On 13 September 2018, institutions in the European Union (EU) started negotiations to reach a final agreement on the EU Cybersecurity Act (Act). When adopted, the Act will create EU cybersecurity certification schemes for ICT products (i.e., hardware and software elements of network and information systems); services (i.e., services involved in transmitting, storing, retrieving or processing information via network and information systems); and processes (i.e., Continue Reading The Clock Is Ticking: Negotiating an Enhanced EU Cybersecurity Framework
On 16 July 2018, the District Court of Gießen, Germany, ruled that a custodian’s representation rights also cover consent to data processing activities related to the person under custodianship. Under the EU General Data Protection Regulation (GDPR), the processing of personal data is, in principle, prohibited unless there is a legal basis for such processing. Pursuant to Art. 6 para. 1 lit. a) GDPR, one possible legal basis is the data subject’s consent. However, the legitimacy of a declaration of consent may be in doubt if Continue Reading German Court Issues GDPR Ruling on Data Subject’s Consent for Persons Under Custodianship
Pursuant to the “license barrier” rule in Sec. 4j German Income Tax Act, newly introduced as of 1 January 2018, arm’s length business expenses of a company incurred for the right to use intellectual property (“IP”) and certain other rights are not fully deductible from the income tax base, if (i) the corresponding licensing income of the licensor is taxed at a rate lower than 25% (“Preferential Taxation”), (ii) this low tax rate is not the standard tax rate applicable in the respective jurisdiction Continue Reading Limited German Tax Deductibility of Low-Taxed License Payments Made to Related US Entities
According to media reports, the first cease-and-desist letters have been issued in relation to alleged violations of the EU General Data Protection Regulation (GDPR). The cease-and-desist letters seem to concern, inter alia, data protection declarations on websites. In particular, the letters seem to address specific website tools (e.g., Google Fonts, Like buttons) and whether their use and description in the data protection declaration is compliant with the GDPR. Continue Reading German Legislature Announces Plans to Prevent Abusive GDPR Cease-And-Desist-Letters
Aktuellen Presseberichten zufolge sind erste Abmahnungen aufgrund von behaupteten Verstößen gegen die EU Datenschutzgrundverordnung (DSGVO) ergangen. Die ergangenen Abmahnungen betrafen etwa Datenschutzerklärungen auf Web-Seiten; im Konkreten die datenschutzkonforme Einbindung und Beschreibung von bestimmten Tools (bspw. Google-Fonts, Like Buttons). Continue Reading Deutsche Gesetzesinitiativen wollen rechtsmissbräuchliche DSGVO-Abmahnungen verhindern
On 12 June 2018, the Court of Justice of the European Union (CJEU) ruled that Christian Louboutin’s red sole trademark was valid (Case C-163/16). The decision comes after years of litigation between Louboutin and Dutch footwear company Van Haren over the scope and validity of Louboutin’s trademark. Continue Reading Court of Justice of the EU: Louboutin’s Red Sole Trademark Is Valid
On 29 May 2018, only five days after the GDPR became applicable, the Regional Court of Bonn issued the first ruling applying the GDPR in Europe (file no. 10 O 171/18). The dispute involved the Internet Corporation for Assigned Names and Numbers (ICANN) and the ICANN-accredited registrar EPAG Domainservices GmbH (EPAG).
On 25 May 2018, the General Data Protection Regulation (GDPR) of the European Union entered into force, accompanied by some uncertainties regarding its application. For example, some legal commentators believe there are “irreconcilable” differences between blockchain technologies and some of GDPR’s core principles, raising doubts as to whether the technology can achieve widespread adoption under the new data protection regime. Continue Reading GDPR Implications for Blockchain and Distributed Ledger Technologies
The European Union (“EU”) General Data Protection Regulation 2016 (“GDPR”) entered into effect on 25 May 2018. A brief summary of the GDPR can be found in our Legal Update.
Organisations in Hong Kong may need to comply with the GDPR if it (1) has an establishment in the EU, where personal data is processed in the context of the activities of the establishment, regardless Continue Reading Privacy Commissioner for Personal Data Issues Booklet on how Hong Kong Businesses Should Prepare for GDPR
The 13th People’s National Congress (“NPC”) recently approved the State Council’s proposal to restructure China’s State Intellectual Property Office (“SIPO”). The proposal intends to consolidate the administration of trademarks and patents and to streamline the enforcement of IPR in China. Continue Reading China Unveils Plan to Restructure State Intellectual Property Office