LGV OBTAINS AN INJUNCTION ORDER AGAINST AN ONLINE RESELLER OF ILLICIT SOFTWARE

26/07/2018

By a decision dated July 20, 2018, the Court of Turin ordered an online reseller to cease selling computer programs owned by a major software company without authorization. The Court of Turin found that there was a periculum of default due to the irreparable and unquantifiable damage that resulted from the sale of unauthorized products on the Internet.

 

The precautionary action was taken by LGV on behalf of its client after the latter learned that the defendant company was reselling its own computer programs via a well-known online auction site without authorization. In particular, the software were in Educational versions which are normally made available only to academic institutions (i.e. their staff and students), free of charge and for a limited period of time. The online reseller, on the other hand, resold these products to users who could not be classified as academic institutions, against payment of a price, and allowed access to the program in a perpetual manner.

The Court of Turin found that both the fumus boni iuris and the periculum in mora exist, which are necessary requirements for the granting of the injunction requested. With reference to fumus, it was ascertained that the defendant had unlawfully exploited the exclusive rights of ownership of the applicant company, granting the request for an injunction also in relation to the protection of the trademark of ownership of the software house.

With regard to the periculum, the Court held that the defendant’s continued sale caused the applicant serious damage which could not be fully repaired, pointing out that, for the undertaking (and, a fortiori, for the software manufacturers), the internet is now the most important and significant means of displaying and distributing its products and its brand. It was also acknowledged that, as a general rule, protective protection in the field of copyright, industrial law and unfair competition was considered admissible since the damage caused by exclusion from the market suffered by the unlawfully harmed entrepreneur was difficult to quantify, and therefore to repair, given the objective difficulty of estimating and the impossibility of reversing in full the effects of the abusive conduct.


SUPREME COURT PRONOUNCES ON NEWSLETTERS AND PRIVACY

18/07/2018

With its decision no. 17278 of July 2, 2018, the Supreme Court condemns the increasingly widespread practice of websites sending advertising communications without the specific consent of the person concerned and recalls the rules for advertising on the web.

 

This decision settled a dispute that started back in 2014 following an order issued by the Data Protection Supervisor, which found that the processing of personal data for promotional purposes by a company specializing in the web services sector was unlawful, without the “free and specific” consent of the parties concerned. In particular, users of the site, in order to access web services (newsletters on finance, taxation, law and labor) had to register by providing their email and give general consent to the processing of personal data. The information, however, was made accessible only through a link to a different web page which clarified that the data was used not only for the provision of the service but also for “the sending of promotional communications and commercial information by third parties. In the absence of consent the user could not use the service”.

Following the opposition of the company inhibited by the Guarantor, the Court of Arezzo acknowledged that consent had been legitimately given also for promotional purposes, not providing for the additional legal obligations inferred from the guidelines of the Guarantor.

The Supreme Court, with the recent decision mentioned above, in accepting the appeal of the Guarantor, has instead recognized illegitimate behavior by the company of web services, pointing out that, with regard to personal data, one must refer to a notion of informed consent which “does not admit compressions of any kind and does not tolerate being disturbed even if marginally, not only as a result of error, violence or fraud, but also as a result of the whole range of possible disorientation, stratagems, opacity, subterfuges, unfairness, duplicity or malice however adopted by the data controller”. The Court also reiterates that consent must be free and specific, requiring an indication of the sectors of goods or services to which the advertising messages relate.

The Court further adds that a condition may be regarded as being satisfied if the service offered by the operator of the website is impracticable and indispensable for the person concerned.

Finally, the Supreme Court has provided the following principle of law: “in terms of the processing of personal data, the provision of Article 23 of the Privacy Code, in establishing that consent is validly given only if expressed freely and specifically with reference to a clearly identified processing, allows the operator of a website, which provides a fungible service, which the user can give up without serious sacrifice (in this case newsletters on issues related to finance, taxation, law and labor) to make the provision of the service conditional upon the processing of the data for advertising purposes, provided that the consent is given individually and unequivocally to such effect, which also implies the need, at least, to indicate the sectors of goods or services to which the advertising messages will refer”.


CJE: JEHOVAH WITNESSES MUST ALSO COMPLY WITH DATA PROTECTION LEGISLATION

12/07/2018

With the decision of July 10, in case C-25/17, the Court of Justice has expressed itself on the protection of personal data in the context of door-to-door preaching by the Jehovah’s Witnesses Community.

 

On September 17, 2013, the Finnish Data Protection Commission (tietosuojalautakunta) prohibited the religious community of Jehovah’s Witnesses to collect or process personal data, as part of door-to-door preaching, unless the requirements of the relevant Finnish legislation are met to the processing of such data.

In the context of the proceedings initiated by the Finnish Data Protection Supervisor (tietosuojavaltuutettu) following the abovementioned refusal, the Finnish Supreme Administrative Court (Korkein hallinto-oikeus) referred a question to the Court for a preliminary ruling on whether the religious community is obliged to comply with Community legislation on the protection of personal data in the exercise of door-to-door preaching.

In its recent ruling, the Court of Justice held, first, that the activity of door-to-door preaching of members of the Jehovah’s Witness Community does not constitute an exclusively personal or domestic activity and, therefore, does not fall within the exceptions provided for by EU law on the protection of personal data.

The Court also clarified that the rules on the protection of personal data apply to the manual processing of data only where they are stored in a file. In this respect, the Court concluded that ‘the notion of ‘file’ includes any set of personal data collected during a door-to-door preaching activity and containing names, addresses and other information relating to the persons contacted door-to-door, since such data are structured according to specific criteria which allow, in practice, for easy retrieval for subsequent use’.

Furthermore, the Court also clarified that the rules on personal data protection apply to the manual processing of data only if they are stored in an archive. In this regard, the Court concluded that “the notion of «filing system» covers a set of personal data collected in the course of door-to-door preaching activity, consisting of the names and addresses and other information concerning the persons contacted, if such data is structured according to specific criteria which, in practice, enable it to be easily retrieved for subsequent use“.

Finally, the Court addressed the question of who can, in the specific case in question, be considered as a controller of personal data. The CJU, having recalled that the notion of ‘controller’ may cover several actors involved in the processing, each of whom must therefore be subject to the rules of Union law on the personal data protection, therefore concluded that Union law on the protection of personal data “allows a religious community to be considered, together with his preacher members, as controller for the processing of personal data carried out by them in the course of a door-to-door preaching activity organized, coordinated and encouraged by that community, without it being necessary for that community to have access to that data or for it to be demonstrated that it has given its members written instructions or directions in relation to those processing operations”.

For the full text of the judgment:

http://curia.europa.eu/juris/document/document.jsf?docid=203822&mode=lst&pageIndex=1&dir=&occ=first&part=1&text=&doclang=IT&cid=509006


ALL THE INFORMATION IN THE FILE OF A FINANCIAL SUPERVISION AUTHORITY IS NOT NECESSARILY CONFIDENTIAL

03/07/2018

The ECJ makes clear which information in the file of a financial supervision authority are confidential, in the light of the Directive 2004/39/EC.

 

Mr Ewald Baumeister is one of the investors who suffered loss due to the activities of the German company Phoenix Kapitaldienst, whose business model took the form of a Ponzi scheme. Insolvency proceedings having been initiated against Phoenix in the course of 2005 that company has been dissolved and is now in judicial liquidation. Mr Baumeister submitted to the Federal Financial Supervisory Authority, German a request for access to certain documents concerning Phoenix, as part of its supervision of Phoenix. Since the Bundesanstalt refused to grant him access to those documents, Mr Baumeister brought proceedings before the German courts.

The Federal Administrative Court, Germany against that background asks the Court of Justice to clarify the scope of the directive on markets in financial instruments, which provides that the competent authorities are subject to an obligation of professional secrecy and may not, other than in the situations exhaustively listed in the directive, disclose confidential information that they have received. In the judgment issued on June 19, 2018 the Court holds, first, that all information relating to the supervised

undertaking and communicated by it to the competent authority, and all statements of that authority in its supervision file, including its correspondence with other bodies, does not constitute, unconditionally, confidential information that is covered, consequently, by the obligation to maintain professional secrecy. Information held by the competent authorities (i) which is not public and (ii) the disclosure of which is likely to affect adversely the interests of the natural or legal person who provided that information or of third parties, or the proper functioning of the system for monitoring the activities of investment firms established by the directive must be so classified.

The Court then adds that information that could constitute business secrets loses, generally, its secret nature when it is at least five years old. Exceptionally, that may not be the case where party relying on its secrecy shows that, despite its age, that information still constitutes an essential element of its commercial position or that of interested third parties. The Court observes however that such considerations have no bearing in relation to information the confidentiality of which might be justified for reasons other than the importance of that information with respect to the commercial position of the undertakings concerned, such as information relating to prudential supervision methodology and strategy. Last, the Court further states that the Member States remain free to decide to extend the protection against disclosure to the entire contents of the supervision files of the competent authorities or, conversely, to permit access to information that is in the possession of the competent authorities which is not confidential information within the meaning of the directive.


PUBLISHED IN THE OFFICIAL JOURNAL THE NEW LEGISLATIVE DECREE ON KNOW HOW

13/06/2018

On June 7, 2018 the Legislative Decree no. 63 of May 11, 2018, issued in implementation of EU Directive 2016/943 on the protection of confidential know-how and confidential business information against the unlawful acquisition, use and disclosure. The new legislation will come into effect starting from June 22, 2018.

 

The decree in question introduces amendments – even substantial ones – to several provisions of the Italian Code of Industrial Property (articles 1, 98, 99, 124, 126, 132) and of the Italian Criminal Code (articles 388 and 623) and introduces a new article (121ter) to the Italian Code of Industrial Property (hereinafter also “c.p.i.”). Here below the most relevant news:

 

– the extension of the protection of know-how, obtained through the substitution of the terms “confidential company information” with the more general expression “trade secrets”;

– the introduction of two new paragraphs (1bis and 1ter) to art. 99 of c.p.i.: the offence is now extended to those who, at the time of acquisition, use and disclosure of trade secrets, were aware (or should have been) of the fact that the trade secrets were obtained from a third party who used them or he revealed unlawfully;

– the introduction of art. 121ter of c.p.i., which enables the judge – upon request of the party – to prevent the subjects who have access to the documents of the case (parties, attorneys, technical consultants, witnesses, etc.) from using disclosing the trade secrets object of the proceedings;

– the introduction of three new paragraphs (6bis, 6ter and 6quater) to art. 124 of c.p.i. which, on the one hand, put in writing the criteria that the judge must follow when ordering the corrective remedies and the civil penalties provided for by art. 124 (inhibitory, withdrawal from the market, destruction, etc.); on the other hand, they introduce the possibility – when specific conditions occur – to implement alternative measures to the mentioned ones, such as the payment of an indemnity which is appropriate to the prejudice suffered by the owner of the know-how;

– the extension of the crime referred to in art. 388 of the Italian Criminal Code, with the provision that even those who elude the execution of an injunction order that protects trade secrets are liable for the crime of fraudulent non-execution of an order of the judge;

– the reformulation of art. 623 of the Italian Criminal Code and the introduction, among the punishable conduct, of the abusive acquisition, disclosure and use of trade secrets.