A political agreement was reached between the European Parliament, the Council of the European Union (EU) and the European Commission on the EU Cybersecurity Act (Act) and announced on December 10, 2018. The pace of the adoption of the Act (with less than three months of discussions among the EU institutions) confirms that cybersecurity is high on the EU political agenda.
Continue Reading

Although the EU General Data Protection Regulation (the “GDPR”) entered into force on 25 May 2018, and the obligations under the GDPR have since taken effect, there remain significant uncertainties as regards enforcement. In particular, the application of the GDPR’s fining provisions – arguably the key concern for companies commercially – raises several issues,
Continue Reading

On 13 November 2018, the Court of Justice of the European Union (CJEU) ruled that the taste of a food product could not be classified as a ”work” within the meaning of Directive 2001/29/EC and that national member state legislation could not be interpreted differently (Case C-310/17). While the CJEU did not deny the copyrightability of tastes in principle, it
Continue Reading

The UK government has published a series of four technical notices on intellectual property in the event of the UK leaving the EU on 29 March 2019 without an agreement (a ‘no deal Brexit’).  The technical notices were published on 24 September 2018 and cover: Trade marks and designs; Patents; Copyright; and Exhaustion of intellectual property rights. The notices set out the UK government’s
Continue Reading

On 13 September 2018, institutions in the European Union (EU) started negotiations to reach a final agreement on the EU Cybersecurity Act (Act). When adopted, the Act will create EU cybersecurity certification schemes for ICT products (i.e., hardware and software elements of network and information systems); services (i.e., services involved in transmitting, storing, retrieving or processing information via network and information systems); and processes (i.e.,
Continue Reading

On 16 July 2018, the District Court of Gießen, Germany, ruled that a custodian’s representation rights also cover consent to data processing activities related to the person under custodianship. Under the EU General Data Protection Regulation (GDPR), the processing of personal data is, in principle, prohibited unless there is a legal basis for such processing. Pursuant to Art. 6 para. 1 lit. a) GDPR, one possible legal basis is the data subject’s consent. However, the legitimacy of a declaration of consent may be in doubt if
Continue Reading

According to media reports, the first cease-and-desist letters have been issued in relation to alleged violations of the EU General Data Protection Regulation (GDPR). The cease-and-desist letters seem to concern, inter alia, data protection declarations on websites. In particular, the letters seem to address specific website tools (e.g., Google Fonts, Like buttons) and whether their use and description in the data protection declaration is compliant with the GDPR.
Continue Reading

Aktuellen Presseberichten zufolge sind erste Abmahnungen aufgrund von behaupteten Verstößen gegen die EU Datenschutzgrundverordnung (DSGVO) ergangen. Die ergangenen Abmahnungen betrafen etwa Datenschutzerklärungen auf Web-Seiten; im Konkreten die datenschutzkonforme Einbindung und Beschreibung von bestimmten Tools (bspw. Google-Fonts, Like Buttons).
Continue Reading

On 29 May 2018, only five days after the GDPR became applicable, the Regional Court of Bonn issued the first ruling applying the GDPR in Europe (file no. 10 O 171/18). The dispute involved the Internet Corporation for Assigned Names and Numbers (ICANN) and the ICANN-accredited registrar EPAG Domainservices GmbH (EPAG).

Continue Reading