The regular article tracking developments at the national level in key European countries in the...
-
Upload
mark-turner -
Category
Documents
-
view
212 -
download
0
Transcript of The regular article tracking developments at the national level in key European countries in the...
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 0 1 – 1 0 5
ava i lab le at www.sc ienced i rec t . com
www.compseconl i ne .com/ publ i ca t ions /prodc law.h tm
European national news
The regular article tracking developments at the national levelin key European countries in the area of IT andcommunications – Co-ordinated by Herbert Smith LLPand contributed to by firms across Europe
Mark Turner
Herbert Smith LLP, London, United Kingdom
Keywords:
Internet
ISP/Internet Service provider
Software
Data Protection
IT/Information Technology
Communications and European
law/Europe
0267-3649/$ – see front matter ª 2009 Herbedoi:10.1016/j.clsr.2008.12.004
a b s t r a c t
This column provides a concise alerting service of important national developments in key
European countries. Part of its purpose is to compliment the Journal’s feature articles and
Briefing Notes by keeping readers abreast of what is currently happening ‘‘on the ground’’
at a national level in implementing EU level legislation and international conventions and
treaties. Where an item of European National News is of particular significance, CLSR may
also cover it in more detail in the current or a subsequent edition.
ª 2009 Herbert Smith LLP. Published by Elsevier Ltd. All rights reserved.
1. Belgium music of the Sabam repertoire. Furthermore, the Court
1.1. Brussels Courts maintains order for payment ofpenalties by an ISP despite a demonstration that filters arecurrently technically unable to stop illegal music file sharingover its P2P networks
In 2004, the Belgian Society of Authors, Composers and
Publishers (Sabam) filed a lawsuit before the Brussels Court of
First Instance against the Internet Service Provider Scarlet,
claiming that its members’ copyright was being infringed by
illegally sharing music files over the ISP’s peer-to-peer
networks. Sabam obtained an intermediary decision in which
the Court acknowledged that copyright infringements were
being committed by Scarlet’s customers and held the ISP
‘‘responsible’’ for its customers’ illegally sharing of files on its
P2P networks.
In its judgment of 29 June 2007, the Court ordered Scarlet to
prevent its customers from illegally downloading copyrighted
rt Smith LLP. Published b
ordered Scarlet to implement technical measures, recom-
mended by a judicial expert, to put an end to the infringe-
ments, within a period of six months (with a penalty of up to
EUR 2500 per day of delay).
Scarlet entered an appeal against this judgment. A final
decision in this case is not expected before October 2009.
However, in the interim, Scarlet has been ordered to pay
penalties as Sabam continued to detect illegal downloads over
Scarlet’s networks.
Pursuant to a judgment of 22 October 2008, the Court sus-
pended these penalties. Scarlet demonstrated to the Court
that even the use of a filtering system, as suggested by Sabam,
is technically unworkable. On that basis the Court set aside
the order against Scarlet to pay any penalties. However, the
Court ruled that Scarlet has to find other technical solutions to
comply with the judgment of 29 June 2007, as Scarlet has not
sufficiently explored these options. As a consequence, from
1 November 2008 onwards, Scarlet is again facing a penalty of
y Elsevier Ltd. All rights reserved.
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 0 1 – 1 0 5102
EUR 2500 per day in case of non-compliance until it comes up
with a viable solution.
Erik Valgaeren, Partner, [email protected] and Nicolas
Roland, Associate [email protected] from the Brussels
office of Stibbe, Belgium (Tel.: þ32 2 533 53 51).
2. Denmark
2.1. New guide about government authorities’acquisition and use of Open Source Software
The National IT and Telecom Agency has published the new
‘‘Guide on Government Authorities’ Acquisition and Use of Open
Source Software – Legal Issues’’ (the ‘‘Guide’’). The Guide deals
with a number of the legal issues that arise in connection with
acquisition and use of Open Source Software.
The Guide provides an introduction to the legal issues
concerning Open Source Software based on government
authorities’ (the ‘‘Authorities’’) acquisition and the use of
Open Source Software. The Guide contains a general
description of Open Source Software licensing and the copy-
right protection that forms the basis of Open Source licensing
as well as traditional proprietary licensing, and a thorough
legal analysis of different Open Source Software licenses with
special emphasis on the GNU General Public License. The
Guide also considers the European Union Public License pub-
lished by the European Commission in 2007.
Further, the Guide deals with the practical use of Open
Source Software by the Authorities and contractual issues
concerning Open Source Software. The Guide does not
consider whether the Authorities should adopt a general
policy for the use of Open Source Software, or how an
Authority may implement a compliance programme in order
to secure compliance with a particular software policy.
One of the challenges concerning Open Source Software is
that, although IT departments are familiar with using Open
Source Software in the development of software, many in-
house lawyers and attorneys are not fully capable of handling
the legal issues associated with the use of Open Source
Software.
The Guide is so far the most comprehensive legal presen-
tation of Open Source Software in Danish. It is likely that the
Danish courts will look to the Guide when interpreting Open
Source Software licenses under Danish law.
The Guide is available at the website of the National IT and
Telecom Agency www.itst.dk.
Carsten Raasteen, Partner, [email protected] and Thomas
Nikolaj Ingerslev, Assistant Attorney, [email protected]
from the Copenhagen office of Kromann Reumert, Denmark (Tel.:
þ45 70 12 12 11).
3. Germany
3.1. Sale of used software in Germany
The issue of dealing in ‘‘used’’ software is a subject of
controversy in Germany. The Higher Regional Court of Munich
(OLG Munchen) has now found (Case no. 6 U 2759/07) that
such transactions against the will of the manufacturer of the
software are prohibited. The Court ruled in favour of
a complaint brought by Oracle against Usedsoft, which had
purchased Oracle licenses from customers and resold them to
third parties. The software itself was not provided by the
defendant, but could be downloaded from Oracle’s website.
The Higher Regional Court of Munich found that this consti-
tuted an infringement of Oracle’s copyrights and that the
exhaustion of rights principle does not apply in this case.
In its general terms and conditions, Oracle prohibits its
customers from transferring use rights to third parties.
According to the Court, this represented a permissible
restriction of use that also effectively applied to third parties.
Even if the clause were invalid, no further reaching rights
would be transferred to the acquirers as a result of that
invalidity.
The Court further reviewed the applicability of the
exhaustion of rights principle pursuant to section 69c no. 3 of
the German Copyright Act (UrhG), i.e. that once a software
unit has been brought into circulation by sale, the copyright
holder can generally no longer control the distribution of that
unit. An application of the exhaustion of rights principle in
this case would have meant that the customers of Oracle
could resell the licenses. However, the Court found that this
principle does not apply. For one thing, the defendant was not
distributing the work itself, but merely the right to use it. An
analogous application was not possible since the loophole in
the statute was intentional given the Recital 29 of Directive
2001/29/EG. Finally, the Court pointed out that the use of
computer programs necessarily involved a reproduction of the
programme, if only temporarily, since it at least has to be
loaded into the RAM. Pursuant to section 69c Copyright Act,
this could require the consent of the right holder, which was
not granted.
Whether this argument is actually convincing appears to
be highly doubtful, since that would mean that the exhaustion
of rights principle would virtually never be applicable to
software. It is further unclear whether this would also apply if
only one copy of a program were physically handed over. It is
therefore not surprising that this ruling has created quite
a sensation. The question of whether used software can be
distributed in Germany therefore has yet to be definitively
resolved by the Federal Supreme Court. Currently, it is still
unclear under what conditions used software can be sold in
Germany.
Dr. Stefan Weidert, LL.M, Partner, [email protected]
from the Berlin office of Gleiss Lutz, Germany (Tel.:þ49 30 800979 0).
4. Italy
4.1. Privacy protection in social network services
On 17 October 2008, the 30th International Conference of Data
Protection and Privacy Commissioners, attended by 78 Data
Protection Authorities and Privacy Commissioners from every
continent, adopted, inter alia, a resolution on ‘‘Privacy
Protection in Social Network Services’’ (‘‘Resolution’’). The
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 0 1 – 1 0 5 103
Resolution deals with specific privacy and security risks
associated with the use of social network services (‘‘SNS’’),
such as the disclosure of personal information about the
individuals/users; possible loss of control by individuals over
how data will be used by third parties once they are published
on the network; use of personal data for profiling purposes; re-
publishing of data; removing of personal data from the
Internet; indexing of data from profiles by search engines; use
of profile information from SNS by companies for recruitment
purposes and by providers of SNS for the delivery of targeted
marketing messages, etc.
The Resolution sets forth a number of recommendations to
users and providers of SNS, including the following:
(a) users of SNS should (i) consider carefully which personal
data they publish in a profile (in particular, a recommen-
dation to minors is made not to disclose home addresses
and telephone numbers); (ii) respect the privacy of others
(e.g. by obtaining prior consent in case of publishing of third
parties’ personal information, including pictures and tag-
ged pictures);
(b) providers of SNS should (i) clearly inform the users about
the processing of their personal data;(ii) improve user
control over the use of profile data by community
members and allow for restriction of visibility of profiles/
data and in community search functions; (iii) allow for
user control over secondary use of profile and traffic data;
(iv) offer privacy-friendly default settings for user profile
information (especially with respect to minors’ data); (v)
improve and maintain security of the information systems
and protect users against fraudulent access to their profile
(vi) grant individuals (regardless of whether they are
members of the SNS or not), the right to access, correct and
delete their personal data held by the provider; (vii) allow
users to easily terminate their membership; (viii) ensure
that user data can only be crawled by external search
engines if the user has given a prior and informed consent.
In addition, the recommendation is made to providers of
SNS operating in different countries or even globally to
respect the privacy standards of the countries where they
operate their services, possibly consulting with the local
Data Protection Authority.
http://www.privacyconference2008.org/index.php?page_
id¼197
Salvatore Orlando, Partner, [email protected] and
Laura Liberati, Associate [email protected], from the
Rome office of Macchi di Cellere Gangemi (Tel.: þ39 06 362141).
5. The Netherlands
5.1. Court finds that appropriation of Internetconnection bandwidth does not constitute theft
The three-judge criminal section of the District Court of
Amsterdam ruled on 11 September 2008 that the appropriation
of data (traffic) and bandwidth capacity of an Internet
connection does not constitute a theft under Article 310 of the
Dutch Penal Code (hereafter ‘DPC’).
One of the suspects in this case worked for a short time as
a plumber in a student apartment. During his work he noticed
that in the apartment a high speed Internet connection was
installed. The plumber offered a number of third persons the
opportunity to take advantage of this high speed connection.
Five computers were installed above the ceiling tiles and were
connected to the Internet. One of these computers belonged to
the fellow-suspect. The case came to light when the concierge
heard a humming noise and removed one of the ceiling tiles to
discover the computers.
The key point in this case is whether or not the appropri-
ation of data (traffic) and bandwidth capacity of an Internet
connection constitutes theft of the Internet connection.
Article 310 of the DPC defines theft as: ‘removing any good
belonging entirely or in part to another with the intention of
unlawfully appropriating it’. The writ of summons accused
the suspect of unlawfully removing (i) data traffic, (ii) band-
width capacity and (iii) speed of the Internet connection –
which was indicated by the public prosecutor as the essence
of the Internet connection.
The District Court ruled that these elements do not fall
under the definition of ‘‘good’’ within the meaning of article
310 of the DPC. According to a judgment of the Supreme Court
(HR 3 December 1996, NJ 1997, 574) the deciding factor is
whether or not the unauthorized use of the Internet connec-
tion results in the entitled party (owner) losing actual control
over the Internet connection. According to the District Court
this was not the case.
Link (in Dutch only):
http://www.boek9.nl/www.delex-backoffice.nl/uploads/file/
Boek9%20/Boek%209%20Uitspraken/Auteursrecht/Strafzaak%20
computers%20studentenflat.pdf
Reinout Rinzema, Partner, [email protected] and Rem-
brandt Brouwer, Associate, [email protected] from
the Amsterdam Office of Stibbe, The Netherlands (Tel.: þ31 20 546
01 12).
6. Norway
6.1. Norwegian proposition for a new and extensivepupil register
National surveys over the past few years have revealed that
the quality of Norwegian compulsory education is falling. As
a measure to counter this development, the Norwegian
Ministry of Education and Research has proposed to create
a new register for pupils in compulsory schools. The aim of the
proposed register is to obtain further knowledge of factors
that are significant for the pupils’ development. In order to
achieve this, the Ministry claims that it is essential to have
access to personal data of individual pupils, including sensi-
tive data. Earlier this year, the Ministry circulated a discussion
paper to relevant administrative bodies and other parties to
obtain their comments.
Last month the Norwegian Data Inspectorate published its
reply to the Ministry’s discussion paper, expressing its concern
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 0 1 – 1 0 5104
about the proposition. According to the Data Inspectorate, the
register will result in detailed information about an entire
generation being stored for an indefinite period of time,
including information about individuals’ social life, health
conditions, religious views, sexual orientation and ethnicity.
Further, the Ministry’s discussion paper leaves several impor-
tant questions unanswered, inter alia with regard to collection
of data, quality assurance of collected data and access to the
register. On this background, the Data Inspectorate holds the
opinion that the establishment of the proposed register will be
disproportionate to the aim sought, and regrets that the
Ministry has not examined other and less radical alternatives
for improving Norwegian compulsory schools.
At present, the proposition is only in the preparatory
phase, and it will be interesting to see whether other bodies
share the Data Inspectorate’s views.
Haakon Opperud, Partner, [email protected] and Stein-Erik
Jahr Dahl, Associate, [email protected], from Thommessen
Krefting Greve Lund AS, Norway (Tel.: þ47 23 11 14 94).
7. Spain
7.1. Application of the Data Protection Directive toInternet search engines
Users often want Internet search engines that may not be in
Europe to delete their personal data from lists of results. The
problem arises as to whether the effects of the Data Protection
Directive (DPD) can be extended beyond European territory.
Under its Article 4, the DPD applies to data processing
when the controller is established in Europe or when it uses
material resources located in Europe to process data. Conse-
quently, only the second of these two circumstances would
justify an extension of the effects of the Directive.
The ‘‘Opinion on data protection issues related to search
engines’’ (WP148), which the Article 29 Group drafted in April
2008, states that ‘‘as providers of content data [.], generally they
are not to be held as primarily responsible under European data
protection law for the personal data they process.’’
But also according to WP148, when the search engine uses
a related establishment, the DPD is applicable if ‘‘the processing
operation is carried out in the context of the activities’ of the estab-
lishment. This means that the establishment should also play
a relevant role in the particular processing operation.’’
This ‘‘relevant role’’ can only mean that the establishment
is a necessary co-operator, that processing would not be
possible without its intervention.
WP148 considers this cooperation to exist when the
establishment in a Member State: (i) is responsible for relations
with users; (ii) is involved in selling advertisements aimed at
that State; or (iii) complies with the authorities’ requirements
on user data. However, only the third condition covers pro-
cessing data in lists of results, as the first two refer to user data.
People hosting personal data on websites know that
anyone can access the data, with the help of search engines.
Therefore, the controllers of these websites (which are nor-
mally based in Europe because personal information is usually
of local interest) must limit the effects of publication in
accordance with the applicable data protection law, using
codes that prevent search engines from trawling and indexing
the information.
However, WP148 states that some data protection author-
ities (such as the Spanish) oblige search engines to delete the
data from lists, but this obligation should only be imposed on
the related establishment if it plays a relevant role in the
searching service. It is not admissible to take the establish-
ment hostage to demand that the search engine complies with
obligations laid down by laws that do not extend to the
country in which it operates.
Javier Aparicio, Intellectual Property Partner, JAPS.@cuatr
ecasas.com from the Madrid Office of Cuatrecasas, Spain (Tel.:
þ34 915 247 717).
8. Sweden
8.1. Proposal on anti-piracy legislation approved by theSwedish Council on Legislation
On 22 October 2008, the Swedish Council on Legislation (Sw.
Lagradet) approved, without any significant reservations, the
Government’s proposal concerning new legislation, which
will enable intellectual property right holders to obtain
personal data regarding individual users’ IP addresses. Pur-
suant to the proposed legislation, a court may upon request by
a right holder, order Internet service providers to disclose
personal data tied to IP addresses if there is ‘probable cause’
that a person has infringed intellectual property rights by way
of file sharing.
The proposed legislation implements directive 2004/48/
EC on the enforcement of intellectual property rights
(IPRED). However, the Swedish Council on Legislation states
in its consultation that the proposal goes beyond what is
required by the directive. In the directive, the right to
access such personal data is limited only to judicial
proceedings concerning an infringement of intellectual
property rights.
The recent approval by the Swedish Council on Legislation
has attracted substantial attention in the media and caused
a debate between interested parties. The evidentiary
requirement of ‘‘probable cause’’ is one of the main issues. In
many situations, the person performing file sharing and the
person registered as subscriber to the Internet service may be
two different persons. Furthermore, where file sharing is
performed via unsecured, wireless routers, tracking of the
person performing file sharing will be complicated.
The next step in the legislative process is for the Govern-
ment to present the proposal to the Swedish Parliament. The
proposed anti-piracy legislation is planned to enter into force
in April 2009.
Find out more about the report at http://www.regeringen.se/
content/1/c6/11/31/81/465ad177.pdf (in Swedish)
Bjorn Gustavsson, Partner, [email protected], and Eva
Fredrickson, Associate, [email protected] from Advokatfir-
man Vinge KB, Sweden (Tel.: þ46 8 614 30 00).
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 0 1 – 1 0 5 105
9. United Kingdom
9.1. Patenting Computer Software gets easier in the UK
The recent Court of Appeal case Symbian Limited v Comptroller
General of Patents ([2008] EWCA Civ 1066, 8 October 2008)
suggests that the patenting of computer software in the UK
may be easier in future. The Court confirmed that if a ‘‘tech-
nical contribution’’ is achieved by software over and above
merely computerising a function, this may be patentable.
Article 52(2) of the European Patent Convention excludes
computer programs (‘‘as such’’) from patent protection. The
Court of Appeal applied the assessment of patentable subject
matter under section 1(2) of the Patents Act 1977, which it had
set out in Aerotel v Telco; Macrossan’s Application [2007] RPC, (i)
properly construe the claim; (ii) identify the actual contribu-
tion; (iii) ask whether it falls solely within the excluded subject
matter; (iv) check whether the actual or alleged contribution is
actually technical in nature. However, it held that it is
permissible to combine the third and fourth steps, thus
making technical contribution part of the examination of
whether the claimed invention fell solely within the excluded
subject matter. The mere fact that the invention sought to be
registered was a computer program was not determinative.
The key question was whether the invention revealed a tech-
nical contribution to the state of the art; Symbian’s invention
(involving software to enhance data access in computer
systems) was held to have done so and therefore was not
excluded from protection.
Since modern day inventions often have a software
element, whether the inclusion of a computerised element in
an invention should render the whole invention unpatentable
is a matter of significant commercial importance. This deci-
sion should be welcomed by any businesses involved in
developing products using software to achieve a novel effect
since software that solves a genuine technical problem would
now appear to be more readily patentable.
The Court refused to follow recent EPO case law on
patentability as it did not consider it to be established,
authoritative and settled. Giving judgment in Symbian, Lord
Neuberger commented that there should be a two-way dia-
logue between the national tribunals of the EPC member
states and the EPO. Shortly after this decision, the EPO Presi-
dent has referred several questions to the EPO’s Enlarged
Board of Appeal for clarification on the approach to be taken to
patentability of software-related inventions. A response is not
expected until next year.
9.2. Communications Data Bill
The government has scrapped plans to push through the
controversial Communications Data Bill which mandates the
retention of data by Internet service providers (ISPs) and tel-
ecoms companies. The government will hold a second public
consultation in the New Year, which means that the UK could
miss its self-imposed deadline to comply with the European
Data Retention Directive by March 2009.
It is also expected to slow the progress of the Interception
Modernisation Programme, a scheme to create a centralised
database of all electronic communications between everyone
in the UK.
Mark Turner, CLSR Professional Board, Partner, mark.turner@
herbertsmith.com and Tony Lai, Associate, tony.lai@herbertsmith.
com with the contribution of David Wilson, Partner, david.
[email protected] and Chris Sharp, Associate, christopher.
[email protected] from the London Office of Herbert Smith
LLP (Tel.: þ44 20 7374 8000).