Technology Newsletter Issue 3/2016
22 September 2016
Content of the newsletter:
CJEU Ruling: Linking to Unauthorised Content May Infringe Copyrights
EU Copyright Modernisation – Legislative Proposals Published
Amendments to the Finnish Trademarks Act Came into Force in September 2016
New, Stricter Finnish Tobacco Act Entered into Force on 15 August 2016
Google Tax Law Passed In Russia
Extraordinary Ruling in Google vs. Yandex Case
The EU-U.S. Privacy Shield – State of Play in Implementation
WP29 and EDPS Release Their Opinions on Updates to the ePrivacy Directive
Finnish Supreme Court: Okay to Charge for Paper Invoices
CJEU Ruling: Linking to Unauthorised Content May Infringe Copyrights
By Erkko Korhonen
In its recent judgment in case GS Media vs. Sanoma & Ors (C-160/15), the Court of Justice of the European Union (“CJEU”) concluded that hyperlinking to works that have been made available on the internet without the authorisation of the copyright owner may infringe copyright. This decision is a new chapter to a string of rulings by the CJEU concerning linking. In the previous cases Svensson (C-466/12) and BestWater (C-348/13), the CJEU came to the conclusion that the posting of hyperlinks to works which have been made freely available on another website with the right holders’ consent would not constitute “communications to the public” within the meaning of the Information Society Directive. Please see our earlier newsletter 4/2014 for further information about the previous cases.
In GS Media vs. Sanoma & Ors, the question presented to the CJEU was slightly different and concerned whether links to works made available on another website without the consent of the right holders required the right holders’ consent. In its ruling, the CJEU concluded that hyperlinks to protected works which are freely available on another website without the consent of the copyright holder constitute a “communication to the public” if i) the hyperlinker knew or ought to have known that the link he or she posted was to a protected work unlawfully placed on the internet or ii) if the links are provided in pursuit of financial gain, which gives rise to a presumption that the hyperlinker has posted the material in knowledge of the protected nature of the works. Furthermore, linking is regarded illegal if the link allows the public to access protected works on a website which is otherwise restricted to certain users.
In its decision, the CJEU seems to make a distinction between the posting of links by ordinary internet users (who cannot be expected to perform a detailed assessment of whether the links are published with or without consent) and those commercial users who seek to profit by sharing works of other people or who knowingly and deliberately infringe copyright.
The CJEU’s jurisprudence that has developed in connection with the above-mentioned cases may be summarised as follows:
Linking to copyrighted content which is freely available on another website with the consent of the right holder is not a “communication to the public” – even in the case of “framing” or “inline linking”, i.e. where the work appears in such a way as to give the impression that the content is appearing on the website on which the clickable link is found.
In case the linking renders it possible to circumvent restrictions taken by the site where the protected work is posted in order to restrict the access to such work to certain users (e.g. online newspaper’s own subscribers), the posting of such link constitutes a “communication to the public”.
Linking to content which is freely available on another website without the consent of the right holder is a “communication to the public” if the person carrying out the linking knew or ought to have known that the link provides access to a work that is illegally placed on the internet. If the linking is carried out for profit, it is presumed that such knowledge had existed.
EU Copyright Modernisation – Legislative Proposals Published
By Emilia Uusitalo
On 14 September 2016, the European Commission (the “Commission”) published legislative proposals regarding modern EU copyright rules as a part of the Digital Single Market (the “DSM”) strategy that was reported on our Technology Newsletter Issue 2/2015. The proposals include e.g. a proposal for a new directive. The aim is to increase the cultural diversity and content available online, as well as to clarify rules for online players.
The copyright proposal have three main priorities:
Better choice and access to content online and across borders: The proposals presented legal mechanisms for online players, such as broadcasters and operators that offer packages of channels, to obtain more easily the authorisations they need for cross-border services. Additionally, the proposals include non-legislative measures, for example, setting up negotiation bodies to help reach licensing deals also across borders.
Improving copyright rules on research, education, and inclusion of disable people: It will be easier for students, teachers and researchers to exploit digital tools across borders since exceptions to copyright-related restrictions were presented in the proposals. Also, the rights of cultural heritage institutions and people, who are blind, have other visual impairments or are otherwise print disabled, will be improved.
A fairer and sustainable marketplace for creators and press: The proposed reforms will create a clear framework for licensing content for digital use. The position of rightholders to negotiate and be remunerated for the exploitation of their work will be improved. According to the proposal, a new related right for publishers will be introduced, which puts them in an equal position with other related rightholders.
The Commission will present more initiatives relating to the DSM later this year.
More information on the copyright modernisation can be found on the Commission’s website.
Amendments to the Finnish Trademarks Act Came into Force in September 2016
By Tom Jansson
The Finnish Trademarks Act was partly amended at the beginning of September. The aim was to make the most important changes now in order to clarify and bring the Trademarks Act up to date with EU legislation and case law. A more comprehensive revision will be completed later with the aim of having the new Trademark Directive (EU) 2015/2436 implemented by 14 January 2019.
A brief outline of the key changes:
Chapter 1 of the Act containing general provisions was renewed as a whole in order to align the wording of the Act with current case law and EU legislation. The most significant changes concern the definition of a trademark and distinctiveness.
Provisions on the “likelihood of confusion” were included in Section 6 of the Act. A likelihood of confusion may arise when the marks are identical or similar and the goods covered are identical or similar. This also includes the likelihood of association between the marks. The new Act clarifies that there is no need for proof of a likelihood of confusion when both the trademarks and the goods or services are identical (double identity), and that the likelihood of confusion is not a prerequisite for the protection of trademarks with reputation.
The concept of bad faith as a ground for refusal of a registration was added to the Act.
Section 7 of the Act provides that the holder of a trademark may not prohibit activities that fall within the scope of specific limitations, such as using a trademark to indicate the intended purpose of a product or service.
The Ministry of Economic Affairs and Employment has set a working party to prepare the complete revision of the Trademarks Act. The work is scheduled to be completed by the end of 2017.
The Trademark Directive (EU) 2015/2436 was adopted as part of the EU trademark reform package together with the EU Trademark Regulation (EU) 2015/2424. To learn more about the EU trademark reform package, please see our Technology Newsletter Issue 1/2016.
New, Stricter Finnish Tobacco Act Entered into Force on 15 August 2016
By Juli Mansnérus
The new Finnish Tobacco Act implements the EU Directive on Tobacco Products. The new Act aims to prevent young people from starting to use tobacco products and becoming addicts. It also strives to support people to quit consuming tobacco products. It also seeks to protect non-smokers from exposure to tobacco smoke.
All flavoured tobacco products will soon be prohibited, but some popular flavours will be subject to a transitional period until 2020. As of the beginning of 2017, it will become easier for housing companies to ban smoking on balconies. The spreading of tobacco smoke will be a sufficient reason for imposing such a prohibition. No need to prove a health hazard will exist (in contrast to the current procedure based on the Finnish Health Protection Act). Electronic cigarettes containing nicotine are now subject to the same provisions as other cigarettes in the Finnish market. Smoking in cars with children under the age of 15 is now prohibited, but not sanctioned. In addition to warning texts, visual warnings are soon to be used on the labelling of tobacco packaging sold in Finland. Warnings are to cover 65 per cent of the tobacco packaging.
A person must be outside Finland for more than 24 hours before being allowed to import tobacco products and nicotine-containing liquids for electronic cigarettes from outside the EEA countries to Finland. In addition to snus, the sale of all other kinds of smokeless tobacco products (nasal or chewing tobacco) is also prohibited. The maximum amount of imported smoke-free tobacco for personal use is set to one kilogram.
Google Tax Law Passed In Russia
By Luke Wochensky, Pavel Falileev
Our April newsletter introduced the draft law of a “Google tax”, which in April, had passed the first hearing in State Duma. The law is expected to come into force on 1 January 2017 and has been amended substantially since April 2016, thus we would like to comment briefly on the changes to the law and how it will be applied.
Major Points of the Proposed Law
VAT at the standard rate of 18% will be imposed on certain IT and electronic services (i.e. “Google tax”)
Those services now are limited to 14 categories (initially there were 12) that are specifically listed in the new law and include: software sales, website hosting, domain registration, cloud storage services, sales of electronic goods via the Internet, via mobile services, including applications in the AppStore, Google Play, and other mobile app marketplaces
Only foreign IT companies are subject to the tax.
Some categories are exempt from VAT, such as sales of tangible goods and services provided directly and in person, software and databases provided on a material storage device (compact discs, flash cards, etc.), advisory services performed via e-mail, and Internet access services.
How It May Work
The process is the same as initially proposed, an IT company that falls under the definition of “foreign” and which provides the above-mentioned services will be obligated to create an account on the Federal Tax Service website in order to file the appropriate sales-related tax documents and tax returns. These companies will then need to inform the tax authorities of their sales numbers in Russia through this account.
Generally, foreign IT companies will pay the VAT due if the services were provided to individuals. If the buyer is a Russian company or sole proprietor, the buyer will be obligated to withhold and pay the VAT as a “tax agent”. The buyers will be identified as Russian by their IP addresses or by the credit card details used for the payment of goods, applications, or services.
What We Think
Many details remain unclear, especially regarding the method, which the tax authorities will use to determine the place of sale and to control foreign businesses. The Ministry of Finance will most likely develop detailed regulations in the near future intended to clarify vague issues, but it is difficult to estimate when this may happen.
The New Law will have an impact on all major foreign IT companies, but mostly on sales in Russia through the AppStore and Google Play. This could lead to further price increases on goods and services, which may or may not have a negative impact on sales due to the already strained economic situation in Russia and the tax burden falling on the end consumer.
Extraordinary Ruling in Google vs. Yandex Case
By Luke Wochensky, Pavel Falileev
A Russian court has forced Google to change its Android contracts and pay almost half a billion rubles following a complaint by Yandex, Google’s largest competitor in Russia. Google was accused of a violation of Russian antitrust law by abusing its dominant market position. The violation is in reference to Google’s preloaded software on most Android devices and Google’s contractual restrictions on pre-loaded competitor software.
Yandex vs. Google History
In 2014, Yandex filed a complaint to the Russian Federal Antimonopoly Service (“FAS”) stating that Google forces its terms on mobile device producers who choose to use the Android operating system. For a mobile device producer to install the Google Play Market on its device from the factory, it must also install other Google apps, mobile services, and set the default search engine to Google.
In the beginning of 2015, FAS initiated proceedings against Google and other companies joined Yandex’s claim, including Nokia, Oracle, and Microsoft. In September 2015, FAS ruled against Google and issued an order stating that Google must address the violation by changing its mobile application distribution agreement and informing all Android users of the option to uninstall the default Google services and install alternative mobile services.
In 2016, Google failed to appeal the FAS ruling. On 17 August 2016, an appeal court upheld FAS’s decision. Now Google must inform Android users via a pop-up message that there are alternative “non-Google” mobile services, which may be downloaded instead.
International Experience
This is the second case in the world where a decision of this kind has been made. The first one, in 2009, was against Microsoft, which was accused of promoting its own browser within its operating system although this is the first time that Google has faced such a decision anywhere in the world.
HS View
This is not the end of the story. Google has the right to appeal the latest court decision again to a higher court. It is quite likely that the dispute will continue for another year.
Possible Impact
We believe this case will have more of an economical than legal impact on IT businesses. However, we do not expect that the fine will considerably affect Google’s business in Russia or the Russian IT market as a whole. As for FAS’s order to Google, we do not know whether Google will comply with the order if it fails to appeal the decision to a higher court. We will continue to follow up on the case.
The EU-U.S. Privacy Shield – State of Play in Implementation
By Erkko Korhonen
The EU-U.S. Privacy Shield, a mechanism for European businesses to lawfully transfer personal data from the EU to the United States, was formally adopted on 12 July 2016. Please see further information about the contents of the mechanism in our Legal Update on Privacy Shield.
The U.S. Department of Commerce began accepting self-certification submissions under the Privacy Shield on 1 August 2016. Although the Privacy Shield was speculated to face similar legal challenges in Europe as the invalidated Safe Harbor mechanism did, to date already more than 80 companies have completed the self-certification process. By applying for the Privacy Shield in the first two months (i.e. by 30 September 2016), the companies will be able to avail themselves of a limited “grace period”. This grace period is a nine-month period, starting from the date the companies certify to the Privacy Shield, during which the companies can make necessary changes to agreements with third parties in order to meet the Privacy Shield requirements (for example, with respect to standards regarding accountability for onward transfers of data). On the date of the certification, the certifying company must have all the other Privacy Shield elements in place except for the possible amendments to third-party agreements. The companies certifying after September 2016 must achieve full compliance (including compliance with the accountability for onward transfers) before completing the certification process.
As of 1 August 2016, the Department of Commerce has no longer accepted new applications for the Safe Harbor mechanism, which was invalidated by a judgment of the Court of Justice of the European Union last October.
A list of companies certified to the Privacy Shield is available at the U.S. Department of Commerce’s website.
WP29 and EDPS Release Their Opinions on Updates to the ePrivacy Directive
By Erkko Korhonen
Due to the development of the digital market and the recent adoption of the EU General Data Protection Regulation (“GDPR”), the European Commission is willing to update Directive 2002/58/EC on the processing of personal data and the protection of privacy in the electronic communications sector, which is also known as the ePrivacy Directive. Both the Article 29 Working Party (“WP29”) and the European Data Protection Supervisor (“EDPS”) have emphasised in their respective opinions of 25 July 2016 that the new rules regarding the ePrivacy Directive should function as complementary to the protection offered by the GDPR. The main recommendations of the WP 29, which were similar to the EDPS’s recommendations, include the following with respect to the review of the ePrivacy Directive:
Extending the scope to new service providers: The scope of the ePrivacy Directive should be extended from the traditional telecom providers to functionally equivalent new players on the communications market, such as virtual network operators and providers of communication services. The Directive should cover new types of Voice over IP services, including instant messaging, webmail, and messaging in social networks.
Protecting the confidentiality of users on all publicly accessible networks: The confidentiality protection should be improved to protect users against interception of the content of their communication regardless of whether it concerns direct electronic communications between users or within a defined users group, e.g. a conference call or webcast. To avoid legal gaps in the protection of users, interception should be interpreted in the broadest technological meaning, including the injection of unique identifiers such as advertising identifiers.
Expanded consent requirements: The prior consent of the user should remain a key principle in the collection of metadata, content data, and tracking techniques. To ensure consistency with the GDPR, the new rules should clearly refer to the GDPR provisions, specifying the definition, conditions, and forms of the consent. No communications should therefore be subject to unlawful tracking and monitoring without freely given consent, whether by cookies, device-fingerprinting, or other technological means.
Neutrality of cookie rules: Mechanisms such as so-called cookie walls, which lead to the denial of access for those users that do not accept cookies, rarely meet the requirements for freely given consent as defined in the GDPR. Such practice is allowed under the condition that websites provide clear information about the cookies in their privacy policy as well as adequate privacy safeguards. The cookie rules should be as technologically neutral as possible in order to ensure that the rules governing the collection of information from user devices do not depend on the kind of device owned by the user.
Strengthening the consent requirements regarding direct marketing: New rules should require the prior consent of recipients for all types of unsolicited communications, independent of the means (e.g. electronic mail, behavioral advertising, voice or video calls, fax, text and direct-messaging). The burden of proof of obtaining the consent should be on the sender. Users must also be able to revoke such consent easily and free of charge via simple means that have to be indicated in each subsequent communication.
Deletion of specific data breach rules: To avoid duplicate notifications, the process must be simplified and all data breaches involving personal data should be notified to the supervisory authorities provided for in the GDPR.
Enforcement: It should be clarified that the supervisory authorities under the GDPR will also be the competent authorities with regard to the new ePrivacy framework in order to ensure consistent enforcement and harmonisation of sanctions.
These opinions are not binding, but they nonetheless indicate how the regulator interprets the existing legislation and seeks to influence the reformation of the future legislation regarding ePrivacy matters.
Finnish Supreme Court: Okay to Charge for Paper Invoices
By Ilona Tulokas
The Finnish Supreme Court has again issued a judgment on the reasonableness of a consumer contract offered by a phone operator. In its ruling KKO 2016:49, the Supreme Court established that it cannot be held unreasonable to charge a small extra fee for paper invoices sent to consumers.
In the case at hand, the fee charged was EUR 1.90 per invoice, which according to the Supreme Court, was reasonable. The Supreme Court also pointed out the ecological benefits of electronic invoicing and the fact that the consumer had the choice between several different forms of invoicing, of which the paper invoice was the only one subject to an additional fee.
Unfortunately, the Supreme Court’s ruling did not elaborate in any further detail on the maximum fees permitted for paper invoices. Hence, the discussion regarding the reasonableness of additional fees for paper invoices is likely to continue.
Disclaimer: Hannes Snellman Technology Newsletter is intended for information purposes only. It should not be relied upon as legal advice nor should it be used as a basis for any action or final decision without specifically verifying the applicability and relevant issues on their merits in each individual case.
Hannes Snellman Attorneys Ltd