ehdE

Herbert Smith LLP, London, United Kingdom

1.1. Brussels Court of Commerce finds that eBay is not

damages resulting from the sale of these goods on the eBay

website and it requested the prohibition of all advertisements

for counterfeit perfume.

The Brussels Court of Commerce however ruled that eBay

cannot be held liable for the information that is stored on its

website, since it should be considered as a hosting provider

within the meaning of Article 14 of the E-Commerce Directive

(2000/31/EC). According to this provision, a hosting provider is

that the information is supplied by a third party and the

hosting provider has no actual knowledge of the illicit nature

the activities on its website. Since Article 15 of the E-

Commerce Directive precludes imposing a general monitoring

obligation on hosting providers, this claim was also refused.

Erik Valgaeren, Partner, erik.valgaeren@stibbe.com and Lien

Ceulemans, Associate, lien.ceulemans@stibbe.com from the Brus-

sels office of Stibbe (Tel.: 32 2 533 53 51).

ava i lab le a t www.sc iencedi rec t .com

/p

c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8liable for offering counterfeit goods on its website

On 31 July 2008, the Brussels Court of Commerce ruled that

eBay cannot be held liable for offering counterfeit perfumes

on its website. In the present case, the French cosmetic

producer Lancome filed a complaint against eBay Belgium in

which it stated that the latter facilitated the sale of counterfeit

goods by allowing advertisements for counterfeit perfumes on

its website. Consequently, Lancome demanded payment of

of the information. However, if the provider becomes aware of

the illegal content, it needs to act expeditiously to remove or

disable access to this information. Since the existing notice

and takedown procedure of eBay complies with this require-

ment, the Brussels Court of Commerce ruled that there was no

action for damages.

As regards the claim for an order prohibiting advertise-

ments for counterfeit perfumes, the Brussels Court ruled that

such prohibition would require eBay constantly to monitor all1. Belgium not liable for the information stored on its website, provided0267-3649/$ see front matter 2008 Herbedoi:10.1016/j.clsr.2008.10.001a b s t r a c t

This column provides a concise alerting service of important national developments in key

European countries. Part of its purpose is to compliment the Journals feature articles and

Briefing Notes by keeping readers abreast of what is currently happening on the ground

at a national level in implementing EU-level legislation and international conventions and

treaties. Where an item of European National News is of particular significance, CLSR may

also cover it in more detail in the current or a subsequent edition.

2008 Herbert Smith LLP. Published by Elsevier Ltd. All rights reserved.Mark Turner, Tim GunnEuropean national news

The regular article tracking devin key European countries in tcommunications Coordinatecontributed to by firms across

www.compsecon l ine .comrt Smith LLP. Published blopments at the national levele area of IT andby Herbert Smith LLP andurope

ubl i ca t ions /prodc law.h tmy Elsevier Ltd. All rights reserved.

2.1. Danish newspaper has won the right to use the 3.1. Does the French Personal Data Protection Act apply

c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8 495domain name nyhedsavisen.dk

The Danish Maritime and Commercial Court has made

a decision regarding the right to use the domain name

nyhedsavisen.dk (translated into English: newspaper.dk).

The case concerned a candy and toy manufacturer (the

Company), which had registered the domain name nyhed-

savisen.dk in 2000. The Company had registered the domain

nameasit had planstouse it for thepublishing ofpressreleases.

However, this activity was never carried out in practice and the

domain name was therefore never used by the Company.

The Danish newspaper, Nyhedsavisen, was launched in

2006. Before the launch, the Company had offered Nyhed-

savisen to buy the domain name for EUR 400,000. The offer

was declined by Nyhedsavisen.

Nyhedsavisen brought the matter before the Danish

Complaints Board for Domain Names. The Board found that

Nyhedsavisen was entitled to have the domain name trans-

ferred to it from the Company. The Board stated that even

though Nyhedsavisen was registered as a company name and

as a trade mark, it was doubtful whether these registrations

alone implied that Nyhedsavisen had acquired a legal IP right

to use the trade mark Nyhedsavisen. The Board held that

since Nyhedsavisen had incorporated the name and subse-

quently made use of it through its marketing, the name had

acquired a distinctive character.

The Company brought the case before The Danish Mari-

time and Commercial Court. The Court found that the

Company had not used the name Nyhedsavisen as a trade

mark or trade name for newspapers and news transmissions,

even though the Company lawfully registered the name in

2000. Nyhedsavisen, on the other hand, had incorporated the

name Nyhedsavisen and was using it. Thereby Nyhed-

savisen was protected against other businesses use of the

name Nyhedsavisen or similar names for newspapers and

news transmissions. The Companys use of the domain name

nyhedsavisen.dk was therefore a violation of the fair use of

domain names pursuant to the Danish Act on Domain Names,

and Nyhedsavisen was therefore entitled to have the domain

name transferred to it from the Company.

The ruling reaffirms the point that the mere registration of

a domain name does not lead to legal protection. The domain

name must be used actively. The facts of the ruling are

distinctive in the sense that the Company had acquired the

domain name legally. Though not using the domain name for

a period, there was no other business using the name at the

time of the Companys registration, and the newspaper who

subsequently acquired an IP right to the domain name did so

only approximately five years after the Companys registra-

tion of the domain name.

Carsten Raasteen, Partner, cr@kromannreumert.com and Daniel

Herman Roejtburg, Assistant Attorney, drb@kromannreumert.com2. Denmarkfrom Kromann Reumert, Copenhagen office, Denmark (Tel.: 45 7012 12 11).to Google Inc.?

Following the Article 29 Working Partys opinion on search

engines and personal data, Google reaffirmed, in its response

dated September 8, 2008, its wish to collaborate with the

European data protection authorities. However, it considers

that it is not subject to the jurisdiction of any European law on

data protection, even though Google has servers and estab-

lishments in Europe.

Frenchjurisprudencemightsupport thisargument, in lightof

a recent Court decision given by the Tribunal deGrande Instance

of Paris on 14 April 2008. After a detailed legal analysis, the Court

found that the French Personal Data Protection Act of 6 January

1978 as amended (FPDPA) did not apply to Google Inc.

Since 1998, the plaintiff, Mrs S.B., participated in and

published messages on the Usenet Newsgroups, accessible

and managed through Google Inc.s Group Services. These

messages contained information about her private life and her

personal email address. As these messages remained acces-

sible on the web, she requested Google Inc. to delete all her

postings and copies of these contained in other postings, in

accordance with Article 38 (the right to object to the process-

ing of personal data) of the FPDPA.

The French Courts decision ruled that neither the condi-

tions set out in article 5 of the FPDPA nor the conditions set out

in article 4, 1, c) of the EU Directive no. EC/95/46 dated 24

October 1995 were met, as the plaintiff could not prove that

Google Inc. was established in or used equipment located in

France or elsewhere in the European Community.

The Court, continuing its examination of applicable law,

ruled that the FPDPA cannot qualify as a public policy rule. It

does not purport to be, incontrovertibly, for the protection of

the socio-economical organisation of our national commu-

nity. Moreover, the Court pointed out that personal data

protection is also a principle laid down in the State of

Californias Constitution [and that the type of protection

assured by the State of Californias legislation should move

towards the French system].

The Court also rejected the application of Article 4 of EC

Regulation no. 864/2007 of the European Parliament and the

European Council of 11 July 2007, applicable to non-

contractual obligations (Rome II). It excludes from the scope

of its application, obligations which result from breach of

privacy and personality rights.

Finally, the Court ruled that the laws of the State of

California should be applied, as the acts which gave rise to the

alleged damage took place there.

This decision, which has been highly criticised, will

perpetuate a debate which has been ongoing for several

decades in France.

Alexandra Neri, Partner, Alexandra.neri@herbertsmith.com and

Olivier Menant, Associate, Olivier.menant@herbertsmith.com from3. Francethe Paris office of Herbert Smith LLP (Tel.: 33 1 53 57 74 02), withthe contribution of Alexandre Vasseur.

1535 (Request for Comments) of 1996 which stated that tech-

letter Second-Level Domains. Volkswagen, however, pointed

6.1. Google Adwords II

than the rights holder.

c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8496out the particular importance of this registration for its

competitive position on the German market and claimed that

the refusal to register it constituted discrimination in relation

to its competitors such as BMW (bmw.de), and thus was in

violation of German competition law. In addition, Volkswagen

could argue that currently no TLD .vw exists.

Denic won the dispute in the first instance before the

Regional Court of Frankfurt. But the Higher Regional Court of

Frankfurt then overturned this judgment and decided in

favour of Volkswagen. The Court rendered its decision after

quite a number of oral hearings and after hearing the testi-

mony of an expert witness with regard to the potential risks.

Given the fact that at present no TLD .vw exists, this deci-

sion could leave the question open as to whether RFC 1535 is

still valid today. A further appeal to the Federal Supreme Court

was not granted by that Court, but Denic has appealed this

refusal. Consequently, the Higher Regional Courts judgment

is not yet final. The decision can nevertheless have broad

implications for the owners of famous two-letter brands who

now want to register their domains in Germany.

Dr. Stefan Weidert, LLM, Partner, stefan.weidert@gleisslutz.com at

the Berlin office of Gleiss Lutz (Tel.: 49 30 800979 190).

5. Italy

5.1. P2P construed as a criminal activity

On 1 August 2008 the Criminal Tribunal of Bergamo held that

operating an Internet site which facilitates, through a peer-to-

peer circuit, an exchange of files in violation of copyright law

constitutes criminal conduct. This, in turn, justifies granting

the remedy of preventive seizure.

The Public Prosecutor applied to the Court for this remedy in

respect of the website www.thepiratebay.org. The remedy was

grantedand given effect by ordering all ISPs operating in Italy to

prevent their users accessing (i) this website, (ii) all the relevantnical problems could occur if an SLD is identical with a TLD

that is already in existence. Denic further claimed that 80% of

the worldwide registration agencies would not admit two-4. Germany

4.1. Registration of two-letter domains in Germany

The Higher Regional Court of Frankfurt ruled in a landmark

case (case no.: 11 U 32/04 (Kart)) between Denic, the German

agency for registering Second-Level Domains (SLDs) under the

Top-Level Domain (TLD) .de, and the German automobile

manufacturer Volkswagen, the owner of the famous brand

VW, regarding the registration of the domain name vw.de.

Denic refused to register the domain vw.de, referring to its

general registration policy which does not allow for the

registration of two-letter SLDs. Denic also cited ICANNs RFCaliases and domain names connected with www.thepiratebay.

org (such as piratebay.net, piratebay.com), and (iii) the static IPAnother case between the same parties (being Portakabin

and Primakabin) has now reached the Supreme Court of the

Netherlands. On 12 September 2008 the Procurator-General of

the Supreme Court (P-G) concluded as follows.

After discussing the facts and positions taken by both parties,

the P-G discusses Dutch and European case law. At the end the

P-G concludes that several prejudicial questions should be put

forward to the European Supreme Court. The P-G formulates

several questions of which the following is a summary:

(i) if an entrepreneur uses so-called adwords which

adwords equal the trade mark held by someone else for

the same kind of goods or services, does this constitute

the use of a trade mark as meant under article 5 section 1

and under a of the Trade Mark Directive1;

(ii) if the answer to the question under (i) is negative, does it

make a difference whether or not the entrepreneur

actually offers similar products;

(iii) if the answer to the question under (i) is affirmative, does

article 6 of the Trade Mark Directive imply that the rights

holder may not forbid this use;In Volume 24 Issue 3 of this years CLSR, we discussed a ruling

of the District Court of The Hague regarding the use of

a registered trade mark as a sponsored link, by someone else83.140.176.146 associated with those domain names and any

other similar static IP addresses, either present or future. The

Court found that, although the site piratebay.org did not host

files protected by copyright, users were, through the bit-torrent

files present on that site (and through other aliases redirecting

to that site), able to track and then exchange movies, music and

other works protected by copyright law. Accordingto the Court,

such activity breaches article 171-ter, paragraph 2, let. a-bis of

the Italian copyright law, since the operator of the site together

with users of the links on the site had (in a broad sense)

engaged in commercial distribution of works protected by

copyright. It is interesting to note that the Court construed the

conduct of the site operator and that of the users as joint

conduct amounting to criminal activity aimed at violating the

exclusive rights protected by copyright law. The Court also

pointed out that, as the servers were located either in Sweden

or in the Netherlands, the Italian judge had limited jurisdiction.

Notwithstanding this, the order was made in light of evidence

that approximately 2% to the visitors of the www.thepiratebay.

org website were located in Italy.

http://www.altalex.com/index.php?idstr20&idnot42855.

Salvatore Orlando, Partner, s.orlando@macchi-gangemi.com and

Stefano Bartoli, SeniorAssociate, s.bartoli@macchi-gangemi.com from

the Rome office of Macchi di Cellere Gangemi (Tel.:39 06 362141).

6. The Netherlands1 First Council Directive of 21 December 1988 to approximatethe laws of the Member States relating to trade marks.

questions that the query of a reasonably informed,

cautious and observant, average consumer who uses the

authorities that have contributed to the promotion of privacy.

The purpose of the IPA is to increase awareness amongst

according to the proposal, is to be funded by commercial

entities. The Inspectorates main objection is that represen-

8. Spain

spectrum, the Report suggests that an incentive-based system

issues. A number of provisions deal with the patients right to

decide which information that can be disclosed. Healthcare

For further information, please refer to http://www.

datainspektionen.se/Documents/magasindirekt/magasindirekt

c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8 497tatives for the international IT industry are often adversaries

to the Inspectorate in privacy-related matters, cases and

challenges. The Inspectorate says that, for many interna-

tional companies, support of privacy seems to be [a] means to

their commercial ends, and fears that even limited financial

entanglement might question the independence of the

Inspectorate. In addition, the Inspectorate is concerned about

a possible further increase of the workload, as international

work already takes up much of its time and resources.

According to the Head of Inspectorate in Norway, the

Finnish, Swedish and Danish Inspectorates take a similar

position with respect to a new International Privacy

Association.

Stein-Erik Jahr Dahl, Associate, sjd@thommessen.no and Ingvildprivate individuals of their right to privacy.

The Norwegian Data Inspectorate has, however, in its reply

expressed scepticism towards the proposal for the IPA, which,internet and is aware of the trade mark character of his

query is first of all used as a means to find related goods

and services as well; and

(v) if the answer to the question under (i) is affirmative, does

article 7 of the Trade Mark Directive apply if the goods

offered were put on the market with the rights holders

consent?

It will be interesting to see how the European Court of

Justice will answer these questions. We will keep you posted.

Link (in Dutch only): http://zoeken.rechtspraak.nl/resultpage.

aspx?snelzoekentrue&searchtypeljn&ljnBF0518&u_ljnBF0518.

Reinout Rinzema, Partner, reinout.rinzema@stibbe.com and Rem-

brandt Brouwer, Associate, rembrandt.brouwer@stibbe.com from

the Amsterdam office of Stibbe (Tel.: 31 20 546 01 12).

7. Norway

7.1. Norwegian opposition against the creation of anInternational Privacy Association

In connection with the 30th International Data Protection and

Privacy Conference, in Strasbourg 1517 September 2008,

a proposal to establish an International Privacy Association

(IPA) was distributed earlier this year to the respective

national authorities for comments. One of the suggested tasks

of the IPA is to give awards for best practice to commercial

organisations, private individuals, governments or other(iv) is it relevant for the answer to the abovementionedStandal Nss, Associate, ina@thommessen.no: Thommessen

Krefting Greve Lund AS (Tel.: 47 23 11 14 94).-08-02.pdf (in Swedish).

Bjorn Gustavsson, Partner, bjorn.gustavsson@vinge.se and Evaproviders shall also offer patients the opportunity to access

the available information online and to obtain a log showing

who has accessed the information.of licence fees, with rolling licences awarded after a competi-

tive selection, shall be put in place. It shall be made clear that

there is no presumption of licence renewal at expiry. Addi-

tionally, it is suggested that it shall be easier to sell and sub-

licence radio frequencies. The Report also stipulates that the

Swedish Armed Forces shall pay for its use of radio spectrum.

The Report will be submitted to interested parties and

thereafter the Government will decide whether to present

a final bill to the Parliament.

The report, with an English summary, can be found at

http://www.regeringen.se/sb/d/108/a/108239.

9.2. New Patient Data Act facilitates patientinformation exchange between healthcare providers

The new Act became effective on 1 July 2008 and allows

healthcare providers to obtain direct electronic access to

medical information of mutual patients. The Act aims to

facilitate a coherent history of a patients medical status when

multiple healthcare providers are involved. Each healthcare

provider is responsible for permitting and controlling the

access to its own information.

The Act also addresses patient integrity and confidentialityThere are no developments to report.

Jorge Llevat, Partner, jorge.llevat@cuatrecasas.com and Jon Cam-

pins, Associate, jon.campins@cuatrecasas.com from the Barcelona

office of Cuatrecasas (Tel.: 34 93 290 55 85).

9. Sweden

9.1. New proposal on radio spectrum management

A Swedish investigatory committee report (SOU 2008:72) (the

Report) published in July 2008 proposes a political goal of

increased accessibility to electronic communication services,

and argues that procurement of mobile networks financed by

public funds is the best way to achieve such accessibility in

areas where no commercial build-out is expected.

Furthermore, in order to promote efficient use of the radioFredrikson, Associate, eva.fredrikson@vinge.se from Advokatfir-

man Vinge KB (Tel.: 46 8 614 30 00).

Retention (EC Directive) Regulations 2008 would come into

staff is completed and that those responsible for negotiating

the transfer of staff are aware of their responsibilities to

use) are sold. The CPS guidance, available at http://www.cps.

c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8498force on 15th March 2009, revoking the 2007 Regulations and

completing the UKs implementation of Directive 2006/24/EC.

10.2. UK Information Commissioners Office guidance ondisclosure of employee information under TUPE

The Information Commissioners Office has issued guidance

on what organisations need to do to comply with the Data

Protection Act 1998 (DPA) when providing information

about their employees under Transfer of Undertakings

(Protection of Employment) Regulations 2006 (TUPE). The

guidance confirms:

Disclosure of employee information for the purposes ofRegulation 11 of TUPE is a permitted exemption under

the DPA.

A transferor employer may keep some information aboutthe former employees post-transfer if there is a justifiable

need to do this (such as to defend any ongoing claims) and

the information is destroyed as soon as it is no longer

needed.

Where Regulation 11 of TUPE does not apply, but anemployer is asked for information about employees, such as

in a due diligence exercise or where there are a number of

potential bidders at the early stages of a sale or a service

provision change, the employer should only provide anon-

ymous information. Alternatively, the employer should

obtain employees prior consent to the disclosure of

personal information or put in place proper safeguards,10. United Kingdom

10.1. UK Government consults on EC Data RetentionDirective

The UK Home Office has launched a consultation on draft

regulations to enable the transposition of the Data Retention

Directive (2006/24/EC) as it relates to Internet data. The draft

regulations are intended to replace the Data Retention (EC

Directive) Regulations 2007 (SI 2007/2199), which only regulate

the retention of data relating to fixed and mobile telephony.

The consultation paper is available at http://www.homeoffice.

gov.uk/documents/cons-2008-transposition?viewBinary.The required retention period for communications data

(comprising traffic data, location data and subscriber date)

under the new UK regulations will be set at 12 months from

the date of the communication, as is the case under the 2007

Regulations. However, the Secretary of State can serve written

notice on communication service providers to vary that period

to anything between 6 and 24 months, a variation that the

current rules relating to fixed and mobile telephony data do

not provide for. The new regulations would not oblige the UK

Government to compensate communication service providers

for the costs of retention and data retrieval, maintaining the

discretionary nature of reimbursement.

Once approved, the Electronic Communications Datagov.uk/legal/a_to_c/computer_misuse_act_1990/index.html,

will become effective when the CMA amendments come into

force. In the meantime, the guidance provides a useful refer-

ence for those manufacturing and distributing articles that

could be used in breach of the terms of the amended CMA.

Mark Turner, Report Correspondent, Partner, mark.turner@

herbertsmith.com and Tim Gunn, Professional Support Lawyer,

tim.gunn@herbertsmith.com from the London office of Herbert Smith

LLP (Tel.: 44 20 7374 8000).comply with data protection principles.

The guidance is available at http://www.ico.gov.uk/upload/

documents/library/data_protection/practical_application/gpn_

disclosure_employee_info_tupe_v1.0.pdf.

10.3. Amendments to the Computer Misuse Act 1990

Amendments to the Computer Misuse Act 1990 (CMA),

introduced by Sections 35 to 30 of the Police and Justice Act

2006 but which are not yet in force, will extend the CMA to

cover hacking and will create a new offence of supplying

articles (including programs or data in electronic form) that

may be used to commit a crime under the CMA.

Under Section 1 (as amended), a person will be guilty of theoffence of hacking if they access a program without

authorisation or if they enable unauthorised access.

Under Section 3 (as amended), it will be an offence to carryout various unauthorised acts in relation to a computer,

including to impair the operation of any computer, to

prevent or hinder access to any program or data held on

a computer, to impair the operation of any program or

reliability of any data, or to cause any of these offences to be

committed.

New Section 3A will introduce a new offence of making,supplying or obtaining articles for use in computer misuse

offences, i.e. the dual-use articles offence. Where an

individual believes that an article is likely to be used to

commit an offence, it is an offence to adapt, supply or offer

to supply this article.

Full details of the amendments introduced by the Police

and Justice Act 2006 are available at http://www.opsi.gov.uk/

acts/acts2006/ukpga_20060048_en_1.htm.

Guidance from the Crown Prosecution Service sets out the

circumstances in which the CPS will prosecute an individual

or company under Section 3A of the CMA and where dual

purpose items (i.e. items having both a legitimate and illegalsuch as a confidentiality agreement to regulate use and

disclosure of the data.

Employers should ensure that any information handed overis used only for the purposes of TUPE until the transfer of

The regular article tracking developments at the national level in key European countries in the area of IT and communications - Coordinated by Herbert Smith LLP and contributed to by firms across EuropeBelgiumBrussels Court of Commerce finds that eBay is not liable for offering counterfeit goods on its website

DenmarkDanish newspaper has won the right to use the domain name nyhedsavisen.dk

FranceDoes the French Personal Data Protection Act apply to Google Inc.?

GermanyRegistration of two-letter domains in Germany

ItalyP2P construed as a criminal activity

The NetherlandsGoogle Adwords II

NorwayNorwegian opposition against the creation of an International Privacy Association

SpainSwedenNew proposal on radio spectrum managementNew Patient Data Act facilitates patient information exchange between healthcare providers

United KingdomUK Government consults on EC Data Retention DirectiveUK Information Commissioners Office guidance on disclosure of employee information under TUPEAmendments to the Computer Misuse Act 1990