News | LGV Avvocati | Studio legale indipendente

CJEU RULES THAT THE PROVISION OF EBOOKS IS AN ACT OF COMMUNICATION TO THE PUBLIC

08/01/2020

The Court of Justice of the European Union (CJEU), in its judgment Tom Kabinet C-263/18 of December 19th2019, ruled that the provision of an ebook for permanent use constitutes an act of „communication to the public“ under the 2001/29 InfoSoc Directive.

The background:
Nederlands Uitgeversverbond (infra NUV) and Groep Algemene Uitgeversle (infra GAV), two associations representing dutch copyright owners, filed a lawsuit before the Court of First Instance in The Hague seeking a ban on the Dutch company ‚Tom Kabinet‘ about reproducing and making available several ebooks to members affiliated to its book reading club on a special website of that company.
That request was based on the alleged copyright infringement by Tom Kabinet itself, on the ground that the offer of second-hand ebooks via an online platform to members of a reading club constituted in fact an act of communication to the public which was unauthorised and, therefore, in full breach of the publishers‘ copyright.

CJEU Decision:
By judgement Tom Kabinet C-263/18 of December 19th 2019, the Court of Justice of the European Union held that the provision of an ebook cannot be covered by the right of ‚distribution to the public‘ under Article 4(1) of InfoSoc Directive 2001/29. On the contrary, that activity must be regarded as covered by the concept of ‚communication to the public‘ in Article 3(1) of that directive. Hence the inapplicability of the principle of exhaustion, which applies only to the right of distribution and that is excluded in relation to the right of communication to the public.
In support of its ruling, the Court points out that the European legislative authority, on the basis of the Copyright Treaty of the World Intellectual Property Organisation (WIPO) and on the basis of preparatory work for the InfoSoc directive itself, has made it clear that the principle of exhaustion applies only to the distribution of tangible works, such as books printed on a material medium, to the exclusion altogether of works in electronic form. Ebooks, being dematerialised, do not suffer any deterioration as a result of prolonged use and can therefore be considered as real copies equal to new ones on the secondary market.

The meaning of “communication to the public”:
In its ruling, the Court of Justice then paid attention to the meaning of „communication to the public“, pointing out that it should be understood in a broad sense, since it concerns all communications to the public not present at the place where they originate and, therefore, any transmission or retransmission of a work. The Court went on to emphasise that the mere preparation for downloading a work through a special website constitutes a genuine act of communication, without it being necessary for the individual user to proceed with the actual downloading of the work. From a substantive point of view, it is reiterated that the act in question must be included in the option of ‚making the work available to the public‘, as it is also clear from the explanatory memorandum on the proposal for the InfoSoc Directive 2001/29.
In addition, the Court stated that through the platform managed by Tom Kabinet there were several users who could simultaneously or successively access the same work. This is further in support of the fact that the disclosure made must be classified as effective communication to the public.
In conclusion, the Court then pointed out that the making available of a book in electronic format (so-called ebook) is normally accompanied by a license to use it which authorizes the user who downloaded the work to read it.
Consequently, it is implicit to believe that the type of communication carried out by the Tom Kabinet company, addressed indiscriminately to all users registered on a special sharing platform, is addressed to a completely new audience, not included among the one originally considered by copyright holders, as expressly required by the notion of „communication to the public“ outlined by the Court of Justice of the European Union.

Paolo Rovera

EU GENERAL COURT: A SIGN REFERRING TO MARIJUANA IS CONTRARY TO PUBLIC POLICY AND MAY NOT BE REGISTERED AS A EUROPEAN UNION TRADEMARK

27/12/2019

The General Court of the European Union, by judgment T-683/18 of 12 December 2019, confirmed that the sign “Cannabis Store Amsterdam” containing the graphic representation of cannabis leaves in the background is contrary to public policy and therefore cannot be registered as a trademark of the European Union.

The case
The applicant filed an application for registration of a European Union trademark for goods and services related to food and beverages. Following the refusal by the examiner on grounds of public policy under Article 7(1)(f) of EU Regulation 2007/1001, the applicant brought an appeal before the Board of Appeal. The Board of Appeal, by decision of 31 August 2018, also confirmed the examiner’s decision and rejected the appeal. The applicant then brought an appeal before the General Court of the European Union.

The decision of the EU General Court
By judgment T-683/18 of 12 December 2019, the General Court confirmed the decision of the Board of Appeal, in which it held that, although hemp leaf does not contain any psychoactive substance, it is often used as a media symbol for marijuana. In addition, the word „Amsterdam“ refers to the fact that this city has many shops for narcotics derived from cannabis, due to the sale of cannabis being tolerated in Netherlands. Furthermore, the word “store”, which means “shop”, has the effect that the public could expect the products and services correspond to those offered by a marijuana shop.

With reference to the concept of public policy, the Court confirmed that the decisive criterion for the purposes of assessing whether a sign is contrary to public policy is the perception which the relevant public will have of the trademark. That perception may be based on inaccurate definitions from a scientific or technical point of view, which means that it is the specific and current perception of that sign that matters, irrespective of whether the consumer has all the information available. The presence in the sign of the words “Amsterdam”, “Cannabis” and “Store”, together with the cannabis leaves, means that the target public perceives that the goods and services identified by the sign contain drugs which are illegal in many Member States.

The judges emphasize the principle that if grounds for obstruction due to contrary to public policy exist only in certain EU territories, the obstruction extends to the entire territory of the European Union. EU law does not impose a uniform scale of values and acknowledges that the requirements of public policy may vary from one country to another and from one era to another. Member States essentially retain the freedom to determine what constitutes those requirements in accordance with their national politics.

In particular, the Court noted that, although there is a debate in some Member States about the legalization of marijuana also for recreational use, the use of marijuana is illegal in many European countries. That prohibition thus seeks to protect an interest which those Member States consider fundamental in accordance with their own systems of values, with the result that the rules applicable to the consumption and use of that substance are a matter of “public policy”. Considering this public policy protectable, the Court notes that there is no unanimously accepted, or even predominant trend in the European Union regarding the lawfulness of the use or consumption of products derived from cannabis, but Articles 83 and 168 TFEU which fight against illicit drug trafficking and prevention of and information on the health effects of drugs

In conclusion, the General Court rejected the appeal confirming that the sign cannot be registered under the combined provisions of Article 7(1)(f) and Article 7(2) of Regulation 2017/1001.

The full text of the decision can be found at the following link:

Paolo Passadori and Tankred Thiem

THE COURT OF JUSTICE RULES ON BALSAMIC VINEGAR OF MODENA PGI: ARE THE NON-GEOGRAPHICAL TERMS PROTECTED PURSUANT TO REG. NO 1151/2012?

12/12/2019

The Court of Justice of the European Union, by decision of 4 December 2019, held that the protection of the name „Aceto Balsamico di Modena“ does not extend to the use of its non-geographical terms, such as „vinegar“ and „balsamic“.

The parties and the case
The decision of the Court of Justice involved, on the one hand, Consorzio di Tutela dell’Aceto Balsamico di Modena IGP, a consortium of producers of products designated by the name “Aceto Balsamico di Modena (PGI)” and, on the other, the German company „Balema GmbH“. The consortium requested that Balema GmbH refrain from using the term “balsamico”. In response to the request to cease and desist from the usage of said terms, Balema brought an action before the German courts seeking a declaration that it has the right to use that term for those products.

Stages of the procedure
Balema GmbH, defeated at first instance, had appealed to the German Court of Appeal, which has recognized the right to use the term “balsamic” to distinguish vinegar-based products produced in Germany, stating the absence of violation of the prohibition of usurpation, evocation or imitation of the protected geographical indications in the EU.

Preliminary ruling of the Court of Justice
The German Federal Court of Justice, has asksed the Court of Justice to determine whether the protection of the name “Aceto Balsamico di Modena”, which is conferred by the regulation on the protection of geographical indications and designations of origin for agricultural products and foodstuffs covers only the entire name, that is “Aceto Balsamico di Modena”, or extends to the use of the non-geographical terms of that name, that is to say “aceto”, “balsamico” and “aceto balsamico”, in order to obtain an official interpretation of EU Regulation no. 1151/2012.

The decision issued by the Court of Justice
In its judgment of 4 December 2019, the Court held that the protection of the name „Aceto Balsamico di Modena“ did not extend to the use of individual non-geographical terms. According to the Court, the registration of said PGI concerns the name “Aceto Balsamico di Modena” as a whole. Consequently, the protection granted by EU Regulation no. 1151/2012 covers only the whole name. The non-geographical terms of said PGI, namely “vinegar” and “balsamic vinegar”, their combination and translations, in the Court’s view, cannot benefit from such protection. According to the Court, those terms lack any geographical connotation. In particular, the Court has stated that the term “vinegar” is a common term and the term “balsamic” is an adjective commonly used to designate a vinegar characterised by a sweet-and-sour taste.

Valentina Cerrigone

TURNING POINT IN GERMANY ON THE USE OF GOOGLE ANALYTICS COOKIES: MANY REGIONS OF GERMANY WILL REQUIRE USER CONSENT IN THE FUTURE, ABANDONING A MODEL SIMILAR TO THAT CURRENTLY USED IN ITALY

03/12/2019

In Germany, where the implementation of personal data protection measures is the responsibility of the individual regions, and not of the Federal Government, several regional authorities have published recommendations regarding the use of instruments such as GOOGLE ANALYTICS. According to these recommendations, the use of the service in question must be subject to the prior consent of the user. The competent authorities have pointed out that when using the services of Google Analytics, the data collected are also transmitted to another recipient (Google), who uses them for its own purposes. It follows that such processing by Google can no longer be considered as a mere activity of the „data processor“.

Under the previous rules, services such as GOOGLE ANALYTICS were considered lawful from the point of view of processing of personal data, even though the processing in question was carried out without the prior consent of the data subjects. In this respect, some German regional authorities (e.g. Hamburg) considered the processing of personal data to be lawful in the absence of consent as long as certain specific requirements were met, such as the following:

– the creation of pseudonymised profiles;
– the right of opposition (with an opt-out procedure);
– the conclusion of a contract with Google;
– the presence of information for the user on the use of Google Analytics;
– partial deletion of the IP address in Google’s settings (IP anonymisation).

In many respects, these criteria are similar to the provisions of the Italian Data Protection authority in the directives published in 2014 and 2015.

The decision taken by the Länder was justified by the changes and technical development the product: „Google Analytics has been developed in recent years in such a way that it no longer represents processing as a mere data controller. Rather, the provider is granted the right to use the data of visitors to the websites for its own purposes.”

Since data protection matters are harmonised and since the reasons for the decision taken by the German authorities are based on an analysis of the technical characteristics of the service, it can be assumed that the issue will soon be brought to the attention of other national data protection authorities, with the possible consequence that the prior consent of the data subject will also become a necessary requirement in other EU Member States or – to be more precise – throughout the European Union (so that the various German Länder would in this case act as „forerunners“).

Tankred Thiem

GDPR: GUIDELINES CONCERNING THE SCOPE OF TERRITORIAL APPLICATION HAVE BEEN PUBLISHED

27/11/2019

During its 15^th plenary session (November 12-13, 2019), the European Data Protection Board (EDPB) adopted the final version of the territorial guidelines, which were submitted for public consultation on November 16, 2018. The guidelines provide clarification on the application of EU Regulation 2016/679 as well as a number of examples to clarify the range of application of the same Regulation with reference to Article 3.1 (establishment criterion) and Article 3.2 (targeting criterion), or the application of Article 3.3 (processing in a place where member state law applies by virtue of public international law).

Art. 3 GDPR and general remarks

The European Data Protection Board (EDPB) has recently published the definitive guidelines for the correct reading and interpretation of Art. 3 Reg. EU 679/2019 (better known as „GDPR“), which defines the territorial scope of the Regulation according to two main criteria: the establishment criterion and the targeting criterion and it extends the Regulation’s applicability to the processing of personal data carried out by a data controller who is not established in the European Union, but in a place under the law of a Member State pursuant to public international law.

This important rule reflects the legislator’s intention to ensure full protection of data subjects‘ rights in the EU and to establish a level playing field for companies operating on EU markets, in a context of data flows that is now constantly taking place worldwide. However, it has raised a number of interpretative doubts that the recent guidelines aim to solve, representing an essential vademecum for all companies operating outside the European Union area and who need to understand whether or not their activity falls within the scope of the GDPR.

The 28-page document published by the EDPB, currently available in English only, is detailed and includes a number of practical examples to make it easier to understand.

The EDPB Guidelines

1 – Application of the establishment criterion to controller and processor

Referring to the first criterion, Article 3(1) of the GDPR states that “the Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not”.

In sostanza, affinché sia applicabile il regolamento, è sufficiente la presenza in territorio dell’Unione, per mezzo di uno stabilimento, di un titolare o di un responsabile e il fatto che il trattamento avvenga nel contesto delle attività di quello stabilimento, indipendentemente dal luogo o dalla nazionalità dell’interessato i cui dati personali sono trattati

Essentially, for the Regulation to be applicable, it is sufficient that: a) a controller or a processor is located in the Union through an establishment; b) the processing take place in the context of the activities of that establishment, regardless of the place or nationality of the data subject whose personal data are being processed. It should be pointed out that, for the purposes of recital 22, an establishment implies the effective and real exercise of activities through stable arrangements. The legal form of such arrangements, whether through a branch or a subsidiary with a legal personality, is not the determining factor in that respect.

The EDPB guidelines make it clear that the definition of ‚permanent establishment‘ must be understood in a broad sense, especially in cases involving the provision of services online. As a result, in some circumstances, the presence of one single employee or agent of a non-EU entity in the Union, acting with a sufficient degree of stability, may be sufficient to constitute a stable arrangement. Conversely, the mere presence of an employee in the EU when the processing is not being carried out within the employee’s activities will not mean that the processing falls within the scope of the GDPR.

In order to determine whether the processing is carried out by a controller or a processor within its establishment in the Union, it is necessary to analyse on a case-by-case basis, even if the guidelines provide some criteria to be taken into account such as the relationship between a controller or a processor outside the Union, its local establishment in the Union and the revenues raising within the European Union.

The existence of a relationship between the controller and the processor does not necessarily imply the application of the GDPR to both, if one of these two entities is not established in the Union. Where a data controller subject to the GDPR chooses to use a processor located outside the EU for a processing activity, it will still be necessary for the data controller to ensure, by contract or other legal act pursuant to Art. 28 GDPR, that the data controller processes the data in accordance with the GDPR. The processor located outside the Union will therefore become indirectly subject to some obligations imposed by controllers subject to the GDPR by virtue of contractual arrangements.

In the case of a data processor established in the Union and carrying out processing on behalf of a data controller established outside the Union and not subject to the GDPR, the EDPB considers that the processing activities of the data controller would not be deemed as falling under the territorial scope of the GDPR (Article 3.2) merely because they are processed on its behalf by a processor established in the Union. However, even though the data controller is not established in the Union and is not subject to the provisions of the GDPR as per Article 3(2), the data processor, as it is established in the Union, will be subject to the relevant provisions of the GDPR as per Article 3(1).

2 – The criterion of physical and geographical location of the interested parties

Paragraph 2 of art. 3 GDPR establishes that the Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

The guidelines consider the location of the concerned person a crucial factor in order to assess whether the data subjects are in the EU, contrary to the nationality or the legal status, since, as specified in Recital 14, the protection conferred by the Regulation should apply to natural persons, regardless of their nationality or place of residence, in relation to the processing of their personal data.

The location requirement must be assessed when the activity takes place, for instance at the time of the offering of goods or services or the monitoring of their behaviour, regardless of the duration of the offer made or of the monitoring carried out.

It should also be noted that the processing of personal data of EU citizens or residents that takes place in a third country does not trigger the application of the GDPR, provided that the processing is not linked to a specific offer addressed to individuals in the EU or a monitoring of their behaviour in the Union.

In order to assess the supply of goods or services, which also includes information society services, it must be taken into account the application of the targeting criterion, regardless of whether a payment is requested by the interested party.

In order to determine whether or not the processing involves the monitoring of the behaviour of a data subject, the guidelines consider as a fundamental criterion the monitoring of the natural persons on Internet, including the potential subsequent use of profiling techniques. This activity may include a wide range of control activities, such as behavioural advertising, geolocation activities, in particular for marketing purposes, online tracking through the use of cookies or other tracking techniques such as fingerprinting, personalized services of analysis of diets and online health, video surveillance, market researches and other behavioural studies based on individual profiles and monitoring or periodic reports on an individual’s health.

3- The Application of the Regulation in a place where the law of the Member States applies under international law

Article 3 paragraph 3 of the GDPR establishes the applicability of the Regulation also to the processing of personal data carried out by a data controller not established in the Union, but in a place where Member State law applies by the virtue of public international law

According to the guidelines, the GDPR therefore applies to the processing of personal data carried out by embassies and consulates of EU Member States located outside the EU

4 – The Obligation to nominate a representative

In regard to the obligation for data controllers or processors to appoint a representative in the Union, except for the exceptions established by the Regulation, first of all the guidelines clarify that the presence of the representative in the Union does not constitute an “establishment” and that the function representative in the Union is not compatible with the role of an external data protection officer (DPO), who must carry out his/her task with a sufficient degree of autonomy within his/her organization, nor with the role of data controller for the same data controller. The guidelines also recall that, in accordance with Article 13, paragraph 1, letter a) and Article 14, paragraph 1, letter a) in the context of their information obligations, the data controllers must provide the data subjects information on the identity of their representative in the Union

*****

For more details on the cases mentioned in the guidelines, please visit the website of the Authority where the official document is published (in English)

Margherita Stucchi