ava i lab le a t www.sc iencedi rec t .com

www.compsecon l ine .com/publ i ca t i ons /prodc law.h tm

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 2 8 – 3 2

European national news

The regular article tracking developments at the national levelin key European countries in the area of IT andcommunications – Co-ordinated by Herbert Smith LLP andcontributed to by firms across Europe

Mark Turner, Dominic Callaghan

Herbert Smith LLP, London, United Kingdom

a b s t r a c t

This column provides a concise alerting service of important national developments in key

European countries. Part of its purpose is to compliment the Journal’s feature articles and

Briefing Notes by keeping readers abreast of what is currently happening ‘‘on the ground’’

at a national level in implementing EU level legislation and international conventions and

treaties. Where an item of European National News is of particular significance, CLSR may

also cover it in more detail in the current or a subsequent edition.

ª 2007 Herbert Smith LLP. Published by Elsevier Ltd. All rights reserved.

1. Belgium

1.1. Court of appeal rules on the scope of database rights

In a recently published judgment of 5 June 2007, the Court of

Appeal of Brussels ruled that a map containing a tourist route

through the city centre of Brussels and its accompanying text

is not protected under the Belgian Act of 31 August 1998 relat-

ing to the Legal Protection of Databases. The Act implements

European Database Directive 96/9/EC of 11 March 1996.

Under the Act, a database is a ‘‘collection of independent

works, data or other materials arranged in a systematic or me-

thodical way and individually accessible by electronic or other

means’’. The court explained that in the present case, the col-

lection could not be qualified as a database for several

reasons.

First, the court found that even though a geographical

route that passes by a number of tourist attractions and

its accompanying text might be qualified as a ‘‘collection

of data’’ (since the collected data were systematically orga-

0267-3649/$ – see front matter ª 2007 Herbert Smith LLP. Publisheddoi:10.1016/j.clsr.2007.11.010

nized), the data were not collected in a way that they could

be consulted ‘‘as such’’. For a potential user of the data, the

collected data were only represented and accessible as

a common piece of writing. In addition, the court stated

that the collection could not be qualified as a database since

the collection did not provide a ‘technical entry key’, like

a table of contents, to enable access to individual items of

data in the collection.

The court also stated that the creation of a database re-

quires a substantial qualitative or quantitative investment in

human, financial or technical means. The Court referred to

the ‘William Hill’ judgments of the European Court of Justice,

which stated that the necessary substantial investment has to

be at one of the following levels: obtaining, verification or pre-

sentation of the contents of a database. This was however not

the case on the facts before the Belgian Court of Appeal.

Erik Valgaeren, Partner, erik.valgaeren@stibbe.com and Lien Ceule-

mans, Associate, lien.ceulemans@stibbe.com from the Brussels of-

fice of Stibbe (Tel.: þ32 2 533 53 51).

by Elsevier Ltd. All rights reserved.

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 2 8 – 3 2 29

2. Denmark

2.1. Assignment of software licences in connectionwith outsourcing

The question of whether a software supplier is entitled to de-

mand the purchase of a new licence or the payment of a signif-

icant outsourcing-fee in connection with the customer’s

outsourcing of operations often arises in practice.

The defendant had entered into a licence agreement (the

‘‘Agreement’’) with the plaintiff regarding use by the defen-

dant of a reporting and calculation program related to cus-

toms clearance. According to the Agreement the right of use

could only be assigned to a third party with the prior consent

of the plaintiff. The defendant was only allowed to use the

program, at the defendant’s offices. The defendant decided

to outsource its customs clearance work to a third party out-

sourcing supplier. When the plaintiff became aware of the

outsourcing supplier’s use of the program the plaintiff submit-

ted a claim for compensation against the defendant.

The plaintiff argued that a specific prohibition against out-

sourcing was not required as outsourcing was already pro-

hibited by the non-assignment provision of the Agreement.

Further, the plaintiff argued that the assignment was a viola-

tion of the rules regarding distribution and reproduction in the

Danish Act on Copyright (the ‘‘Act’’).

The defendant stated that the program was used solely for

the defendant’s business and that the independent supplier

only acted on behalf of the defendant.

The Danish High Court recently ruled that a transfer to a third

party would require the plaintiff’s consent and furthermore accep-

tance by the third party outsourcing supplier of the licence terms.

The Court agreed that outsourcing had not been directly

addressed in the Agreement, but since an installation of the

software with one of the defendant’s subsidiaries at a different

location than the defendant’s, would, in accordance with the

agreement, not be allowed, a prohibition against outsourcing

was implied.

On this basis, the court found that outsourcing of activities

to a different legal person including installation of the soft-

ware at a new address, could not take place without consent

from the plaintiff. If consent was not obtained it would also

breach the ‘‘Act’’.

(NB this ruling overturns the earlier decision in Scan Soft

ApS v. Sony Nordic A/S BS 8-260/2006 which was reported in

EU National News, CLSR, Vol. 22, No. 6.)

Carsten Raasteen, Partner, cr@kromannreumert.com and Daniel

Herman Roejtburg, Assistant Attorney, drb@kromannreumert.com

from Kromann Reumert, Copenhagen office, Denmark (Tel.: þ45 70

12 12 11).

3. France

3.1. Enforceability of limitation of liability clausesin IT contracts

The Cour de Cassation (French Supreme Court) recently handed

down an important decision relating to the obligations of IT

providers. The case between Oracle and one of its clients in-

volved a complex set of IT agreements composed of four inde-

pendent contracts: a software licence agreement, a software

maintenance agreement, an implementation agreement and

a training agreement.

Oracle failed to deliver the licenced software on time and

the client filed a claim to terminate the licence agreement,

the three other agreements and to be awarded damages.

These claims raised two issues:

1. Whether termination of the licence agreement would entail

the termination of the three other agreements, even though

all agreements were executed separately and none of them

contained any clause stating that they had been concluded

in consideration of one another.

2. Whether Oracle could benefit from the limitation of liability

clause inserted in the agreements to limit the damages to

be paid to its client.

On the first issue, the Cour de Cassation found that the soft-

ware licence agreement and the three other agreements were

all part of the same project, and were meaningless when

taken individually. As a consequence, they amounted to an in-

divisible whole, and termination of the licence agreement

caused the termination of the three other agreements as well.

On the second issue, the Cour de Cassation found that Ora-

cle’s promise to deliver the software was a fundamental obli-

gation which caused the client to enter into these agreements.

As a consequence, the Cour de Cassation found that in this case

the limitation of liability clause was attempting to limit Ora-

cle’s liability for performing its fundamental obligation.

Breach of a fundamental obligation deprives the agreement

of its purpose and thus the limitation of liability clause was

not enforceable.

Decision (in French) available on http://www.legifrance.gouv.fr.

Alexandra Neri, Partner, alexandra.neri@herbertsmith.com and

Matthieu Melin, Associate, matthieu.melin@herbertsmith.com

from the Paris Office of Herbert Smith LLP (Tel.: þ33 1 53 57 70 70).

4. Germany

4.1. New data retention laws create uncertaintyfor IP owners

In early November, the data retention bill passed the German

Federal Parliament (implementing EC directive 2006/24/EC). It

comes into force on 1 January 2008.

According to the new legislation, telecommunications and

Internet service providers are obligated to retain traffic data

on each subscriber for a period of six months. In case of phone

calls this includes the date, time, length, and the number

called, as well as the location of the phone, the IMSI code and

the SMS connection data if it is mobile phones. With respect

to Internet use, the IP address, date, time, length of the connec-

tion, the e-mail addresses involved and the header of each e-

mail are to be stored. The content of the communications is

not stored. Therefore, the new data retention law overrides re-

cent jurisprudence prohibiting the storage of any customer

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 2 8 – 3 230

data other than data required for invoicing purposes. The Ger-

man law also goes beyond European obligations as retention

requirements are also applied to anonymization services and

anonymous e-mail accounts are to be banned completely.

Under the new law, public authorities can only access traffic

data for the investigation of substantial offences, the investiga-

tion of any offence committed by the use of telecommunica-

tions’ networks and for the prevention of any danger to

public safety. Secret services also have direct access to the data.

The new data retention law does not provide for access to

data in civil proceedings. In this respect the new data reten-

tion law is said to weaken the new draft law of the German

government on the enforcement of intellectual property

rights. In cases of violation of intellectual property rights by

Internet users, the draft law provides for a civil claim by copy-

right holders against service providers for disclosure of all rel-

evant information. However, this claim will be rendered

ineffective, if service providers are only allowed to transfer

customer data to national authorities. The only option will

be to file a civil claim for disclosure with the court, which

then might order the transmission of the required data.

Under the present law, copyright holders are obliged to file

a complaint with the public prosecutor, who in turn acquires

the relevant data for investigational purposes. Subsequently,

the copyright holder may access the criminal records and

use the information in a civil proceeding for damages. How-

ever, this time-consuming procedure often failed because of

the service provider’s obligation to delete the traffic data. A

German regional court also recently ruled that under the pres-

ent law, even if there is a strong suspicion of a violation of in-

tellectual rights, notice of that suspicion given by copyright

holders to service providers only allows them to store data,

but does not oblige them to do so.

For further information see: http://www.bmj.bund.de.

Dr. Ann Marie Welker, ann-marie.welker@gleisslutz.com from the

Frankfurt Office of Gleiss Lutz (Tel.: þ49 69 955 140).

5. Italy

5.1. Users have the right to return preinstalled softwareand to obtain a refund

A Judge of first instance (Giudice di Pace) of the Tribunal of

Florence, by decision no. 5384 published on 28 September

2007, ordered Hewlett Packard Italiana S.r.l. (HPI) to reimburse

an Italian consumer for the price of two Microsoft programs

(Windows XP and Works 8), preinstalled on hardware the

user had purchased from HPI. The order was subject to the

consumer returning the software to HPI.

The consumer argued that he had no interest in purchasing

the software as he was only interested in purchasing the hard-

ware. HPI requested the Judge to reject the claim and offered

to reimburse the entire purchase price paid by the plaintiff

subject to the return of both the hardware and the software.

The decision was based on the following arguments:

(a) the software licence agreement was apparently prepared

unilaterally by Microsoft (i.e. a ‘‘EULA’’, End User Licence

Agreement) despite the fact that the licence was intended

to govern the relationship between the user and the hard-

ware’s producer (Hewlett Packard);

(b) the user was not able to see the specific terms and condi-

tions of the software licence agreement, before the pur-

chase of the software, while HPI was certainly aware of

the licence terms;

(c) Hewlett Packard installed the software on the hardware

and put on sale a final product consisting of both the soft-

ware and the hardware;

(d) the software licence agreement provided that, if the user did

not accept the terms and conditions of the software licence

agreement, the user should contact the producer of the

hardware (Hewlett Packard) in order to obtain information

about the return of the software and reimbursement; and

(e) the non-severability between the software and the hard-

ware was not based on technical grounds, but – as admit-

ted by HPI – on commercial reasons only.

http://www.ictlex.net/index.php/2007/10/25/giudice-di-pace-

di-firenze-sent-538407/.

Salvatore Orlando, Partner, s.orlando@macchi-gangemi.com and Ste-

fano Bartoli, Senior Associate, s.bartoli@macchi-gangemi.com from

the Rome office of Macchi di Cellere Gangemi (Tel.: þ39 06 362141).

6. The Netherlands

6.1. The theft of a few ‘bits’ of virtual furniture

The digital investigation section of the Amsterdam police de-

partment arrested a teenager on 13 November 2007 on the sus-

picion of virtual theft. The alleged crime was the theft of

virtual furniture valued at 4000 Euros in the ‘Habbo Hotel’,

a popular virtual hangout for teenagers on the Internet

(www.habbo.com).

Habbo is active in 29 countries and has approximately

seven million users. In the Habbo Hotel people can create their

own virtual character, inhabit a room and furnish it. This vir-

tual furniture can be purchased with special Habbo-credits.

Habbo-credits can only be bought with real world money.

The defendant is alleged to have hacked into the accounts

of Habbo-users and once inside moved the furniture into their

own rooms. The defendant was charged with theft and com-

puter intrusion.

Link (in Dutch): http://www.bndestem.nl/binnenland/

2162679/Bredase-tieners-verdacht-vanvirtuele-diefstal.ece.

6.2. Placing of a link is not distribution, or is it?

In a decision dated 30 October 2007, the District Court of Rotter-

dam answered the question whether or not placing a link in an

article published on the Internet should be considered to be dis-

tribution, pursuant to article 132 of the Dutch Penal Code (DPC).

Article 132 of the DPC forbids the distribution of ‘‘inciting’’ pub-

lications.Thecourt considered that itcouldnothavebeenthein-

tention of the legislator that the mere placement of a link should

fall within the scope of this article. That would mean that all

search engines, would fall within the scope of article 132 as

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 2 8 – 3 2 31

search terms automatically produce links. In this case, however,

wherethelinks (linkingto inciting Islamic publications) werede-

liberately placed in over 60 articles the defendant published in

approximately three months, the court ruled that the placing

of these links should be regarded as distribution in the sense

of the DPC and sentenced her to one month imprisonment.

Link (in Dutch only): http://www.delex.nl/jurispruden

tie.aspx?alias¼BB7174.

Robert Boekhorst, Associate, robert.boekhorst@stibbe.com and

Rembrandt Brouwer, Associate, rembrandt.brouwer@stibbe.com

from the Amsterdam Office of Stibbe (Tel.: þ31 20 546 01 12).

7. Norway

7.1. Greater public access to tax records

Each year the Tax Records of all registered taxpayers are made

available to the general public by the Norwegian Tax Assess-

ment Authority. The Tax Records contain personal informa-

tion such as addresses, dates of birth (Business Register

Number for companies), net assets and net income as well

as the amount of tax paid. The general public can access the

Tax Records either online or at the local tax office, but only

for a limited period of three weeks every autumn. The Tax Re-

cord is not available in its entirety after this period, but indi-

vidual tax details can still be acquired upon request from

the local tax office subject to certain additional restrictions.

The electronic online access is subject to specific restrictions

to prevent abuse. When searching the Tax Records, the person

in question must inter alia be identified and one can only search

for information about one person at a time. Recently, in August

2007, an exception entered into force, according to which the

press can order an electronic version of the Tax Records and

use it for journalistic purposes. This amendment was enacted

because the Government wanted to strengthen the critical de-

bate concerning the national tax system. This has resulted in

a media frenzy with newspapers, websites and TV channels us-

ing headlines such as ‘‘The 5 richest footballers in Norway’’,

‘‘How much does your neighbour/boss earn – search here to

find out more!’’. To what extent Tax Records should be public

is a highly disputed issue. The Norwegian Data Inspectorate

has expressed its concern, and argues that the possibility of us-

ing information – which taxpayers are obliged to give the au-

thorities – for entertainment, mass publication, sale and alike

violates fundamental principles of privacy.

Stein-Erik Jahr Dahl, Associate, sjd@thommessen.no: Thommessen

Krefting Greve Lund AS (Tel.: þ47 23 11 14 94).

8. Spain

8.1. Court rules on monitoring employee’s computer usage

In a recent judgment, the Spanish Supreme Court clarified the

limits and conditions that companies should respect when in-

vestigating e-mails and their employees’ use of the Internet.

Such investigations are arguably crucial in order to monitor

companies’ productivity, to maintain order and to investigate

breaches of confidentiality.

According to the judgment, when companies allow their

employees to use computers for personal purposes, any in-

spection may harm their right to privacy and the secrecy of

communications. The court clarified that companies must re-

spect certain restrictions in order for the investigation to be

considered fair.

Under the Spanish Workers Statute, companies are

allowed to establish any means of control, which they con-

sider appropriate, to verify how employees fulfill their duties.

Companies are only limited by the obligation to respect their

employees’ dignity.

The Supreme Court recognized the right for companies to

investigate their employees’ use of computers, as it is the

only way to coordinate tasks, to continue working when an

employee is absent, and to warrant the security of the IT sys-

tem. According to the Supreme Court, companies do not cur-

rently need to justify every inspection.

Nevertheless, this right is not unlimited. The Supreme

Court underlined the need for companies to maintain good la-

bor relations, to respect their employees’ dignity, and take

steps to prevent employees from mistakenly believing that

nobody could read their e-mail or check their Internet usage.

Consequently, according to the judgment, companies have

to clearly instruct their employees on the rules for using com-

puters. They must inform them that the company controls

their computer, of the means used to perform inspections, and

the purposes for which employees should not use their computer.

Additionally, the investigation should only be (i) made for

a fair purpose, (ii) not go beyond the fair purpose, and (iii) be

limited in scope to the minimum possible.

Finally, to resolve some practical issues, the judgment

states that inspections may be carried out at any moment

(not only during working hours) and that the presence of the

employee concerned or of an eyewitness is not required.

Javier Aparicio Salom, Partner, Intellectual Property and Data Pro-

tection Department Cuatrecasas, Madrid javier.aparicio@cuatreca

sas.com (Tel.: þ34 915 247 100).

9. Sweden

9.1. Far-reaching proposal on mandatory data retentionfor operators

On 7 November 2007, the Swedish Ministry of Justice pre-

sented a proposal for new legislation regarding retention of

traffic data. Pursuant to the proposal, operators shall be

obliged to retain certain traffic data for investigation, detection

and prosecution of serious crime. Operators shall be obliged to

disclose the traffic data to public authorities combating crime.

The proposed legislation shall apply to traffic data that is

generated or handled in connection with a communication

by fixed, mobile or Internet telephony, Internet access or e-

mail. The traffic data to be retained shall identity communi-

cating parties, the time and place of the communication and

the type of equipment that is used for the communication.

The retention requirement shall however not apply to the

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 2 8 – 3 232

actual content of the communication. Pursuant to the pro-

posal, the traffic data shall be retained for one year from the

date of the communication. The new legislation is proposed

to come into force on 1 January 2009.

For further information, please refer to http://www.reger

ingen.se/sb/d/108/a/91521 (in Swedish).

9.2. A more effective Electronic Communications Act

The Swedish Government has presented a proposal to amend

the Electronic Communications Act (ECA) in order to achieve

more efficient judicial proceedings.

For this purpose, the Government proposes to limit the

number of appeals so that the Administrative Court of Appeal

will be the court of final appeal. Opportunities to cite new cir-

cumstances and evidence in the courts will be limited and the

scope for ordering a stay of enforcement in decisions under

the ECA will also be reduced.

The amended legislation is proposed to come into force on

1 January 2008.

For further information, please refer to http://www.reger

ingen.se/sb/d/108/a/89754.

Bjorn Gustavsson, Partner, bjorn.gustavsson@vinge.se and Eva

Fredrikson, Associate, eva.fredrikson@vinge.se from Advokatfir-

man Vinge KB (Tel.: þ46 8 614 30 00).

10. United Kingdom

10.1. House of Lords confirm UK credit card protectionapplies to overseas purchases

Credit cards are the dominant payment method on the Inter-

net and many UK consumers buy from both UK and overseas

websites. Difficulties can arise however if the goods fail to be

delivered or are faulty. Typically credit card contracts only

give the cardholder the right to recover from the card issuer

if there has been an unauthorised transaction. The level of

additional statutory protection offered to cardholders when

problems arise with authorised transactions is therefore an

important factor in the future growth of e-Commerce in

the UK.

Due to s75 of the UK Consumer Credit Act 1975 if a card-

holder who is a consumer makes a purchase with a credit

card and subsequently has a claim against the merchant

for misrepresentation or breach of contract the cardholder

will also be able to claim against the credit card issuer.

The merchant and the card issuer will be jointly and sever-

ally liable. In March 2006, the UK Court of Appeal in Office of

Fair Trading v. Lloyds Bank plc, Tesco Personal Finance Ltd. and

American Express Services Europe Ltd. [2006] EWCA Civ 268

ruled that this statutory protection applies regardless of

whether the transaction occurs in the UK or abroad and

also regardless of whether the card issuer has a direct con-

tractual relationship with the merchant. (For further details

see, ‘‘Is shopping online now risk free for UK consumers’’,

CLSR 2006, 22.)

On 31 October 2007, the House of Lords dismissed an ap-

peal by the credit companies against the decision of the Court

of Appeal.

Office of Fair Trading v. Lloyds TSB Bank plc and others [2007]

UKHL 48.

http://www.bailii.org/uk/cases/UKHL/2007/48.html.

Mark Turner, Report Correspondent, Partner, mark.turner@her

bertsmith.com and Dominic Callaghan, Associate (Australian qual-

ified) dominic.callaghan@herbertsmith.com from the London Office

of Herbert Smith LLP (Tel.: þ44 20 7374 8000).