Technology Newsletter Issue 3/2015

Content of the newsletter:

EU Trademark Reform – Key Changes and Action Needed by Trademark Holders

CTM: Is the Use of a Community Trademark in One Country Enough to Show Genuine Use?

New Patents and Market Court in Sweden

Copyrights: New Provisions Introduced in Finland to Prevent Illegal Distribution of Copyright-Protected Material

The CJEU Found that “Click-Wrapping” Method Met the Requirements of Jurisdiction Clauses in B2B Contracts

European Court of Human Rights Upholds Liability of News Site for Anonymous Defamatory Comments

New Russian Data Localisation Requirements – Final Interpretation?

Update on the EU Data Protection Regulation: Almost There?

New Russian Law on the “Right to Be Forgotten”

EU Trademark Reform – Key Changes and Action Needed by Trademark Holders

By Janne Joukas

On 10 June 2015, the Council's Committee of Permanent Representatives (Coreper) reached an informal political agreement regarding changes to be made to the Trademark Directive 2008/95/ EC and the Community Trademark Regulation 207/2009/EC. One of the main aims of the legislative reform is to foster innovation in the EU by making the trademark registration system accessible and efficient in terms of costs, speed, and legal certainty. The other important aim is to provide stronger protection against counterfeit goods for the owners of trademarks, in particular against counterfeits entering the EU. The proposal will include a new regulation and directive which will reform both the Community-wide trademark system and the national harmonised trademark systems of individual Member States.

One of the key changes will be the revision to the terminology. Community Trademarks (“CTM”) will be renamed as European Union Trademarks (“EU TM”). The name of the Office for Harmonization in the Internal Market (“OHIM”) will be changed to the European Union Intellectual Property Office (“EU IPO”). In addition, the registration procedures will be harmonised across the EU. This includes filing date requirements, designation and classification of goods, and opposition and cancellation proceedings. The requirement of graphic representation is removed and the trademark applicant will no longer have to represent the trademark graphically; it may be represented otherwise in a clear and precise manner.

Furthermore, specifications for registered trademarks only listing class headings will be interpreted as including only the goods and/or services clearly covered by the literal meaning of the listed goods or services. In the earlier approach, the class heading covered all goods or services included in the class. Community Trademarks applied for before 22 June 2012 and covering an entire Nice class heading may be specified by the trademark holder within six months from the date of entry into force of the new Regulation, i.e. actions may need to be taken by trademark holders. If a trademark’s list of goods is not reviewed on time, a trademark filed using class headings will, after the deadline, only extend to the goods covered by the wording of the class headings. In addition, the fee structure will also be renewed. Application fees will be reduced, but they will no longer cover up to three classes of goods and/or services. Instead, the basic fee will only include one class, with a separate fee for each additional class. Fees will be payable upon filing and not one month after filing.

The reform package, which should provide a range of benefits for trademark holders and applicants, is the most significant change to EU trademark law since the introduction of the Community Trademark 15 years ago. The regulation is expected to enter into force in the spring of 2016, but the precise schedule will be confirmed later this autumn. The Member States will be given three years within which to implement the new directive.

CTM: Is the Use of a Community Trademark in One Country Enough to Show Genuine Use?

By Tom Jansson

A UK court recently revoked two community trademarks because genuine use of the trademarks outside the UK had not been proven (see Sofa Workshop Ltd v. Sofaworks Ltd). The court concluded that the extensive use of the trademarks within the UK was not enough to prove ‘genuine use in the Community’, and revoked the trademarks. The claim for revocation of the trademarks was brought as a counterclaim by the defendant in the case.

According to the Community Trademark Regulation (EC) 207/2009, a community trademark can be revoked for non-use “if, within a continuous period of five years, the trade mark has not been put to genuine use in the Community in connection with the goods or services in respect of which it is registered, and there are no proper reasons for non-use”.

Previously, the Court of Justice of the European Union (the “CJEU”) has held that the “territorial scope of the use is not a separate condition for genuine use but one of the factors determining genuine use, which must be included in the overall analysis and examined at the same time as other such factors”, and these factors include, inter alia, the use of the trademarks to maintain or create a market share for the goods or services in question, the nature of the goods or services, the characteristics of the market, and the scale and frequency of the use. In Leno Merken BV v. Hagelkruis Beheer BV (C-149/11), the CJEU found that “the territorial borders of the Member States should be disregarded in the assessment of ‘genuine use in the Community’”.

While the decision of the UK court has been widely criticised – the UK court based its decision largely on a territorial analysis and found that “genuine use in the Community will in general require use in more than one Member State” – the decision should, nevertheless, be taken as a reminder that even extensive use of a community trademark in a single Member State may not be enough to prove genuine use in the Community. This is particularly important for Finnish companies using their community trademarks only in Finland. Such use, also taking the other relevant requirements into account, may not be enough to prove genuine se within the EU.

New Patents and Market Court in Sweden

By Jens Forzelius

The Justice Department has proposed that a new court specialising in hearing intellectual property and competition and marketing cases be established. The new court is proposed to become operational on 1 September 2016. The establishment of this court will mean that the cases that have previously been heard by the Patent Appeals Court and the Market Court will, in the future, be heard by the new Patents and Market Court. This is likely to improve the judicial expertise in IP matters and enable more predictable and high quality decisions.

Copyrights: New Provisions Introduced in Finland to Prevent Illegal Distribution of Copyright-Protected Material

By Erkko Korhonen

The Finnish Copyright Act has been amended this year to introduce new provisions on e-recording services of TV programmes as well as an inhibition order. The amendments came into force on 1 June 2015.

The purpose of the new provision (Section 25l) is to eliminate the legal uncertainties relating to e-recording services. Another aim of the amendment is to enable consumers to have access to copyright-protected TV contents in a legally and economically sustainable way.

The new provision is a licence agreement provision. The idea is that a recording service provider makes an agreement with a TV company for the use of the TV company’s signal, compensation of the use, and technical implementation of the service. The copyright collective management organisations then enter into an agreement with the recording service provider for the use and compensation of the rights administered by the organisation.

According to Section 25l(1), an e-recording service provider may make a copy of a work included in a programme transmitted on television. The licence agreement rules contained in Section 26 must be complied with. The copy may be made available to customers of the recording service provider in such a way that the programme can be viewed and listened to by the customers at a place and time chosen by them.

The second and third paragraphs of Section 25l contain restrictions on the application of paragraph 1. According to Section 25l(2), if the author of the work has assigned the right to decide on the use of the work to the broadcasting company, the provisions of paragraph 1 do not apply. Furthermore, according to Section 25l(3), if a producer has acquired the rights of the authors to decide on the use of the work pursuant to paragraph 1, and the producer has refused the use of the programme, paragraph 1 is not applied. An example of the level of the copyright payments is provided by the service provider Watson. It collects a copyright fee of around two euros per month from each of its cable TV customers.

An example of the legal uncertainties relating to an e-recording service can be seen in the court proceedings against a recording service called TVkaista, whichtook place this spring. TVkaista is a commercial service which claims to be similar to the services of the TV companies and it uses programs of the Finnish TV channels. However, it does not pay copyright fees or have any appropriate authorisations from the copyright holders. The case will give guidelines on how TV programmes may or may not be recorded into a “digital web decoder”. The two main owners of TVkaista and their legal counsel are accused of a copyright offence and aggravated fraud. Media companies and copyright organisations are plaintiffs in the case. The prosecutor demands a prison sentence of 3 years or more for the two founders and main owners of TVkaista. Prison sentence is also demanded for the legal counsel of the service provider. Such claims are rather exceptional in Finland. Judgment in the case is expected this autumn.

Another new section in the amended Copyright Act is Section 60e, which is an inhibition order provision. It states that if it is impossible to take legal action in form of an application for an injunction by reason of the claimed infringer being unknown, the court may, upon application by the author, prohibit the supplier, under threat of a fine, from distributing the material claimed to infringe copyrights. A requirement for an inhibition order is that the material claimed to infringe copyrights is being distributed to the public in considerable amounts without the permission of the author, or that it is obvious that the author’s rights would otherwise severely be endangered. The applicant of the inhibition order also has to announce what measures he or she has taken in order to identify the claimed infringer. The inhibition order is given for a limited period, for a maximum of one year at a time.

The CJEU Found that “Click-Wrapping” Method Met the Requirements of Jurisdiction Clauses in B2B Contracts

By Erkko Korhonen

On 21 May 2015, the Court of Justice of the European Union (the “CJEU”) confirmed that “click-wrapping” is a valid method of accepting a jurisdiction clause in an online agreement. “Click-wrapping” is referred to as a contracting process in which a user clicks to accept the terms and conditions, e.g. for the sale of a product, but the window containing the actual terms and conditions does not open automatically.

In the case C‑322/14, the CJEU was asked whether “click-wrapping” complied with the requirements for agreeing on the jurisdiction in a contract set forth in the Brussels I Regulation (Council Regulation (EC) No 44/2001 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, the “Regulation”). According to the Regulation, an agreement on jurisdiction should be in writing. Any communication by electronic means which provides a durable record of the agreement shall be equivalent to “writing”.

The dispute in question was between two car dealers over an online contract for the sale of a car. The seller, CarsOnTheWeb, had cancelled the sale, as a result of which the purchaser, Mr El Majdoub, filed a law suit in Germany, which was the domicile of the seller’s German subsidiary and the purchaser. The purchaser claimed that the German company, and not its Belgian parent company, was in fact the contracting party. The seller argued that the jurisdiction was set out in its general terms and conditions accessible on its website and that, according to these terms and conditions, Belgian Courts had jurisdiction in the matter.

According to the purchaser, the jurisdiction clause had not been validly incorporated into the agreement, since it had not been done in writing, as required by the Regulation. He also claimed that the requirements of Article 23(2) of the Regulation with respect to “communication by electronic means” are only met when a window containing the general terms and conditions is opened automatically in case of each individual sale. In this case, users had to click on a box for the terms and conditions to open.

The German court referred the question concerning the interpretation of Article 23(2) of the Regulation to the CJEU for a preliminary ruling. The question was whether a jurisdictional clause, included in an electronically concluded contract, could be held to be valid if the “click-wrapping” technique was used.

The CJEU held that Article 23(2) of the Regulation does not require the agreement including the jurisdiction clause to be actually printed or saved. According to the Court, the only requirement is that “it should be ’possible’ to provide a durable record of the agreement”. Hence, it is irrelevant whether the window containing the terms and conditions opened automatically or not. Since the “click-wrapping” method gives the option to print or save the agreement text before the conclusion of the contract, the CJEU found that “click-wrapping” complies with the requirements of Article 23.

The Court held that the possibility to print or save the agreement text before completing the contract is sufficient to meet the requirements of the Regulation. It can be stressed that this decision mainly has relevance in B2B transactions. In B2C agreements, the businesses cannot usually restrict the choice of the jurisdiction in the same way.

European Court of Human Rights Upholds Liability of News Site for Anonymous Defamatory Comments

By Erkko Korhonen

The Grand Chamber of the European Court of Human Rights (the “Court”) upheld the decision of its first instance in Delfi A.S. v Estonia on 16 June 2015. The Court held that the online news portal operator Delfi was responsible for defamatory comments posted anonymously by its readers about an online article.

The Court confirmed that imposing liability on the news portal operator for the third party comments did not violate the company’s freedom of expression, which is guaranteed in Article 10 of the European Convention on Human Rights. The interference with Delfi’s right to freedom of expression was proportionate and met the three prerequisites for restrictions with respect to such freedom as set in Article 10, i.e. that the restriction i) is “prescribed by law”, ii) has one or more legitimate aims, and iii) is “necessary in a democratic society”.

The Court found that the interference was lawful since it was foreseeable that a media publisher running an online news portal for commercial purposes could be held liable under domestic law for the uploading of clearly unlawful comments. The legitimate aim of the restriction had been to protect the reputation and rights of others.

Regarding the third prerequisite, the Court noted that the rights guaranteed under Article 8 (right to respect for private life) and Article 10 deserve equal respect. The Court also found that the interference was based on relevant and sufficient grounds. The Court concluded that:

• the comments were posted in reaction to an article published by Delfi on its professionally managed website maintained for economic purposes;
• the measures taken by Delfi to prevent the defamatory comments or remove them without delay once they had been published had been insufficient; and
• the fine imposed on Delfi by the Estonian courts (EUR 320) in non-pecuniary damages was by no means to be considered disproportionate to the breach established by the courts.

The digital rights organisation Access claims that the ruling of the Grand Chamber goes against the European Union’s E-Commerce Directive, which “guarantees liability protection for intermediaries that implement notice-and-takedown mechanisms on third-party comments”.

TJ McIntyre, a lecturer in law and Chairman of Digital Rights Ireland, finds that one of the worrying aspects of the ruling is that it may encourage the idea that intermediaries are liable for “manifestly unlawful” content without specifying what “manifestly unlawful” actually means. McIntyre also notes that the judgment upholds a finding that “proactive monitoring” of Internet users may be required.

Case Delfi AS v. Estonia (Application no. 64569/09)

New Russian Data Localisation Requirements – Final Interpretation?

By Pavel Falileev

New amendments were introduced to Russian personal data legislation through a law passed on 21 July 2014. The amendments require in broad, general language that the personal data of Russian citizens be processed locally in Russia. Despite some suggestions from Russian officials to postpone the date of the new law’s entry into legal force, the amendments entered into effect on 1 September 2015. Unfortunately, due to the ambiguity of the wording of the amendments and of the statements from lawmakers in the press, it has been unclear how the new regulations will be interpreted and enforced by the competent Russian authorities. However, on 4 August 2015, the Russian Ministry of Communications issued long awaited clarifications concerning the interpretation of the new requirements. The clarifications are not legally binding and cannot be considered an official regulatory document; however, we expect that they will serve as instructions and guidance for the Russian authorities on how to implement the new law.

According to the Ministry, the new requirements apply to Russian companies (including subsidiaries of foreign companies) and to representatives and branch offices of foreign companies in Russia. Foreign companies with no presence in Russia must also comply with the new law if they are focused on the Russian market and process the personal data of Russian citizens (e.g. certain foreign entities providing online services to Russian citizens without a representative office in Russia).

In addition, according to the clarification provided by the Ministry, the new law does not apply to data collected and processed abroad before 1 September, but this rule applies only if such data is not updated using a foreign server after 1 September 2015. The personal data of Russian citizens collected after 1 September 2015 may be processed using foreign databases provided that such data is (i) initially collected in Russia, (ii) further updated using databases located in Russia, and that (iii) an actual replica of the same data is stored within Russia.

As a general rule, the new law apply to the processing of HR data, provided that the information does not fall outside the scope of the information required by Russian labour law. For example, the personal data of employees required to sign an employment contract (such as full name, date of birth, etc.) may be collected and further processed using foreign databases, but any superfluous information would not fall under this exception.

Update on the EU Data Protection Regulation: Almost There?

By Anssi Suominen & Erkko Korhonen

On 25 January 2012, the European Commission came out with a press release regarding a proposal for a complete reform of Europe’s data protection rules (the “Regulation”). The initial ambitious plan was to adopt the Regulation by 2014, meaning that it would enter fully into force, after the two-year implementation period, in 2016.

After several twists and turns and both slow progress and occasional slight setbacks, three and a half years have passed since the solemn declaration by the Commission, and we are still some way away from having these new EU data protection rules in practice, although the final consensus does eventually seem to be lying around the corner. Even though the European Commission is acting as sort of an intermediary between the Council and the Parliament in the ongoing “trilogue” negotiations, the three bodies are still yet to agree on the final version of the Regulation. During the past summer, even the European Data Protection Supervisor published its own version of the proposal for the Regulation.

While the three EU bodies are negotiating on the final texts of the Regulation, let us take a quick look at the history of the data protection reform considering, in particular, the following questions:

Where have we come during these three and a half years since the Commission’s first proposal? What has changed since then?

We have gathered below, in relation to certain key provisions of the proposed Regulation, some of the most interesting differences and similarities between the Commission’s first proposal (the “Commission Proposal”) and the proposals presented by the Parliament and the Council since then.

• “One-Stop Shop”

Commission Proposal: Data protection cases should be handled by a single data protection authority (“DPA”) in the EU country in which the business has its “main establishment”.

One-Stop Shop, which was one of the cornerstones in the Commission Proposal, has become one of the mechanisms that have later been watered down to a large extent. Under the current plans, (i) only significant cross-border cases could be handled in accordance with the one-stop shop regime, (ii) the regime would involve greater cooperation between the DPAs of the different countries, and (iii) the new European Data Protection Board could handle the issue in the case of a dispute between the parties. It remains to be seen whether the one-stop shop mechanism will be even further “softened” during the final negotiations.

• Valid Consent – Explicit or Unambiguous?

Commission Proposal: When consent is used as a valid ground for the processing of personal data, it should be given explicitly and it needs to be signified by a clear affirmative action.

Since then, the Parliament has given its backing to the Commission Proposal, whereas the Council deems it sufficient that consent is “only” unambiguous and that no explicit consent is needed unless the processing concerns sensitive personal data. On June 2015, the Article 29 Working Party expressed its support for proposals requiring that consent be explicit, specific, freely-given, and informed.

• Fines for Breaches

Commission Proposal: Fines imposed by DPAs for a breach of the law may amount up to EUR 1,000,000 million or 2% of the annual worldwide turnover of a company.

In the Parliament’s first proposal, the amount of the fines was raised from the Commission Proposal up to as high as EUR 100,000,000 or 5% of the company’s annual worldwide turnover. The Parliament’s proposal was soon largely criticised and in recent discussions, the consensus over the fines seems to be settling back down to what was originally proposed by the Commission.

In addition, infractions are likely to be grouped into tiers attracting different maximum fine levels, meaning that the maximum fines would only be imposed if businesses intentionally or negligently, for example, (i) process personal data without legal basis, (ii) fail to notify data breaches, or (iii) transfer personal data outside the EU without using adequate data protection safeguards.

• Territorial Scope

Commission Proposal: This Regulation should apply to the processing of personal data (i) in the context of the activities of an establishment of a controller or a processor in the EU and (ii) of data subjects residing in the EU by a controller not established in the EU where the processing activities either relate to the offering of goods or services to such data subjects in the EU or to the monitoring of their behaviour.

The content of the definition of the territorial scope, which is one of the bases of the entire Regulation, has remained somewhat unchanged since the Commission Proposal, even though the provision has been highly criticised by companies not established in the EU that could be governed by the provision. However, all three EU bodies have been in mutual understanding that the Regulation’s jurisdiction must reach out to non-EU businesses processing personal data of EU citizens. Even if implemented as proposed, it may prove difficult to actually apply the Regulation to such non-EU companies.

Furthermore, the Council has also proposed that non-EU controllers satisfying the above jurisdictional nexus need to appoint an EU representative, unless the processing is occasional and unlikely to result in a risk for the rights and freedoms of individuals.

• Obligation to Appoint a Data Protection Officer

Commission Proposal: Controllers and processors should designate a data protection officer where the processing is carried out by an enterprise employing 250 persons or more.

The obligation of the companies to appoint a data protection officer is another proposal that thus far has been watered down, particularly by the Council. The proposal became soon after its publication under heavy scrutiny of the other two bodies. The Parliament first amended the Commission Proposal so that the obligation would be applicable if the processing was carried out by a legal person and related to more than 5,000 data subjects in any consecutive 12-month period.

However, the Council has strongly been pushing for the removal of any such mandatory obligations from the Regulation. According to the Council, the need for the obligation to appoint a data protection officer should be left to national regulators’ discretion, i.e. EU Member States may introduce such a requirement in their national laws if deemed locally necessary.

• Data Breach Notifications

Commission Proposal: Data breaches should be notified (i) to the DPA without undue delay and, where feasible, within 24 hours and (ii) to the persons affected without undue delay.

The Commission, the Parliament, and the Council have all agreed that data breaches should be notified to the individuals concerned without undue delay. However, differences in opinions relate to the time of notification to the DPA, as according to the Council, the maximum notification time of 72 hours should be sufficient.

• Other Observations

In addition to some of the key parts of the Regulation described above, there are numerous other important mechanisms and proposals which have been under broad public discussion since the publication of the Commission Proposal. At the moment, it seems that provisions relating to, for example, the right to be forgotten, data portability, and profiling are likely to be included in the Regulation either as proposed by the Commission or close to it.

So, Are We Almost There?

Everybody is eagerly waiting for the European Commission, the European Parliament, and the European Council to jointly agree on the final texts of the Regulation during the autumn of 2015. In any case, when the implementation period is taken into account, the new Regulation is not going to be fully enforceable until 2017 or even 2018. However, that does not mean that the companies could not, at least to a certain extent, already prepare themselves for the new era of data protection in the EU.

New Russian Law on the “Right to Be Forgotten”

By Pavel Falileev

Recently, a new bill on the so-called “right to be forgotten” was adopted in Russia. The “right to be forgotten” concept already applies in a number of western countries, and now that concept has also been incorporated into Russian law. The new law only covers the rights of individuals, and thus not those of legal entities.

As of 1 January 2016, Russian or foreign internet users living in Russia will have the right to demand that any online links to information about them be removed if the information is deemed inaccurate, outdated, or irrelevant. This concept is known better as the “right to be forgotten”. In other words, a person can request search engine operators to remove links to pages containing data on that person if such data is false or outdated or violates Russian law, even if the pages themselves remain on the internet.

There is an exception to information about criminal offences and to search engines operated by federal and municipal authorities.

The requirements to consider any request from an individual to have any link to information about them removed apply to internet search engine providers, such as Google, Yandex, and Bing.

A person who feels he/she is being misrepresented by search results can request the search engine operator, such as Google, to delink those results. The request application must contain certain information, such as the person’s full name, passport details, the information to be forgotten, the reasoning of the request, and a reference to the website containing the information. However, it is not guaranteed that the link to the information will be removed; any request shall be considered and either declined or satisfied. The company operating the search engine will consider the request application within 10 business days and will take one of the following actions: (a) it removes the link to the website containing information on the applicant from the search results, or (b) it rejects the request and provides the applicant with a detailed explanation on the reason for the rejection. If the company takes the first action, the information will remain available at the original site, but it will no longer come up among search results. The applicant may appeal the decision made by the company in case he/she does not agree with it.

This new development indicates a general trend that is taking place all over Europe and is generally seen to have positive effects. However, it may also have a negative aspect from a commercial viewpoint as it may make it difficult to, inter alia, study a potential business partner’s reputation properly. Moreover, major Russian search engine operators have already criticised the new law as they are expecting it to be an additional burden, and they have also criticised it for the lack of clear criteria for determining the accuracy or relevance of the information. As the rule on the right to be forgotten is rather new also in the EU, it is too early to make precise predictions as to its potential impact in Russia.

Disclaimer: Hannes Snellman Technology Newsletter is intended for information purposes only. It should not be relied upon as legal advice nor should it be used as a basis for any action or final decision without specifically verifying the applicability and relevant issues on their merits in each individual case.