News | LGV Avvocati | Studio legale indipendente

GPS AND COMPANY VEHICLE TRACKING – PRIVACY GUARANTOR DECLARES THAT THE GSP MUST ALSO RESPECT THE PRIVACY OF THE USERS

18/09/2018

For the first time with the provision n. 396 of June 28, 2018, the Privacy Guarantor ordered a provider of geolocation services to ensure that the functionality of the product respects the right to privacy, implementing the principle of data minimization and privacy by design and by default. In this way, the clients will have a system adaptable to all their organizational needs and security.

The Guarantor expressed his opinion following a report by an employee of a company that uses the geolocation service on its corporate fleet. According to the employee the characteristics of the system did not comply with the rules on privacy.

From the verifications carried out by the Authority, together with the collaboration of the Guardia di Finanza, it emerged that the system allowed the continuous monitoring of the activity of the employees without the employees being aware of it, which is in violation of the principle of necessity and proportionality. In addition, since employees’ cars could also be used outside working hours and by their families, the geolocation system made it possible to collect information on the employee and other subjects that was not relevant to the performance of the working activities. This is also in violation of Article 8 of the Workers’ Statute as well as the rights of the third parties.

The Guarantor, therefore, intervened by forbidding the company, which had installed the system on its fleet vehicle, the processing and use of data collected. The Guarantor also required the provider of geolocation services to adapt the system to the European rules on data protection by establishing the following conditions that must be complied with for the legality of the control and, precisely:

– the standard service must be reshaped with particular regard to the time intervals for surveying the geographical position of vehicles – currently set between 30 and 120 seconds – and the times for storing data – now set at 365 days – and the storage and provision of maps of all routes taken;

– the company must also inform its customers of the possibility of adapting the characteristics of the service to the specific purposes pursued;

– the function that allows the deactivation of the GPS must be made available for all types of subscription to the service without additional and excessive costs.

In any case, employees must be informed in advance of the data collection system. The company must prepare all the measures that allow workers to access the data processed for viewing or for any change. In this way, the Guarantor, in addition to resizing and regularizing the activities of the company that uses the location service on its corporate fleet in accordance with the privacy regulations, also created a fundamental precedent for the protection of workers.

FIRST STEPS TOWARDS A NEW COPYRIGHT DIRECTIVE, BETWEEN ONLINE PROTECTION AND FAKE NEWS

13/09/2018

The awaited session of the EU Parliament last Wednesday, that took place on September 12, ended with the approval of the first text of the reformed Copyright Directive by which the EU intends to regulate the exploitation of works protected by copyright online made available to users through certain categories of Internet Service Providers. Among the most controversial provisions are the protection of online news articles shared through links (the case of so-called snippets) and the communication to the public of content protected by copyright through the platforms dedicated to user-generated content (YouTube and the like). The impact (above all, political) of the Directive has generated an intense debate on the net also through the uncontrolled diffusion of fake news.

By voting of September 12, 2018, the European Union Parliament approved the reform of the Copyright Directive, starting negotiations between the Member States, the Council and the Commission of the European Union for the definition of the final legislative text, which will be voted on in January 2019. The latest text approved by the Parliament regulates different situations that have become very controversial, especially for public opinion.

On the one hand (Article 11) there is the (new) related right for publishers to obtain “fair compensation” for the digital use of their journalistic articles by ISP platforms also through links accompanied by an excerpt of the article itself (so-called snippet). The publishers themselves will be obliged to pay the authors of the articles (journalists) a share of the proceeds thus received. This measure was introduced in order to counter the “regression of the media landscape at regional level” (recital 31) and to “ensure the availability of reliable information” (recital 32). Precisely with regard to this forecast, numerous (fake) news circulated which would have affirmed that a real “Link-tax” would be introduced, a circumstance which, as we have seen, is excluded from the Directive. On the one hand, in fact, a “fair compensation” is provided for the publishers (and not a real tax) due by the ISPs (and not by the users) and on the other hand, this provision does not apply to “simple hyperlinks accompanied by single words” (Article 11). The Directive does not even seem to affect the “freedom of the Internet” (as, among other things, stated by the well-known on-line encyclopedia Wikipedia with a note of July 3, 2018, link here) but it actually intends to regulate the contents available on the net, discouraging the diffusion of unreliable information.

On the other hand, ISPs – such as YouTube and the like – will be held responsible for content uploaded by users to their online sharing platform (Article 13). The visibility of the content protected by copyright through the online platform represents in fact an act of communication to the public of the protected work and, as such, reserved for the author. Hence, the Directive provides for the possibility for such ISPs to conclude license agreements with the holders of the rights on the uploaded works or, alternatively, to cooperate with the holder of the right to ensure that works or other protected unauthorized material are not available on their services. The boundaries of this “cooperation” have not been established and therefore (referring to the text proposed by the EU Commission then amended by the Parliament) the ISP could equip itself with technological tools able to recognize in advance the uploading of protected works (i.e. content ID already in use on YouTube) or simply wait for the notification of the owner of the right before removing the content itself. Of course, in the absence of licensing and cooperation agreements, the ISP will have to be considered a competitor in the illegal reproduction and distribution of protected works, in derogation of the “safe harbor” provided by the Ecommerce Directive. It is also foreseen that the user who has uploaded an allegedly protected content can appeal (through methods established by the ISP or through a third-party ADR entity) against the unjustified removal of the content (Article 13).

These measures do not apply to, inter alia, micro and small enterprises and ISPs acting for non-commercial purposes such as online encyclopedias (Wikipedia) and online service providers where the content is uploaded with the permission of all the rights holders concerned, such as educational or scientific directories (Article 2 and recital 37bis).

At this point, we will have to wait until the next few weeks to see whether the current text approved by Parliament will become definitive or whether it will be further amended following further consultations. The result is certainly a first step towards an attempt to regulate the content posted on the Internet, which will obviously require “field” analysis to assess its effectiveness.

THE ANTITRUST SETS ITS SIGHTS ON SKY ITALIA AND DAZN

06/09/2018

With a notice of August 28, the Italian Competition Authority (AGCM) announces to have started – upon notice of individual consumers – an investigation against Sky Italia S.r.l., Perform Investment Limited and Perform Media Services S.r.l. (the latter better known to the public as “DAZN”) with reference to the marketing of football game packages (Serie A and B) for the 2018/2019 season.

Different infringements may be abstractly claimed against the broadcasters.

As for Sky, according to the AGCM the leading company in the transmission in Italy of sport events would have not adequately informed its public about the delivery methods and the limits of the offer of the football package for the 2018/2019 season, so as to bring new customers to take an unconscious business decision. Moreover, the conduct held by Sky could also be seen as “aggressive” towards the existing subscribers, since – in the face of, among others, a considerable downsizing of the number of the broadcasted games – Sky would have induced the customer to renew his subscription in the erroneous belief that the football offer had not changed. This conduct could infringe art. 65 of the Consumer Code.

As for DAZN, on the one hand the claim “whenever you want, however you want” is contested as it would be able to induce the consumer believe that he can use the service wherever he is, without specifying the technical and/or territorial limitations that could prevent the use of the service or make it more difficult; on the other hand, the message that the user could benefit the service, from the first month, “for free” and “with no contract” is deemed misleading. In fact, the consumer is still required to sign a contract (although free for the first month), with the consequent need to formally exercise the right of withdrawal in order not to renew the service and to avoid the charge of subsequent monthly payments. According to the Antitrust, such conducts could be both “deceptive” and “aggressive”, in violation of articles. 21, 24 and 25 of the Consumer Code.

LGV OBTAINS AN INJUNCTION ORDER AGAINST AN ONLINE RESELLER OF ILLICIT SOFTWARE

26/07/2018

By a decision dated July 20, 2018, the Court of Turin ordered an online reseller to cease selling computer programs owned by a major software company without authorization. The Court of Turin found that there was a periculum of default due to the irreparable and unquantifiable damage that resulted from the sale of unauthorized products on the Internet.

The precautionary action was taken by LGV on behalf of its client after the latter learned that the defendant company was reselling its own computer programs via a well-known online auction site without authorization. In particular, the software were in Educational versions which are normally made available only to academic institutions (i.e. their staff and students), free of charge and for a limited period of time. The online reseller, on the other hand, resold these products to users who could not be classified as academic institutions, against payment of a price, and allowed access to the program in a perpetual manner.

The Court of Turin found that both the fumus boni iuris and the periculum in mora exist, which are necessary requirements for the granting of the injunction requested. With reference to fumus, it was ascertained that the defendant had unlawfully exploited the exclusive rights of ownership of the applicant company, granting the request for an injunction also in relation to the protection of the trademark of ownership of the software house.

With regard to the periculum, the Court held that the defendant’s continued sale caused the applicant serious damage which could not be fully repaired, pointing out that, for the undertaking (and, a fortiori, for the software manufacturers), the internet is now the most important and significant means of displaying and distributing its products and its brand. It was also acknowledged that, as a general rule, protective protection in the field of copyright, industrial law and unfair competition was considered admissible since the damage caused by exclusion from the market suffered by the unlawfully harmed entrepreneur was difficult to quantify, and therefore to repair, given the objective difficulty of estimating and the impossibility of reversing in full the effects of the abusive conduct.

SUPREME COURT PRONOUNCES ON NEWSLETTERS AND PRIVACY

18/07/2018

With its decision no. 17278 of July 2, 2018, the Supreme Court condemns the increasingly widespread practice of websites sending advertising communications without the specific consent of the person concerned and recalls the rules for advertising on the web.

This decision settled a dispute that started back in 2014 following an order issued by the Data Protection Supervisor, which found that the processing of personal data for promotional purposes by a company specializing in the web services sector was unlawful, without the “free and specific” consent of the parties concerned. In particular, users of the site, in order to access web services (newsletters on finance, taxation, law and labor) had to register by providing their email and give general consent to the processing of personal data. The information, however, was made accessible only through a link to a different web page which clarified that the data was used not only for the provision of the service but also for “the sending of promotional communications and commercial information by third parties. In the absence of consent the user could not use the service”.

Following the opposition of the company inhibited by the Guarantor, the Court of Arezzo acknowledged that consent had been legitimately given also for promotional purposes, not providing for the additional legal obligations inferred from the guidelines of the Guarantor.

The Supreme Court, with the recent decision mentioned above, in accepting the appeal of the Guarantor, has instead recognized illegitimate behavior by the company of web services, pointing out that, with regard to personal data, one must refer to a notion of informed consent which “does not admit compressions of any kind and does not tolerate being disturbed even if marginally, not only as a result of error, violence or fraud, but also as a result of the whole range of possible disorientation, stratagems, opacity, subterfuges, unfairness, duplicity or malice however adopted by the data controller”. The Court also reiterates that consent must be free and specific, requiring an indication of the sectors of goods or services to which the advertising messages relate.

The Court further adds that a condition may be regarded as being satisfied if the service offered by the operator of the website is impracticable and indispensable for the person concerned.

Finally, the Supreme Court has provided the following principle of law: “in terms of the processing of personal data, the provision of Article 23 of the Privacy Code, in establishing that consent is validly given only if expressed freely and specifically with reference to a clearly identified processing, allows the operator of a website, which provides a fungible service, which the user can give up without serious sacrifice (in this case newsletters on issues related to finance, taxation, law and labor) to make the provision of the service conditional upon the processing of the data for advertising purposes, provided that the consent is given individually and unequivocally to such effect, which also implies the need, at least, to indicate the sectors of goods or services to which the advertising messages will refer”.