Embed Size (px)
Citation preview
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 8 9 – 1 9 3
ava i lab le at www.sc ienced i rec t . com
www.compseconl i ne .com/ publ i ca t ions /prodc law.h tm
EU developments in IP, IT & telecommunications law
Harry Small, Michael Dizon, Tabeebah Malik, Helen Kemmitt, Ben Smith, Alison Chin,Olufemi Duduyemi of
Baker & McKenzie LLP, London, UK
Keywords:
EU law
Intellectual property
Information Technology law
Telecommunications law
0267-3649/$ – see front matter ª 2009 Bakerdoi:10.1016/j.clsr.2009.02.007
a b s t r a c t
This is the latest edition of Baker & McKenzie’s column on developments in EU law relating
to IP, IT and telecommunications. This article summarises recent developments that are
considered important for practitioners, students and academics in a wide range of infor-
mation technology, e-commerce, telecommunications and intellectual property areas. It
cannot be exhaustive but intends to address the important points. This is a hard copy
reference guide, but links to outside web sites are included where possible. No responsi-
bility is assumed for the accuracy of information contained in these links.
ª 2009 Baker & McKenzie LLP. Published by Elsevier Ltd. All rights reserved.
A. Current developments 3. Patents
1. General intellectual property
No developments.
2. Copyright & trade marks
2.1. ECJ rules Sony can sue in Germany pursuant to theCopyright Term DirectiveOn 20 January 2009 the European Court of Justice in Sony Music
Entertainment (Germany) Gmbh v Falcon Neue Medien Vertrieb
GmbH ruled that Sony’s rights over two Bob Dylan albums are
covered by Directive 2006/116/EC and thus may take action in
Germany in spite of the fact that the two phonograms were at
no time protected under German national copyright laws and
that the rights holder is a national of a non-Member State. The
Court found that the phonograms at issue already benefited
from protection under United Kingdom law on 1 July 1995. The
Court’s judgment was pursuant to a reference for a prelimi-
nary ruling by the German Bundesgerichtshof concerning the
interpretation of Article 10 of the Directive.
Judgment: http://curia.europa.eu/jurisp/cgi-bin/gettext.pl?
lang¼en&num¼79909879C19070240&doc¼T&ouvert¼T&seance
¼ARRET&where¼()
& McKenzie LLP. Publish
No developments.
4. Data protection/privacy
4.1. European Council adopts Framework Decision on use ofpersonal data in police and judicial cooperationOn 27 November 2008 the European Council adopted
a Framework Decision on the use of personal data in the
context of police and judicial cooperation in Europe. The
Decision establishes a common foundation for information
exchanges and requires Member States to ensure that cross-
border exchanges provide a high level of security as well as
full respect for human rights. The Decision aims to achieve
this by establishing more detailed rules on people’s right to be
informed, the right of access to one’s personal data held by
law enforcement authorities, the right of compensation in
cases of unlawful processing of personal data, limitations on
the use of sensitive personal data, and the onward transfer of
personal data to third countries.
Press release: http://europa.eu/rapid/pressReleasesAction.
do?reference¼IP/08/1828&format¼HTML&aged¼0&language¼EN&guiLanguage¼en
ed by Elsevier Ltd. All rights reserved.
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 8 9 – 1 9 3190
5. Competition law
No developments.
6. Telecoms
6.1. European Council comes to political agreement on EUregulatory framework for electronic communicationsOn 27 November 2008 the European Council came to a political
agreement on significant aspects of the review of the Euro-
pean Union’s regulatory framework for electronic communi-
cations networks and services. The review includes legislative
proposals for a Better Regulation Directive, a Citizen’s Rights
Directive and a proposal for a Regulation establishing the
European Electronic Communications Market Authority.
The proposed Better Regulation Directive amends the
Framework, Authorisation and Access Directives. The Council
agreed on provisions relating to national regulatory authori-
ties (NRAs), consolidation of the internal market for electronic
communications, and technology neutrality in the manage-
ment of radio frequencies. With regard to the Authorisation
Directive the Ministers reached an agreement on the grant of
rights of use for radio frequencies, a maximum list of condi-
tions for general authorisations, and certain transparency
obligations on undertakings providing public electronic
communications services. In relation to the Access Directive
the Council consented to the use of functional separation as
an available remedy to national regulators. With respect to the
proposal to establish a European Electronic Communications
Market Authority the Ministers agreed to simply give a formal
status to the existing European Regulators Group instead of
creating a new Community agency. The new body will be
called the Group of European Regulators in Telecoms (GERT).
The proposed Citizen’s Rights Directive aims to amend
both the Universal Services and ePrivacy Directives in order to
ensure a high level of consumer protection and users’ rights
within the European Union. The Council reached an agree-
ment on matters such as transparency and publication of
information for users in connection with universal service
obligations, improved access for users with disabilities,
emergency services and access to 112 and quality of services.
In addition, the Council came to an agreement on issues
relating to the notifying of consumers in case of security
breaches involving personal data, granting operators and
national regulatory authorities (NRAs) more responsibility
over the security and integrity of electronic communications
networks and services, strengthening enforcement powers of
competent authorities, combating unsolicited bulk email, and
clarifying the application of data protection rules to data
collection and identification devices using public communi-
cations networks.
Press release: http://www.consilium.europa.eu/ueDocs/
cms_Data/docs/pressData/en/trans/104387.pdf
7. Information technology
7.1. European Commission releases proposed revision to theWEEE DirectiveOn 3 December 2008 the European Commission published
a proposal for a revised Waste Electrical and Electronic
Equipment (WEEE) Directive. The objective of the WEEE
Directive is to prevent the generation of electrical and elec-
tronic waste and promote the re-use, recycling and recovery
of such waste. The WEEE Directive came into force on 13
February 2003 and Member States were required to transpose
the requirements of the Directive by 13 August 2004.
The Directive has encountered a number of technical, legal
and administrative challenges and the proposed changes aim
to address these issues. For example, the proposal contains
provisions that harmonise the registration and reporting
obligations of producers by making national registers inter-
operational. Further, the proposal gives much needed clarifi-
cation of the scope and definitions of the Directive including
the transfer of certain annexes to the RoHS Directive. The
collection and re-use and recycling targets have also been
adjusted under the proposal. Moreover, Member States are
tasked with minimum inspection and monitoring duties and
also encouraging producer responsibility and financing in this
area.
Proposal: http://ec.europa.eu/environment/waste/weee/
pdf/com_2008_810.pdf
Questions and answers: http://europa.eu/rapid/press
ReleasesAction.do?reference¼MEMO/08/764&format¼HTML
&aged¼0&language¼EN&guiLanguage¼en
7.2. European Commission proposes revised RoHS DirectiveOn 3 December 2008 the European Commission published
a proposed revision to Directive 2002/95/EC on the restriction
of use of certain hazardous substances in electrical and elec-
tronic equipment (the RoHS Directive). The review aims to
improve the implementation, enforcement and coherence of
the Directive within and across Member States. The main
proposed changes include the following:
� to include medical devices and control and monitoring
instruments in the coverage of the Directive,
� to harmonise definitions in the light of other Community
legislations,
� to set maximum concentration values for banned
substances,
� to create a new annex with exemptions specific to new
product categories, establishing mechanisms for intro-
ducing new substance bans,
� to set a four year maximum validity period for exemptions
and to create new criteria for granting exemptions.
Proposal: http://ec.europa.eu/environment/waste/weee/
pdf/com_2008_810.pdf
Press release: http://europa.eu/rapid/pressReleasesAction.
do?reference¼IP/08/1878&format¼HTML&aged¼0&language¼EN&guiLanguage¼en
8. E-commerce
8.1. European Commission adopts Action Plan one-signatures and e-identificationOn 28 November 2008 the European Commission issued an
Action Plan on e-signatures and e-identification to help facil-
itate the provision of cross-border public services. The e-
Signatures Directive was adopted in 1999 to promote the legal
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 8 9 – 1 9 3 191
recognition of electronic signatures and to ensure the free
circulation within the single market of e-signature products,
equipment and services. However, a legal and technical
analysis of the practical usage of e-signatures has shown that
there are interoperability problems that currently limit the
cross-border use of e-signatures.
The main objective of the Action Plan is to provide
a comprehensive and pragmatic framework to achieve inter-
operable e-signatures and e-identification across Europe.
With regard to e-signatures, the Commission intends to
undertake the following actions:
� update Decision 2003/511/EC in order to establish a list of
generally recognised standards for e-signature products and
the possible extension of the Decision to other e-signature
products (e.g., advanced electronic signature devices). This
will help to reduce the current complex standardisation
situation and help stakeholders to implement the standards
in an interoperable way;
� compile a Trusted List of Supervised Qualified Certification
Service Providers at a European level. This list will centralise
all the required information on existing and supervised
qualified certification service providers in order to facilitate
the validation process of e-signatures based on qualified
certificates.
� establish guidelines to promote interoperability among
qualified electronic signatures and advanced electronic
signatures based on a qualified certificate; update the
country profiles of the Interoperable Delivery of European e-
Government Services to public Administrations, Business
and Citizens (IDABC); and
� study the feasibility of a European federated validation
service.
In relation to e-identification, the Commission plans to
update the country profiles of the IDABC study on ‘‘e-ID
Interoperability for Pan European e-Government Services’’,
launch specific surveys on the use of e-ID in Member States,
and determine additional actions to enable an effective EU-
wide usage of e-ID.
Communication: http://ec.europa.eu/internal_market/
strategy/docs/action-plan-e-signatures-e-identification_en.pdf
9. Internet
9.1. Council of Ministers approve new Safer InternetProgramme 2009–2013On 9 December 2008 the Council of Ministers adopted
a new Safer Internet Programme covering the period
2009–2013. The new Programme, which has a budget of V55
million, continues the work of the previous programme,
which was effective from 2005 to 2008. The main objectives of
the Programme are to raise public awareness, address illegal
content and harmful online conduct, and promote a safer
online environment for children. Specifically, the Programme
aims to achieve these ends by providing the public with
a system for reporting illegal and harmful content and
conduct, encouraging self-regulatory mechanisms, and
establishing a knowledge base of emerging trends in the
online environment.
Press release: http://europa.eu/rapid/pressReleasesAction.
do?reference¼IP/08/1899&format¼HTML&aged¼0&language¼EN&guiLanguage¼en
10. Media
No developments.
11. Outsourcing
11.1. European Commission gives the green light to the useof accelerated procurement proceduresOn 19 December 2008 the European Commission recognised
that the exceptional nature of the current financial crisis was
a sufficient basis for a recourse to accelerated procurement
procedures under the public procurement Directive 2004/18/
EC. Due to permissible reductions to the time limits of the
contract notice, tender and standstill periods, the accelerated
procedure will reduce the overall procurement process from
87 to 30 days. The rationale for the accelerated procedure is to
allow Member States to take immediate action and bolster
their economies through the rapid execution of major public
projects. The presumption of urgency will apply throughout
2009 and 2010.
Press release: http://europa.eu/rapid/pressReleasesAction.
do?reference¼IP/08/2040&format¼HTML&aged¼0&language¼EN&guiLanguage¼en
B. Commentary
1. Proposals to prevent fiscal fraud in theinternal market
On 1 December 2008, the European Commission issued
a Communication in its fight against fiscal fraud in the
internal market. The objective of the Communication is to set
out a coherent short term Action Plan with a list of future
legislative measures aiming at enhancing tax administrations
capacity to prevent and detect VAT fraud. The Communica-
tion provides a global approach to enhance the tools for Tax
Administrations to tackle VAT fraud at different stages in the
process. The Action Plan proposes to introduce measures to:
� prevent potential fraudsters from abusing the VAT system
including: common approach to the registration and de-
registration process of VAT taxable persons in the EU; online
confirmation available to traders of the validity of the VAT
identification number of their customer; simplification,
modernisation and harmonisation of the current rules on
invoicing;
� enhance the tools for the detection of VAT fraud, in partic-
ular by the creation of a European network, called Eurofisc,
for closer operational cooperation between Member States;
� strengthen the possibilities for tax authorities to recover
VAT losses in cross-border cases (including, improvement
of the mutual assistance between tax authorities for the
recovery of taxes, introduction of shared responsibility for
the protection of all VAT revenue independently of the
Member State to which it is due).
1 http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2009/09-01-09_ePricacy_2_EN.pdf.
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 8 9 – 1 9 3192
Also on 1 December 2008, the European Commission
adopted a proposal to Directive 2006/112/EC (the ‘‘VAT Direc-
tive’’) in two specific areas. The VAT Directive sets out the
system of VAT regarding tax evasion linked to import and
other cross-border transactions. The proposals aim to
enhance the capacity of tax authorities to prevent or detect
VAT fraud and to recover taxes. The first is to prevent abuse
the VAT exemption under Article of 143 (d) of VAT Directive in
the form of ‘missing trader fraud schemes’, and the second is
to grant domestic tax authorities greater power to recover VAT
losses that are incurred by traders failing to report their
taxable supplies through joint and several liability for VAT
payments.
1.1. The VAT exemption on importationUnder Article 143 (d) of the VAT Directive, the importation of
goods is exempt from VAT if it is followed by a supply or
a transfer of those goods to a taxable person in another
Member State. Problems have arisen due to the divergences in
implementation in different Member States, leading to abuse
of the exemption. ‘Missing trade fraud schemes’ (also known
as carousel fraud) occur when a fraudster imports zero-rated
goods from an exporter in another Member State and then
makes a subsequent domestic supply on he charges VAT. He
then absconds without paying the VAT to the tax authorities.
The Commission wants to prevent this by tightening the
conditions under which an importer can benefit from the VAT
exemption. In order to benefit from the exemption, the
importer must, at the time of importation, provide the
following information to the tax authorities of the importing
Member State:
� his VAT identification number or the VAT identification of
his fiscal representative in that Member State;
� the VAT identification number of the customer to whom the
goods are supplied in another Member State; and
� proof that the imported goods will be transported or dis-
patched from the importing Member State to another
Member State.
These requirements mean that the person importing the
goods and wanting to make use of a VAT exemption will have
to show that he is identified for VAT purposes in the Member
State of importation and will have to indicate at the time of
importation that the goods will be subject to the exemption.
However, once the importer has provided the required
information, successful application of the exemption will
depend on a smooth flow of information between the
customs and tax authorities of the various Member States
concerned.
1.2. Joint and several liabilityArticle 205 of the VAT Directive allows Member States to make
a person other than the person liable for the payment of VAT
jointly and severally liable for the payment of VAT when
certain obligations are not fulfilled. This will apply if:
� the acquirer of the goods has not complied with his obli-
gation to submit a recapitulative statement containing
information on the supply; or
� the recapitulative statement submitted does not set out the
information required by Article 264, which includes:
B VAT identification numbers of the taxable person and the
person acquiring the goods;
B for each person who acquired goods, the total value of
the supplies of goods carried out by the taxable
person;
B in respect of supplies of goods consisting in transfers to
another Member State, the total value of the supplies; and
B the amounts of any adjustments made (e.g. where price is
reduced after supply takes place).
This proposal gives Member States an additional tool to
allow them to collect VAT due on intra-Community trans-
actions from suppliers involved in fraudulent transactions or
chains of transactions. It also creates incentives for suppliers
to submit correct recapitulative statements. A supplier will
have a defence to liability for VAT if it can prove that his
omission to provide the correct recapitulative statement was
duly justified or an unintended material error.
1.3. ImplementationThe Commission’s proposals are set out in a draft Directive
and are currently in the preparatory stages of the legislative
process. The Directive is scheduled for a first reading before
the European Parliament on 31 March 2009.
Communication: http://ec.europa.eu/taxation_customs/
resources/documents/common/whats_new/COM(2008)807_en.
Proposal: http://ec.europa.eu/taxation_customs/resources/
documents/common/whats_new/COM(2008)805_en.pdf
2. EDPS issues second Opinion on ePrivacy Directive1
2.1. BackgroundOn 9 January 2009, the European Data Protection Supervisor
(‘‘EDPS’’) adopted his second Opinion (the ‘‘Opinion’’) on the
review of the Directive on Privacy and electronic communi-
cations, usually referred to as the ePrivacy Directive (Directive
2002/58/EC). The EDPS’s first Opinion was adopted on 10 April
2008; his second Opinion follows the European Parliament’s
(‘‘EP’’) legislative resolution of 24 September 2008, the Com-
mission’s amended proposal of 6 November 2008 and, more
immediately, the announcement of political agreement on 27
November 2008 in relation to the Council’s Common Position,
all of which concerned the ePrivacy Directive.
2.2. The OpinionThe Opinion focuses on four key issues, discussing the
varying approaches taken by the EP, the Commission and the
Council before providing recommendations in relation to
each. The EDPS noted positive elements set out by the EP, the
Commission and the Council which could strengthen the
protection of individuals’ privacy and personal data, but
made clear that there was room for improvement. The four
key issues are:
c o m p u t e r l a w & s e c u r i t y r e v i e w 2 5 ( 2 0 0 9 ) 1 8 9 – 1 9 3 193
2.3. Provisions on security breach notificationThe EDPS confirmed his continued support for a security
breach notification system pursuant to which authorities and
individuals will be notified when their personal data have
been compromised. The EDPS stressed the importance of
setting out the legal framework from the outset. In regard to
the provisions of the Council’s Common Position, the EDPS
suggested the following:
� Maintaining the current definition of ‘‘security breach’’.
� Including providers of information society services, such as
online banks and online pharmacies, within the scope of
entities required to notify.
� In relation to the trigger for notification, altering the
wording to ‘‘if the breach is reasonably likely to cause adverse
effects to individuals’’ in order to more adequately protect the
rights of individuals.
� Setting up a system where it is up to concerned entities to
make the assessment as to whether they must notify. Data
controllers would be obliged to notify regulators of all
breaches that meet the requisite standard, with national
regulators having an oversight role. Data controllers would
also be required to maintain a detailed and comprehensive
internal audit trail.
� Providing the Commission with the ability to adopt tech-
nical implementing measures to ensure the consistency in
the implementation of the above legal framework.
2.4. The scope of application of the ePrivacy DirectiveThe EDPS proposed expanding the scope of application of the
Directive to include publicly accessible private networks, such
as Wi-Fi hotspots in hotels and airports. This was in contrast
to the EP’s recommendation to include both publicly acces-
sible private networks and private communications networks.
Publicly accessible private networks would be defined as
privately operated networks to which members of the public
at large ordinarily have access on an unrestricted basis.
The EDPS also recommended a new recital pursuant to
which the Commission would carry out a public consultation
on the application of the Directive to all private networks, with
the input of the EDPS.
2.5. The processing of traffic data for security purposesThe Council’s Common Position had watered down the EP’s
proposal to authorise the processing of traffic data for
security purposes by removing a number of privacy safe-
guards. The EDPS went a step further by recommending the
removal of this Article in its entirety, on the basis it is
unnecessary and could threaten the data protection and
privacy of individuals if abused. The EDPS believes Article 7(f)
of the Data Protection Directive already gives data controllers
a right to process traffic data if it is in their legitimate
interest.
Alternatively, if the Article is to be adopted, the EDPS rec-
ommended the incorporation of adequate data protection
safeguards similar to those suggested by the EP.
2.6. The right of action by legal persons againstinfringements of the directiveThe Commission and Council had previously rejected the EP’s
proposal to give legal persons the ability to bring legal action
against infringements of any provision of the ePrivacy Direc-
tive. This right was restricted to legal action for the infringe-
ment of the Directive’s spam provisions only. The EDPS,
however, agreed with the EP on this issue; he recommended
giving legal entities, such as consumer and trade associations,
the right to bring legal action in relation to any infringements
of the Directive. This is with a view to encouraging a higher
level of compliance and effective application of the Directive
as a whole.
2.7. ConclusionThe EDPS’s Opinion clearly has the adequate protection of
the privacy rights of individuals at its heart, setting out
detailed reasoning for his recommendations. The EDPS
concludes his Opinion by stating that ‘‘the EP and Council must
meet the challenge of devising proper rules and provisions that are
both workable, functional and respect the rights to privacy and
data protection of individuals’’. The Opinion is non-binding.
Once the Council formally adopts its Common Position the
proposals will be subject to a second reading in the European
Parliament around April 2009 and could be adopted later in
the year if agreement is reached between the EP and the
Council.
For further information on any of the above, please contact Harry
Small ([email protected]) of the IT/C Group of the London
office of Baker & McKenzie (Tel.: þ44 20 7919 1000). Mr Small was
assisted in the preparation of this article by Michael Dizon,
Tabeebah Malik, Helen Kemmitt, Ben Smith, Alison Chin and
Olufemi Duduyemi.
