ava i lab le at www.sc ienced i rec t . com

www.compseconl i ne .com/ publ i ca t ions /prodc law.h tm

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 3 ( 2 0 0 7 ) 4 9 5 – 5 0 0

EU update

Baker & McKenzie’s regular article tracking developmentsin EU law relating to IP, IT and telecommunications

Harry Small, David Halliday, Deena Hazini, Siu Ha Tang, Mandy Tang

Baker & McKenzie LLP, United Kingdom

a b s t r a c t

This is the latest edition of Baker & McKenzie’s column on developments in EU law relating

to IP, IT and telecommunications. This article summarises recent developments that are

considered important for practitioners, students and academics in a wide range of infor-

mation technology, E-commerce, telecommunications and intellectual property areas. It

cannot be exhaustive but intends to address the important points. This is a hard copy ref-

erence guide, but links to outside web sites are included where possible. No responsibility

is assumed for the accuracy of information contained in these links.

ª 2007 Baker & McKenzie LLP. Published by Elsevier Ltd. All rights reserved.

1. General intellectual property

1.1. OHIM issues Decision consolidating rules onelectronic communication

On 16 July 2007, the President of the Office of Harmonization in

the Internal Market (Trade Marks and Designs) (OHIM) issued

a Decision regarding electronic communication with and by

OHIM. The Decision repeals previous decisions on the matter

and attempts to consolidate all relevant administrative rules

into a single administrative act. Amongst its objectives,

OHIM attempts to make it possible to renew registered Com-

munity designs or request cancellation electronically.

OHIM Decision No EX-07-4, 16 July 2007.

http://oami.europa.eu/en/office/aspects/pdf/Ex074en.pdf.

1.2. Industrial property: Commission adopts necessarymeasures for linking EU design registration system withWIPO international system

On 24 July 2007, the European Commission adopted two Regu-

lations which are necessary to give effect to the accession of

0267-3649/$ – see front matter ª 2007 Baker & McKenzie LLP. Publidoi:10.1016/j.clsr.2007.10.001

the European Community (the ‘‘EC’’) to the Geneva Act of

the Hague Agreement concerning the international registra-

tion of industrial designs. This will allow EU companies to ob-

tain protection of a design not only throughout the EU with

the Community design, but also in countries which are mem-

bers of the Geneva Act. The Geneva Act allows designers to

obtain design protection in a number of countries through

a single international application filed with the International

Bureau of WIPO. So far there are 23 countries who have be-

come party to the Geneva Act, including Singapore, Turkey

and Switzerland. The deposition of the instrument of ratifica-

tion before WIPO is scheduled for the end of September 2007.

UK businesses will be able to use the new system from January

2008.

Press release: http://europa.eu/rapid/pressReleasesAction.

do?reference¼IP/07/1160&format¼HTML&aged¼0&language¼EN&guiLanguage¼en.

2. Copyright and trade marks

No developments.

shed by Elsevier Ltd. All rights reserved.

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 3 ( 2 0 0 7 ) 4 9 5 – 5 0 0496

3. Patents

3.1. European Parliament resolution on providing drugsto developing countries

On 6 December 2005 the World Trade Organisation (WTO)

proposed a protocol amending the agreement on Trade-

Related Aspects of Intellectual Property Rights (TRIPs). The

protocol seeks to simplify the process of supplying patented

drugs to developing countries. On 12 July 2007, the Euro-

pean Parliament adopted a resolution on the proposed

amendment to the TRIPS Agreement, calling for more to

be done in relation to the sale to and manufacture in devel-

oping countries of patented drugs, to give them greater ac-

cess to medicines. The resolution asks the European

Council to help developing countries by maximising the

availability of pharmaceutical products at affordable prices.

The resolution also calls for the Commission and Member

States to provide financial support for the local production

of pharmaceuticals in developing countries and to help

fund research and development on poverty-related, tropical

and neglected diseases.

European Parliament resolution: http://www.europarl.

europa.eu/sides/getDoc.do?pubRef¼-//EP//TEXTþTAþP6-TA-

2007-0353þ0þDOCþXMLþV0//EN&language¼EN.

4. Data protection/privacy

4.1. European Data Protection Supervisor publishesopinion on Commission communication on implementationof Data Protection Directive

On 25 July 2007 the European Data Protection Supervisor

(EDPS) issued an opinion on the European Commission

communication regarding improved implementation of

the Directive 95/46/EC of the European Parliament and of

the Council on the protection of individuals with regard

to the processing of personal data and on the free move-

ment of such data (the ‘‘Directive’’). The communication

outlines ways in which the fundamental rights of EU citi-

zens, in regards to personal data protection, can be better

ensured. The EDPS has agreed with the conclusion of the

Commission that the Directive should currently not be

amended. The EDPS recommends that in the short term,

actions should focus on improving the implementation

of the Directive, including effective use of infringement

proceedings against Member States. In the long run, if

the Directive is to be amended, EDPS considers that

a number of areas require further consideration. These

areas include: interaction with technology, global privacy

and jurisdiction, and law enforcement. A date has not

yet been set for a review to prepare for any changes to

the Directive.

Press release: http://europa.eu/rapid/pressReleasesAction.

do?reference¼EDPS/07/8&format¼HTML&aged¼0&language¼EN&guiLanguage¼en.

5. Competition law

5.1. Advocate General’s opinion on chargingfor local loop access

On 18 July 2007, Advocate General Poiares Maduro handed

down an opinion on a reference from a German court on the

charges that can be applied by a dominant incumbent tele-

coms operator for access to its local network. The intention

of Regulation 2997/2000 which set harmonised conditions for

unbundled access to the local loop was to allow new operators

to enter the market to provide new competition at local loop

level. Member States must not depart from the requirement

of limiting the prices charged by notified operators if they are

to the detriment of the new operators who wish to access their

local network. In his opinion, the Advocate General considers

issues relating to determination of cost-orientated charges

and on the extent of the discretion of national regulators in

assessing such charges. The Advocate General considers that

an assessment of whether charges are cost-orientated in-

volves balancing key objective of fostering competition against

that of ensuring the necessary level of incentives for invest-

ment in infrastructure.

Case C55/06, Arcor AG. KG v. Federal Republic of Germany,

opinion of Advocate General Poiares Maduro: http://curia.

europa.eu/jurisp/cgi-bin/form.pl?lang¼en&Submit¼Recherch

er$docrequire¼alldocs&numaff¼C-426/05&datefs¼&datefe¼&nomusuel¼&domaine¼&mots¼&resmax¼100.

5.2. Commission calls for better implementation of thelaw of the Member States of the European Union tosafeguard the interests of citizens and business

On 5 September 2007, the European Commission put forward

some proposals to improve the application of the law of the

Member States of the European Union (Community law) by

Member States. This is not specifically directed at the imple-

mentation of information technology or intellectual property

law but is part of the European Commission’s better regula-

tion priority which aims at having Community law imple-

mented more effectively and at resolving complaints made

by citizens and businesses more quickly. In order to maintain

Europe’s competitiveness, the Commission seeks to keep

Member States responsive to the interests of citizens and

businesses and seeks commitment from Member States to im-

prove information-provision and problem-solving for citizens

and businesses. The Communication sets out four main areas

of action:

(1) more targeted problem prevention measures by increasing

implementation and enforcement of new legislation;

(2) improved information-provision and problem-solving

with the aim of reducing the number of infringements;

(3) a more efficient system of managing infringement cases by

prioritising cases which pose the greatest risks and wide-

spread impact on citizens and businesses; and

(4) increased transparency in the application and enforce-

ment of the law.

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 3 ( 2 0 0 7 ) 4 9 5 – 5 0 0 497

The Commission also suggests that there be more strate-

gic planning of the implementation, management and en-

forcement of Community legislation and that there be an

increased review of results between Commission, Parliament

and Council.

Press release: http://europa.eu/rapid/pressReleasesAction.

do?reference¼IP/07/1282&format¼HTML&age.

6. Telecoms

6.1. Commission proposal to select mobile satelliteservices for EU-wide high-speed data communications

On 22 August 2007 the Commission adopted a proposal to se-

lect systems for mobile satellite services at European level.

The proposal will provide the basis for a single comparative

selection and authorisation procedure for services by all 27

EU Member States. The proposed new system will provide ad-

vanced services and improve coverage in the EU’s remote

areas. Significant economies of scale are expected to result

from consistent national authorisation of systems throughout

Europe, and will lead to more efficient use of spectrum and re-

duced risk of harmful interference.

Press release: http://europa.eu/rapid/pressReleasesAction.

do?reference¼IP/07/1243&format¼HTML&aged¼0&language¼EN&guiLanguage¼en.

6.2. ERG publishes second guidelineson Roaming Regulation

On 22 August 2007, the European Regulators Group (ERG) pub-

lished a second set of guidelines on mobile roaming under the

Mobile Roaming (European Communities) Regulations 2007

(717/2007) (the ‘‘Regulations’’). The Regulations impose caps

on wholesale and retail prices that can be charged from mo-

bile-phone customers making or receiving calls in the EU,

when travelling outside their home country. The first set of

guidelines, published in July 2007, sets out how national regu-

latory authorities should interpret the provisions of Article 2

of the Regulation’s relating to offers to customers. The second

set of guidelines provides for the following:

(1) that providers can charge customers on the basis of any in-

terval (e.g. per second or per minute) but that the charge

should not exceed the maximum charges set out in the

Regulation’s;

(2) the ways in which companies should meet the limits on

wholesale charges (as defined in the Regulations);

(3) guidance on how to calculate charges made in currencies

other than the euro;

(4) clarification on the requirements of welcome messages

which must be sent to users on arrival in a country;

(5) the manner in which information should be provided to

customers by home providers;

(6) clarification that a ‘‘regulated roaming call’’ as set out in

the Regulation’s, comprises only voice calls and not fax

or data calls, or premium-rate service calls;

(7) that the Regulation’s do not apply to calls made to and

from ships and planes using satellite networks; and

(8) the way to establish the geographical limits of the EU, and

that reference should be made to Article 299 of the Treaty

of the European Union, in that regard.

The Regulation: http://eur-lex.europa.eu/LexUriServ/site/

en/oj/2007/l_171/l_17120070629en00320040.pdf.

ERG press release: http://erg.eu.int/whatsnew/index_en.

htm.

6.3. European Commission questionnaire on radio andtelecoms terminal equipment

On 31 July 2007, the European Commission published an

online questionnaire on the regulatory environment for radio

and telecoms terminal equipment (R&TTE) in the EU. The

questionnaire is designed for companies, organisations and

professionals who have a good working knowledge of the

R&TTE Directive (1999/5/E) and of the national provisions

transposing it. The purpose of the questionnaire is to provide

the Commission with information for the second scheduled

progress report on the operation of the Directive. The review

of the R&TTE Directive will also take into account related EU

legislation, including the regulatory framework for electronic

communications networks and services, as well as radio spec-

trum policy. The consultation closed on 30 September 2007.

Press release: http://ipandit.practicallaw.com/5-375-1076.

6.4. Commission supports French regulator’s call forcommon approach to lower mobile rates

On 14 September 2007, in response to a procedure under the

EU telecom rules (set out in the 2002 EU regulatory framework

for electronic communications services) regarding mobile ter-

mination rates in France, the Commission supported the

French telecoms regulator’s (ARCEP) proposal to further lower

the wholesale rates charged by French mobile operators – this

a clear move towards rates reflecting real costs, which is a core

principle of the EU telecom rules. In a letter to ARCEP sent on

14 September 2007, the Commission supported a common ap-

proach among Europe’s telecom regulators for a consistent

way to calculate appropriate mobile termination rates. Mobile

termination rates are currently regulated in all EU countries

by the national telecoms regulator. The Commission con-

siders that termination rates should be based on the costs of

an efficient operator – this being, in the Commission’s view,

an optimal method for setting price caps for mobile termina-

tion rates. The Commission intends to harmonise the current

approach across the EU, and to work with the European Regu-

lators Group to achieve this as soon as possible.

Press release: http://europa.eu/rapid/pressReleasesAction.

do?reference¼IP/07/1333&format¼HTML&aged¼0&language¼EN&guiLanguage¼en.

7. Information technology

No developments.

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 3 ( 2 0 0 7 ) 4 9 5 – 5 0 0498

8. E-commerce

8.1. Liability of ISP’s for blocking file sharing

On 29 June 2007 the Belgian courts held that Scarlet, a Belgian

ISP, had a legal obligation to implement technology on its net-

work to filter and block the sharing of copyright infringing

content via peer-to-peer (‘‘P2P’’) file sharing networks. Article

12 of the E-Commerce Directive (2001/31/EC) provides a de-

fence for ‘‘mere conduits’’ for content transmitted or accessed

by their customers. The Court rejected the ISP’s argument that

it could lose the protection of the ‘‘mere conduit’’ defence by

implementing the measures, since the Court held that such

filtering would not constitute selection of the content by the

ISP. The Court further held that the ruling did not impose

a ‘‘general obligation’’ on the ISP in violation of Article 15 of

the Directive, stating that: ‘‘.the provisions of this [the E-

Commerce] Directive relating to liability should not preclude

the development and effective operation, by the different

interested parties, of protection and identification and of tech-

nical surveillance instruments made possible by digital tech-

nology’’ . The Court similarly rejected arguments based on

the right to privacy, secrecy of correspondence and freedom

of expression. Finally, the Court held that the cost of the solu-

tion to the ISP was ‘‘not excessive’’, being less than 50 euro

cents per month per customer. The ISP has appealed against

this court ruling.

Report: http://www.ifpi.org/content/section_news/20070

704b.html.

9. Internet

No developments.

10. Media

No developments.

11. Outsourcing

No developments.

12. Main articles

12.1. Commission proposal to remove restrictions onradio spectrum for innovative wireless services

On 25 July 2007, the Commission published a proposal1 for

European Parliament and Council Directive repealing Council

Directive 87/372/EEC2 (the ‘‘GSM Directive’’) on the frequency

1 http://ec.europa.eu/information_society/policy/radio_spectrum/docs/ref_docs/com/com2007_367_en.pdf.

2 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri¼CELEX:31987L0372:EN:HTML.

bands to be reserved for the coordinated introduction of pub-

lic pan-European cellular digital land-based mobile communi-

cations in the Community (the ‘‘Proposal’’). The Proposal aims

to increase the choice of services and technologies available to

EU citizens so as to maximise competition in the use of spec-

trum. Public consultation conducted for the Commission has

also shown extensive support from the mobile industry to

open up spectrum, with clear benefits for both the mobile

industry and its customers.

12.1.1. Current frameworkCurrently, the GSM Directive requires Member States to re-

serve the whole 890–915 MHz and 935–960 MHz spectrum for

GSM, thereby, preventing the bands from being used by pan-

European systems other than GSM. In view of advances in

technology resulting in advanced mobile data and multimedia

services, such as 3G services that allow video streaming and

fast downloads on a mobile handset, the Commission believes

that the GSM Directive is now out of date and should be

repealed. Once effectively repealed, a new Commission Deci-

sion (the ‘‘Decision’’) should be taken, based on Decision

676/2002/EC3 of the European Parliament and Council of 7

March 2002 on a regulatory framework for radio spectrum pol-

icy in the European Community, to allow the co-existence of

new technologies within these frequencies. The Commission

has stressed that the Decision must be complemented by ap-

propriate technical harmonisation measures to preserve the

present harmonised status of the frequencies. The Commis-

sion also guarantees that the GSM services, currently using

the frequencies, will be protected so long as there is a reason-

able demand for the service. Where possible, Member States

will also be able to introduce additional systems alongside

GSM networks and other recognised terrestrial systems

within the same frequencies, provided that these can co-exist

with GSM systems and other pan-European systems in their

own territory and in neighbouring Member States.

12.1.2. Commission’s assessmentThe Decision has been prepared by the Commission alongside

national radio spectrum experts. On 5 July 2006 the Commis-

sion issued a Mandate4 to the European Conference of Postal

and Telecommunications Administrations (‘‘CEPT’’) to exam-

ine the possibility of introducing UMTS throughout the EU in

the 900 MHz and 1800 MHz bands in urban, suburban and ru-

ral areas in co-existence with GSM networks. The reports5

conducted have shown that UMTS networks can be deployed

in these areas by using appropriate values for carrier separa-

tion. Initial concerns from users in the adjacent frequency

bands about possible interference have been satisfactorily re-

solved. The reports have also shown no existence of poten-

tially serious risks or irreversible consequences as a result of

3 http://ec.europa.eu/information_society/policy/radio_spectrum/docs/policy_outline/decision_6762002/en.pdf.

4 http://ec.europa.eu/information_society/policy/radio_spectrum/docs/current/mandates/ec_to_cept_wapecs_06_06.pdf.

5 http://www.ero.dk/documentation/docs/docfiles.asp?docid¼2168&wd¼N, http://www.ero.dk/documentation/docs/docfiles.asp?docid¼2201&wd¼N, http://ec.europa.eu/information_society/policy/radio_spectrum/docs/ref_docs/rsc18_public_docs/rsc06_99_ecc_int_rep_wapecs.pdf.

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 3 ( 2 0 0 7 ) 4 9 5 – 5 0 0 499

opening up the spectrum. On a proportionality front, the

Commission considers that the benefits of implementing the

Decision measure outweigh the risks.

12.1.2.1.Benefits to the consumer. As technology advances, systems

other than GSM will continue to develop and spread through-

out the EU, especially in rural areas, overcoming the geo-

graphical divide. As the 900 MHz band covered by the GSM

Directive has propagation characteristics which allow cover-

age of large areas at lower cost, it is better suited to cover

less densely populated and rural areas rather than higher fre-

quency bands. The 3G mobile networks are currently re-

stricted to higher frequencies by the GSM Directive, creating

higher deployment costs. Moreover, the use of higher fre-

quency is less suited to penetrate buildings, which results in

poor quality compared to lower frequencies. Opening up the

spectrums as envisaged should therefore lead to better quality

of services and lower costs for the consumer. Freedom of

choice of services to consumers and spectrum users in the

choice of technologies will increase with the introduction of

more pan-European services.

12.1.2.2.Benefits to the industry. The Decision would also contribute to

the economic development of the electronic communications

sector by facilitating the deployment of advanced mobile com-

munications services. As stated above, public consultation

has shown that the Decision was heavily supported by the

mobile-phone industry. The Commission believes that the

Decision will open new revenue streams to operators, and in-

crease the demand for equipment such as network infrastruc-

ture and new generations of terminals.

12.1.2.3.Benefits to the environment. The Commission also believes

that the Decision would have a positive impact on the envi-

ronment as the number of base stations required would be re-

duced through the use of lower frequencies, as well as reduce

the risk of disputes over suitable base station locations.

12.1.3. Next stepsThe Proposal to repeal the GSM Directive requires formal ap-

proval of the European Parliament and EU Council of Minis-

ters. It is intended that the measures proposed would be in

place by the end of 2007.

Press release: http://europa.eu/rapid/pressReleasesAction.

do?reference¼IP/07/1170.

12.2. Council concludes 2007 Agreement on airlinepassenger data with the US

12.2.1. BackgroundFollowing the events of 11 September 2001, the US passed leg-

islation during November 2001 which required airlines operat-

ing flights to the US to provide US Customs with access to

Passenger Name Records (PNRs). These records contain de-

tailed individual passenger information, including names,

addresses, nationality, race, age and gender.

US authorities have threatened to impose penalties upon

non-complying airlines, including the forfeiture of US landing

rights. This prompted the EU to take action on behalf of its

Member States, with particular concern for protecting citi-

zens’ personal data and privacy. The transfer of personal

data by the airline operator may also be in contravention of

the Data Protection Directive (95/46/EC).

12.2.2. The 2004 US–EU PNR Agreement (the 2004PNR Agreement)In May 2004, the European Commission concluded an agree-

ment (2004 US–EU PNR Agreement) with the US Department

of Homeland Security (DHS), guaranteeing protection in the

US for the personal data of EU transatlantic air passengers.

The agreement meant that less personal data from Passenger

Name Records (PNRs) held by airlines would be passed to the

US authorities.

12.2.3. Rejection and review of the 2004 AgreementOn 31 March 2004, the European Parliament objected to the

2004 PNR Agreement on the basis that the US did not guaran-

tee adequate levels of data protection and that handing over

the data violated passengers’ privacy under the Data Protec-

tion Directive.

12.2.4. The ECJ DecisionIn its judgment of 30 May 2006, the ECJ concluded that the is-

sue of transfer of PNR data to authorities of other countries

was exclusively a matter of public security and that public

security fell outside the scope of the Directive.

The ECJ had given the European Commission and the US

until 30 September 2006 to find a new legal solution. In light

of this, on 19 June 2006, the Commission adopted two initia-

tives to put a legally sound framework in place. The two initia-

tives adopted were as follows:

� The Commission recommended to the EU Council that the

Commission and Council act together to terminate the

agreement through diplomatic channels before the end of

June 2006 as, under international law, the agreement would

remain in force for a period of 90 days after it was de-

nounced by either party. Accordingly the European Council

and the Commission notified the US Government on 3 July

2006 of the termination of the agreement 90 days later.

� The Commission asked the European Council for authorisa-

tion to open negotiations for a new agreement with the US.

This new agreement would be negotiated on a new legal ba-

sis (Article 38 of Title VI, Treaty on European Union) as the

Commission had determined that Title VI was the correct le-

gal basis to conclude an International Agreement for mat-

ters dealing with public security and criminal law matters.

Negotiations on an interim agreement were completed in

October 2006 and applied ‘‘provisionally’’ with an expiry date

of ‘‘no later than 31 July 2007, unless extended by mutual agree-

ment’’. Negotiations for a new agreement began early in 2007.

12.2.5. 2007 Personal Names Record AgreementThe European Commission announced on 23 July this year

that the EU and the US had successfully completed

c o m p u t e r l a w & s e c u r i t y r e p o r t 2 3 ( 2 0 0 7 ) 4 9 5 – 5 0 0500

negotiations for a new US–EU Passenger Name Record Agree-

ment (The ‘‘2007 Agreement’’). The European Council adopted

a formal Decision approving a bilateral agreement between

the EU and the US permitting the processing and transfer of

Passenger Name Record (PNR) data by air carriers to the DHS.

The 2007 Agreement is tripartite and comprises (i) an

agreement signed by both parties; (ii) a letter which the US

sends to the EU in which it sets out assurances on the way

in which it will handle EU PNR data; and (iii) a letter from

the EU to the USA acknowledging receipt of the assurances

and confirming that, on that basis, it considers the level of

protection of PNR data in the US as adequate.

Negotiators of the 2007 Agreement have attempted to ad-

dress concerns over the fundamental rights and freedoms of

citizens as laid down in Article 6(2) of the Treaty on the EU, no-

tably the right to privacy, the need to ensure legal certainty

and the protection of public security. Outlined below is a sum-

mary of the key provisions addressed in the 2007 Agreement.

� Purpose: The data will be used only for the purpose of (1) ter-

rorism and related crimes; (2) other serious crimes, includ-

ing organized crime, that are transnational in nature; and

(3) flight from warrants or custody for crimes described

above. PNR may be used where necessary for the protection

of the vital interests of the data subject or other persons, or

in any criminal judicial proceedings, or as otherwise

required by law.

� Technical requirements: From 1 January 2008, airlines in the

EU, satisfying certain technical requirements, will be re-

quired to push the PNR data in their reservation systems

to the US. This system will replace the one under which

the DHS currently have the right to access electronically

PNR data from air carriers’ reservation/departure control

systems. For those air carriers that do not implement such

a system, the current systems shall remain in effect until

the carriers have implemented a system that complies

with DHS’s technical requirements. DHS will continue to

electronically access the PNR from air carriers’ reservation

systems located within the territory of the Member States

of the EU until there is a satisfactory system in place allow-

ing for the transmission of such data by the air carriers.

� Amount and type of data collected: Under the interim agree-

ment 34 fields of passenger data were collected by US law

enforcement authorities. This has now been reduced to 19

data fields which will be shared between the parties. The

categories include name, contact data, payment details,

and itinerary information.

� Sensitive data: Sensitive data (i.e. data revealing racial or eth-

nic origin) will be filtered and deleted unless the data are

accessed for an exceptional case. An exceptional case is

specified to be one where the life of a data subject or of

others could be imperilled or seriously impaired. In such cir-

cumstances, DHS officials may require and use information

in EU PNR other than those listed above, including sensitive

data. The DHS will maintain a log of access to any sensitive

data in EU PNR and will delete the data within 30 days once

the purpose for which it has been accessed is accomplished

and its retention is not required by law. The DHS will also in-

form the Commission, normally within 48 h, that such data

have been accessed.

� Data retention: The data will be retained in an active database

for up to seven years, after which time the data will be

moved to an inactive database for up to eight years to be

accessed only following approval of a senior DHS official

designated by the Secretary of Homeland Security and

only in response to an identifiable case, threat, or risk.

� Level of data protection measures: The DHS expects that it will

not be asked to undertake data protection measures in its

PNR system that are more stringent than those applied by

European authorities for their domestic PNR systems. Simi-

larly, the DHS is not asking European authorities to adopt

data protection measures in their PNR systems that are

more stringent than those applied by the US for its PNR

system.

� Access and redress: The US has made a policy Decision to ex-

tend the access and redress mechanisms to which the DHS

is subject, to all people irrespective of citizenship and coun-

try of residence.

� Review: The implementation of the 2007 Agreement and the

assurances that will be reviewed periodically.

It should be noted that there is a fair amount of flexibility

built into the 2007 Agreement whereby the US is only required

to advise the EU regarding the passage of any US legislation

which materially affects the 2007 Agreement, and the US

also reserves the right to suspend the agreement in certain cir-

cumstances (e.g. where the US feels that it is being asked to

adopt undertake data protection measures in its PNR system

that are more stringent than those applied by European

authorities for their domestic PNR systems).

The 2007 Agreement aims to provide a long-term solution

for the processing and transfer of PNR data and will be valid

for a period of seven years. This should provide greater cer-

tainty on both sides of the Atlantic, although the Commission

will no doubt watch closely how the US may exercise any

rights which may push the terms of the 2007 Agreement out-

side the bounds originally envisaged.

More details are available in this EU Joint press

release: http://www.consilium.europa.eu/ueDocs/cms_Data/

docs/pressdata/en/er/95500.pdf.

The full agreement can also be read at: http://eur-lex.

europa.eu/LexUriServ/site/en/oj/2007/l_204/l_20420070804en

00180025.pdf.

For further information on any of the above, please contact Harry

Small (harry.small@bakernet.com) of the Information Technology/

Commercial Department of the London office of Baker & McKenzie

LLP (Tel.: þ44 20 7919 1000). Mr Small was assisted in the prepa-

ration of this article by David Halliday, Deena Hazini, Siu Ha

Tang and Mandy Tang.