Mills & Reeve: Technology Law Update

Enter your email address:

Delivered by FeedBurner

Disclaimer

  • The information on this blog is not legal advice. You should not rely on it and we don't accept liability in connection with it. Please read our full disclaimer and let us know if you would like us to advise on any legal issue.

eCommerce

New UK law on the retention of communications data finalised in a week

The UK’s controversial stop-gap legislation, the Data Retention and Investigatory Powers Act 2014, has been fast-tracked through the parliamentary process and became law on 17 July.

After the European court’s strike-down of the directive that required EU states to collect communications data, discussed in our earlier posts here and here, the British government became concerned that data would no longer be retained undermining its ability to track criminal and particularly terrorist activity.

Now emergency legislation has been rushed through to plug the gap.

The new law allows the Home Secretary to serve a retention notice on any provider of telecoms and internet communications services to UK customers, requiring them to retain specified classes of data for up to 12 months. The data concerned deal with the ‘who, when, where and how’ of communications, including unsuccessful contact attempts, but not their content. It extends to communications service providers based outside of the UK, if their services are provided within the country.

Changes are also made to RIPA 2000, the law that controls how the authorities can access and use such data. These address arrangements for serving interception warrants on communications providers outside the UK. An interception warrant can be served on any business premises within the UK, for example, if the communications provider has no UK head office.

The obligations on reporting to parliament are changed to require a 6 monthly instead of an annual report. An independent reviewer will be appointed to review the operation of the system and consider security threats, privacy safeguards, advances to technology and the effectiveness and proportionality of the legislation.

The government’s announcement emphasises the usefulness of data access in child abuse and murder cases; collection of data in these contexts is more likely to meet with public acceptance. But a major part of the interception activity will no doubt be aimed at terrorism. The independent review system may go some way towards meeting the concerns of the European court about the old directive, although privacy campaigners have been vocal in their opposition to the new law.

In any event, a sunset clause means that the Act will expire at the end of 2016. The efforts of the privacy lobby may be better spent in shaping its replacement rather than attacking this interim law.

Posted by on 18/07/2014 at 12:57 | | Comments (0)

New rules soon to impact B2C transactions

On 13 June 2014 new rules controlling contracts with consumers will take effect, both in the UK and across the EU.

The regime for B2C transactions will be tightened up, with more pre-contract information required, a clearer purchasing process and a longer cancellation period (now 14 calendar days). A new concept of 'digital content', separate from service provision, will come in.

If you operate a consumer facing business you should ensure that your processes are compliant.

We have developed a guide to the new rules, most relevant for online consumer-facing businesses, indicating the key changes and identifying areas where you may need to take a closer look.

The UK government has longer term plans for an extensive overhaul of consumer law aimed at reforming and tidying it up completely. This intiative, the Consumer Rights Bill, is currently under review by parliament.

Posted by on 29/05/2014 at 09:37 | | Comments (0)

Ebay and data protection – will the proposed reforms reach beyond Europe’s borders?

Online auction site Ebay is asking customers to change their passwords after detecting a massive security breach with hackers obtaining the personal data of millions. In eBay’s case, it has extensive activities across Europe and a European base in Luxembourg that will be subject to the powers of data protection authorities at EU and national level.

The European courts have shown a willingness to find that an organisation is acting as a data controller within EU  boundaries. In the recent ‘right to forget’ case against Google, Google’s Spanish subsidiary was found to be a data controller because its local advertising and administrative activities were carried out ‘in the context of the activities of an establishment of the controller’ (as required by the Data Protection Directive) in Spain. The actual processing of the data took place elsewhere.

In other situations, however, data is held and controlled entirely outside the EU. EU data protection laws are among the strictest, but data held by entities that have no European presence can avoid being caught.

Reforms are in train to control data even more tightly with a proposed new EU-wide Regulation, and a supplementary Directive to deal with national investigation and enforcement.

The current territorial requirements are essentially for an establishment in the EU or for equipment within the EU. But under the proposed new system, processing by entities outside the EU will be covered if it relates to offering goods or services to EU individuals, or monitors their behaviour. Hefty fines could be imposed for breach.

The stage reached by the proposals now requires negotiations to take place between the European parliament and the council of national ministers. In its March Q&As the European parliament said that the target date for making these proposal law was late 2014. Although in the aftermath of the recent European parliamentary elections we have to wonder how swift that progress will be.

Posted by on 28/05/2014 at 12:40 | | Comments (0)

Lush comes up clean in e-commerce dispute with Amazon - and a warning to tidy up those intra-group IP arrangements

British cosmetics company Lush prides itself on its ethical credentials. It is critical of Amazon’s business practices and does not allow sales of its well-known bath bombs through Amazon's sites.

Amazon offers similar products, and had used the Google AdWords service to bring up adverts for products on its own site when a customer typed the word LUSH into the Google search engine. Similarly, Amazon's own searching system brought up competing products when a customer typed LUSH into a search box.

In February a UK court ruled that Amazon had infringed Lush’s trade marks. Now the same judge has told Amazon what it has to do in, and stop doing, as a result.

Amazon was ordered to stop infringing the trade marks EU-wide, despite complaining that the order should be UK-only. Amazon argued that compliance would be technically difficult to achieve, especially as there are other sellers on its site of products that have LUSH in their branding legitimately, but the judge would not allow a carefully defined list of prohibited activities.

The judge refused to order Amazon to publish details of the infringement decision in national newspapers given the wide publicity this case has already received. But he did say that a notice and link should be put on relevant pages of Amazon’s website. This part of the order will not take effect while Amazon asks the Court of Appeal if it will revisit the whole decision. The judge only required the notice to appear for a month from the date of the judgment, and so the notice may never appear.

Litigation on this scale can be cripplingly expensive for a smaller players. The normal rule in the English court is that the loser pays the winners costs. Here a technical but potentially expensive point came up.

One of the Lush litigants was an exclusive licensee of the relevant trade marks - a fairly standard intra-group arrangement. Lush should have registered the exclusive licence within six months of signing it to qualify for court case costs. But it only got round to registration in late 2011, shortly before starting the court case. Should it be prevented from recovering its costs?

A similar point came up in a patent case last year, Schutz v Werit. There the Supreme Court commented that costs should be awarded for the period of infringement after the licence was registered, but not for the period before registration. The judge in the Lush case was concerned that approach this would be ‘a penal measure’ for Lush. He managed to find reasons to permit full costs recovery in this case.

An important practical point comes out of this – get those intra-group transactions registered in good time. Failure to register can not only impact on rights to sue and costs recovery in litigation, but can even result in another person gaining conflicting rights.

Posted by on 09/05/2014 at 11:45 | | Comments (0)

PIPCU announces success in tackling infringing websites

The Police Intellectual Property Crime Unit, or PIPCU, is a part of the City of London Police tasked with tackling intellectual property crime across the UK. It announced yesterday the suspension of over 2,500 infringing websites since its launch in September 2013. In a press release PIPCU explained that it is working in collaboration with brand-owners and website registries to prevent the sale of ‘poor quality and sometimes dangerous counterfeit goods’.

The unit was set up in June 2013 with funding of £2.5m for its first two years from the UK Intellectual Property Office (part of the Department for Business, Innovation and Skills) to address both counterfeiting and websites offering pirated music, films and software.

Services that have admitted defeat include The Sports Torrent Network. This offered links to sports events such as European football matches, US National Hockey League games and, Formula 1 races, helping to connect users wanting to share files over peer-to-peer networks. It closed on 21 April after receiving warnings from PIPCU.

Some say that the methods used by PIPCU are both heavy handed and ineffective, with sites reopening under different domains. Canadian registrar EasyDNS has taken a robust view of requests from PIPCU. It complained last October about the lack of legal process or ICANN procedures when being asked to suspend a domain, and and set out the circumstances under which it would take down a domain, namely, an order from ICANN or CRA, a Canadian court order, or the operator engaging in network abuse or threatening the stability of the internet (spreading malware for example). It has since succeeded in obtaining transfer of several of the threatened domains from PDR Ltd under a National Arbitration Forum decision.

PIPCU is also tackling advertising revenue, by sharing a list of suspect websites with brands and advertising agencies under its Operation Creative.

The UK Government now has to decide whether to fund the unit on a long term basis. Mike Weatherley MP, Intellectual Property Adviser to the Prime Minister, has called on Downing Street to establish permanent funding for PIPCU, a move that would be welcomed by rights-holders.

Posted by on 29/04/2014 at 12:52 | | Comments (0)

Cookies - we ask if the rules are too strict

We have been discussing whether the revised rules on cookies have made any real difference to an internet user’s awareness and acceptance.

A cookie is a small file, typically of letters and numbers, downloaded onto a user’s device when they access a website. Cookies are then sent back to the originating website each time the user makes a further visit. Cookies are useful because they allow a website to recognise a user’s device.

EU-wide rules controlling the use of cookies come from the Data Protection Directive and the E-Privacy Directive. Under that system, users had to be given a right to opt out of the storage of or access to cookies. In 2009 the rule was amended by the Citizens' Rights Directive. This introduced a change so that the use of cookies would only be allowed on condition that the user concerned has given his or her consent (opted-in) having been provided with clear and comprehensive information about the purposes of such processing. The change had to be implemented by May 2011. At the time the switch from opt-out to opt-in was strongly criticised by website operators and advertisers.

In 2010, an EU advisory body, the ‘Article 29 Working Party’ demanded stricter opt-in standards for cookies, setting the tone for implementation by member states.

The UK implemented the rules on time, and rather ahead of other European countries. The UK Information Commissioner’s Office, the ICO, was fairly relaxed about achieving compliance, recognising that it was not always easy to comply with the revised rules. It allowed a lead-in period of 12 months for organisations to develop ways of meeting the new requirements.

The ICO has invited complaints through its website about cookies since the system was changed. Numbers of complaints have been small and falling. Between October and December 2013, only 53 concerns were reported about cookies. By comparison, in the same period, individuals used the website to report 29,529 concerns about unwanted marketing communications.

In our experience many users simply click on the ‘accept’ box to get rid of the cookies notice without really thinking about what they are being asked. More sophisticated types may control the use of cookies via their web browsers, but the level of concern does not seem to justify the EU’s strict approach to this area.

Posted by on 08/04/2014 at 17:17 | | Comments (0)

ISP told to prevent access to an illegal film downloading site - UPC Telekabel

Under an EU law on Copyright in the Information Society European countries must make available injunctions against ‘intermediaries’ whose services are used to infringe copyright. Can a completely unconnected internet service provider, or ISP, be an intermediary?

A new ruling says that it can. So a copyright owner may be able to slap an injunction on an ISP. It does not matter that there is no contractual link between the ISP and the operator of the illegal website.

Here films were made available illegally for streaming or downloading by a website kino.to. Film production companies Constantin Film and Wega had rights in some of the films. They asked the Austrian court for an injunction against major Austrian ISP, UPC Telekabel. The ISP had no relationship with the operators of kino.to and had not provided them with internet access or storage space. But customers of the ISP had used the kino.to service.

The Austrian court granted an injunction without saying exactly what measures the ISP should take to stop its customers accessing the illegal website. The obligation was to achieve the result rather than specifying what measures had to be taken, and the ISP would have to decide how to achieve it. To avoid a fine the ISP would have to show that it had taken all the measures that could be expected of it.

The ISP said that the various blocking measures which might be introduced could all be technically circumvented and some of them would be excessively expensive. But the EU court said that the Austrian injunction was reasonable. The ISP could be expected to work out for itself what measures to take that would be ‘sufficiently effective to ensure genuine protection’ of the film rights or at least ‘making it difficult to achieve and seriously discouraging internet users’ from using the service.

This ruling raises the prospect of ISPs being required to comply with vague and open-ended injunctions to prevent their customers from accessing unconnected illegal websites.

Posted by on 28/03/2014 at 14:17 | | Comments (0)

Why Bitcoins are hitting the headlines

For the un-initiated, Bitcoins are an anonymous, decentralised, ‘crypto-currency’, absent of regulation or legislation. Combined with having no real physical existence, the unique properties of Bitcoins have led to increased attention in the media.

Bitcoins can be acquired either through ‘mining’, (the lending of computing power by individual miners to process Bitcoin transactions which are recorded on the public ledger or ‘blockchain’), or they can be purchased from Bitcoin exchanges. At the time of writing, an individual Bitcoin has a trading value of just over 350 GBP but reached its highest value of just under 750 GBP in November 2013. Bitcoins are now accepted by over 1000 merchants including fashion websites, pubs and online dating services. However, Bitcoins have become associated with the ‘dark web’, linked to the sale and purchase of illicit substances and money laundering due to their virtual quality and thus limited traceability.   

In addition to the volatility of the market, Bitcoin theft by hackers is a real possibility. On 28 February 2014 one of the top three Bitcoin exchanges, Mt Gox, filed for bankruptcy with reports suggesting that the site was shut down after it discovered that nearly 744,000 Bitcoins (approximately £210m) had been stolen due to a security loophole.  

Despite the risks associated with this virtual currency, 2014 has been declared by some as the year of the Bitcoin wannabe. Litecoin, Peercoin and Anoncoin are all alternative crypto-currencies, albeit with much lower currency units and values. Large companies and financial institutions are also trying to move into digital currency, for example, eBay recently applied for a patent for its ‘Gift Token’ idea which can be used to make purchases without a Paypal account. JP Morgan has also made repeated patent claims for a digital currency regulated by the bank but to date these have all been rejected or cancelled.

Digital currency could be the way forward for online purchasing. However, it may be a long time before a safe, secure means of anonymous online payment is possible. 

Posted by on 06/03/2014 at 10:11 | | Comments (0)

European Sales Law plan moves forward

One of the best features of the internet is its ability to transcend geography. E-commerce lends itself naturally to cross-border transactions. A proposal for a new legal structure to support pan-EU online transactions is working its way through the European process, now receiving resounding approval from the European Parliament. Commissioner Viviane Reding calls it 'a win-win deal for small and medium sized businesses and for all consumers in Europe'.

The plan is for an optional European Sales Law to free businesses and consumers from worrying about national rules. Requiring the agreement of both customer and seller, it would be available for sales of goods and digital content, and for business to business as well as business to consumer transactions.

This initiative looks at first sight like a promising addition to the online legal landscape. But neither the UK nor the German government likes it. They say that harmonising national laws is the way to go, and this new proposal is unworkable and incomplete.

If the planned law makes it through the process, businesses may find themselves under pressure to use it, with potential for a lot of uncertainty and litigation.

Posted by on 28/02/2014 at 10:32 | | Comments (0)

Welcome news for hyperlink users - the Svensson case

Yesterday brought welcome news for users of internet hyperlinks. The top European court ruled that using hyperlinks to freely available news articles is allowed.

Swedish newspaper journalists had complained that the use of hyperlinks to connect to their articles from a news searching website, Retriever Sverige, was wrong. But the articles were already available on newspaper’s own freely accessible website. The court decided that there had been no communication of the articles to a ‘new public’ and so the journalists could not object.

In contrast, if an article had only been available to subscribers to the newspaper’s website, but the hyperlink gave access to non-subscribers, then there would have been publication to a ‘new public’ requiring the journalists’ consent.

The court added that it would not make any difference whether or not it would be clear to the user clicking on the link that they were being redirected to a new site.

This decision is based on a law dealing with copyright in today's information society. The court said that EU countries cannot give a greater degree of protection in their own laws. European law is meant to be harmonised in this area. Differences in the level of protection between countries would lead to problems in cross-EU business.

Although the judgment seems clear, there remain questions around the effect of a website's terms and conditions of use, even where content is freely available. Providers of online material may choose to respond by restricting their free access content, and tightening up their terms of use.

Posted by on 14/02/2014 at 12:12 | | Comments (0)

Next »