According to media reports, the first cease-and-desist letters have been issued in relation to alleged violations of the EU General Data Protection Regulation (GDPR). The cease-and-desist letters seem to concern, inter alia, data protection declarations on websites. In particular, the letters seem to address specific website tools (e.g., Google Fonts, Like buttons) and whether their use and description in the data protection declaration is compliant with the GDPR. Continue Reading German Legislature Announces Plans to Prevent Abusive GDPR Cease-And-Desist-Letters

Aktuellen Presseberichten zufolge sind erste Abmahnungen aufgrund von behaupteten Verstößen gegen die EU Datenschutzgrundverordnung (DSGVO) ergangen. Die ergangenen Abmahnungen betrafen etwa Datenschutzerklärungen auf Web-Seiten; im Konkreten die datenschutzkonforme Einbindung und Beschreibung von bestimmten Tools (bspw. Google-Fonts, Like Buttons). Continue Reading Deutsche Gesetzesinitiativen wollen rechtsmissbräuchliche DSGVO-Abmahnungen verhindern

On 12 June 2018, the Court of Justice of the European Union (CJEU) ruled that Christian Louboutin’s red sole trademark was valid (Case C-163/16). The decision comes after years of litigation between Louboutin and Dutch footwear company Van Haren over the scope and validity of Louboutin’s trademark. Continue Reading Court of Justice of the EU: Louboutin’s Red Sole Trademark Is Valid

On 29 May 2018, only five days after the GDPR became applicable, the Regional Court of Bonn issued the first ruling applying the GDPR in Europe (file no. 10 O 171/18). The dispute involved the Internet Corporation for Assigned Names and Numbers (ICANN) and the ICANN-accredited registrar EPAG Domainservices GmbH (EPAG).

Continue Reading First Decision Applying the GDPR Issued by the Regional Court of Bonn (Germany)

On 25 May 2018, the General Data Protection Regulation (GDPR) of the European Union entered into force, accompanied by some uncertainties regarding its application. For example, some legal commentators believe there are “irreconcilable” differences between blockchain technologies and some of GDPR’s core principles, raising doubts as to whether the technology can achieve widespread adoption under the new data protection regime.  Continue Reading GDPR Implications for Blockchain and Distributed Ledger Technologies

The European Union (“EU”) General Data Protection Regulation 2016 (“GDPR”) entered into effect on 25 May 2018. A brief summary of the GDPR can be found in our Legal Update.

Organisations in Hong Kong may need to comply with the GDPR if it (1) has an establishment in the EU, where personal data is processed in the context of the activities of the establishment, regardless Continue Reading Privacy Commissioner for Personal Data Issues Booklet on how Hong Kong Businesses Should Prepare for GDPR

The 13th People’s National Congress (“NPC”) recently approved the State Council’s proposal to restructure China’s State Intellectual Property Office (“SIPO”). The proposal intends to consolidate the administration of trademarks and patents and to streamline the enforcement of IPR in China. Continue Reading China Unveils Plan to Restructure State Intellectual Property Office

In April 2018, Amazon Technologies, Inc., a subsidiary of e-commerce giant Amazon, was granted a patent relating to a “technology for a streaming data marketplace” by the United States Patent and Trademark Office (USPTO). The technology underlying the patent is described as gathering (online) data streams from various sources and enhancing those streams “by correlating the raw data with additional data.” The patent description lists a number of potential use cases for the streaming data feeds that participants in the market place are offering subscriptions to. One notable use case relates to “bitcoin transactions,” with the ultimate goal of identifying users of the virtual currency by their Bitcoin addresses. Continue Reading The Bitcoin Implications of Amazon’s New Streaming Data Patent

On 1 May 2018, the “Information Security Technology – Personal Information Security Specification” (PI-Specification) by China’s National Information Security Standardization Technical Committee (NISSTC) will come into effect. The PI-Specification, inter alia, provides guidance on the collection, storage, use, transfer and disclosure of personal information. While the PI Specification is voluntary and not legally binding, it is likely that Chinese regulators will take into account breaches of the PI Specification when enforcing cybersecurity obligations.

The requirements for the collection, use, and storage of personal information are briefly outlined below. Continue Reading China Issues New Standards on Personal Information Security