The regular article tracking developments at the national level in key European countries in the...
-
Upload
mark-turner -
Category
Documents
-
view
214 -
download
0
Transcript of The regular article tracking developments at the national level in key European countries in the...
-
ehdE
Herbert Smith LLP, London, United Kingdom
1.1. Brussels Court of Commerce finds that eBay is not
damages resulting from the sale of these goods on the eBay
website and it requested the prohibition of all advertisements
for counterfeit perfume.
The Brussels Court of Commerce however ruled that eBay
cannot be held liable for the information that is stored on its
website, since it should be considered as a hosting provider
within the meaning of Article 14 of the E-Commerce Directive
(2000/31/EC). According to this provision, a hosting provider is
that the information is supplied by a third party and the
hosting provider has no actual knowledge of the illicit nature
the activities on its website. Since Article 15 of the E-
Commerce Directive precludes imposing a general monitoring
obligation on hosting providers, this claim was also refused.
Erik Valgaeren, Partner, [email protected] and Lien
Ceulemans, Associate, [email protected] from the Brus-
sels office of Stibbe (Tel.: 32 2 533 53 51).
ava i lab le a t www.sc iencedi rec t .com
/p
c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8liable for offering counterfeit goods on its website
On 31 July 2008, the Brussels Court of Commerce ruled that
eBay cannot be held liable for offering counterfeit perfumes
on its website. In the present case, the French cosmetic
producer Lancome filed a complaint against eBay Belgium in
which it stated that the latter facilitated the sale of counterfeit
goods by allowing advertisements for counterfeit perfumes on
its website. Consequently, Lancome demanded payment of
of the information. However, if the provider becomes aware of
the illegal content, it needs to act expeditiously to remove or
disable access to this information. Since the existing notice
and takedown procedure of eBay complies with this require-
ment, the Brussels Court of Commerce ruled that there was no
action for damages.
As regards the claim for an order prohibiting advertise-
ments for counterfeit perfumes, the Brussels Court ruled that
such prohibition would require eBay constantly to monitor all1. Belgium not liable for the information stored on its website, provided0267-3649/$ see front matter 2008 Herbedoi:10.1016/j.clsr.2008.10.001a b s t r a c t
This column provides a concise alerting service of important national developments in key
European countries. Part of its purpose is to compliment the Journals feature articles and
Briefing Notes by keeping readers abreast of what is currently happening on the ground
at a national level in implementing EU-level legislation and international conventions and
treaties. Where an item of European National News is of particular significance, CLSR may
also cover it in more detail in the current or a subsequent edition.
2008 Herbert Smith LLP. Published by Elsevier Ltd. All rights reserved.Mark Turner, Tim GunnEuropean national news
The regular article tracking devin key European countries in tcommunications Coordinatecontributed to by firms across
www.compsecon l ine .comrt Smith LLP. Published blopments at the national levele area of IT andby Herbert Smith LLP andurope
ubl i ca t ions /prodc law.h tmy Elsevier Ltd. All rights reserved.
-
2.1. Danish newspaper has won the right to use the 3.1. Does the French Personal Data Protection Act apply
c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8 495domain name nyhedsavisen.dk
The Danish Maritime and Commercial Court has made
a decision regarding the right to use the domain name
nyhedsavisen.dk (translated into English: newspaper.dk).
The case concerned a candy and toy manufacturer (the
Company), which had registered the domain name nyhed-
savisen.dk in 2000. The Company had registered the domain
nameasit had planstouse it for thepublishing ofpressreleases.
However, this activity was never carried out in practice and the
domain name was therefore never used by the Company.
The Danish newspaper, Nyhedsavisen, was launched in
2006. Before the launch, the Company had offered Nyhed-
savisen to buy the domain name for EUR 400,000. The offer
was declined by Nyhedsavisen.
Nyhedsavisen brought the matter before the Danish
Complaints Board for Domain Names. The Board found that
Nyhedsavisen was entitled to have the domain name trans-
ferred to it from the Company. The Board stated that even
though Nyhedsavisen was registered as a company name and
as a trade mark, it was doubtful whether these registrations
alone implied that Nyhedsavisen had acquired a legal IP right
to use the trade mark Nyhedsavisen. The Board held that
since Nyhedsavisen had incorporated the name and subse-
quently made use of it through its marketing, the name had
acquired a distinctive character.
The Company brought the case before The Danish Mari-
time and Commercial Court. The Court found that the
Company had not used the name Nyhedsavisen as a trade
mark or trade name for newspapers and news transmissions,
even though the Company lawfully registered the name in
2000. Nyhedsavisen, on the other hand, had incorporated the
name Nyhedsavisen and was using it. Thereby Nyhed-
savisen was protected against other businesses use of the
name Nyhedsavisen or similar names for newspapers and
news transmissions. The Companys use of the domain name
nyhedsavisen.dk was therefore a violation of the fair use of
domain names pursuant to the Danish Act on Domain Names,
and Nyhedsavisen was therefore entitled to have the domain
name transferred to it from the Company.
The ruling reaffirms the point that the mere registration of
a domain name does not lead to legal protection. The domain
name must be used actively. The facts of the ruling are
distinctive in the sense that the Company had acquired the
domain name legally. Though not using the domain name for
a period, there was no other business using the name at the
time of the Companys registration, and the newspaper who
subsequently acquired an IP right to the domain name did so
only approximately five years after the Companys registra-
tion of the domain name.
Carsten Raasteen, Partner, [email protected] and Daniel
Herman Roejtburg, Assistant Attorney, [email protected]. Denmarkfrom Kromann Reumert, Copenhagen office, Denmark (Tel.: 45 7012 12 11).to Google Inc.?
Following the Article 29 Working Partys opinion on search
engines and personal data, Google reaffirmed, in its response
dated September 8, 2008, its wish to collaborate with the
European data protection authorities. However, it considers
that it is not subject to the jurisdiction of any European law on
data protection, even though Google has servers and estab-
lishments in Europe.
Frenchjurisprudencemightsupport thisargument, in lightof
a recent Court decision given by the Tribunal deGrande Instance
of Paris on 14 April 2008. After a detailed legal analysis, the Court
found that the French Personal Data Protection Act of 6 January
1978 as amended (FPDPA) did not apply to Google Inc.
Since 1998, the plaintiff, Mrs S.B., participated in and
published messages on the Usenet Newsgroups, accessible
and managed through Google Inc.s Group Services. These
messages contained information about her private life and her
personal email address. As these messages remained acces-
sible on the web, she requested Google Inc. to delete all her
postings and copies of these contained in other postings, in
accordance with Article 38 (the right to object to the process-
ing of personal data) of the FPDPA.
The French Courts decision ruled that neither the condi-
tions set out in article 5 of the FPDPA nor the conditions set out
in article 4, 1, c) of the EU Directive no. EC/95/46 dated 24
October 1995 were met, as the plaintiff could not prove that
Google Inc. was established in or used equipment located in
France or elsewhere in the European Community.
The Court, continuing its examination of applicable law,
ruled that the FPDPA cannot qualify as a public policy rule. It
does not purport to be, incontrovertibly, for the protection of
the socio-economical organisation of our national commu-
nity. Moreover, the Court pointed out that personal data
protection is also a principle laid down in the State of
Californias Constitution [and that the type of protection
assured by the State of Californias legislation should move
towards the French system].
The Court also rejected the application of Article 4 of EC
Regulation no. 864/2007 of the European Parliament and the
European Council of 11 July 2007, applicable to non-
contractual obligations (Rome II). It excludes from the scope
of its application, obligations which result from breach of
privacy and personality rights.
Finally, the Court ruled that the laws of the State of
California should be applied, as the acts which gave rise to the
alleged damage took place there.
This decision, which has been highly criticised, will
perpetuate a debate which has been ongoing for several
decades in France.
Alexandra Neri, Partner, [email protected] and
Olivier Menant, Associate, [email protected] from3. Francethe Paris office of Herbert Smith LLP (Tel.: 33 1 53 57 74 02), withthe contribution of Alexandre Vasseur.
-
1535 (Request for Comments) of 1996 which stated that tech-
letter Second-Level Domains. Volkswagen, however, pointed
6.1. Google Adwords II
than the rights holder.
c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8496out the particular importance of this registration for its
competitive position on the German market and claimed that
the refusal to register it constituted discrimination in relation
to its competitors such as BMW (bmw.de), and thus was in
violation of German competition law. In addition, Volkswagen
could argue that currently no TLD .vw exists.
Denic won the dispute in the first instance before the
Regional Court of Frankfurt. But the Higher Regional Court of
Frankfurt then overturned this judgment and decided in
favour of Volkswagen. The Court rendered its decision after
quite a number of oral hearings and after hearing the testi-
mony of an expert witness with regard to the potential risks.
Given the fact that at present no TLD .vw exists, this deci-
sion could leave the question open as to whether RFC 1535 is
still valid today. A further appeal to the Federal Supreme Court
was not granted by that Court, but Denic has appealed this
refusal. Consequently, the Higher Regional Courts judgment
is not yet final. The decision can nevertheless have broad
implications for the owners of famous two-letter brands who
now want to register their domains in Germany.
Dr. Stefan Weidert, LLM, Partner, [email protected] at
the Berlin office of Gleiss Lutz (Tel.: 49 30 800979 190).
5. Italy
5.1. P2P construed as a criminal activity
On 1 August 2008 the Criminal Tribunal of Bergamo held that
operating an Internet site which facilitates, through a peer-to-
peer circuit, an exchange of files in violation of copyright law
constitutes criminal conduct. This, in turn, justifies granting
the remedy of preventive seizure.
The Public Prosecutor applied to the Court for this remedy in
respect of the website www.thepiratebay.org. The remedy was
grantedand given effect by ordering all ISPs operating in Italy to
prevent their users accessing (i) this website, (ii) all the relevantnical problems could occur if an SLD is identical with a TLD
that is already in existence. Denic further claimed that 80% of
the worldwide registration agencies would not admit two-4. Germany
4.1. Registration of two-letter domains in Germany
The Higher Regional Court of Frankfurt ruled in a landmark
case (case no.: 11 U 32/04 (Kart)) between Denic, the German
agency for registering Second-Level Domains (SLDs) under the
Top-Level Domain (TLD) .de, and the German automobile
manufacturer Volkswagen, the owner of the famous brand
VW, regarding the registration of the domain name vw.de.
Denic refused to register the domain vw.de, referring to its
general registration policy which does not allow for the
registration of two-letter SLDs. Denic also cited ICANNs RFCaliases and domain names connected with www.thepiratebay.
org (such as piratebay.net, piratebay.com), and (iii) the static IPAnother case between the same parties (being Portakabin
and Primakabin) has now reached the Supreme Court of the
Netherlands. On 12 September 2008 the Procurator-General of
the Supreme Court (P-G) concluded as follows.
After discussing the facts and positions taken by both parties,
the P-G discusses Dutch and European case law. At the end the
P-G concludes that several prejudicial questions should be put
forward to the European Supreme Court. The P-G formulates
several questions of which the following is a summary:
(i) if an entrepreneur uses so-called adwords which
adwords equal the trade mark held by someone else for
the same kind of goods or services, does this constitute
the use of a trade mark as meant under article 5 section 1
and under a of the Trade Mark Directive1;
(ii) if the answer to the question under (i) is negative, does it
make a difference whether or not the entrepreneur
actually offers similar products;
(iii) if the answer to the question under (i) is affirmative, does
article 6 of the Trade Mark Directive imply that the rights
holder may not forbid this use;In Volume 24 Issue 3 of this years CLSR, we discussed a ruling
of the District Court of The Hague regarding the use of
a registered trade mark as a sponsored link, by someone else83.140.176.146 associated with those domain names and any
other similar static IP addresses, either present or future. The
Court found that, although the site piratebay.org did not host
files protected by copyright, users were, through the bit-torrent
files present on that site (and through other aliases redirecting
to that site), able to track and then exchange movies, music and
other works protected by copyright law. Accordingto the Court,
such activity breaches article 171-ter, paragraph 2, let. a-bis of
the Italian copyright law, since the operator of the site together
with users of the links on the site had (in a broad sense)
engaged in commercial distribution of works protected by
copyright. It is interesting to note that the Court construed the
conduct of the site operator and that of the users as joint
conduct amounting to criminal activity aimed at violating the
exclusive rights protected by copyright law. The Court also
pointed out that, as the servers were located either in Sweden
or in the Netherlands, the Italian judge had limited jurisdiction.
Notwithstanding this, the order was made in light of evidence
that approximately 2% to the visitors of the www.thepiratebay.
org website were located in Italy.
http://www.altalex.com/index.php?idstr20&idnot42855.
Salvatore Orlando, Partner, [email protected] and
Stefano Bartoli, SeniorAssociate, [email protected] from
the Rome office of Macchi di Cellere Gangemi (Tel.:39 06 362141).
6. The Netherlands1 First Council Directive of 21 December 1988 to approximatethe laws of the Member States relating to trade marks.
-
questions that the query of a reasonably informed,
cautious and observant, average consumer who uses the
authorities that have contributed to the promotion of privacy.
The purpose of the IPA is to increase awareness amongst
according to the proposal, is to be funded by commercial
entities. The Inspectorates main objection is that represen-
8. Spain
spectrum, the Report suggests that an incentive-based system
issues. A number of provisions deal with the patients right to
decide which information that can be disclosed. Healthcare
For further information, please refer to http://www.
datainspektionen.se/Documents/magasindirekt/magasindirekt
c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8 497tatives for the international IT industry are often adversaries
to the Inspectorate in privacy-related matters, cases and
challenges. The Inspectorate says that, for many interna-
tional companies, support of privacy seems to be [a] means to
their commercial ends, and fears that even limited financial
entanglement might question the independence of the
Inspectorate. In addition, the Inspectorate is concerned about
a possible further increase of the workload, as international
work already takes up much of its time and resources.
According to the Head of Inspectorate in Norway, the
Finnish, Swedish and Danish Inspectorates take a similar
position with respect to a new International Privacy
Association.
Stein-Erik Jahr Dahl, Associate, [email protected] and Ingvildprivate individuals of their right to privacy.
The Norwegian Data Inspectorate has, however, in its reply
expressed scepticism towards the proposal for the IPA, which,internet and is aware of the trade mark character of his
query is first of all used as a means to find related goods
and services as well; and
(v) if the answer to the question under (i) is affirmative, does
article 7 of the Trade Mark Directive apply if the goods
offered were put on the market with the rights holders
consent?
It will be interesting to see how the European Court of
Justice will answer these questions. We will keep you posted.
Link (in Dutch only): http://zoeken.rechtspraak.nl/resultpage.
aspx?snelzoekentrue&searchtypeljn&ljnBF0518&u_ljnBF0518.
Reinout Rinzema, Partner, [email protected] and Rem-
brandt Brouwer, Associate, [email protected] from
the Amsterdam office of Stibbe (Tel.: 31 20 546 01 12).
7. Norway
7.1. Norwegian opposition against the creation of anInternational Privacy Association
In connection with the 30th International Data Protection and
Privacy Conference, in Strasbourg 1517 September 2008,
a proposal to establish an International Privacy Association
(IPA) was distributed earlier this year to the respective
national authorities for comments. One of the suggested tasks
of the IPA is to give awards for best practice to commercial
organisations, private individuals, governments or other(iv) is it relevant for the answer to the abovementionedStandal Nss, Associate, [email protected]: Thommessen
Krefting Greve Lund AS (Tel.: 47 23 11 14 94).-08-02.pdf (in Swedish).
Bjorn Gustavsson, Partner, [email protected] and Evaproviders shall also offer patients the opportunity to access
the available information online and to obtain a log showing
who has accessed the information.of licence fees, with rolling licences awarded after a competi-
tive selection, shall be put in place. It shall be made clear that
there is no presumption of licence renewal at expiry. Addi-
tionally, it is suggested that it shall be easier to sell and sub-
licence radio frequencies. The Report also stipulates that the
Swedish Armed Forces shall pay for its use of radio spectrum.
The Report will be submitted to interested parties and
thereafter the Government will decide whether to present
a final bill to the Parliament.
The report, with an English summary, can be found at
http://www.regeringen.se/sb/d/108/a/108239.
9.2. New Patient Data Act facilitates patientinformation exchange between healthcare providers
The new Act became effective on 1 July 2008 and allows
healthcare providers to obtain direct electronic access to
medical information of mutual patients. The Act aims to
facilitate a coherent history of a patients medical status when
multiple healthcare providers are involved. Each healthcare
provider is responsible for permitting and controlling the
access to its own information.
The Act also addresses patient integrity and confidentialityThere are no developments to report.
Jorge Llevat, Partner, [email protected] and Jon Cam-
pins, Associate, [email protected] from the Barcelona
office of Cuatrecasas (Tel.: 34 93 290 55 85).
9. Sweden
9.1. New proposal on radio spectrum management
A Swedish investigatory committee report (SOU 2008:72) (the
Report) published in July 2008 proposes a political goal of
increased accessibility to electronic communication services,
and argues that procurement of mobile networks financed by
public funds is the best way to achieve such accessibility in
areas where no commercial build-out is expected.
Furthermore, in order to promote efficient use of the radioFredrikson, Associate, [email protected] from Advokatfir-
man Vinge KB (Tel.: 46 8 614 30 00).
-
Retention (EC Directive) Regulations 2008 would come into
staff is completed and that those responsible for negotiating
the transfer of staff are aware of their responsibilities to
use) are sold. The CPS guidance, available at http://www.cps.
c om p u t e r l aw & s e c u r i t y r e p o r t 2 4 ( 2 0 0 8 ) 4 9 4 4 9 8498force on 15th March 2009, revoking the 2007 Regulations and
completing the UKs implementation of Directive 2006/24/EC.
10.2. UK Information Commissioners Office guidance ondisclosure of employee information under TUPE
The Information Commissioners Office has issued guidance
on what organisations need to do to comply with the Data
Protection Act 1998 (DPA) when providing information
about their employees under Transfer of Undertakings
(Protection of Employment) Regulations 2006 (TUPE). The
guidance confirms:
Disclosure of employee information for the purposes ofRegulation 11 of TUPE is a permitted exemption under
the DPA.
A transferor employer may keep some information aboutthe former employees post-transfer if there is a justifiable
need to do this (such as to defend any ongoing claims) and
the information is destroyed as soon as it is no longer
needed.
Where Regulation 11 of TUPE does not apply, but anemployer is asked for information about employees, such as
in a due diligence exercise or where there are a number of
potential bidders at the early stages of a sale or a service
provision change, the employer should only provide anon-
ymous information. Alternatively, the employer should
obtain employees prior consent to the disclosure of
personal information or put in place proper safeguards,10. United Kingdom
10.1. UK Government consults on EC Data RetentionDirective
The UK Home Office has launched a consultation on draft
regulations to enable the transposition of the Data Retention
Directive (2006/24/EC) as it relates to Internet data. The draft
regulations are intended to replace the Data Retention (EC
Directive) Regulations 2007 (SI 2007/2199), which only regulate
the retention of data relating to fixed and mobile telephony.
The consultation paper is available at http://www.homeoffice.
gov.uk/documents/cons-2008-transposition?viewBinary.The required retention period for communications data
(comprising traffic data, location data and subscriber date)
under the new UK regulations will be set at 12 months from
the date of the communication, as is the case under the 2007
Regulations. However, the Secretary of State can serve written
notice on communication service providers to vary that period
to anything between 6 and 24 months, a variation that the
current rules relating to fixed and mobile telephony data do
not provide for. The new regulations would not oblige the UK
Government to compensate communication service providers
for the costs of retention and data retrieval, maintaining the
discretionary nature of reimbursement.
Once approved, the Electronic Communications Datagov.uk/legal/a_to_c/computer_misuse_act_1990/index.html,
will become effective when the CMA amendments come into
force. In the meantime, the guidance provides a useful refer-
ence for those manufacturing and distributing articles that
could be used in breach of the terms of the amended CMA.
Mark Turner, Report Correspondent, Partner, mark.turner@
herbertsmith.com and Tim Gunn, Professional Support Lawyer,
[email protected] from the London office of Herbert Smith
LLP (Tel.: 44 20 7374 8000).comply with data protection principles.
The guidance is available at http://www.ico.gov.uk/upload/
documents/library/data_protection/practical_application/gpn_
disclosure_employee_info_tupe_v1.0.pdf.
10.3. Amendments to the Computer Misuse Act 1990
Amendments to the Computer Misuse Act 1990 (CMA),
introduced by Sections 35 to 30 of the Police and Justice Act
2006 but which are not yet in force, will extend the CMA to
cover hacking and will create a new offence of supplying
articles (including programs or data in electronic form) that
may be used to commit a crime under the CMA.
Under Section 1 (as amended), a person will be guilty of theoffence of hacking if they access a program without
authorisation or if they enable unauthorised access.
Under Section 3 (as amended), it will be an offence to carryout various unauthorised acts in relation to a computer,
including to impair the operation of any computer, to
prevent or hinder access to any program or data held on
a computer, to impair the operation of any program or
reliability of any data, or to cause any of these offences to be
committed.
New Section 3A will introduce a new offence of making,supplying or obtaining articles for use in computer misuse
offences, i.e. the dual-use articles offence. Where an
individual believes that an article is likely to be used to
commit an offence, it is an offence to adapt, supply or offer
to supply this article.
Full details of the amendments introduced by the Police
and Justice Act 2006 are available at http://www.opsi.gov.uk/
acts/acts2006/ukpga_20060048_en_1.htm.
Guidance from the Crown Prosecution Service sets out the
circumstances in which the CPS will prosecute an individual
or company under Section 3A of the CMA and where dual
purpose items (i.e. items having both a legitimate and illegalsuch as a confidentiality agreement to regulate use and
disclosure of the data.
Employers should ensure that any information handed overis used only for the purposes of TUPE until the transfer of
The regular article tracking developments at the national level in key European countries in the area of IT and communications - Coordinated by Herbert Smith LLP and contributed to by firms across EuropeBelgiumBrussels Court of Commerce finds that eBay is not liable for offering counterfeit goods on its website
DenmarkDanish newspaper has won the right to use the domain name nyhedsavisen.dk
FranceDoes the French Personal Data Protection Act apply to Google Inc.?
GermanyRegistration of two-letter domains in Germany
ItalyP2P construed as a criminal activity
The NetherlandsGoogle Adwords II
NorwayNorwegian opposition against the creation of an International Privacy Association
SpainSwedenNew proposal on radio spectrum managementNew Patient Data Act facilitates patient information exchange between healthcare providers
United KingdomUK Government consults on EC Data Retention DirectiveUK Information Commissioners Office guidance on disclosure of employee information under TUPEAmendments to the Computer Misuse Act 1990