European national news
-
Upload
mark-turner -
Category
Documents
-
view
219 -
download
4
Transcript of European national news
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 9 4 – 1 9 8
ava i lab le a t www.sc iencedi rec t .com
www.compsecon l ine .com/publ i ca t i ons /prodc law.h tm
European national news
Mark Turner
Herbert Smith LLP, London, United Kingdom
Keywords:
Internet
ISP/Internet Service provider
Software
Data Protection
IT/Information Technology
Communications
European law/Europe
0267-3649/$ – see front matter ª 2009 Herbedoi:10.1016/j.clsr.2009.02.011
a b s t r a c t
The regular article tracking developments at the national level in key European countries in
the area of IT and communications – co-ordinated by Herbert Smith LLP and contributed to
by firms across Europe. This column provides a concise alerting service of important national
developments in key European countries. Part of its purpose is to compliment the Journal’s
feature articles and Briefing Notes by keeping readers abreast of what is currently happening
‘‘on the ground’’ at a national level in implementing EU level legislation and international
conventions and treaties. Where an item of European National News is of particular
significance, CLSR may also cover it in more detail in the current or a subsequent edition.
ª 2009 Herbert Smith LLP. Published by Elsevier Ltd. All rights reserved.
1. Belgium violated their fundamental rights. The President found it
1.1. Belgium court of commerce restrains viralmarketing on the internet
On 24 June 2008, the President of the Court of Commerce of
Huy found certain forms of viral marketing on the internet
unlawful. Viral marketing is a form of direct marketing
whereby publicity is directly addressed to people who did not
give their prior consent thereto, but whose e-mail addresses
were passed on by acquaintances.
In the present case, Dialo BVBA, the manager of the dating
website www.toietmoi.be, claimed that the competing web-
site www.nicepeople.be owed its success to sending unsolic-
ited publicity using two illegal techniques: (i) offering people
the possibility to provide their e-mail address and the pass-
word of their mailbox during the membership registration
process and (ii) asking members to provide the e-mail
addresses of their acquaintances. Members who did so were
rewarded by an increase of their popularity. People whose e-
mail addresses were obtained in either of these two ways
received unsolicited publicity via e-mail.
In its judgment, the President ruled that the privacy
interest of the addressees prevails over the commercial
interests of those resorting to techniques of viral marketing.
The collection of e-mail addresses of acquaintances by
members to subsequently send them unsolicited publicity
rt Smith LLP. Published b
unacceptable that (i) Nicepeople’s members were rewarded
for providing the e-mail addresses, (ii) they were not informed
about what Nicepeople would do with these e-mail addresses,
and (iii) people received unsolicited publicity about a website
to which they did not want to be linked.
Following Article 14 of the Electronic Commerce Act, the
use of e-mail for publicity is prohibited without the addres-
see’s prior consent (‘opt-in’). According to the President, this
Article does not only prohibit the direct use of e-mail for
publicity purposes but also the indirect use, in this case via the
members that acted on the viral marketing.
The case can be found at: http://www.juriscom.net
Erik Valgaeren, Partner [email protected] and Sofie Cos-
termans, Associate [email protected] from the Brussels
office of Stibbe (Tel.: þ32 2 533 53 51).
2. Denmark
2.1. Difo likely to be appointed administratorof .dk domain
The Danish top-level domain .dk is administered in accor-
dance with the Danish Act on Internet Domains Specifically
y Elsevier Ltd. All rights reserved.
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 9 4 – 1 9 8 195
Allocated to Denmark (the ‘‘Act’’). Pursuant to the Act the
Minister for Science, Technology and Innovation may decide
that the National IT and Telecom Agency should issue a public
invitation to tender for the administration of the .dk domain.
The National IT and Telecom Agency published the tender
documents in December 2007. Two tenders were submitted –
one by Afilias, an Irish entity, on behalf of dotDK and one by DIFO
(Dansk Internet Forum, a Danish entity) which has administered
the .dk domain since 1999. In June 2008 the National IT and
Telecom Agency appointed Afilias as the winner.
In the Act it is laid down, however, that the administrator
shall have a broad representation of participants from the
Danish internet community, including private users, profes-
sional users and the internet industry (service providers). In
the tender documents the requirement was stated as
a condition that the appointed tenderer submitted letters of
support from organisations that back up the tender within 60
days from the appointment. The appointed tenderer should
submit letters of support from minimum four important
organisations that altogether represented private users,
professional users and the internet industry.
In November 2008 the National IT and Telecom Agency
disqualified Afilias as the letters of support submitted by Afi-
lias did not fulfil the requirements. DIFO now has the oppor-
tunity to show that it has sufficient support in the Danish
internet community to be approved.
The tender has been subject to much press coverage and
especially, the condition about broad representation in the
Danish internet community has been debated. On the onehand
the support is important to ensure trust in the administrator
and thatboth private and professional interests are considered.
On the other hand the requirement creates a barrier for foreign
administrators that wish to submit a tender.
2.2. High court of eastern Denmark confirmspirate bay ruling
In Computer Law and Security Review volume 24 issue 3 we
reported that a Danish enforcement court issued an injunc-
tion against the Danish internet service provider Tele 2 A/S,
which was ordered to block access to the website
thepiratebay.org, notwithstanding that thepiratebay.org did
not host copyrighted materials on its server. Tele 2 A/S
appealed the ruling and on 26 November 2008 the High Court
of Eastern Denmark upheld the ruling.
Tele 2 A/S will petition the Appeals Permission Board in
order to have the case tried before the Supreme Court.
Carsten Raasteen, Partner, [email protected] and Thomas
Nikolaj Ingerslev, Assistant Attorney, [email protected]
from Kromann Reumert, Copenhagen office, Denmark (Tel.: þ45 70
12 12 11).
3. Germany
3.1. Enforcement-directive (2004/48/EC)
The ‘‘Enforcement-Directive’’ (2004/48/EC) was not imple-
mented in Germany until September 2008. One of the most
important new provisions pertains to the right to demand
disclosure of information not only from the infringer, but also
from third parties, such as Internet service providers. This right
is of great practical significance for copyright infringements in
the Internet. In accordance with Article 8 (1) Directive 2004/48/
EC, the German law (sec. 101 German Copyright Act) provides
that this claim for disclosure exists only if an infringement ‘‘on
a commercial scale’’ was committed. However, in Germany,
there is much debate on the interpretation of this term. There
have already been several court decisions on this subject. But
since the range of the possible requirements is extremely
broad, doubts have already been raised as to the con-
stitutionality of the provision. Several courts have already
found it sufficient if one music album is published before or
shortly after it has appeared on a P2P platform. Other courts, on
the other hand – invoking directives of the public prosecutor’s
office – demand that 3,000 music files or 100–200 films be
offered for sale. This could make prosecutions in Germany
much more difficult, also in view of the fact that the relevant
transaction data are only stored for a brief period of time (seven
days) or with flat rates, in some cases not at all. It is to be
expected that the German Federal Court of Justice will soon be
determining when a ‘‘commercial scale’’ is present.
Dr. Stefan Weidert, LL.M, Partner, [email protected]
from the Berlin office of Gleiss Lutz, Germany (Tel.:þ49 308009790).
4. Italy
4.1. Four Google managers committed to trial inconnection with illicit video uploading
On December 12, 2008, four managers of Google Italia were
committed to trial for having allegedly co-operated in the
offence of defamation and unlawful data processing. The trial
is due to start in February 2009.
The facts of the case are as follows: On November 20, 2006
four teenagers bullied a classmate affected by Down’s
syndrome. The four also shot the bullying with a cellular
phone and then up-loaded the video onto Google Video. As
soon as the news of the event spread over the Italian internet
community – and was massively reported by traditional
Italian mass media – the video was removed and official action
was taken against the teenagers. After conviction of the
youngsters, the Office of the Public Prosecutor of Milan started
investigations against the Google managers, and requested
committal to trial for four of them, alleging that, on account of
their positions inside the company, they had not prevented
the abusive upload of the video and acted in breach of Law
196/2003 (the ‘‘Italian Privacy Law’’). In particular, the public
prosecutors of the Milan Tribunal have apparently charged
the Google managers for having failed to display on the web-
site video.google.it a comprehensive information as to the
privacy policy in accordance with the Italian Privacy Law and
for having breached the provisions of the Italian Privacy law as
to the processing of medical/health data relevant to the
bullied boy (including the provisions which require the
consent in writing by the data subject and the authorisation
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 9 4 – 1 9 8196
by the Italian Privacy Authority). Moreover, on the basis that
Google accrues economic benefits by renting advertising
spaces on the pages of the website, some of the managers
have been also charged with the crime punished under
section 167 of the Italian Privacy Law, according to which
whoever for personal gain or for the gain of an another person
processes data in breach of certain provisions of the Italian
Privacy Law is punished with the imprisonment of up to 3
years, if the conduct causes a damage.
http://www.ilsole24ore.com/art/SoleOnLine4/Norme%20e%
20Tributi/2008/12/google-rinviata-giudizio-bullismo-youtube.
shtml?uuid¼476397ce-c847-11dd-baf9-fbc7a4fc4e23&DocRules
View¼Libero&fromSearch
Salvatore Orlando, Partner, [email protected] and
Stefano Bartoli, Associate, [email protected] From the
Rome office of Macchi di Cellere Gangemi (Tel.: þ39 06 362141).
5. The Netherlands
5.1. A Dutch ‘notice-and-take-down’ code of conduct
On 9 October 2008 the Dutch Minister for Foreign Trade (Frank
Heemskerk) presented the ‘Notice-and-Take-Down’ Code of
Conduct (hereafter: ‘‘the Code’’). The Code is based on good
practices from businesses, governments and other parties
willing to act against cybercrime. The Code has been initiated by
market parties including KPN, XS4ALL, ISPConnect, Dutch
Hosting Provider Association, NLKabel, Ziggo, UPC, and SIDN and
is drawn up under the flag of the National Infrastructure Cyber-
crime (Ministry of Economic Affairs). Ministries, the police and
investigation services as well as organisations such as Markt-
plaats, eBay and Google collaborated in setting up the Code.1
The above mentioned parties took this initiative because
those responsible for placing unlawful content on the Internet
are difficult to trace and in the past reports about (possible)
unlawful content were rarely acted upon. The Code sets out
the specific roles of the Internet user and the intermediary in
dealing with unlawful content.
In principle, everybody can report any (possible) unlawful
content they come across while using the Internet to the
relevant content provider. If the notifier and the content
provider fail to reach an agreement the notifier may contact
the relevant intermediary and issue a report containing at
least: (i) contact details of the notifier, (ii) the URL, (iii)
a description detailing why the content is unlawful and (iv)
a statement why the notifier believes the intermediary is the
most appropriate party to contact. On receipt the interme-
diary will evaluate the report according to its own procedure.
In the event the intermediary determines that the content is
not unequivocally unlawful it will inform the notifier accord-
ingly. In the event the intermediary determines that the
content is unequivocally unlawful, it will ensure its removal.
In case of uncertainties with respect to (un)lawfulness of
content the intermediary will request the content provider to
1 See, http://www.samentegencybercrime.nl/NTD/Initiatiefnemers_en_partners?p¼content, in Dutch only.
remove the relevant content or to contact the notifier. Should
the notifier and the content provider fail to reach an agree-
ment (as stated above); the notifier may contact the police.
The Code is available in English, see: http://www.
samentegencybercrime.nl/UserFiles/File/NTD_Gedragscode_
Opmaak_Engels.pdf
Reinout Rinzema, Partner, [email protected] and Rem-
brandt Brouwer, Associate, [email protected] from
the Amsterdam Office of Stibbe, The Netherlands (Tel.: þ31 20 546
01 12).
6. Norway
6.1. New report on the use of CCTV surveillance cameras
The Norwegian Data Inspectorate recently published a report
on the use of CCTV surveillance. The report is based on unan-
nounced inspections of 82 shops within different business
areas, all of which are locatedwithin a narrowgeographicalarea
in the centre of a medium sized Norwegian city. The objective
was primarily to check whether shop owners comply with the
obligation to inform customers of the operation of CCTV
cameras in an adequate manner and the obligation to notify the
Data Inspectorate of such security surveillance.
The results were depressing. Among the shops that had
CCTV cameras installed, all but one were found to violate at
least one of the said requirements. The lack of basic knowledge
about such simple and straight forward rules gives reason to
believe that more complex and discretionary rules are also
neglected. It is, for instance, a condition for CCTV surveillance
that the controller’s legitimate interest in the processing of
personal data overrides the interests of the data subject.
Nevertheless, CCTV cameras were more often found in regular
newsstands selling chocolate and magazines than in jewellery
shops, where one would reasonably expect the value of the
goods to require comprehensive surveillance. The Data
Inspectorate also reported another alarming trend, namely an
increase in CCTV cameras operating in cafes and restaurants,
where people stay for longer periods of time and expect
a greater degree of discretion. Coupled with little or no infor-
mation to customers, this development is cause for concern.
Although the number of inspections is insufficient to draw
statistically reliable conclusions, the results were in line with
a previous, corresponding report from another Norwegian city.
Hence, theresultscouldserveasanindicatorof thegeneral levelof
compliance with privacy law with respect to CCTV surveillance.
Haakon Opperud, Partner, [email protected] and Stein-Erik
Jahr Dahl, Associate, [email protected], Thommessen Krefting
Greve Lund AS, Norway (Tel.: þ47 23 11 14 94).
7. Spain
7.1. NGA regulation in Spain
Following the debacle over its proposals for the regulation of
Telefonica’s Wholesale Broadband Access service, the
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 9 4 – 1 9 8 197
Spanish National Regulatory Authority for Telecommunica-
tions (the CMT) has recently encountered further resistance
from the European Commission concerning its proposals for
regulation of the roll-out of high-speed next generation access
networks (NGA), this time in connection with measures
relating to in-building wiring (the installation of optical fibre
all the way to the home, FTTH).
The draft measures propose to require all telecommuni-
cations operators, whether or not they hold significant market
power, to provide access to their in-building NGA wiring.
Specifically, the CMT proposes to require the first operator
deploying fibre in a building to: (i) meet reasonable requests
for access to its network elements (and sign agreements
within four months); (ii) offer reasonable prices; and (iii)
comply with transparency obligations permitting third parties
to plan their access requests.
The imposition of symmetrical obligations in this way is an
exceptional remedy under the regulatory framework. Since
2003, telecoms rules have been based on the principle of
imposing ex ante obligations only on dominant operators in
a number of specific markets.2 Nevertheless, the framework
does, exceptionally, foresee mechanisms for broader regula-
tory intervention, for instance to ensure interoperability and
access to end users or encourage infrastructure sharing where
planning or environmental constraints make alternative
infrastructures unviable. The latter (Article 12 of the Frame-
work Directive) is the legal base invoked by the CMT in this
case.
On 1 December 2008, the European Commission issued
its comments on the draft measure criticising the CMT for
not properly justifying the measure under the criteria set
down by Article 12 of the Framework Directive. In particular,
the Commission considers that the CMT refers only to
technical, practical, legal and economic difficulties of access
when the application of Article 12.2 is limited to cases
justified by public policy considerations of an environmental
or planning nature. The Commission has asked the CMT to
accredit to what extent undertakings would, in fact, be
deprived of access to reasonable alternatives for these
reasons.
The Commission has also suggested the CMT consider
imposing additional obligations with regard to in-building
wiring on the operator designated as having SMP on Market 4
(local loop).
The CMT is required to take into consideration the Com-
mission’s comments before it adopts its final measure, but
these comments are not binding. In the context of the devel-
opment of the Commission’s guidelines on NGA regulation3
and the recent adoption by France of legislation on this
matter, the outcome of this case, which is vital to FTTH roll-
out, is one to watch.
Paul Hitchings, associate [email protected] from
the Barcelona Office of Cuatrecasas, Spain (Tel.: þ34 93 290 55 00).
2 In November 2007, the Commission adopted its new list ofrelevant markets, now reduced to only seven.
3 Draft Recommendation published in September 2008.
8. Sweden
8.1. Proposed new gambling legislation in Sweden
Pursuant to an investigatory governmental committee report
issued on 15 December 2008 (‘‘the Report’’), commercial
operators shall be entitled to provide gambling services in
Sweden under a national licensing system. A licence to
provide gambling would include betting (odds and pools), with
the exception of betting on horse races, both via the Internet
and at betting agencies.
In order for a national licensing system to be effective, the
Report proposes that licensees should be afforded protection
within the Swedish system. Protective measures should,
according to the Report, include the blocking of IP addresses
and domain names for websites providing gambling which are
not organised in accordance with the proposed new legisla-
tion. In addition, the mediation of stakes in unlawful lotteries
shall be blocked. The proposed legislation would result in
a ban on all gambling websites without a Swedish licence.
The Report has been referred for consideration to the
relevant bodies and the new legislation is proposed to enter
into force on 1 January 2011. A link to the Report including
a summary in English can be found at: http://www.regeringen.
se/sb/d/10283/a/117594
8.2. Amendments to the Swedish Signal Surveillance Act
On 1 January 2009 the new Signal Surveillance Act (‘‘the Act’’)
entered into force. The Act entitles the National Defense Radio
Establishment (‘‘FRA’’) to collect electronic signals trans-
mitted over air or by wire for defense intelligence purposes.
Following major discussion and critique of the Act, the
Government has proposed amendments to the new Act, in
order to increase privacy protection. The proposal has been
referred for consideration to the relevant bodies and
comments on the proposal shall be submitted at the latest on
27 February 2009.
A link to the proposal in Swedish can be found at: http://
www.regeringen.se/content/1/c6/11/80/70/6821847c.pdf
Bjorn Gustavsson, Partner, [email protected], and Daniel
Jarmen, Associate, [email protected] from Advokatfirman
Vinge KB, Sweden (Tel.: þ46 8 614 30 00).
9. UK
9.1. ECHR rules that UK DNA database infringesprivacy rights
Case: S. and Marper v UK 30562/04 and 30566/04 ECHR
On 4 December 2008, the ECHR ruled unanimously that the
UK’s powers of retention of the fingerprints and DNA data of
persons suspected or charged with a crime, but not actually
convicted, violated the right to respect for private and family
life under Article 8(1) of the European Convention on Human
Rights.
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 9 4 – 1 9 8198
The applicants had both been arrested and charged with an
offence. Subsequently, S was acquitted and the case against
Marper was discontinued. The applicants made a request that
the fingerprints and DNA samples taken by the police on their
arrest be destroyed, which was refused. The applicants failed
to achieve judicial review of the authority’s decision in the UK
courts and applied to the ECHR alleging a violation of Article 8
of the Convention by the UK authorities.
The court concluded that the retention of DNA and
fingerprint data constituted an interference with private life
within the meaning of Article 8, since they contained unique
information about the individual concerned. The court ruled
that retention of such data failed to strike a fair balance
between the competing public and private interests, and
constituted a disproportionate interference with the right to
respect for private life which could not be regarded as
necessary in a democratic society.
This land mark decision will have major implications for
the UK government, which will need to review the powers
given to authorities under a number of criminal justice stat-
utes. Police in England, Wales and Northern Ireland currently
have powers under the Police and Criminal Evidence Act 1984
to take DNA and fingerprints from everyone they arrest, and
there are currently around 570,000 DNA profiles in the
National DNA Database belonging to innocent individuals will
have to be deleted.
For further information, please see: http://www.bailii.org/
cgi-bin/markup.cgi?doc¼/eu/cases/ECHR/2008/1581.tml&query¼titleþ(þMarperþ)þandþtitleþ(þunitedþ)þandþtitleþ(þkingdomþ)
&method¼boolean
9.2. UK Government will pass a law to force ISP’s to acton unlawful file sharing
On 29 January, the UK government published an interim
report on its Digital Britain action plan, which considers the
future of the digital and communications industries. The
government confirmed its intention to legislate on peer-to-
peer file sharing, and will hold a consultation on the new
legislation in spring 2009. The new law will require ISP’s to
gather information on customers engaged in illegal file
sharing, notify alleged infringers of rights (subject to reason-
able levels of proof from rights-holders), and contact repeat
offenders and provide warnings that their conduct is unlaw-
ful. The anonymised information collected by ISP’s would be
made available to rights-holders, together with personal
details, on receipt of a court order.
The proposed legislation will not force ISPs to directly
disconnect suspected file-sharers.
In order to regulate the new measures, the law will create
a code on unlawful file sharing which ISPs will have to sign,
and whose enforcement would be carried out by the UK’s
communications regulator, OfCom.
9.3. UK Computer Misuse Act amended to includeoffences of denial of service and the supply of hacking tools
The amended Computer Misuse Act 1990 (CMA) came in to
force in October 2008. The amendments were made following
deficiencies in the original CMA to deal adequately with
technological advances, in particular the web. The effect of
the amendments is to make denial-of-service attacks and the
supply of hacking tools criminal offences. It is now an offence
under the CMA (new section 3A) for a person to make, adapt,
supply or offer to supply any article intending it to be used to
commit, or assisting with the commission of, an offence
under section 1 or section 3 of the CMA. There are two addi-
tional related offences: (i) supplying or offering to supply any
article believing that it is likely to be used to commit, or to
assist in the commission of, an offence under section 1 or 3
(section 3A(2)) and (ii) obtaining any such article with a view to
its being supplied for use to commit, or to assist in the
commission of, an offence under section 1 or 3 (section 3A(3)).
The amendments also increase penalties for section 1
unauthorised computer access offence (hacking) from 6
months to 2 years, making it the crime eligible for extradition
from foreign countries. The statutory limitation on Section 1 is
abolished (formerly a charge had to be brought no later than 6
months from an arrest, and nothing older than 3 years ago
could be considered).
For further information, please see: http://www.opsi.gov.
uk/si/si2008/uksi_20082503_en_1
Mark Turner, CLSR Professional Board, Partner, mark.turner@
herbertsmith.com from the London Office of Herbert Smith LLP
(Tel.: þ44 20 7374 8000).