Intellectual propertyi Brand protection and search
The key intellectual property rights involved are trademarks, designs, domain names, copyright, database and know-how rights (patent rights are usually not relevant). Although copyright is not registrable in Germany, trademarks are, and franchisors can choose whether to register them as domestic German or European Union trademarks (EUTM) or international registrations. The registration fee for an application for a German registration is €300 with a discount of €10 should the registration be made online. A fast-tracked examination is available for an additional fee of €200. If more than three classes of goods and services are requested, a fee of €100 for each additional class will be charged.
Not surprisingly, however, most franchisors opt for EUTM registrations rather than German domestic registrations, although domestic registration is more common if it is a German-language mark used solely for a domestic German business. Franchisors can extend their trademarks to Germany as part of an international registration or subsequent designation, as Germany is a party to the Madrid Protocol.
Germany is a first-to-file jurisdiction, although unregistered marks can be acquired by way of usage if they have acquired a reputation in Germany, and Article 6 of the Paris Protocol also ensures that 'well-known marks' can be protected even if there is no evidence of use in Germany. The German Unfair Competition Act provides relevant supplementary protection to trademarks.
In addition to pure trademark protection, the German Trademark Act also grants special protection for trade designations, which could be business names or titles of works. Their protection does not require a registration, but rather a certain level of usage of the trade designation by the proprietor.
As trade designations are not contained within the trademark register, special search tools are required to identify existing prior third-party rights.ii Enforcement
Trademark proprietors are entitled to commence enforcement proceedings based upon their trademark rights. It is possible to obtain a preliminary injunction in Germany, even without an oral hearing, within a very short time ('urgency period'), but any delay in issuing proceedings can mean that this right may fall away. Both parties must be represented before the court by a lawyer admitted to the German Bar.
German litigation lawyers usually work on an hourly fee arrangement – conditional fees are generally not compliant with German Bar rules. In German litigation, the English rule applies, so attorneys' fees are usually paid by the losing party to the winning party. The amount to be refunded is, however, limited by the Attorney's Remuneration Act and, as a result, the winning party may end up bearing part of its own attorney's fees.iii Data protection, social media and e-commerce
The rules of data protection law play an important role in any dealings with the personal data of end users (and employees); these rules have a significant impact, for example, when franchisors run loyalty programmes and promotional campaigns. The former German Federal Data Protection Act (GDPA), which was based on the EU Data Protection Directive 95/46/EC, has been replaced by the General Data Protection Regulation (Regulation (EU) 2016/779 (GDPR) since 25 May 2018, and it must be read in conjunction with national derogations laid down in the new GDPA. Any processing of personal data by the franchisee (and franchisor) must be based on the consent of the data subject or legal justification under law. Wherever a data controller transfers data outside the EU or EEA, for example, into the United States, measures to ensure an adequate level of data protection compliance must be met by suitable means, such as data subject consent, the EU Model Contract Clauses, Binding Corporate Rules (for transfers within corporate organisations) or the EU–US Privacy Shield Framework (the Privacy Shield). Where a data controller instructs a data processor to process data on its behalf and subject to its instructions within the EU, the parties have to enter into a commissioned data processing agreement. Under the GDPR (Article 28), the data processor assumes a higher level of liability towards the data subject and the authorities for complying with data protection law, whereas under the former GDPA only the data controller was responsible towards the data subject and the authorities. Data protection authorities have issued further guidance on the requirements regarding processor obligations and liability. Franchisors and franchisees must, however, also consider whether they could be tied into joint controllership, namely where they jointly determine the means and purposes of processing personal data (Article 26 GDPR). Depending on the circumstances, this can well be the case; for example, where a franchisor provides infrastructure or a platform, or both of these, for the franchisees to jointly process end customer data. As a result, both parties will have to define their joint controllership in a relevant agreement, or in an annex to their franchise agreement, pursuant to Article 26 GDPR, as well as having to be aware of their joint and several liability towards the data subjects and authorities (Article 82(4) GDPR).
Notably, each regional state in Germany has its own data protection authority, which can take slightly different views on interpreting and enforcing the law. However, under the GDPR, the possible scope of interpretation has now narrowed down, given its universal application throughout the EU and EEA; additionally the newly established European Data Protection Board will play an important role in giving further guidance; the GDPR also provides for other forms of secondary law that may take consideration of particular industry and sector practices, such as codes of conduct (Articles 40, 41 GDPR) and certifications (Articles 42, 43 GDPR).
Further to that, there are also various sector-specific regulations, such as those that apply to providers of telemedia services under the German Telemedia Act, which is relevant for online marketing and user-tracking activities, or to internet service providers. Lack of compliance with data protection laws and those of the Telemedia Act can lead to serious consequences, including monetary fines and cease-and-desist orders, as well as reputational issues and negative publicity in Germany.
Social media monitoring, as well as active marketing through social media, raises a considerable number of issues under the GDPR – as was previously the case under German privacy rules, which is why use of these channels is typically less developed than in other European jurisdictions. Accordingly, taking proper legal advice on a case-by-case basis is required for activities in this field.
German regulations on e-commerce mainly derive from EU legislation, such as the directives on distance selling and on consumer rights. E-commerce providers need to observe a variety of information obligations; failure to comply with these obligations can trigger extended rights of withdrawal for consumers, as well as possible competitor actions.
On the basis of unfair competition law, competitors as well as competition associations, qualified consumer protection associations and chambers of industry and commerce, or craft chambers, can launch cease-and-desist actions against market players that do not 'play by the rules' with regard to compliance with requirements on electronic contracting, information obligations, unlawful advertising or even, in certain circumstances, presenting clauses in standard terms of business that are partially or entirely unenforceable. Given the quick reaction times and the speed of courts in granting injunctions (including ex parte injunctions), businesses need to pay particular attention to the potential pitfalls in the area of unfair competition law.