Photo of Dr. Ulrich Worm

Ulrich Worm is a partner in the Frankfurt office of Mayer Brown and heads the German Intellectual Property practice. His practice focuses on technology related advice.

Ulrich advises clients in IP related matters, including patent, trade secrets, design right, trademark and copyright matters as well as on licensing, co-operation and other technology transfer agreements. He represents clients in patent infringement and nullity proceedings and in trade secrets litigation cases before courts in Germany. In addition to litigating IP cases before German courts, he coordinates pan-European and cross-Atlantic litigation cases. Further to his IP litigation practice, Ulrich advises on patent related matters such as patent license and other technology transfer agreements and is experienced in fighting counterfeiting of patent, design right and trademark protected products.

His practice further covers IT-related matters, including advising on cloud services, software licensing agreements, SaaS agreements, software development projects, e-commerce, and related data protection and privacy questions.

Read Ulrich's full bio.

 

On 1 October 2019, the Court of Justice of the European Union (CJEU) ruled on a number of questions which, inter alia, relate to the validity of consent to cookies “by way of a pre-checked checkbox” (Case C 673/17). Although the questions referred to the CJEU primarily related to provisions of the Privacy and Electronic Communications Directive (2002/58/EG), the CJEU stated that the questions  must be answered also in regard to the EU General Data Protection Regulation (GDPR).
Continue Reading

According to recent press reports, the German data protection authorities have agreed on a new way to calculate administrative fines under the General Data Protection Regulation (“GDPR”). The new scoring model, which has not yet been officially published, could make fines of tens of millions of euros a reality in Germany. In contrast to their French and UK counterparts, Germany’s data protection authorities have so far been more restrictive in imposing GDPR fines.
Continue Reading

In the world of intellectual property rights, there are cracks the law doesn’t reach—areas that do not sit squarely within copyright, patent, or trade secret law. Data is one of those areas. To protect their investments in data, businesses must mortar over the gaps. As part of our Technology Transactions Webinar Series, we will discuss the trowels for the job. The webinar will take place on Tuesday, July 23, 2019, 11:00 a.m. – 12:00 p.m. EDT.
Continue Reading

In today’s interconnected, “always-on” environment, it is easy to forget how dependent we all are on records and, more importantly, on the people we trust to make these records correctly and to hold them securely. One solution has been the “trusted third party,” who maintains a single ledger for a group. Blockchain is another solution. From a legal perspective, there are challenges with both the blockchain technology and the idea of adopting smart contracts. Mayer Brown partner Oliver Yaros shares his insights as part of our Tech Talks video series.
Continue Reading

On 21 March 2019, Advocate General (AG) Maciej Szpunar delivered his opinion on a number of questions which, inter alia, relate to the validity of consent to cookies “by way of a pre-checked checkbox” (Case C 673/17). While the questions referred to the Court of Justice of the European Union (CJEU) primarily related to provisions of the Privacy and Electronic Communications Directive (2002/58/EG), the AG stated that the principles established in his opinion were equally valid for the EU General Data Protection Regulation (GDPR).
Continue Reading

On 13 February 2019, the data protection officer for the German state of Baden-Wuerttemberg published a guideline on password security under the EU General Data Protection Regulation (GDPR). The guideline aims to advise data controllers (e.g., service providers, administrators) on how to set up effective password policies and securely store passwords, and data subjects (users) on how to choose secure passwords.
Continue Reading

According to recent press reports, since the EU General Data protection Regulation (GDPR) came into force in May 2018, German data protection authorities have issued 41 GDPR-related fines. The highest fine in a single case is reported to have been EUR 80,000, and the majority of fines (33) originated from the state of North-Rhine Westphalia.
Continue Reading

On 12 February 2019, the European Data Protection Board (EDPB) adopted an information note “on data transfers under the GDPR in the event of a no-deal Brexit.” According to the note, as of 30 March 2019, transfers of personal data from the European Economic Area (EEA) to the UK must be based either on Standard or ad hoc Data Protection Clauses, Binding Corporate Rules, Codes of Conduct, Certification Mechanisms or Derogations.
Continue Reading

On 21 November 2018, the data protection authority of Baden-Württemberg, Germany (the “authority”) imposed a fine of EUR 20,000 against a German social media provider (the “company”) for failing to encrypt user passwords. The authority’s decision marks the first time that a fine was imposed on a company for violating the European General Data Protection Regulation
Continue Reading

On 5 September 2018, the German Data Protection Conference (Datenschutzkonferenz – “DSK) provided new guidance on the interpretation of Art. 13 of the General Data Protection Regulation (“GDPR”) in the context of medical treatment. The Data Protection Conference consists of all German data protection authorities meeting twice a year with the purpose of safeguarding data protection rights, providing guidance on
Continue Reading