European national news
-
Upload
mark-turner -
Category
Documents
-
view
212 -
download
0
Transcript of European national news
c om p u t e r l aw & s e c u r i t y r e v i ew 2 6 ( 2 0 1 0 ) 5 5 8e5 6 3
ava i lab le a t www.sc iencedi rec t .com
www.compsecon l ine .com/publ i ca t ions /prodc law.h tm
European national news
Mark Turner
Herbert Smith LLP, London, UK
Keywords:
Internet
ISP/Internet service provider
Software
Data protection
IT/Information
Technology
Communications
European law/Europe
0267-3649/$ e see front matter ª 2010 Herbedoi:10.1016/j.clsr.2010.08.001
a b s t r a c t
The regular article tracking developments at the national level in key European countries in
the area of IT and communications e co-ordinated by Herbert Smith LLP and contributed to
byfirms across Europe. This columnprovides a concise alerting service of important national
developments in key European countries. Part of its purpose is to compliment the Journal’s
feature articles and briefing notes by keeping readers abreast of what is currently happening
“on the ground” at a national level in implementing EU level legislation and international
conventions and treaties. Where an item of European National News is of particular signif-
icance, CLSR may also cover it in more detail in the current or a subsequent edition.
ª 2010 Herbert Smith LLP. Published by Elsevier Ltd. All rights reserved.
1. Belguim Belgian territory is insufficient to establish Yahoo!’s presence
1.1. Court of Appeal of Ghent finds that Yahoo!’swebmail is not an electronic communication service
On 30 June 2010, the Court of Appeal of Ghent overturned the
judgment of the Criminal Court of Dendermonde of 2 March
2009 in which Yahoo! Inc. was convicted for not cooperating
with a Belgian public prosecutor.
On the basis of the Belgian Criminal Procedure Code, the
public prosecutor had requested Yahoo! to disclose the IP
addresses of some registered users but Yahoo! had refused to
do so, as it believed that the prosecutor’s request did not
comply with the procedural requirements laid down in the
Treaty between Belgium and the USA on Mutual Legal Assis-
tance (‘MLAT’). However, the Criminal Court of Dendermonde
found that the prosecutor did not have to comply with the
MLAT Treaty as Yahoo! provides its webmail services on the
Belgian territory in a virtual way and that such virtual pres-
ence suffices for the Belgian Criminal Procedure Code to apply.
The Court also held that Yahoo!’s webmail can be qualified as
an electronic communication service and is thus subject to
the Belgian Criminal Procedure Code obliging all electronic
communication services providers to disclose any informa-
tion requested by the public prosecutor.
The Court of Appeal of Ghent, however, found that, first,
Yahoo!’s portal website being virtually accessible on the
rt Smith LLP. Published
in Belgium as a service provider and for the Belgian Criminal
Procedure Code to apply to it.
Second, the Court of Appeal found that Yahoo!’s webmail is
not an electronic communication service. The definition of the
term ‘electronic communication service’ involves a service
which consists wholly or mainly in the conveyance of signals
on electronic communications networks. The Court held that
Yahoo! itself did not provide any conveyance of signals and
that Yahoo’s webmail wasmerely an application that can only
be run via an internet service provider which conveys signals
over the internet.
Erik Valgaeren, Partner [email protected] and Nicolas
Roland, Associate [email protected], from the Brussels
office of Stibbe (Tel.: þ32 2 533 53 51).
2. Denmark
2.1. Thepiratebay.org e internet provider ordered toblock access to the website
The Supreme Court of Denmark has by a judgment of 27 May
2010 upheld the obligation for the internet provider Telenor to
block access to the website thepiratebay.org.
The case began in 2008 when the enforcement court pro-
hibitedTele2 (nowTelenor) fromfacilitating the infringements
by Elsevier Ltd. All rights reserved.
c om p u t e r l aw & s e c u r i t y r e v i ew 2 6 ( 2 0 1 0 ) 5 5 8e5 6 3 559
of copyrights taking place via thepiratebay.org. Thepir-
atebay.org is developed on a technology known as BitTorrent
which provides a user with the opportunity to download files,
often very large ones, from other users. The website searches
for torrents (links) to connect users so that they can share files.
The enforcement court ordered Tele2 to take all possible
measures to prevent access to the website for their users.
Tele2 filed a complaint to the High Court and claimed that the
prohibition did not contain sufficient clarity and that it was
disproportionate.
The High Court dismissed the complaint and Telenor
appealed toTheSupremeCourt. TheSupremeCourt stated that
the infringements of copyrights facilitated by thepiratebay.org
were extensive and the Supreme Court ruled that it was not
disproportionate that Telenor should pay the costs of the dns
blocking of thepiratebay.org. A prohibition was necessary
because the copyright owners otherwise were not adequately
protected.
The district court of Norway has by a judgment of 6
November 2009 in a similar case determined, that Telenor is
under no obligation to block the use of thepiratebay.org. The
court was of the opinion that infringements of copyrights are
unacceptable and that also participation must be prevented.
The court ruled in favour of Telenor because a prohibition to
block thepiratebay.org required amore clear legal basis which
according to the court, was not present in this lawsuit. The
CourtofAppealupheld the judgmentandthecopyright owners
decided not to appeal to the Supreme Court of Norway.
Thereby, the legal practices of Denmark and neighbouring
Norway regarding whether it is possible to order an internet
provider to block access to file sharing services are not
congruent. The judgment rendered by the Supreme Court of
Denmark will have far-reaching influence in the debate about
internet provider’s obligation to assist in reducing the prolif-
eration of illegal internet services.
Carsten Raasteen, Partner, [email protected] and Nina
Broen, Assistant Attorney, [email protected] from Kro-
mann Reumert, Copenhagen office, Denmark (Tel.:þ45 70 12 12 11).
3. France
3.1. Publication of a decree introducing a new offence ofgross negligence [negligence caracterisee] in thesupervision of access to an internet account
Nearly one year after the adoption of the Hadopi law, decree
no. 2010-695 dated 25 June 2010, now allows a maximum fine
ofV1500 to be imposed on internet account holders for “failing
to implement security measures to protect their internet
access” or “failing to exercise due care in the implementation
of the security measure” without a legitimate reason.
This decree which is central to the Hadopi system is
somewhat ambiguous as to the definition of “gross negli-
gence” and provides no details on how security measures are
to be installed by account holders. The stakes are high for
companies liable for the internet access used by their
employees in that the much-anticipated decree does not
identify the security tools they are obliged to set up. In fact, it
leaves the courts substantial room for manoeuvre and raises
more questions than it provides answers.
3.2. The French regulatory framework for onlinegambling and betting is now up and running
Following the dismissal by the French Conseil constitutionnel on
12 May 2010 of the appeal brought against the draft law lib-
eralising the online betting market, no.2010-476, three
implementing decrees adopted on 13 May 2010 have estab-
lished a regulatory framework for companies working in the
sector.
The French online gaming authority (ARJEL) which was
created under the new system has the power to issue licences
to gaming operators and to ensure the compliance of their
operations with the law. It also has a responsibility to fight
gambling addiction. ARJEL has already issued licences to 18
operators and notified 19 others to cease their illegal
operations.
In addition, the French audiovisual regulator (CSA) has set
new rules on advertisements for horse racing and sports
betting and poker websites and for all authorised gambling
services in France asking the companies concerned to adopt
a code of conduct with a view to limiting the volume of
advertising (resolution no.2010-23 of 18 May 2010 on adver-
tising). The resolution which is applicable until 31 January
2011 sets a range of criteria for the definition of television and
radio services and programmes aimed atminors duringwhich
this kind of advertising is prohibited.
3.3. The French Cour de Cassation takes note of the ECJjudgment on sponsored links
In four decisions handed down on 13 July 2010 (appeal nos. 06-
15.136, 05-14.331, 06-20.230 and 08-13.944), the commercial
chamber of the Cour de Cassation has issued its interpretation
of the ECJ judgment of 23 March 2010 in joined cases C-236/08,
C-237/08 and C-238/08. The French court held that referencing
service providers that store keywords and display commercial
messages are not infringing trade marks in that they are not
using them in the course of trade. The court also acknowl-
edged that these service providers could benefit from the
restrictions of liability set out in the E-Commerce Directive
provided that their conduct remained “merely technical,
automatic and passive”. However, the Cour de Cassation did
find that advertisers using trade marks as keywords were
infringing the mark’s function of identifying origin. The
court’s decision held no surprises, simply reiterating the ECJ’s
response to the preliminary questions in near identical terms.
3.4. Conclusion of a long-standing dispute overlimitation of liability clauses in IT contracts
On 29 June 2010, the commercial chamber of the French Cour
de Cassation issued a decision in a leading case on the condi-
tions for the validity of limitation of liability clauses. It upheld
the decision of the Court of Appeal that breaching a material
condition of the contract is not sufficient to void the limitation
of liability clause. According to the Cour de Cassation, the only
voided clause is that limiting the remedies that can be
c om p u t e r l aw & s e c u r i t y r e v i ew 2 6 ( 2 0 1 0 ) 5 5 8e5 6 3560
exercised, where it contradicts the seriousness of thematerial
obligation assumed by the party in breach. It further held that
simply breaching a contractual obligation does not constitute
gross misconduct which must be assessed based on the
significance of the breach.
Following on from the Chronopost affair, this decision
should resolve a number of pending questions on the scope of
clauses limiting the damages that can be claimed for
contractual breach.
3.5. Failing to include terms in a Google AdWordsnegative keywords list can constitute an infringement
On 19 May 2010, the Paris Court of Appeal ruled that an
advertiser that had failed to include terms corresponding to
the trade names and domain names of its competitor in its
Google negative keywords list had committed an offence for
which it could be held liable. This judgment provides a vital
clarification of the rules to be followed by the users of online
referencing services which are fast becoming something of an
art for advertisers.
3.6. Online search engine patent revoked
On 19 March 2010, the Paris TGI revoked a patent for a search
engine on the grounds that the process used did not constitute
a patentable invention. Given that the description of the
process only stated the aim of the tool and did not specify the
technical processes involved or the technical characteristics of
the search engine itself, the invention could not be patented.
Alexandra Neri, Partner, [email protected] and
Julien Taieb, Associate, [email protected], from the
Paris Office of Herbert Smith LLP (Tel.: þ33 1 53 57 70 70).
4. Germany
4.1. International jurisdiction of German courts andviolation of personal rights on the internet
In a Federal Court of Justice decision last March, the principles
governing the international jurisdiction of German courts in
matters concerning the violation of personal rights on the
internet were more precisely defined and considerably
extended. This particular case concerned an English-language
article that had been published in the “Metropolitan Desk”,
the local news section of the online New York Times.
For tort actions relating to the violation of personal rights,
the competent court under both European and German law is
the court in whose district the tort was committed (locus
delicti). In the case at hand, the courts of first and second
instance had found that the locus delicti was not in Germany,
and thus the German courts do not have jurisdiction since the
article could only be accessed in the local news section of the
New York Times and was consequently not aimed at internet
users in Germany as its target or intended audience.
The Federal Court of Justice has now ruled otherwise,
holding that for German courts to have international juris-
diction it suffices if the content allegedly in violation of
personal rights objectively has clear domestic relevance. Since
people in Germany are then likely to become aware of such
content. In this specific case, the article had identified the
plaintiff living in Germany, the plaintiff’s company, which
was likewise mentioned, was located in Germany and the
author of the offending newspaper article referred to the
investigations conducted by the German authorities. This by
itself sufficed for the Federal Court of Justice to presume that
the requisite conflict of interests was in Germany and thus
German courts had jurisdiction.
In practice, this means that German courts of first and
second instance will be more likely to accept their interna-
tional jurisdiction in cases where personal rights are violated
on foreign-language web pages which, while not directly
aimed at the German public, nonetheless concern events in
Germany. On the other hand, this Federal Court of Justice
decision is not likely to be extrapolated to other areas, such as
intellectual property rights infringements on the internet.
Dr. StefanWeidert, LL.M, Partner, [email protected],
from the Berlin office of Gleiss Lutz, Germany (Tel.:þ49 308009790).
5. Italy
5.1. Italy implemented Directive 2007/65/EC
On 29 March 2010, Legislative Decree No. 44 dated 15 March
2010 (the “Decree”), implementing Directive 2007/65/EC on
television broadcasting activities (amending the Directive 89/
552/EEC, so called “Audiovisual Media Services Directive”,
recently repealed by Directive 2010/13/EU), was published in
the Italian Official Gazette. The iter for the approval of the
Decree raised many discussions and much criticism, partic-
ularly regarding the scope of the Decree’s application and
related issue of a possible editorial responsibility of ISPs. The
Decree, inter alia, (i) amends Legislative Decree No. 177 of 2005
(the “Radio Television Act”, now renamed “Audiovisual and
Radio Media Services Act”); (ii) provides for a definition of
audiovisual media services including, in particular, both the
"television broadcast” (i.e. a linear audiovisual media service)
and “on-demand audiovisual media service” (i.e. a non-linear
audiovisual media service). In compliance with the Recitals of
Directive 2007/65/EC, services which are primarily non-
economic and which are not in competition with television
broadcasting, such as private websites and services consisting
of the provision or distribution of audiovisual content gener-
ated by private users for the purposes of sharing and exchange
within communities of interest, online games and search
engines, websites that contain audiovisual elements only in
an ancillary manner, as well as any form of private corre-
spondence, are expressly excluded from this definition. Also,
natural or legal persons whomerely transmit programmes for
which the editorial responsibility lies with third parties, are
expressly excluded from the definition of media service
provider; (iii) requires a prior authorisation for providers of on-
demand audiovisual media services. For these purposes,
providers shall submit a notice of business commencement to
the competent authority; (iv) strengthens copyright and
minors protection. In addition, the Decree e in compliance
c om p u t e r l aw & s e c u r i t y r e v i ew 2 6 ( 2 0 1 0 ) 5 5 8e5 6 3 561
with the provisions of Directive 2007/65/EC e sets forth
a number of rules governing audiovisual commercial
communication, television advertising and the limitation
thereof, sponsorship and product placement. In particular,
the Decree expressly rules that product placement e as
derogation to the relevant general prohibition e is admissible,
subject to certain requirements, in cinematographic works,
films and series made for audiovisual media services, sports
programmes and light entertainment programmes, with the
exclusion of children’s programmes. Viewers shall be clearly
informed of the existence of product placement by means of
proper warnings at the start and the end of the programme
and when a programme resumes after an advertising break.
Product placement of tobacco products or cigarettes or
product placement from undertakings whose principal
activity is the manufacture or sale of cigarettes and other
tobacco products, as well as of specific medicinal products or
medical treatments available only on prescription, is
expressly prohibited. (http://www.camera.it/parlam/leggi/
deleghe/testi/10044dl.htm)
Salvatore Orlando, Partner, [email protected] and
Stefano Bartoli, Associate, [email protected] from
the Rome office of Macchi di Cellere Gangemi (Tel.: þ39 06 362141).
6. The Netherlands
6.1. Court allows Ziggo to continue providing access tothe pirate bay
On 19 July 2010, the District Court of The Hague ruled in
interlocutory proceedings that telecommunications provider
Ziggo does not have to deny its subscribers access to the
download website The Pirate Bay.
Stichting BREIN, a foundation which focuses on the legal
enforcement of intellectual property rights and combating
online piracy in the music, film and gaming industry, claimed
that Ziggo should be ordered to block access of its subscribers
to The Pirate Bay website. Stichting BREIN based its claim on
the argument that Ziggo, being an Internet Service Provider
(“ISP”), serves as an intermediary whose services are used by
third parties e namely, the subscribers of Ziggo e to infringe
intellectual property rights.
The District Court held in principle that it is possible to
bring an action against an ISP for services provided by the ISP
which are used by subscribers to infringe an intellectual
property right. However, the District Court stated that a cease-
and-desist-order can only apply to those subscribers of Ziggo
who indeed infringe intellectual property rights. Stichting
BREIN’s claim related to all subscribers of Ziggo. The District
Court ruled that such a far-reaching claim cannot be upheld
since the alleged infringements cannot be attributed to all
customers of Ziggo.
This judgment can be considered a setback for Stichting
BREIN in its legal campaign against the download website The
Pirate Bay. On 16 June 2010, the District Court of Amsterdam
ruled that The Pirate Bay should cease all its activities in The
Netherlands subject to of a penalty of EUR 50,000 per day.
However, The Pirate Bay refused to acquiesce in the ruling,
which made Stichting BREIN instigate a test case against
telecommunications provider Ziggo in order to ensure
a complete blockade of The Pirate Bay. Since this action could
create a precedent for all Dutch ISP’s, Xs4all joined in the
proceedings at the side of Ziggo as co-defendant.
The digital civil rights organisation “Bits of Freedom”
stated in a comment to the ruling in interlocutory proceedings
of the District Court of The Hague that it fears that Stichting
BREIN will now shift its focus to individual users. Stichting
BREIN indeed indicated that it will not rule out possible legal
proceedings against individuals. Apart from this, Stichting
BREIN announced that it will appeal against the decision of
the District Court.
The ruling of 19 July 2010 can be found at (Dutch only):
http://zoeken.rechtspraak.nl/resultpage.aspx?
snelzoeken¼true&searchtype¼ljn&ljn¼BN1445&u_ljn¼BN1445
The ruling of 16 June 2010 can be found at (Dutch only):
http://zoeken.rechtspraak.nl/resultpage.aspx?
snelzoeken¼true&searchtype¼ljn&ljn¼BN1626&u_ljn¼BN1626
Reinout Rinzema, Partner, [email protected] and
Rembrandt Brouwer, Associate, [email protected]
from the Amsterdam Office of Stibbe, The Netherlands (Tel.: þ31
20 546 01 12).
7. Norway
7.1. “Delete me” e a status update
In this year’s May edition of CLSR (Volume 26, Issue 3), we
wrote about a new service from the Norwegian Data Inspec-
torate called “delete me” that provides practical advice and
guidance to individuals whose privacy has been violated
online. Following the recent publication by the Inspectorate of
a report about the use of the service, we would like to follow-
up with some statistical data from the service’s first three
months of operation.
The said status report shows that there has been a great
influx of people who have wanted help. On the “top three” list
of complaints, Facebook is on top with 440 of a total of 1258
enquiries. The majority of these enquiries relate to issues
such as the deletion or regaining of access to user profiles,
deletion of false profiles and removal of unwanted pictures
and defamatory content.
In second place are the various Norwegian journalistic
mediums. Seventy nine individuals have sought help to
prevent old articles from appearing via online search engines
and to remove comments and contributions they have previ-
ously posted, as well as sensitive personal data that appears in
news articles.
Google is number three with 72 enquiries, concerning
issues like how to avoid certain search results from appearing
when searching for individuals, and how to remove search
results that show incorrect information, personal data or refer
to deleted websites.
As millions of Norwegians are members of online
communities, it is not surprising that 440 enquiries concerned
an online community. More surprising, the Inspectorate says,
is the fact that the Norwegian press come in second on the
c om p u t e r l aw & s e c u r i t y r e v i ew 2 6 ( 2 0 1 0 ) 5 5 8e5 6 3562
Inspectorate’s complaint list, before online giants like Google.
According to the Inspectorate, the explanation may be that
search engines prevent news articles from being outdated,
and that readers share information to a greater extent than
before.
Haakon Opperud, Partner, [email protected] and Stein-Erik
Jahr Dahl, Associate, [email protected], Thommessen Krefting
Greve Lund AS, Norway (Tel.: þ47 23 11 14 94).
8. Spain
No contribution for this issue.
Jorge Llevat, Partner, [email protected], Albert
Agustinoy, Senior Associate, [email protected] and
Daniel Urban, Associate, [email protected] from
Cuatrecasas, Goncalves Pereira, Spain (Tel.: þ34 93 2905585).
9. Sweden
9.1. The data Inspection Board clarifies responsibility forpersonal data published on Facebook and blogs
The Data Inspector Board (“DIB”) recently published results
from a project in which the DIB has examinedmunicipalities’,
authorities’ and companies’ (“Organisations”) use of social
media. The conclusions include that Organisations have
a responsibility for personal data processed on the social
media used, such as Facebook and blogs (“Websites”). The
responsibility includes data published by the Organisation but
also data published by others, and routines must be in place
for removal of personal data that may entail a violation of
a person’s integrity.
The DIB clarifies that since the Organisations operate the
websites and thus decide the purpose of the websites and are
able to erase information, the Organisations shall also be
responsible for all personal data, even such published by
others. Regarding Twitter the Organisations’ responsibility
includes own posts, but not such comments as “followers”
may leave.
The DIB advises Organisations, inter alia, to have clear
policies and intern routines regarding the Websites purpose
and use, to avoid that personal data thatmay entail a violation
of a person’s integrity is being processed.
9.2. A preliminary ruling in the first Swedish IPREDcase?
The first Swedish IPRED case has reached the Supreme Court.
The Supreme Court has prepared a draft for a request of
preliminary ruling by the European Court of Justice. However,
before such request may be referred, the parties to the case
shall comment on the draft, as well as on the necessity of
a preliminary ruling.
Briefly, the main issue is whether the Data Retention
Directive (EC/2006/24) (“Directive”) prevents an application of
a national provision built on the IPRED Directive (EC/2004/48),
as well as the implication of Sweden’s omission to implement
the Directive in time.
Bjorn Gustavsson, Partner, [email protected], and
Mikael Satama Granberg, Associate, Mikael.Satama-Granberg@
vinge.se from Advokatfirman Vinge KB, Sweden (Tel.: þ46 8 614
30 00).
10. UK
10.1. Ofcom consults on draft code on ISPs’ initialobligations under the Digital Economy Act
Ofcom, the UK communications regulator, has recently con-
sulted on a draft code of practice to underpin the initial obli-
gations imposed on internet service providers (ISPs) by the
Digital Economy Act 2010 (DEA) to reduce online copyright
infringement.
The DEA requires ISPs to notify their subscribers if their IP
addresses are reported by copyright owners as being used to
infringe copyright. Any such copyright infringement reports
delivered by copyright owners must contain evidence that the
subscriber has engaged in copyright infringement of some
kind. The DEA also requires ISPs to provide copyright owners
with copyright infringement lists of subscribers that have
triggered infringement reports exceeding a certain threshold
(on an anonymous basis). These lists are intended to assist
copyright owners in identifying serial offenders and in taking
further action once a court order is obtained against a partic-
ular subscriber.
The draft code sets out the detail of how this scheme will
work, including how andwhen ISPs need to send notifications
to their subscribers, and the content of such notifications.
Having considered three options for notification and escala-
tion procedures (by volume of infringement reports received,
by behaviour of subscribers over time, and by the cost of
copyright infringements), Ofcom has proposed an approach
based on subscriber behaviour. Broadly, the first notification
will be triggered by the first infringement report received
relating to a subscriber, and subsequent notifications will be
sent for each infringement report received at least a month
following the previous infringement report. A subscriber may
then be included on an infringement list where that
subscriber has received three notifications within a year and
where the copyright owner requesting the list has sent at least
one of those infringement reports.
The draft code proposes to establish an independent,
robust subscriber appeals mechanism for subscribers that
believe they have incorrectly received a notification and
anticipates arrangements for enforcement, dealing with
industry disputes and information gathering.
The obligations imposed on ISPs under the DEA are stated
to apply to all ISPs except those demonstrating a very low level
of online copyright infringement. Ofcom does not currently
have any infringement report data on which to set an
infringement report-based threshold for qualifying ISPs and
has instead proposed that the draft code will only initially
apply to fixed-line ISPs with over 400,000 subscribers,
comprising the UK’s 7 largest ISPs: BT, TalkTalk, Virgin Media,
c om p u t e r l aw & s e c u r i t y r e v i ew 2 6 ( 2 0 1 0 ) 5 5 8e5 6 3 563
Sky, Orange, O2 and the Post Office, together providing
internet access to 96% of the UK market. Ofcom intends to
review evidence of online copyright infringement and may
extend the application of the code if appropriate.
The provisions of the DEA and, in particular, the require-
ments that specified ISPs notify their subscribers if they
trigger copyright infringement, have been the subject of
industry criticism and BT and TalkTalk, two of the largest ISPs
in the UK, have requested a judicial review of the new legis-
lation, claiming that the DEA unfairly targets larger ISPs to
bear a disproportionate administrative burden and may
prompt consumers to move to unregulated ISPs in order to
avoid detection.
The consultation on the draft code closed on 30 July 2010
and was the first in a series of three consultations Ofcom
intends to issue this year in relation the DEA (subsequent
consultations will cover enforcement of the code and cost
sharing).
10.2. UK Information Commissioner publishes code ofpractice on online privacy
The code of practice has been issued by the UK Information
Commissioner’s Office (ICO) under section 51 of the Data
Protection Act 1998 (DPA), which requires the promotion of
good practice in complying with the requirements of the DPA.
The code is intended to give practical guidance to assist
organisations in developing their own compliance strategies
and is aimed at organisations of all sizes processing personal
information online, from ISPs to small businesses trading
online.
Following responses received to the earlier consultation on
code of practice, the ICO has implemented several revisions to
the code prior to final publication, including to clarify the
relationship between the code and the DPA, to confirm the
ICO’s view that in many cases IP addresses will constitute
personal data, and to more clearly explain online advertising
andmarketing processes following consultationwith industry
experts.
The publication of the code of practice follows a request
issued by the European Commission in June that the UK
government complies with the provisions of the Data Protec-
tion Directive (96/45/EC). The request took the form of
a reasoned opinion (the second stage of EU infringement
procedures) in which the Commission raised criticisms that
the directive had not been fully implemented into UK law by
the DPA as applied by UK courts. The Commission also asked
that the powers of the Information Commissioner’s Office be
increased. The UK government has been given two months to
respond to these issues and report back to the Commission on
the measures it has taken to ensure full compliance with the
directive.
10.3. BSkyB vs. EDS update: EDS abandons appeal
On 7 June 2010, EDS (now part of Hewlett Packard) concluded
its long-running dispute with BSkyB by agreeing the quantum
of BSkyB’s claims at £318 million and dropping its attempt to
appeal against the judgment handed down in January of this
year.
The case arose out of BSkyB’s project to create a new
customer relationship management system. EDS had been
appointed in 2000 to design and build the new CRM system,
but the project was beset with problems from the outset and
EDS was eventually removed. BSkyB subsequently completed
the project in-house, but at a significantly higher cost and
following a substantial delay.
BSkyB alleged that a key employee of EDS had deliberately
lied about the work done in preparing the bid in order to
secure the contract. In 2004, BSkyB commenced High Court
proceedings against EDS for fraudulent misrepresentation,
negligence and breach of contract. The case came to trial in
October 2007 and, following a hearing that lasted 9months,Mr
Justice Ramsey handed down his long awaited decision in
January 2010. He found that EDS had deceived BSkyB to secure
the contract.
Whilst the settlement of the quantum of BSkyB’s claims
and EDS’ decision to abandon its appeal concludes the final
chapter of this long-running dispute, the judgment will
remain a potent reminder to both suppliers and customers in
large IT and outsourcing projects to review their bidding and
contracting practices and processes to ensure they comply
with best practice.
Mark Turner, CLSR Professional Board, Partner, mark.turner@
herbertsmith.com and Tony Lai, Associate, tony.lai@herbertsmith.
com from the London Office of Herbert Smith LLP (Tel.: þ44 20
7374 8000)