On 13 February 2019, the data protection officer for the German state of Baden-Wuerttemberg published a guideline on password security under the EU General Data Protection Regulation (GDPR). The guideline aims to advise data controllers (e.g., service providers, administrators) on how to set up effective password policies and securely store passwords, and data subjects (users) on how to choose secure passwords. Continue Reading German Data Protection Authority Publishes Guideline on GDPR Requirements for Passwords
Ulrich Worm is a partner in the Frankfurt office of Mayer Brown and heads the German Intellectual Property practice. His practice focuses on technology related advice.
Ulrich advises clients in IP related matters, including patent, trade secrets, design right, trademark and copyright matters as well as on licensing, co-operation and other technology transfer agreements. He represents clients in patent infringement and nullity proceedings and in trade secrets litigation cases before courts in Germany. In addition to litigating IP cases before German courts, he coordinates pan-European and cross-Atlantic litigation cases. Further to his IP litigation practice, Ulrich advises on patent related matters such as patent license and other technology transfer agreements and is experienced in fighting counterfeiting of patent, design right and trademark protected products.
His practice further covers IT-related matters, including advising on cloud services, software licensing agreements, SaaS agreements, software development projects, e-commerce, and related data protection and privacy questions.
According to recent press reports, since the EU General Data protection Regulation (GDPR) came into force in May 2018, German data protection authorities have issued 41 GDPR-related fines. The highest fine in a single case is reported to have been EUR 80,000, and the majority of fines (33) originated from the state of North-Rhine Westphalia. Continue Reading 41 GDPR Fines Issued by German Data Protection Authorities
On 12 February 2019, the European Data Protection Board (EDPB) adopted an information note “on data transfers under the GDPR in the event of a no-deal Brexit.” According to the note, as of 30 March 2019, transfers of personal data from the European Economic Area (EEA) to the UK must be based either on Standard or ad hoc Data Protection Clauses, Binding Corporate Rules, Codes of Conduct, Certification Mechanisms or Derogations. Continue Reading EDPB Issues Note on Data Transfers to the UK in the Event of a No-Deal Brexit
On 21 November 2018, the data protection authority of Baden-Württemberg, Germany (the “authority”) imposed a fine of EUR 20,000 against a German social media provider (the “company”) for failing to encrypt user passwords. The authority’s decision marks the first time that a fine was imposed on a company for violating the European General Data Protection Regulation Continue Reading Data Protection Authority Imposes First GDPR Non-Compliance Fine in Germany
On 5 September 2018, the German Data Protection Conference (Datenschutzkonferenz – “DSK”) provided new guidance on the interpretation of Art. 13 of the General Data Protection Regulation (“GDPR”) in the context of medical treatment. The Data Protection Conference consists of all German data protection authorities meeting twice a year with the purpose of safeguarding data protection rights, providing guidance on Continue Reading Doctors Cannot Refuse Treatment Because Patient Refuses to Sign GDPR Information Documents
On 6 September 2018, the German Federal Patent Court denied an application for a (preliminary) compulsory license under a patent related to the treatment of cholesterol-related disorders to the Applicant, group companies of a French pharmaceutical company (Case 3 LiQ 1/18). This decision is in line with previous jurisprudence of the court that has, with very few exceptions, been Continue Reading German Federal Patent Court Denies Compulsory License on Anti-Cholesterol Drug Patent
On 29 May 2018, only five days after the GDPR became applicable, the Regional Court of Bonn issued the first ruling applying the GDPR in Europe (file no. 10 O 171/18). The dispute involved the Internet Corporation for Assigned Names and Numbers (ICANN) and the ICANN-accredited registrar EPAG Domainservices GmbH (EPAG).
On 25 May 2018, the General Data Protection Regulation (GDPR) of the European Union entered into force, accompanied by some uncertainties regarding its application. For example, some legal commentators believe there are “irreconcilable” differences between blockchain technologies and some of GDPR’s core principles, raising doubts as to whether the technology can achieve widespread adoption under the new data protection regime. Continue Reading GDPR Implications for Blockchain and Distributed Ledger Technologies
The UK ratified the Unified Patent Court Agreement (“UPCA”) on 26 April 2018. The UPCA will introduce the Unified Patent Court which will establish a single scheme for patent litigation across contracting Member States.
On 1 March 2018, new arbitration rules of the German Institution of Arbitration (“Deutsche Institution für Schiedsgerichtsbarkeit“, “DIS”) will come into force. The revised DIS Rules are designed to suit the needs of both domestic and international parties. They also aim to enhance the efficiency of arbitration, providing proceedings that are non-bureaucratic, flexible and open to party autonomy.
IP arbitration is a growing trend. Parties to a licensing agreement, to a technology transfer agreement or even competitors fighting over the amount of FRAND royalties for a Standard Essential Patent may wish to refer their dispute to arbitration to keep the dispute confidential and to have IP experts solve the matter as arbitrators. The DIS arbitration rules are not specific to any sector or type of dispute and are also suitable for IP disputes.
View the key amendments to the DIS arbitration rules in the following article by our Arbitration experts Dr. Mark C. Hilgard, Dr. Jan Kraayvanger, Armineh Gharibian, Dr. Nadine Pieper und Ana Bruder: