NEWSLETTER I INTELLECTUAL PROPERTY, MEDI A AND IT
CONTENTS INTELLECTUAL PROPERTY, MEDIA AND IT NEWSLETTER I 1ST QUARTER 2017
I THE "10 MEASURES TO PREPARE THE APPLICATION OF THE EUROPEAN DATA PROTECTION REGULATION"
2
II LEGISLATION
3
III CASE LAW
4
IV RESOLUTIONS, RECOMMENDATIONS, OPINIONS AND OTHERS
5
INTELLECTUAL PROPERTY, MEDIA AND IT NEWSLETTER
I THE "10 MEASURES TO PREPARE THE APPLICATION OF THE EUROPEAN DATA PROTECTION REGULATION"
On 28 January 2017, the European Data Protection Day, the National Data Protection Commission published "10 Measures to Prepare the Application of the European Data Protection Regulation".
This albeit brief document concerning all the significant innovations that are introduced b y Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("Regulation") and will have a significant impact on companies and public bodies that process personal data is of considerable interest because it sets out the ten areas which the National Data Protection Commission considers currently most important and which companies and public bodies that process personal data must immediately start to adopt, so that on 25 May 2018, the date on which the Regulation will apply, they comply with the obligations foreseen in the Regulation, thus avoiding the heavy penalties it establishes (fines up to 20,000,000.00 or 4% of the company or group's total worldwide annual turnover).
In short, the 10 Measures referred to above establish the following:
- Information to be provided to data subjects at the time of the data collection, the data controller must inform the data subject of the legal basis for processing the data, the time limit for retention of data and provide details of any international data transfers, etc. This information must be clear, transparent, concise, intelligible, easily accessed and simple;
- Exercising the rights of the data subject all data processing must be properly documented. Furthermore, the rights of the data subject are extended compared to current law, with the emergence of the right to limitation of data processing to the purpose for which the data were collected, the right to data portability and new requirements concerning the right to deletion of data and notification to third parties on rectification, erasure or restriction of processing requested by the data subject;
- Consent of data subjects based on the Regulation, consent must be prior, formal and express, for which reason companies and public entities must very carefully verify how they obtained consent from the data subject to process the data;
- Sensitive data it must be taken into consideration that the Regulation extended the category of data that are considered sensitive, requiring companies and public entities that process such data to appoint a data controller;
WWW.CUATRECASAS.COM
NEWSLETTER I INTELLECTUAL PROPERTY, MEDIA AND IT 2/6
- Documentation and register of processing activities there must be detailed documentation and a detailed register of all activities concerning the processing of personal data and such documentation and register must be maintained to prove compliance with the obligations foreseen in the Regulation;
- Processing contracts companies and public entities who process personal data must review all processing contracts to ensure that they comply with all the obligations foreseen in the Regulation;
- Data controller public entities (regardless of type of data processed) and companies that process sensitive data must appoint a data controller and companies that process data other than sensitive data, but do so in bulk;
- Technical and organisational measures and processing security measures to be adopted public entities and companies must review these measures in order to comply with the obligations foreseen by the Regulation, particularly to guarantee the confidentiality and integrity of the data and to prevent accidental or unlawful destruction, loss or modification, or unauthorised disclosure or access to personal data;
- Data protection by design and impact assessment companies or public entities are required to assess the impact on data protection before processing the data, so that appropriate measures can be taken to reduce the risks associated with data processing, and
- Notification of security breaches only breaches of personal data that may result in risk to the rights of data subjects must be reported to the control authority, but all breaches must be duly documented. Furthermore, in situations in which there is a high risk for data subjects, they must be notified and an analysis must be made from the start of the data types and their processing, to assess the potential risk in the event of a security breach.
II LEGISLATION
Proposal for a Regulation of the European Parliament and of the Council
This Proposal for a Regulation concerns the respect for private life and the protection of personal data in electronic communications and revokes Directive 2002/58/EC (Regulation on Privacy and Electronic Communications).
http://eur-lex.europa.eu/legalcontent/en/txt/pdf/?uri=celex:52017pc0010&from=en
WWW.CUATRECASAS.COM
NEWSLETTER I INTELLECTUAL PROPERTY, MEDIA AND IT 3/6
III CASE LAW
Judgment of the Court of Justice (Second Chamber), of 2017-02-16. Case C-641/15 (Reference for a preliminary ruling -- Directive 2006/115/EC -- Article 8(3) -- Exclusive right of broadcasting organisations -- Communication to the public -- Places accessible to the public against payment of an entrance fee -- Communication of broadcasts by TV sets installed in hotel rooms)
Article 8(3) of Directive 2006/115/EC of the European Parliament and of the Council of 12 December 2006 on rental right and lending right and on certain rights related to copyright in the field of intellectual property must be interpreted as meaning that the communication of television and radio broadcasts by means of TV sets installed in hotel rooms does not constitute a communication made in a place accessible to the public against payment of an entrance fee.
Judgment of the Court of Justice of the European Union (Second Chamber), of 2017-0315. Case C-536/15 (Preliminary ruling concerning whether an undertaking is required to make its data relating to subscribers available to a provider of directory enquiry services and directories established in another Member State and, if so, whether it is necessary to leave the subscribers with the choice whether or not to give their consent depending on the country in which the undertaking requesting information provides its services, and how to balance respect for the principle of non-discrimination and privacy).
Article 25(2) of Directive 2002/22/EC of the European Parliament and of the Council of 7 March 2002 on universal service and users' rights relating to electronic communications networks and services, as amended by Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009, must be interpreted as meaning that the concept of `requests' in that article, covers also requests made by an undertaking, established in a Member State other than that in which the undertakings which assign telephone numbers to subscribers are established, which requests the relevant information possessed by those undertakings in order to provide publicly available telephone directory enquiry services and directories in that Member State and/or in other Member States.
Article 25(2) of Directive 2002/22, as amended by Directive 2009/136, must be interpreted as precluding an undertaking which assigns telephone numbers to subscribers, and which is obliged under national legislation to request those subscribers' consent to the use of data relating to them for the purposes of supplying directory enquiry services and directories, from differentiating in the request for those subscribers' consent to that use according to the Member State in which the undertakings requesting the information referred to in that provision provide those services.
WWW.CUATRECASAS.COM
NEWSLETTER I INTELLECTUAL PROPERTY, MEDIA AND IT 4/6
Judgment of the Court of Justice (Second Chamber), of 2017-03-09. Case C-398/2015 (Reference for a preliminary ruling concerning the interpretation of Article 3 of the First Council Directive 68/151/EEC, of 9 March 1968, on co-ordination of warranties which, for the protection of the interests of shareholders/partners and others, are required by Member States of companies within the meaning of the second paragraph of Article 58 of the Treaty, with a view to making such warranties equivalent throughout the Community, as amended by Directive 2003/58/EC of the European Parliament and of the Council of 15 July 2003 and Article 6(1)(e) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data).
It is for the Member States to determine whether natural persons may apply to the authority responsible for keeping, respectively, the central registry, commercial registry or companies registry to determine, on the basis of a case-by-case assessment, if it is exceptionally justified, on compelling legitimate grounds relating to their particular situation, to limit, on the expiry of a sufficiently long period after the dissolution of the company concerned, access to personal data relating to them, entered in that registry, to third parties who can demonstrate a specific interest in consulting that data.
IV RESOLUTIONS, RECOMMENDATIONS, OPINIONS AND OTHERS
Opinion 3/15 of the Court of Justice of the European Union, of 2017 -02-14.
In this opinion, the Court of Justice of the European Union the EU, acting on its own, may conclude the Marrakesh Treaty on access to published works for persons who are visually impaired.
The Treaty may affect common EU rules relating to copyright protection, for which reason the Court concludes that the EU has exclusive competence and that the treaty may be concluded by the EU acting on its own, without the participation of the Member States.
Council conclusions on the Commission Notice on certain Articles of Directive 98/44/EC of the European Parliament and of the Council on the legal protection of biotechnological inventions.
The Council called on the Commission to:
a) continue to analyse, as regards conditions for compulsory cross-licensing, issues related to significant technical progress of considerable economic value for the plant variety or invention and also continue to analyse issues related to the scope of protection of patents, as such analyses could be helpful in the development of new varieties based on existing patented genes;
WWW.CUATRECASAS.COM
NEWSLETTER I INTELLECTUAL PROPERTY, MEDIA AND IT 5/6
b) present in 2017, on the basis of Article 16(c) of Directive 98/44/EC, a report on the development and implications of patent law in the field of biotechnology and genetic engineering, so as to address remaining issues identified by the expert group and that may need to be clarified in order to increase certainty in this field.
Electronic Book of Complaints requires prior Data Protection assessment
The Electronic Book of Complaints, which the Government wishes to launch in July, requires prior assessment by the National Data Protection Commission (CNPD) and the information to be provided must be "clear", the Commission warns in an opinion requested by the Ministry of Economic Affairs, published on the commission website on 9 March 2017.
CONTACT
CUATRECASAS, GONALVES PEREIRA & ASSOCIADOS, RL Sociedade de Advogados de Responsabilidade Limitada
LISBOA Praa Marqus de Pombal, 2 (e 1-8) I 1250-160 Lisboa I Portugal Tel. (351) 21 355 3800 I Fax (351) 21 353 2362 [email protected] I www.cuatrecasas.com
PORTO Avenida da Boavista, 3265 - 5.1 I 4100-137 Porto I Portugal Tel. (351) 22 616 6920 I Fax (351) 22 616 6949 [email protected] I www.cuatrecasas.com
This Newsletter was prepared by Cuatrecasas, Gonalves Pereira & Associados, RL for information purposes only and should not be understood as a form of advertising. The information provided and the opinions expressed herein are of a general nature and should not, under any circumstances, be a replacement for adequate legal advice for the resolution of specific cases. Therefore, Cuatrecasas, Gonalves Pereira & Associados, RL is not liable for any possible damages caused by its use. Access to the information provided in this Newsletter does not imply the formation of a lawyer-client relationship or of any other sort of legal relationship. This Newsletter is published free of charge and may not be copied or distributed without formal prior consent. If you do n ot wish to continue receiving this Newsletter, please send an e-mail to [email protected].
WWW.CUATRECASAS.COM
NEWSLETTER I INTELLECTUAL PROPERTY, MEDIA AND IT 6/6