Our point of view

Technology Newsletter 03/2013

12 March 2013

Wind of Change

The IP field seems to have a favourable wind behind it in Finland. Of two long-debated IP initiatives, the one concerning centralization of Finnish IP disputes has reached its goal and the other one concerning EU wide patent protection has reached a remarkable milestone. The Finnish Parliament passed an act in December 2012, which will centralize the settlement of IP disputes to the Market Court from 1 September 2013 onwards. Respectively, the European Parliament approved the EU unitary patent rules in December 2012, which will enable the registration of a European Patent with unitary effect (“Unitary Patent”) presumably from 2015 onwards, depending on the ratification progress of the international agreement on a Unified Patent Court by the participating Member States.

New IP Court

As a result of the new act, the handling of IP issues will be centralised in one instance, which is likely to improve the legal certainty of the decisions and to make the process more professional and efficient as well as quicker. It is very good news that judges will have real possibilities to specialise in IP issues, which should bring about better predictability, more high-quality decisions and an improvement in legal protection to IP right holders.

All copyright and industrial right-related disputes and administrative disputes, such as appeals against decisions made by the registration authorities, as well as interim measures related to any of the foregoing will be handled by the Market Court. The Market Court will also handle and resolve possible appeals against the decisions made by the Finnish Communication Authority by virtue of the Finnish Domain Name Act. Criminal cases will remain in the district courts. The upcoming change will also finish an unwanted outcome of having contradicting decisions between the Helsinki District Court that handles IP disputes initiated prior to the end of August 2013 and the Market Court that grants injunctions by virtue of the Unfair Business Practices Act. It has not been very uncommon that right holders have first brought actions against copycats before the Helsinki District Court claiming that these third parties infringe their trademark or design rights and thereafter brought actions against the same third parties before the Market Court claiming that they slavishly copy and imitate the right holders’ product and hence act in breach of the Unfair Business Practices Act. From 1 September 2013 onwards a right holder does not need to evaluate from which court one would, most likely, get the best and most efficient outcome, as the right holder may combine and include these claims in one action before one single competent court.

The IP proceedings are also likely to become much quicker as there is no automatic possibility to appeal under the new act. A party may appeal against a decision by the Market Court to the Supreme Court of Finland only, provided that the Supreme Court grants the appealing party leave to appeal. The same applies to the Supreme Administrative Court of Finland regarding appeals against decisions by the Market Court in an administrative IP matter. The fact that there may, rather seldom, be a possibility to appeal, may naturally raise some concerns but upon centralisation of expertise the quality of decisions should reduce the need to appeal. Furthermore, in a quickly changing business environment the right holders as well as users of IP are likely to prefer quick final decisions to the possibility to appeal.

Unitary Patent – Hopefully Good News

After almost 40 years of endless debating, the European Parliament finally approved the Unitary Patent rules in December 2012. According to these rules, the right holders may have the opportunity to file an application for a patent that would be valid in most of the Member States or at least in those Member States which have ratified the international agreement. The entry into force requires that at least 13 Member States, of which three must be France, Germany and the UK, will ratify the agreement on a Unified Patent Court that was signed by 24 Member States on 19 February 2013. Poland and Spain are currently outside the new regime, but will possibly join in at a later stage. Bulgaria is expected to sign the agreement in the near future.

The new regime does not replace the existing systems but will be another option for patent applicants. The main goal of the new regime is to reduce patenting costs. An applicant should get the best cost benefits out of the new regime by filing a patent application that would cover all contracting states. In case the applicant considers that, for example, only three Member States are relevant for its business, the existing systems may be more cost efficient. Although the goals of reducing costs and providing a one-stop-shop for EU wide patent protection are worth striving for, there are several open questions which may raise some concerns. There is no clear indication that the patenting process would become more efficient and quicker. Furthermore, the amount of translation costs remains unspecified.

The new Unified Patent Court should address the following existing challenges in relation to enforcement or revocation of a European patent: 1) high costs; 2) risk of diverging decisions and lack of legal certainty; 3) forum shopping; and 4) differences in speed and the level of damages awarded. On the other hand, a patent holder may possibly not see these challenges only as a negative issue as upon the new regime there is a risk that the patent will be lost for the whole EU instead of losing it in one Member State only. In addition to the Unitary Patents, the Unified Patent Court will have an exclusive jurisdiction for litigation relating to European patents with the following exceptions: a) during a transitional period of seven years after the date of entry into force of the international agreement, an action may still be brought before national courts, and b) a holder of a European patent may opt out a European patent from the exclusive competence of the Unified Patent Court before the expiry of the transitional period.

The Unified Patent Court will consist of a court of first instance and a court of appeal. The court of first instance will be composed of a central division (with a seat in Paris and two sections in London and Munich) and by several local or regional divisions in the contracting states. The court of appeal will be located in Luxembourg. The new Finnish IP court could have a good chance in becoming a local division, where the language of the proceedings could be Finnish. This would, presumably, be appreciated by Finnish entities.

panu.siitonen@hannessnellman.com

Case Ö 2376-12 and case MD 2012:15

The Court of Appeal for Western Sweden (the “Court of Appeal”) and the Swedish Market Court (the “Market Court”) have recently ruled on two disputes concerning the use of trademarks as keywords in advertising on Google AdWords. The facts of the cases were similar, but the claims were made from two different legal angles. In Ö 2376-12, the proprietor of a trademark, Antura AB (“Antura”), sued its competitor, CANEA Partner Group AB (“Canea”), and claimed that Canea’s use of Antura’s trademark should be regarded as a trademark infringement. The District Court of Gothenburg decided in favour of the defendant and dismissed the case. Antura appealed to the Court of Appeal. The circumstances in MD 2012:15 were that Elskling AB (“Elskling”) sued its competitor Kundkraft AB (“Kundkraft”) and claimed that Kundkraft’s advertisement on Google AdWords was made in violation of the Swedish Marketing Practices Act (the “Marketing Practices Act”). Since the Marketing Practices Act prohibits marketing that is unlawful, the question of trademark infringement was of relevance in both cases. However, in MD 2012:15, the proprietor also claimed that Kundkraft through the advertisement took unfair advantage of Elskling’s reputation and that the advertisement constituted misleading marketing as regards who the sender was and the economic origin of the advertisement.

In both of the cases mentioned, the courts interpreted the scope of the proprietor’s exclusive right to the trademark in the light of the case law developed by the European Court of Justice (“ECJ”). Notable in this context is that the ECJ has stated that the use of keywords in advertisements on Google AdWords constitutes a trademark infringement if the advertisement does not enable the average internet user, or enables such a user only with difficulty, to ascertain whether the goods or services referred to therein originate from the proprietor of the trademark or an undertaking economically connected to it or, on the contrary, originate from a third party. Additionally, the ECJ has stated that it is up to the national courts to asses, on a case-by-case basis, whether the facts of the case before it indicate adverse effects, or a risk thereof, with regard to the function of the trademark. Furthermore, the ECJ has held that above all this assessment is subject to how the advertisement is presented.

In their assessments, the Court of Appeal as well as the Market Court noted that the advertisements neither expressed any connection between the advertiser and the proprietor, nor were they unclear as regards who the sender was. In addition, the courts noted that visitors to the website containing the results of the search could get more information as to why the advertisements in question were being displayed. The Market Court also noted that links to the proprietor’s website were displayed as an advertisement as well as amongst the neutral results. Based on these circumstances, the courts concluded that there were no adverse effects as regards the functioning of the trademarks in question.

In addition to the claim that the advertisement constituted a trademark infringement, Elskling asserted that the advertisement was not in compliance with the Marketing Practices Act since Kundkraft, without due cause, took unfair advantage of Elskling’s reputation. Furthermore, Elskling asserted that, in any case, a violation existed since the advertisement constituted misleading marketing as to who the sender of the advertisement was and the economic origin of the advertisement.

The Market Court established that marketing should be assessed from the point of view of the average receiver of the advertisement, which in this case was the user of a search engine. Furthermore, the Market Court presumed that such users to some extent are aware of the fact that some of the displayed results do not necessarily correspond to the keyword. The court stated that, since the advertisement was not confusing to the average user, the purpose of the advertisement was presumably to bring the user’s attention to the fact that there was an alternative product/service to the one offered by Elskling. Based on these circumstances, the Market Court found that Kundkraft did not take unfair advantage of Elskling’s reputation.

When assessing if the advertisement in question was to be regarded as misleading marketing or not, the Market Court firstly noted that the advertisement did not contain the word “Elskling” and that an advertisement as well as neutral search results for Elskling was displayed in immediate connection with the advertisement for Kundkraft. In addition, the Market Court held that there were manifest differences between the webpages for Elskling and Kundkraft. In the light of these facts the Market Court found that the ad was not misleading. Hence, the Market Court ruled in favour of the defendant and dismissed the case.

Based on the abovementioned cases, the Swedish courts have clarified the uncertainty in relation to advertisement of registered trademarks as keywords on search engines such as Google.

jens.forzelius@hannessnellman.com

Fight against "Literary Slavery" gains Momentum

New amendments to the Civil Code of the Russian Federation will enter into force on 1 March 2013. This will permit the use by third parties of an individual’s name or pseudonym with his or her consent. The changes will permit the sale and purchase of personal names and pseudonyms in a manner similar to the sale and purchase of the means of individualisation of legal entities.

The new provisions of the Civil Code of the Russian Federation state that “the name or pseudonym of an individual may be used with his or her consent by third parties in their creative work, business, or other economic operations by employing methods which do not result in confusion among third parties regarding the identity of the citizens and exclude an abuse of rights in any other form”.

The amendments will de facto prohibit the work of so-called “literary slaves”, that is to say a group of unknown writers who work under the name of a famous author. Certain publishers work in this way since they prefer using old names instead of creating new ones. Once the amendments take effect, readers must be notified about the actual author of the book – even if it has a famous name on its cover.

ekaterina.mironova@hannessnellman.com

The Exhaustion of Trademark Rights

A recent judgement rendered by the Danish Supreme Court sheds further light on the rules of trademark consumption. The case concerned a gas composite bottle, which was designed and registered as a three-dimensional Community trademark and Danish trademark by the Norwegian company Ragasco AS (“Ragasco”). Ragasco had entered into a sole distribution agreement with Kosan Gas A/S (formerly BP Gas A/S) (“Kosan”), giving Kosan an exclusive licence to use the bottle as a trademark in Denmark. Kosan affixed its own name and logo to the bottle and marketed it in Denmark from 2001.

In 2005 Kosan claimed that a Danish company, Viking Gas A/S (“Viking”), who ran a gas filling station in Denmark, was violating Kosan’s trademark rights when dispatching Kosan’s bottles after filling them with gas and affixing two labels, which indicated that the bottles were filled by Viking. Kosan acknowledged the fact that consumers of gas bottles are entitled to have the bottles filled with gas from other dealers. However, Kosan was of the opinion that Viking’s method of handing over already filled Kosan bottles to consumers was a violation of Kosan’s trademark rights, since the consumer went home with a different Kosan bottle than the one that was handed in. The Maritime and Commercial Court was of the same opinion and stated that since Viking handed over already filled bottles in exchange for empty bottles, Viking’s customers falsely believed that they bought a bottle of Kosan gas. This was so, even though Viking attached two adhesive labels to the bottles, which indicated that the bottles were filled by Viking.

After having referred questions to the European Court of Justice, the Danish Supreme Court firmly established that Viking’s practice was not infringing on Kosan’s trademark rights. The Supreme Court stated that the first sale of the composite bottle exhausted the trademark rights deriving from the 3D trademark as well as the trademarks affixed to it by Kosan. Consequently, a consumer of a composite bottle has the right to use that bottle freely and as a reflex effect, competitors have the right to exchange it or refill it. The Supreme Court acknowledged that Kosan could oppose a further commercialisation, if Kosan had legitimate reasons for such opposition e.g. if an average consumer would consider that there was a connection between Kosan and Viking or if an average consumer would consider that the bottles contained gas from Kosan. However, the Supreme Court did not find that possible, given i) the practice in that sector where customers are accustomed to gas bottles being filled by other dealers and ii) the labelling of the composite bottles indicated that the bottles were filled by Viking.

paula.gronlund@hannessnellman.com

New Counterfeit Goods Regulation Endorsed

The Internal Market and Consumer Protection Committee of the European Parliament has endorsed Draft Regulation 5129/2013/EC (“the Regulation”), which is due to replace the Counterfeit Goods Regulation 1383/2003/EC.

The Regulation is intended to apply to a wider range of intellectual property rights than the ones currently covered, extending the scope of protection to rights in trade names, semiconductor topographies and utility models. The scope of goods falling within customs procedures will also be extended, covering e.g. goods designed to circumvent technological measures.

Furthermore, the Regulation aims to provide a simplified route to destruction of small consignments of allegedly counterfeit or pirated non-perishable goods, to the extent that the importer has not objected to such destruction. Such a small consignment is defined as a postal or express courier consignment that contains three units or less or that has a gross weight of less than two kilograms.

The Regulation is subject to a plenary vote by the European Parliament in April 2013, and it is scheduled to take direct effect in the EU from 1 January 2014.

janne.joukas@hannessnellman.com

The Commercial Use of Open Source Software

Many, if not most businesses use open source software tools and products every day. Some of these tools and products are constructed by their own IT developers while others are purchased from third parties, including a wide range of professionals who construct and sell software after having incorporated open source software. Most of today’s IT professionals are aware of the fact that the use of open source software requires compliance with specific open source license terms, but new challenges have emerged as a result of the development of new versions of the General Public Licenses (GPL) and the combination of GPLs.

As most developers and professionals know, the term “open source software” refers to computer software that anyone can use, study, distribute and change without restriction. Nonetheless, the open source software products are generally regulated by specific license terms. In most cases these terms are “copyleft” terms, meaning that the licenses allow derivative work but require the engineer to use the same license as the one applied to the original work. In other words, a copyleft essentially seeks to achieve the opposite of copyrights, as the copyleft license terms ensure access to source codes as well as prohibit the protection of a code based on open source software as private property.

GPL regulations and limitations may differ substantially from each other, as the open source society has not been able to agree on just one set of open source terms. The most commonly used open source GPLs are GNU GPL version 1-3, LGNU GPL, MIT, Apache, Mozilla, Linux, etc.

Some of the most commonly used GPL regulations and limitations include the requirement according to which the user of the source code must be given all rights to modify and distribute the code provided under the GPL as well as the publication of the code. Such regulations will be found in most of the GPLs listed above. Furthermore, there is an obligation to insert the GPL into the source code in order to secure future compliance with the applicable GPL as well as requirements according to which the original license is to be observed when the software is distributed. Thus, professionals are prevented from applying their own commercially friendly license terms.

When commercially using open source software, many businesses discover too late that the GPL covering the software products having open source software incorporated in them very often include restrictions that limit the commercial potential of the product.

In the latest versions of the different GPLs applied by the open source software providers, the copyleft terms have been modified in order to better fit into the world of commercial software. Thus, open source software users can choose open source software products with licenses that do not prevent the selling of the finalised software products, etc.

Having said that, the open source software market is also facing new challenges. For example, the very popular and commonly used GNU GPL v.3 provides that any and all modified versions of software containing GNU GPL regulated open source software must be licensed under the GNU GPL, regardless of the time, place or author of the modifications. Thus, the GNU GPL ensures that property is perpetuated to all downstream derivatives of the software product.

More and more software products are built on top of each other as modifications, extensions, renewals, etc. This means that new software often contains many different varieties and generations of open source software parts, and consequently different GPLs. When any of these GPLs contain terms such as the GNU GPL on derivative works, a “license term battle” arises.

In particular as a creator of software but also as a buyer, it is very important to be observant of the license terms connected with new software products in the future, as most developers today use open source software. The examination must start with thorough instructions to the software developers and must continue all the way to the finalised product and to the review of the terms connected with the product. The worst case scenario is that the value of a company’s core software product may be non-existent due to incompatible and strict terms, when analysed by potential customers, investors or acquirers.

mette.huss@hannessnellman.com

Data Protection: Update on EU Data Protection Reform

Background

In January 2012, the European Commission presented proposals for a comprehensive reform of the data protection rules with an objective to strengthen online privacy rights and boost Europe’s digital economy. This proposed reform contained two legislative proposals: a Regulation setting out a general EU framework for data protection and a Directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities. The proposed Regulation will replace the current Data Protection Directive from 1995. The proposed Directive, on the other hand, will protect personal data in criminal and justice matters. In this text we will focus solely on the Regulation.

The main purpose of this comprehensive reform is to update the data protection rules across the EU so that they reflect the way personal information is used today and in the future. By proposing the new framework, the Commission seeks to take into account the realities of modern data flows, cloud computing, location-based services and smart cards. The proposed Regulation is aiming to do away with the current fragmentation and costly administrative burdens, while helping to eliminate all the uncertainty created by a patchwork of data protection laws.

The Commission’s initial proposal for the new Regulation contained the following key changes:

  • Single Set of Rules: The proposed form of new legislation (i.e. regulation instead of directive) will be directly applicable and valid across the EU. This will reduce the administrative burden for companies as unnecessary administrative requirements, such as notification requirements for companies, will be removed.
  • One-Stop Shop”: Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. The proposed Regulation will have an extra-territorial effect, which means that people can turn to the data protection authority in their country, even when their data is processed by a company based outside the EU.
  • Extra-territorial effect: Organisations processing personal data about European residents will be subject to the Regulation if they: i) offer goods or services to data subjects in the European Union; ii) monitor the behaviour of those data subjects.
  • Data Breach Notifications: Stricter obligations on companies to report serious data protection breaches. Notice of data breaches must be provided to national authorities within 24 hours where feasible, and to affected data subjects “without undue delay”.
  • Penalties: Independent national data protection authorities will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to EUR 1 million or up to 2 % of the global annual turnover of a company.
  • Consent: Where an individual’s consent is to be used as a justification for the processing of personal data, it has to be given explicitly, rather than being assumed.
  • Right to be Forgotten”: Individuals will be given “a right to be forgotten”, which allows them to demand removal of their personal data where there is no longer any legitimate ground for retaining it.
  • Access to Data and Data Portability: Individuals will be given easier access to their own personal data and they will also be able to transfer personal data from one service provider to another more easily.
  • Data Protection Officer: Companies will be obliged to appoint a data protection officer if they have over 250 employees or their main activity shall be seen as systematic monitoring of citizens.

Update – One Year On: Where Are We Now?

During the past year the Regulation has been going through the EU’s legislative process by attracting numerous opinions and comments. One step forward was taken on the 10th January 2013, when a draft report on the proposed Regulation was published by Jan-Philipp Albrecht, Rapporteur for the proposed Data Protection Regulation for the Civil Liberties, Justice and Home Affairs Committee (LIBE) of the European Parliament. Whilst the draft report does not bind the LIBE, it will carry a significant weight during the upcoming phases led by the LIBE. Although this draft report exceeding 200 pages emphasizes the strong need for new data protection rules, it contains over 350 amendments to the Commission’s initial proposal with some of the key points being as follows:

  • Larger Territorial Scope: The Regulation should also be applicable to a controller not established in the EU when processing activities are even aimed at the offering of goods and services to data subjects in the EU, irrespective of whether these goods or services are free of charge. Moreover, the Regulation should also cover all monitoring of personal data of such data subjects residing in the territory of the EU.
  • Data Protection Authorities: While it is important to have independent national data protection authorities well-equipped to better enforce the EU rules at home, the draft report seeks to reinforce the cooperation between national supervisory authorities in cases where the processing activities of a controller or a processor affect data subjects in several Member States. Therefore, the authority of the main establishment shall be the lead authority acting as a single contact point for the controller or the processor in question (“one-stop shop”). The lead authority shall also ensure coordination with the involved authorities and consult them before adopting a new measure.
  • Importance of Consent and Purpose Limitation: Consent for the use of personal data will remain the cornerstone of the EU’s approach to data protection. Information to data subjects should always be presented in a comprehensible form. The scope of application of the “legitimate business interest” legal ground for data processing will be limited to only being used if none of the other legal grounds apply. The purpose limitation will be strengthened so that a later-occurring change of purpose of personal data should not be possible solely on the basis of a legitimate interest of the data controller.
  • Concept of Personal Data and Pseudonymous Use: The concepts of personal data and data subjects are clarified with objective criteria. Legitimate concerns regarding specific business models can be addressed without denying individuals their fundamental rights. In this context the draft report encourages the pseudonymous and anonymous use of services.
  • ReinforcedRight to be Forgotten”: Companies which have transferred data to third parties or published it without a legitimate legal basis should be obliged to make sure that this data is actually erased. However, where an individual has agreed to the publication of data, a “right to be forgotten” is neither legitimate nor realistic.
  • Extended Time Period for Data Breach Notifications: The draft report wishes to extend the period within which the data controller must notify a personal data breach to the supervisory authority from 24 to 72 hours. However, in order to prevent “notification fatigue”, the data subjects should only be informed in cases where a data breach adversely affects their privacy.
  • Mandatory Data Protection Officer: The threshold for the mandatory designation of a data protection officer should not be based on the size of the enterprise (e.g. 250 persons or more), but rather on the relevance of data processing (such as the nature of personal data, the type and the size of the processing activity). According to the draft report, a company processing personal data relating to more than 500 data subjects per year is obliged to appoint a Data Protection Officer. This would obviously apply to the majority of companies.
  • Need to Reduce the Number of Delegated Acts: The draft report seeks to reduce the extensive use of delegated acts from the European Commission. The Commission’s power to adopt delegated acts runs counter to the objective of providing legal certainty for data protection throughout the EU. Therefore, the draft report not only replaces several acts with more detailed wording in the proposed Regulation, but also gives the European Data Protection Board a greater role in specifying the criteria and requirements of a particular provision instead granting the Commission the power to adopt a delegated act. As a result, the European Data Protection Board would be able to adopt necessary measures that would legally bind the national supervisors in the Member States.

Next steps

At this point the draft report is being considered by the LIBE members, who have until 27th February 2013 to suggest any modifications before the public discussion in Parliament will be ready to begin. As many of the amendments in the draft report will strengthen the rights of individuals and reinforce the obligations of companies, it is expected that the report will be heavily debated and further amendments will follow. However, if everything goes in accordance with the initial timetable, the LIBE will vote on the proposed amendments in late April or early May, before the trilateral negotiations between the European Parliament, Commission and Council can take place. If the adoption of the Regulation is done by 2014 and assuming that the two year implementation period is retained, the new Regulation would enter fully into force in 2016 at the earliest.

erkko.korhonen@hannessnellman.com

Data Protection: Binding Corporate Rules Launched for Processors

The European data protection authorities, assembled in the Article 29 Working Party (WP29), launched Binding Corporate Rules (BCR, also known as Binding Safe Processing Rules) for processors from 1 January 2013. Previously BCRs were only available to data controllers.

BCR for processors are internal codes of conduct regarding data privacy and security, the purpose of which is to ensure that transfers of personal data outside the European Union by a processor, who acts on behalf of his clients and under their instructions, will take place in accordance with the EU rules on data protection. The use of a BCR for processors is not compulsory, and each company acting as a data processor (e.g. for outsourcing activities or cloud computing), may decide to file an application at the data protection authority.

The use of BCR benefits both data processors and data controllers. If BCR are used, the processors will not need to negotiate the safeguards and conditions for data processing each time a processor contracts with a data controller. As for the data controllers, they would then be able to transfer personal data to the service provider and its sub-processors, including those based outside of the EU, in full compliance with data protection laws.

Earlier in 2012 the WP29 adopted a Working Document (WP195) and an application form for submitting a BCR for processors. The application procedure for BCR for processors will be the same as the one for BCR for controllers, which means that it will be based on a process with a lead data protection authority (DPA) and a system of mutual recognition involving a substantial number of European DPAs. Due to this rather burdensome process, the availability of BCR for processors would likely be most attractive to large data processor groups which frequently transfer data outside the EU.

erkko.korhonen@hannessnellman.com

More than Three Web Stores out of Four that Sell Online Services to Consumers Infringe EU Consumer Rules

The consumer authorities from 26 EU countries have, in cooperation with the consumer authorities of Norway and Iceland, been screening websites that sell downloadable content for mobile devices, such as mobile phone games, music, e-books and movies, to consumers. The screening showed that 76 per cent of the 333 websites that were reviewed did not fulfil the minimum obligations imposed by EU legislation.

The biggest issues with the web stores were connected to the terms and conditions under which the products were provided. The agreement terms used often (in 69 per cent of the cases!) contained terms considered unfair, and hence contrary to EU consumer legislation.

Furthermore, the web stores and their agreement terms often lacked information which the service provider is obliged to provide by law. The necessary information regarding the lack of the right of withdrawal was often missing, as were the contact details of the service provider. Also, the rules governing advertising and the providing of key information about costs and characteristics of the products were poorly followed.

According to the European Commission, the national authorities in each country will contact the companies whose web stores turned out not to conform to EU legislation. The national authorities will require that the websites and the agreement terms used are corrected. Failure to do so may result in legal action leading to fines or even to the shutting down of websites.

The EU-wide screening conducted shows that consumer authorities across Europe find the web stores’ compliance with consumer protection rules increasingly important in the current environment where consumers tend to shop more and more online. Hence, it is highly likely that even more attention will be paid by the authorities to questions relating to web stores’ conformity to EU legislation in the future.

ilona.tulokas@hannessnellman.com

The Finnish Competition Authority and the Consumer Agency Join Forces

The Finnish Competition and Consumer Agency (the FCCA), which was created by uniting the Competition Authority and the Consumer Agency, has begun its operations on 1 January 2013. The responsibilities of the united agencies remain unchanged, and hence the FCCA will focus, inter alia, on the implementing of competition and consumer policies, ensuring good market practices, implementing consumer protection and competition legislation and EU competition and consumer protection rules. Furthermore, the FCCA also handles the supervisory responsibilities of the Consumer Ombudsman.

The aim of the new FCCA is mainly to improve the efficiency of the administration and increase the social significance of competition and consumer protection issues.

ilona.tulokas@hannessnellman.com

List of Permitted Health Claims

Commission regulation (EU) No 432/2012 establishing a list of permitted health claims made on foods, other than those referring to the reduction of disease risk and to children’s development and health has been applied from 14 December 2012. The list contains 222 health claims relating to various substances, and sets the conditions under which such claims can be used on foods in the EU. Consequently, only health claims that are on the list are permitted.

janne.joukas@hannessnellman.com

The Finnish Biobank Act setting New Standards for Research Use of Samples of Human Origin

The Finnish Biobank Act (688/2012) will enter into force on 1 September 2013. The act aims at optimising rational use of biobank sample collections for purposes of new and continued research, while safeguarding high ethical standards. Currently, in Finland cell and tissue sample collections are spread among small research sample collections at universities and there is no common registry for these collections. The Biobank Act requires biobanks to be established for sample collections that are preserved for future research purposes. However, biobanks will not need to be established if samples are collected only for a single research project. Consequently, it will also be possible for bodies other than hospital districts (e.g. private research institutions) to establish a biobank. Upon the establishment of a biobank, its area of operation shall be determined. After this, the National Supervisory Authority for Welfare and Health, together with the National Committee on Medical Research Ethics, conducts an ethical evaluation on whether the intended activity satisfies the requirements regarding safeguarding privacy and the rights of self-determination of the donors.

Under the new Act, there shall be a sample and data registry, an informed consent registry and a code registry. Researchers shall have the right to be informed about whether a biobank has samples that are applicable for use in their research work. However, they will not be able to access the personal data relating to individual donors without obtaining a separate informed consent. Samples will be connected to the personal data of donors by the use of coding. ID numbers are needed in continued research in order to synchronise the data from different registries. However, samples that are submitted for research purposes will be anonymised. Biobanks will be required to provide their samples to the research community. The National Supervisory Authority for Welfare and Health, the National Committee on Medical Research Ethics and the Data Protection Ombudsman will supervise the compliance of the biobanks with the existing regulations.

juli.mansnerus@hannessnellman.com

Disclaimer: Hannes Snellman Technology Newsletter is intended for information purposes only. It should not be relied upon as legal advice nor should it be used as a basis for any action or final decision without specifically verifying the applicability and relevant issues on their merits in each individual case.