Photo of Dr. Ulrich Worm

Ulrich Worm is a partner in the Frankfurt office of Mayer Brown and heads the German Intellectual Property practice. His practice focuses on technology related advice.

Ulrich advises clients in IP related matters, including patent, trade secrets, design right, trademark and copyright matters as well as on licensing, co-operation and other technology transfer agreements. He represents clients in patent infringement and nullity proceedings and in trade secrets litigation cases before courts in Germany. In addition to litigating IP cases before German courts, he coordinates pan-European and cross-Atlantic litigation cases. Further to his IP litigation practice, Ulrich advises on patent related matters such as patent license and other technology transfer agreements and is experienced in fighting counterfeiting of patent, design right and trademark protected products.

His practice further covers IT-related matters, including advising on cloud services, software licensing agreements, SaaS agreements, software development projects, e-commerce, and related data protection and privacy questions.

Read Ulrich's full bio.

 

In today’s interconnected, “always-on” environment, it is easy to forget how dependent we all are on records and, more importantly, on the people we trust to make these records correctly and to hold them securely. One solution has been the “trusted third party,” who maintains a single ledger for a group. Blockchain is another solution. From a legal perspective, there are challenges with both the blockchain technology and the idea of adopting smart contracts. Mayer Brown partner Oliver Yaros shares his insights as part of our Tech Talks video series.
Continue Reading

On 21 March 2019, Advocate General (AG) Maciej Szpunar delivered his opinion on a number of questions which, inter alia, relate to the validity of consent to cookies “by way of a pre-checked checkbox” (Case C 673/17). While the questions referred to the Court of Justice of the European Union (CJEU) primarily related to provisions of the Privacy and Electronic Communications Directive (2002/58/EG), the AG stated that the principles established in his opinion were equally valid for the EU General Data Protection Regulation (GDPR).
Continue Reading

On 13 February 2019, the data protection officer for the German state of Baden-Wuerttemberg published a guideline on password security under the EU General Data Protection Regulation (GDPR). The guideline aims to advise data controllers (e.g., service providers, administrators) on how to set up effective password policies and securely store passwords, and data subjects (users) on how to choose secure passwords.
Continue Reading

According to recent press reports, since the EU General Data protection Regulation (GDPR) came into force in May 2018, German data protection authorities have issued 41 GDPR-related fines. The highest fine in a single case is reported to have been EUR 80,000, and the majority of fines (33) originated from the state of North-Rhine Westphalia.
Continue Reading

On 12 February 2019, the European Data Protection Board (EDPB) adopted an information note “on data transfers under the GDPR in the event of a no-deal Brexit.” According to the note, as of 30 March 2019, transfers of personal data from the European Economic Area (EEA) to the UK must be based either on Standard or ad hoc Data Protection Clauses, Binding Corporate Rules, Codes of Conduct, Certification Mechanisms or Derogations.
Continue Reading

On 21 November 2018, the data protection authority of Baden-Württemberg, Germany (the “authority”) imposed a fine of EUR 20,000 against a German social media provider (the “company”) for failing to encrypt user passwords. The authority’s decision marks the first time that a fine was imposed on a company for violating the European General Data Protection Regulation
Continue Reading

On 5 September 2018, the German Data Protection Conference (Datenschutzkonferenz – “DSK) provided new guidance on the interpretation of Art. 13 of the General Data Protection Regulation (“GDPR”) in the context of medical treatment. The Data Protection Conference consists of all German data protection authorities meeting twice a year with the purpose of safeguarding data protection rights, providing guidance on
Continue Reading

On 6 September 2018, the German Federal Patent Court denied an application for a (preliminary) compulsory license under a patent related to the treatment of cholesterol-related disorders to the Applicant, group companies of a French pharmaceutical company (Case 3 LiQ 1/18). This decision is in line with previous jurisprudence of the court that has, with very few exceptions, been
Continue Reading

On 29 May 2018, only five days after the GDPR became applicable, the Regional Court of Bonn issued the first ruling applying the GDPR in Europe (file no. 10 O 171/18). The dispute involved the Internet Corporation for Assigned Names and Numbers (ICANN) and the ICANN-accredited registrar EPAG Domainservices GmbH (EPAG).

Continue Reading

On 25 May 2018, the General Data Protection Regulation (GDPR) of the European Union entered into force, accompanied by some uncertainties regarding its application. For example, some legal commentators believe there are “irreconcilable” differences between blockchain technologies and some of GDPR’s core principles, raising doubts as to whether the technology can achieve widespread adoption under the new data protection regime. 
Continue Reading