An extract from The Technology Disputes Law Review, 1st Edition
Overviewi Intellectual property disputes
Luxembourg has a long history of protecting intellectual property (IP) rights, and especially patents, trademarks, designs and copyrights (including software) and related rights.
Luxembourg patents are governed by the Law of 20 July 1992 on patents, as amended. A Luxembourg patent provides protection for a maximum of 20 years. Luxembourg patents are granted for inventions that are new, involve an inventive step, are likely to have an industrial application and are not excluded from patentability (as is the case for computer programs). Computer programs may, however, be indirectly covered by a patent. Luxembourg patents must be filed with the Intellectual Property Office of the Luxembourg Ministry of Economy.
Copyrights and related rights are governed by the Law of 18 April 2001 on copyright, related rights and databases, as amended (the Copyright Law). This Law protects works of a literary or artistic nature of any kind, including databases and computer programs, in principle for 70 years from the death of the author. Copyright protection applies to the structure of databases that possess a level of creativity or originality in the arrangement of content and constitute their authors' own intellectual creation. Copyright protection does not extend to the contents of the database. Producers of a database also have a specific right (sui generis right) when they show a substantial investment (qualitatively or quantitatively, or both) in the obtaining, verification or presentation of the contents of the database.2
The look and feel of the graphical interface of a piece of software, an application or a website can be protected by copyright if they are original (i.e., bear their author's personality) and can also be protected as a registered design. In Luxembourg, registered designs are protected at Benelux level in compliance with the Benelux Convention on Intellectual Property of 16 May 2006, as amended (the Benelux Convention) or as a Community design at EU level. A design protects the appearance of a product (features, shapes, lines, contours, ornamentations, etc.). It must be new and have an individual character. A design gives the right holder an exclusive right for a period of five years, which can be extended for four consecutive periods up to a maximum total of 25 years.
It is also possible to register as a trademark the logos, icons or other distinctive signs used for an interface and contributing to its look and feel. As with designs, there are no Luxembourg-specific trademarks. Trademarks are protected either through Benelux trademarks, which are governed by the Benelux Convention and administered by the Benelux Office for Intellectual Property, or EU trademarks. A Benelux trademark covers the entire territory of the Netherlands, Belgium and Luxembourg and is valid for 10 years from the date of filing of the application. It can be renewed indefinitely for further periods of 10 years.
The Law of 22 May 2009 on the enforcement of intellectual property rights (the Enforcement Law), implementing Directive 2004/48/EC of 29 April 2004, has harmonised the civil procedures open to IP right owners to protect their rights, as well as the compensation they may receive as damages in cases of infringement, thus clearly facilitating the fight against IP rights infringements.
Most technology disputes consist in copyright infringement (use of software without permission or in violation of the terms of the licence granted).
Additionally, a law on trade secrets entered into force in Luxembourg on 26 June 2019 (the Trade Secrets Law), implementing Directive (EU) 2016/943 on the protection of undisclosed know-how and business information against their unlawful acquisition, use and disclosure. This Law lays down rules on protection against the unlawful acquisition, use and disclosure of trade secrets. Confidential information can also be protected under Luxembourg law through:
- civil liability (unfair competition or passing off);
- contractual liability (breach of a non-disclosure agreement or confidentiality clause); and
- criminal law (disclosure of trade secret by an employee or director).
Disputes regarding system development and service delivery are quite frequent in Luxembourg. These are usually complex cases, requiring the assistance of a lawyer with specialised knowledge of information technology (IT) law. They are often settled amicably, to avoid reputational risk.
Difficulties frequently arise from the fact that the contractual framework for an IT project is not well thought out beforehand. It is, however, of utmost importance to establish at all levels of the service or system each party's undertakings (i.e., who does what and how) and to anticipate the risks (e.g., who is responsible in the event of difficulties, how to get out of the contract and what the applicable penalties are). Also, given that the Grand Duchy of Luxembourg operates in a very international context, determining in advance which jurisdictions will be competent in the event of litigation can prove decisive.
This is particularly true for maintenance contracts. To avoid any uncertainty or risk of inconsistency, maintenance must be negotiated during the discussions on the development contract or the licence agreement. The ability and willingness of the service provider to maintain the software should be taken into account by the client in the selection of the service provider. Similarly, the terms and conditions of maintenance (e.g., the possibility of benefiting from new versions) may influence the conditions (in particular the price) of the development or licence.
The service level agreement (SLA) should be written in such a way that it allows for the effective management of the service and reduces conflict areas by eliminating unrealistic expectations. In this respect, note that in the event of contractual non-performance by the service provider (e.g., refusal to carry out maintenance), the client may have the service provider ordered to carry out maintenance under contractual penalty payment terms, or be authorised by the judge to have the software maintained by another service provider at the expense of the first. A key point here is the access to the software source code, which should ideally be put under escrow in the hands of a third party.
Indeed, if not regulated contractually, access to the source code can be difficult to negotiate in the event of a dispute – and this is frequently a source of dispute. This is why it is strongly advised to stipulate in the contract that the client can access the source code in the event of a contractual breach by the supplier or in the event that the supplier faces insolvency proceedings. To this end, the use of an escrow clause is highly recommended.iii Data processing disputes
Data protection litigation is relatively recent in Luxembourg and coincides with the entry into force of the EU General Data Protection Regulation (GDPR).3 In fact, previously, the Luxembourg supervisory data protection authority (CNPD) was very cautious about imposing sanctions. Since the adoption of the GDPR and the reinforcement of the sanctioning powers of the European data protection supervisory authorities, the CNPD has acquired greater human resources and it initiated several audit campaigns in 2018 relating to the function of data protection officer and to video surveillance and geolocation. Eight decisions imposing administrative fines were taken in June and July 2021. The amount of the fines is low (on average around €2,000, with a maximum of €18,000) compared to other jurisdictions.
This increase in the CNPD's investigative and sanctioning activities has led to increased litigation before the administrative courts, and more litigation is expected in the coming years.iv Other disputes
Where the claimant does not hold any IP right on which to base its action (for example, to defend an underlying concept or idea), a technology dispute may be tackled through either unfair competition or passing-off legislation.
Other disputes that are quite frequent consist in defamation and other offences committed via the internet or social media.
Finally, a large number of Luxembourg entities have entered into cloud computing contracts (infrastructure as a service (or IaaS), platform as a service (or PaaS), and software as a service (or SaaS)) to manage their IT infrastructures. These complex contracts require compliance with both civil contract law and the GDPR and, where applicable, with specific regulations applying to the financial sector, also with high security standards. Like other countries, the Grand Duchy of Luxembourg is not immune to cyberattacks of all kinds, and disputes may arise in this context in the event of breaches of information systems security.