. Google’s reasoning is as follows: because the publication of a bare link  is not wrongful – application of the principle developed in Crookes – it cannot be liable and  section 22 para. 3 IT Framework Act is not engaged. Should it be held that it did commit a fault under article 1457 C.C.Q., the immunity under section 22 para. 3 IT Framework Act would then apply. Still according to Google, that section, moreover, does not require the de-indexing of the link for that immunity to be maintained, since other means could be sufficient, including the removal of any defamatory text surrounding that link (title and snippet), which is precisely what it did in this case by only displaying the bare link in the results.

The appellant argued that Section 22 of the IT Framework act created liability for the failure of a search engine to de-index content upon becoming aware of its defamatory content, without any need to resort to establish a separate fault under the Civil Code. The Court agreed stating the following:

[54] As for the appellant, he argues that section 22 para. 3 IT Framework Act imposes on Google a duty to remove a link leading to illicit content as soon as it becomes aware of it, a duty which, if it is not discharged, automatically constitutes a civil fault. In this case, because the defamatory content is illicit, the failure to de-index constituted a fault.

[55] The judge, in essence, accepted the interpretation suggested by the appellant. I believe he is right, for the following reasons.

[56] It is true, as Google argues, that the first paragraph of section 22 IT Framework Act establishes a principle of non-liability of the intermediary providing referral services for activities carried out by means of its services. This first part of the section therefore implicates an immunity and is consistent with section 27 IT Framework Act, which provides that the intermediary is not required to monitor the information conveyed by its services nor identify circumstances that could indicate the existence of an illicit activity. In other words, the intermediary is not duty-bound to investigate or verify the content for which it provides its services.

[57] However, that is not all that section provides. It goes on to specify, in paragraph 3 – regarding the referral intermediary – that the latter “may incur responsibility, particularly if, upon becoming aware that the services are being used for an illicit activity, the service provider does not act promptly to cease providing services to the persons known by the service provider to be engaging in such an activity”. A plain reading of this sentence satisfies us that the legislature thereby provided the standard of behaviour expected of the intermediary: While the latter is not bound to proactively monitor the lawfulness of the activities that its services allow, it is duty-bound to act upon becoming aware of an illicit activity.

[58] In my view, this is the balance that the legislature has chosen to strike between, on the one hand, considerations related to freedom of expression and the development of the Internet, and, on the other hand, a degree of accountability on the part of service intermediaries. Such balance differs from that which may have been chosen by other jurisdictions for example, the United States, which grants greater immunity to intermediaries in s. 230(c)(1) CDA, but it does express the balance that the Quebec legislature wished to ensure between the various values in tension.

The Court Refused to apply Crookes

In Crookes, the Supreme Court held that a mere hyperlink to a defamatory article does not constitute a publication for the purposes of defamation law. Google argued that Crookes should apply to limit its liability under the Quebec Civil Code and the IT Framework Act, if it applied, to create liability for failing to de-index a hyperlink The Court disagreed.

First it concluded, as did the trial court, that the common law decisions should not be followed in Quebec because of the different statutory frameworks.

Second, the Court of Appeal held that the IT Framework Act created its own standard of liability to address the liability of search engines. The common law framework as laid down in Crookes was therefore inapplicable.

[65]      As to the argument resting on the fact that section 22 IT Framework Act cannot capture a bare URL link because the latter is not in and of itself defamatory, this amounts to rearguing the general common law principle established in Crookes for the content creator. As we have seen, however, that principle cannot be directly applied in Quebec law and the analysis must be based upon the concept of fault. But there is more.

[66]      The issue in this case is not whether the transmission of a bare URL link is, upstream and irrespective of section 22 IT Framework Act, a civil fault under article 1457 C.C.Q. The issue is rather to determine whether the mere breach of the standard provided under section 22 IT Framework Act,– i.e., Google’s failure to cease to provide its services to the person engaged on an illicit activity by refusing to de-index a URL link leading to defamatory content – automatically amounts to a civil fault or whether it should rather be shown that the breach of that standard is, in this case, wrongful.

Third, while Section 22 of the IT Framework Act could provide an intermediary with defenses such as due diligence and the impossibility to take appropriate steps. Neither of those defenses were available to Google on the facts of the case.

Based on these reasons, the court declined to rule on whether Google would have been liable under the Civil Code.

Territorial Scope of Injunctive Relief

The Court limited the scope of injunctive relief to Quebec rather than issuing a global injunction. It reviewed the decision of the trial judge who had declined to order a global injunction and found no palpable or overriding error.

The trial court distinguished the global de-indexing order made in the Equuestek case on the basis that it dealt with the protection of intellectual property laws (principally trade secrets), the lack of any interference with freedom of expression, and because it only raised theoretical issues of international comity. The lower court was concerned, however, that granting an international de-indexing order in this case would raise freedom of expression issues given a broader order would prevent the link from being made available in the United States where the dissemination could be legal especially in view of Section 230 of the CDA. According to the Court:

[163]    Next, and this is Google’s principal argument before the Court, the majority noted that the order was aimed at countering illegal sales contrary to intellectual property rules, without engaging the values related to the protection of freedom of expression. Not only was the advisability of the injunction easier to establish, but international comity appeared to be rather theoretical, in the words of the Supreme Court. However, it must be noted that this is not the case here, where the weighing of the fundamental values between protecting freedom of expression, on the one hand, and neutralizing defamatory posts, on the other, differs from country to country as can be seen, for example, in the comparison between ss. 22 IT Framework Act and 230 (c)(1) CDA.

[164]    Finally, at the time Equustek was decided, Google users were redirected to the American search engine as soon as they used the google.com address, even if the search was done in Canada. That reality explained why the effectiveness of the injunction, even in Canada, as well as the protection of the judicial process, required that the injunction be world-wide. However, according to Google’s defence allegations[182] and the testimony of its representative,[183] since 2017, a search done in Canada is automatically redirected to the Canadian engine, even if the user requests another.

[165]    These distinctions allowed the judge to conclude that both the necessity test and the international comity test justified restricting the injunction within the boundaries of Quebec, thus yielding a result similar to that which existed from 2009 to 2015. In the absence of any palpable and overriding error, the Court should not intervene on this point.

Comments and criticisms

The Quebec Court of Appeal’s interpretation of section 22 of the IT Framework Act as imposing affirmative legal obligations on intermediaries raises important questions about whether this interpretation aligns with the statutory text, legislative history, the broader legal context in which the statute was enacted and compliance with Article 19.17 of the CUSMA.

The statutory language of all the intermediary safe harbours in the IT Framework Act begins with immunity language which reflects the traditional structure of safe harbours. Notably, the IT Framework Act safe harbours consistently provide that an intermediary “is not responsible” for the activities engaged in by a user of its services. This opening wording is framed in clear immunity language. It establishes a general rule that intermediaries are not responsible for third-party activities.

The safe harbour language then goes on to qualify the immunities by providing that the intermediary “may incur responsibility” under certain conditions. For example,

In the case of the search engine safe harbor, if the intermediary fails to act upon becoming aware that the services are being used for an illicit activity, the service provider does not act promptly to cease providing services to the persons known by the service provider to be engaging in such an activity.

In the case of a hosting provider, if, upon becoming aware that the documents are being used for an illicit activity, or of circumstances that make such a use apparent, the service provider does not act promptly to block access to the documents or otherwise prevent the pursuit of the activity.

In the case of a network service provider or conduit provider, or a network service provider that makes use of caching or similar technologies to make transmissions more efficient, if the service provider participates in acts performed by service users by being the sender of a document; by selecting or altering the information in a document; by determining who transmits, receives or has access to a document; or by storing a document longer than is necessary for its transmission, and certain other conditions where the service provider uses caching or similar technologies.

The Court of Appeal interpreted the language of the safe harbours as if they clearly created liability if the intermediary fails to act. However, the words “may incur responsibility”  in all of the safe harbours simply do not bear that construction. The plain meaning of that language leaves open the possibility of liability, strongly suggesting that such liability would have to arise under a different law such as the Civil Code.

The French version of Section 22 of the IT Framework Act is worded as follows:

Cependant, il peut engager sa responsabilité, notamment s’il a de fait connaissance que les documents conservés servent à la réalisation d’une activité à caractère illicite ou s’il a connaissance de circonstances qui la rendent apparente et qu’il n’agit pas promptement pour rendre l’accès aux documents impossible ou pour autrement empêcher la poursuite de cette activité.

De même, le prestataire qui agit à titre d’intermédiaire pour offrir des services de référence à des documents technologiques, dont un index, des hyperliens, des répertoires ou des outils de recherche, n’est pas responsable des activités accomplies au moyen de ces services. Toutefois, il peut engager sa responsabilité, notamment s’il a de fait connaissance que les services qu’il fournit servent à la réalisation d’une activité à caractère illicite et s’il ne cesse promptement de fournir ses services aux personnes qu’il sait être engagées dans cette activité.

According the Google Translate (which does not supplant the legislated translation) the key phrase is that the intermediary “may be held liable”. This translation also does not say that the intermediary would be liable if it failed to act.

If the language of the safe harbours was ambiguous, the Court should have reviewed the legislative history of the IT Framework Act. My understanding is that such a review including a review of the legislative debates would show that Bill 161 was intended to protect intermediaries acting in passive roles without any mention of creating an independent source of liability or responsibility. As far as I am aware, nothing in the legislative history evinced a legislative intention to create intermediary liabilities and to potentially supplant or create a duplicative liability regime in parallel with the fault provisions of the Civil Code.

This interpretation is reinforced by the broader structure of the IT Framework Act. The statute is primarily concerned with facilitating the use of electronic documents and establishing legal certainty for technological communications. Nothing in the purpose suggests it was intended to regulate defamatory speech or to create new forms of civil liability.

The title of the statute itself—the Act to establish a legal framework for information technology—indicates that its purpose was to establish a framework governing technological communications, not to expand tort or fault based liability. In fact, the legislative debates emphasized the need to protect intermediaries from liability arising from third-party content in order to ensure the continued development of electronic commerce and Internet services.

Moreover, the structure of the safe harbours is consistent with international legal frameworks governing intermediary liability that provide immunities from, but do. not create, liability.

For example, the IT Framework Act safe harbours enacted in 2001 closely align with the “mere conduit”, “caching”, and “hosting” safe harbours in the 2000 European Union e-commerce Directive. Recital 43 of the e-commerce Directive explains that the exemptions from liability cover only cases where the activity of the information society service provider is of a mere technical, automatic and passive nature. It may well be that the Quebec legislature was seeking to codify this principle in the IT Framework Act, something that would potentially have aligned the law with the innocent disseminator principle discussed by the Supreme Court of Canada in the SOCAN Tariff 22 and Crookes cases. See, Barry Sookman, Hyperlinking and ISP liability clarified by Supreme Court in Crookes case.

The safe harbours in the IT Framework Act also closely align with the network services, caching, hosting, and information location tool safe harbours under the Copyright Act enacted by the Copyright Modernization Act in 2012 and somewhat similar safe harbours in the U.S. Digital Millenium Copyright Act, passed by Congress in 1998. Both statutes create copyright liability for direct and accessorial acts of infringement (such as inducing or procuring infringements in Canada, and contributory infringement in the United States). But, the safe harbours only acts as shields where they apply. They were not enacted to create new or parallel forms of copyright liability.

Moreover, the Court’s refusal to consider the Supreme Court decision in Crookes also led to it not making any determination as to whether Google’s dissemination of bare links, on the facts of the case, was to be equated as an act of a  content provider or merely as a passive intermediary providing references to content. However, under CUMSA, that determination is critical in determining compliance with Article 19.17 which states, in part:

1. The Parties recognize the importance of the promotion of interactive computer services, including for small and medium-sized enterprises, as vital to the growth of digital trade.

2. To that end, other than as provided in paragraph 4, no Party shall adopt or maintain measures that treat a supplier or user of an interactive computer service as an information content provider in determining liability for harms related to information stored, processed, transmitted, distributed, or made available by the service, except to the extent the supplier or user has, in whole or in part, created, or developed the information.

It is true that the liability of search engines for defamation under the common law has been subject to numerous judgements of courts that have struggled internationally. See, Barry Sookman, Social media liability for defamation: Giustra v Twitter. No doubt there will be cases that explore how the Civil Code will apply in similar circumstances. However, in my view, the Civil Code principles should be allowed to develop. It would be wrong to assume that the Quebec Legislature intended the IT Framework Act to hijack that development.

Total
0
Shares
0
0
0
0
Related Topics

Subscribe

Subscribe now to our newsletter

You May Also Like

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Barry Sookman
This site is about technology, copyright, artificial intelligence, and privacy law.

Discover more from Barry Sookman

Subscribe now to keep reading and get access to the full archive.

Continue reading

Barry Sookman
Powered by  GDPR Cookie Compliance
Privacy Overview

This website may use cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.