FIGHTING THE MISAPPROPRIATION OF TRADE SECRETS
Information, knowledge, inventiveness and creativity are the raw materials of the economy in the coming years. Enterprises, irrespective of their size, value trade secrets as much as patents and other forms of intellectual property right and use confidentiality to foster business competitiveness and research innovation. Trade secrets cover a wide range of information, which also extends beyond technological knowledge to commercial data such as information on customers and suppliers, business plans or market research and strategies.
European enterprises, however, are also increasingly exposed to the misappropriation of trade secrets, committed by competitors or even their own employees. Once such misappropriation surfaces, enterprises must act promptly to stop further leakage of information and to prevent the unlawful use and further disclosure of misappropriated trade secrets by third parties. At the early stages of each investigation of IP-theft, time is always of the essence.
In a recent decision, the Austrian Supreme Court had to decide on the level of detail a plaintiff has to present to the court when applying for an interim injunction prohibiting the use of trade secrets. In the case at hand, employees had downloaded several thousand critical files, before leaving the client's enterprise for employment by a direct competitor. The downloads had been protocolled by a so-called "data loss prevention software" (DLP-software) and categorized in critical data (red) and non-sensitive information (green). Since an exact description of each individual file was not reasonable, given the time pressure, Wolf Theiss decided to identify striking examples of misappropriated trade secrets and to rely on the automated categorization done by the DLP-software for the rest, when applying for the interim injunction.
The court of first instance accepted the application and issued an interim injunction prohibiting the former employees from using the files identified. The defendants fought the decision in two instances, basically arguing that the reference to the categorization of the DLP-software was not detailed enough for proper defense and that an interim injunction interdicting the use of trade secrets identified by files only would only shift the dispute to the enforcement proceedings. The Austrian Supreme Court, however, confirmed the decisions of the lower courts and held that for the purpose of preliminary proceedings the applied level of substantiation was sufficiently detailed to identify the trade secrets (9 ObA 93/15i).
ALBANIA AUSTRIA BOSNIA & HERZEGOVINA BULGARIA CROATIA CZECH REPUBLIC HUNGARY POLAND ROMANIA SERBIA SLOVAK REPUBLIC SLOVENIA UKRAINE
Even though the Supreme Court's decision is limited to the subject case, it will presumably also help other owners of trade secrets to efficiently fight misappropriation by legal means in due time. Moreover, the case also evidences that not only legal means, but also compliance software, such as the DLP-software, will play an increasingly important role in the prevention and documentation of IP-theft in the future.
IMPLEMENTATION OF SUPPLEMENTARY PROTECTION CERTIFICATES (SPCS)
The BPO officially announced that only when an applicant included the date on which it received the notification of the decision granting first authorisation to place its product on the market in the application for an SPC for a patented medical product, the BPO will consider the validity period of the SPC effective from this date.
The BPO based its approach on the Decision of the European Court of Justice (ECJ) under case C-471/14 dated 6 October, 2015. In short, the court case was initiated on the grounds of a request (made in proceedings between Seattle Genetics Inc. and the Austrian Patent Office) for a preliminary ruling concerning the interpretation of Article 13
- of Regulation (EC) No 469/2009 of the European Parliament and of the Council of 6 May 2009 concerning the SPC for medical products and in particular the interpretation of the concept of "the date of the first authorisation to place the product on the market in the Community". The ECJ ruled that the "'date of the first authorisation to place the product on the market in the [European Union] is determined by EU law" and should be interpreted as "the date on which notification of the decision granting marketing authorisation was given to the addressee of the decision".
The BPO clarifies that with regard to pending applications for SPCs and applications lodged after 6 October, 2015 the duration of the protection granted by the certificate should be considered in compliance with the ECJ's decision.
In addition, the BPO states that holders of valid SPCs granted before the introduction of the new practice are entitled to request adjustment to the validity period of their certificates. However, the BPO does not specify a term within which the said request should be lodged with the BPO. According to unofficial information provided by experts from the BPO, the authority's decision shall be made on a case-by-case basis. Having said that, although it can be expected that all requests for adjustment lodged with the BPO are granted, irrespective of the time of filing, provided that they are lodged within the validity period of the respective SPC, it is recommendable that the holders affected by this approach lodge their requests as soon as practically possible in order to avoid possible misinterpretations and undue disputes in this regard.
ALBANIA AUSTRIA BOSNIA & HERZEGOVINA BULGARIA CROATIA CZECH REPUBLIC HUNGARY POLAND ROMANIA SERBIA SLOVAK REPUBLIC SLOVENIA UKRAINE
BULGARIAN PERSONAL DATA PROTECTION AUTHORITY CLARIFIES
ON THE EFFECT OF REVOCATION OF CONSENT OF HCPS FOR THE DISCLOSURE OF TRANSFERS OF VALUE
Bulgarian Personal Data Protection Authority clarifies on the effect of revocation of consent of HCPs for the disclosure of transfers of value
At the beginning of February 2016, the Bulgarian data protection authority (the Commission for Protection of Personal Data, CPPD), issued an opinion in response to the question of how to deal with personal data of healthcare professionals (HCPs), who have revoked their consent for disclosure of transfers of value after being provided with funds by sponsors.
Under Bulgarian personal data protection law, personal data of HCPs should be maintained in a form that enables identification of the respective individuals for a period not exceeding the time necessary for the purposes for which such data is being processed. Therefore, according to the CPPD, the data controller should determine a specific deadline for processing the personal data of the HCPs related to the transfers of value. When giving their consent, HCPs should be provided with information about the period during which their personal data will be available on the website of the EFPIA member companies. The HCPs also should be aware that the revocation of their consent for disclosure of transfers of value, with regard to the data controller, should also have ex-nunc effect, i.e. it will be valid for the period after the expiry of the publication period. Although the CPPD's opinion is not binding, it is indicative of the position of the Bulgarian Data Protection Authority regarding the withdrawal of consent of HCPs in the context of the implementation of the EFPIA Disclosure Code.
ALTERNATIVE DISPUTE RESOLUTION FOR CONSUMERS
An amendment to the Czech Consumer Protection Act, which introduced several new obligations for companies, came into effect as of 1 February 2016. The principal changes are the possibility to resolve disputes between consumers and companies via alternative dispute resolution and related broadening of information obligations.
Companies are required to inform consumers about the alternative dispute resolution body on their websites and in their terms & conditions. Moreover, if the company runs an e-shop, it must inform the consumers about the website of the EU Online Dispute Resolution Platform (http://ec.europa.eu/consumers/odr/), through which consumers can submit their complaints and which facilitates contact between the consumer, the company and the authority authorised to resolve the dispute.
ALBANIA AUSTRIA BOSNIA & HERZEGOVINA BULGARIA CROATIA CZECH REPUBLIC HUNGARY POLAND ROMANIA SERBIA SLOVAK REPUBLIC SLOVENIA UKRAINE
The main specifics of alternative dispute resolution are the following:
- only the consumer can initiate alternative dispute resolution,
- the company is obliged to participate in the proceedings and provide adequate cooperation,
- each of the parties bears its own costs, and
- the dispute ends with an agreement or following a lapse of 90-days.
SEZNAM.CZ FOUND GUILTY
The Czech internet search engine Seznam.cz was found guilty of violation of a trademark regulation. Tesco sued Seznam for not removing ads of rival companies that violated Tesco's registered trademarks. The court stated that Seznam should have used common sense, as Tesco repeatedly pointed out that the violation was occurring. Seznam lodged an appeal, thus the verdict is not yet in legal force.
The Czech Ministry of Interior established the new National Agency for Communications and Information Technology (NAKIT) for the purposes of fulfilling the ICT strategies. NAKIT shall provide the Ministry of Interior with long-term and strategic development of information and communication infrastructure owned by the state so that all future investments in this area are subject to a consistent and long-term strategy. At the same time, the greatest degree of security of these networks shall be guaranteed, as well as the efficient use of existing infrastructure and maximisation of investments that have already taken place.
BLOCKING GAMBLING WEB SITES
If the new amendment to the Gambling Act were adopted, it would allow the Ministry of Finance to create a list of banned gambling sites which would have to be blocked by Internet Service Providers.
According to experts, the amendment is completely unsystematic and would substantially violate the freedom of the Internet. Moreover, technical blocking of gambling sites would be virtually impossible and could be easily avoided by the gamblers. Let's hope that politicians come to their senses and reject the amendment.
MERGERS & ACQUISITIONS BY FALL 2016
A number of interesting M&A transactions were closed in the IT sector during the last months of 2015 and the first months of 2016.
The South African Steinhoff Group acquired Extreme Digital from its Hungarian founders. Extreme Digital is active in the retail trade of electronics, and is considered an innovative player in the Hungarian ecommerce sector. Following the transaction, Extreme Digital's portfolio was also extended to the online sale of furniture.
Apart from e-commerce, online media has seen its share of M&A. Deutsche Telekom Group sold a part of its business, including the online portal Origo Zrt., to the New Wave Group. Following the transaction, the company operating the Origo.hu news portal, the Freemail e-mailing system and the Adnetwork online advertising network will belong to the same group as the Vs.hu online news portal, the Köpönyeg.hu weather-forecast portal and the Figyelo weekly news magazine. It is expected that the transaction will create new synergies within the New Wave Group.
In addition, Viasat, which operates two TV channels and distributes other TV channels of Modern Times Group MTG Group in Hungary, has been sold to Columbia Pictures Corporation Limited belonging to the Sony Group.
NOTIFICATION OBLIGATION FOR CINEMAS
From 2016, the National Media and Info-communications Authority in Hungary have also gained certain oversight powers over cinemas, in addition to its already broad powers of oversight over the telecom, media and postal sectors. Most importantly, Hungarian cinemas are now required to register with the authority. The registration enables the authority to get more accurate information on the cinema operators and cinema attendance, and facilitate transparency on the cinema market. Whether this development will have any substantial impact on business still remains an open question.
AMENDMENT TO THE INDUSTRIAL PROPERTY LAW
On 15 April 2016, an amendment to the Polish Industrial Property Law will enter into force. The amendment will introduce yet another series of changes: the previous changes having entered into force on 30 November 2015 and 1 December 2015.
One of the upcoming changes provides for a shift from the current "examination" system to an "objection" system. Under the examination system, the Patent Office had to examine each and every case to find out whether the trademark applied for was identical or similar to other already registered trademarks. If that was the case, the Patent Office refused to grant protective rights to a given trademark. In April, the examination system will be replaced by an objection system, which has already proved successful in many other European countries. From then, the Patent Office of the Republic of Poland will conduct only a formal legal examination and will review only absolute premises for granting protection to a given trademark.
The Patent Office of the Republic of Poland will no longer refuse, ex officio, to grant protective rights to a trademark applied for due to its conflict with earlier rights, and the owners of identical or similar trademarks will have the right to object to the registration. If no objection is raised, protective rights will be granted to a given trademark.
The transition to the objection system should speed up the process of trademark registration. Trademarks which are no longer in use will not pose an obstacle to the registration of new trademarks any more, unless their owner raises an objection. Changes to Industrial Property Law are going to be introduced in order to harmonize Polish regulations with the amendments introduced to the European regulations and with international laws.
OPENING OF A GOOGLE CAMPUS WARSAW
Google Campus Warsaw was opened in the Praga district at the end of 2015. Campus Warsaw will welcome entrepreneurs from all over Poland and wil act as a hub for start- ups in Central and Eastern Europe.
TELECOM MARKET TO SHRINK BY 0.6% BY 2020 - T-MOBILE
Mobile network operator T-Mobile Polska has estimated that the Polish market will shrink to PLN 35.4 billion in 2020 from PLN 36.5 billion in 2016, the company's CEO Adam Sawicki told a press conference. The operator expects that the value of the mobile market will decrease by 1 per cent annually until 2020, when it will stand at PLN 19.7 billion, a billion less than in 2015. The landline telecom market is set to shrink to PLN 7.3 billion in 2020 from PLN 8.5 billion in 2015. T-Mobile said that it wants grow above market trends in the second part of the period (2018-2020).
NEW NOTIFICATION FRAMEWORK IMPLEMENTED BY ROMANIAN DATA PROTECTION AUTHORITY (“RDPA”)
At the end of 2015, the RDPA issued Decision no. 200/2015 to establish those cases where the notification of personal data processing is not required and for amending and repealing certain decisions (“Decision 200/2015”), which were published in the Romanian Official Gazette no. 969 of 28 December 2015.
Although the title of Decision 200/2015 suggests that it establishes cases where the notification to the RDPA is not required, in fact Decision 200/2015 actually sets forth those cases where the notification to the RDPA is still required. By exclusion, in the remaining cases where personal data is being processed, a prior notification with the RDPA is no longer necessary.
Thus, Article 1 Paragraph 1 of Decision 200/2015 provides that the notification of data processing is necessary in the following situations:
- processing of personal data related to racial or ethnic origin, political, religious or philosophical opinions (or opinions of similar nature), union membership, and data concerning health and sex life;
- processing of genetic and biometric data;
- processing data enabling, directly or indirectly, the geolocation of individuals by means of electronic communications;
- processing of personal data carried out by private entities relating to criminal offenses committed by the concerned person or to criminal convictions, safety measures or administrative or contravention sanctions imposed on the concerned person;
- processing of personal data by electronic means, aimed at monitoring and/or evaluating certain personality aspects, such as professional competence, credibility, behaviour or other such aspects;
- processing of personal data carried out by private entities, by electronic means
within recording systems aimed at adopting automatic individual decisions related to the analysis of solvency, economic and financial situation, facts likely to attract disciplinary, contravention or criminal liability of individuals;
- processing of personal data of minors performed during direct marketing activities;
- processing of personal data of minors conducted via the Internet or electronic
- processing of the personal data mentioned in letter a) above relating to its own members, carried out by associations, foundations or other non-profit organisations exclusively for achieving the specific activity of the organisation, to the extent that the data is disclosed to third parties without the consent of the data subject.
Notification to the RDPA is not necessary in those cases mentioned in letters a) - i) above
if the respective data processing is required by law.
As concerns the transfer of personal data (including in those cases mentioned in letters a)
- i) above), Decision 200/2015 provides that transfers to countries outside the European Union and the European Economic Area, and to countries where the European Commission has not recognised an adequate level of protection must always be notified to the RDPA. Furthermore, transfers to countries which do not provide a level of protection at least equal to that provided under Romanian law must be accompanied by sufficient guarantees regarding the protection of fundamental individual rights (i.e. established through standard contractual clauses) and are subject to the RDPA's authorisation.
Decision 200/2015 entered into force on 28 December 2015 and repealed the following decisions issued by the RDPA: (i) Decisions no. 90/2006, no. 100/2007 and no. 23/2012 for establishing cases where the notification of personal data processing is not required;
(ii) Decision no. 91/2006 for establishing the cases where the simplified notification of
personal data processing is allowed; (iii) Decision no. 28/2007 regarding transfers of personal data to other countries; and (iv) Decision no. 11/2009 for establishing the personal data processing operations likely to involve special risks for an individuals' rights and freedoms.
NEW DRAFT LAW ON CYBERSECURITY
A new draft law on cybersecurity ("Draft Law") was put up for public debate on 27 January 2016 by the Romanian Ministry of Communications and Information Society ("MCSI"). Since then, The Draft Law has been the subject of a second round of public debates.
The purpose of the Draft Law is to create the legal framework required for performing cybersecurity activities and to ensure the protection of fundamental rights and liberties of Romanian citizens in cyberspace1.
The Draft Law shall apply to the following entities:
- public authorities and institutions, legal persons holding cyberinfrastructures which support public services, or information society services, the damage of which would hinder national security or seriously prejudice the Romanian State and its citizens;
- legal persons holding cyberinfrastructures which process personal data;
- Cyberspace" means the virtual environment generated by cyberinfrastructures, including the informational content processed, stocked or transmitted, as well as the actions executed by users in a virtual environment.
communication services intended for the public;
- internet host providers2;
- providers of cybersecurity services3; and
- National System of Cybersecurity and Competent Authorities.
In order to ensure that activities regarding cybersecurity are organised and carried-out in a coherent manner on a national level, the cooperation between public authorities having cybersecurity responsibilities shall be organised under the National System of Cybersecurity.
The National System of Cybersecurity shall be strategically coordinated by the Supreme Council of National Defense ("CSAT"). The operational coordination of activities concerning cybersecurity within the National System of Cybersecurity shall be handled
by the Operational Council of Cybersecurity4, while the technical coordination shall be
ensured by the Romanian Intelligence Service.
According to the Draft Law, MCSI is the regulatory and control authority with respect to the implementation of cybersecurity measures, except for the specific domains mentioned in items (iii) and (iv) below.
In addition, the following authorities shall also have responsibilities on cybersecurity matters:
- the Romanian National Computer Security Incident Response Team ("CERT RO") shall act as the national contact point with other similar structures (both national and international) and shall coordinate cybersecurity activities related to cyberinfrastructures other than those mentioned in items (ii), (iii) and (iv) below;
- the Romanian Intelligence Service (through the National Center for Cybersecurity) shall coordinate cybersecurity activities related to cyberinfrastructures of national interest, except for those falling under the responsibility of the authorities mentioned in items (iii) and (iv) below;
- the Romanian Authority for Management and Regulation in Communications ("ANCOM") shall coordinate the cybersecurity activities of providers of electronic communication public networks and of providers of electronic communication services intended for the public; and
- Internet host providers are defined under the Draft Law as any legal person performing activities in Romania which provide cyberinfrastructures, either physical or virtual, for the performance of information society services.
- Providers of cybersecurity services are defined as any legal person who, for the purpose of cyberinfrastructure protection, performs at least one of the following activities: implementation of policies, procedures and measures, auditing, evaluation, testing of implemented measures or management of security incidents.
- The members of the Operational Council of Cybersecurity are: (i) the presidential advisor on national security matters, (ii) the advisor on national security matters of the Prime Minister, (iii) the secretary of CSAT, (iv) representatives of the Ministry of National Defense, (v) representatives of the Ministry of Internal Affairs, (vi) representatives of the Ministry of External Affairs, (vii) representatives of MCSI, (viii) representatives of the Romanian Intelligence Service, (ix) representatives of the Foreign Intelligence Service, (x) representatives of the Special Telecommunications Service, (xi) representatives of the Protection and Guard Service, and (xii) representatives of the National Registry Office for Classified Information.
- the Ministry of National Defense, the Ministry of Internal Affairs, the National Registry Office for Classified Information, ANCOM, the Romanian Intelligence Service, the Foreign Intelligence Service, the Special Telecommunications Service, and the Protection and Guard Service shall be in charge of implementing their own measures for the coordination and control of cybersecurity activities regarding cyberinfrastructures under their responsibility (including cyberinfrastructures of national interest).
OBLIGATIONS OF CYBERINFRASTRUCTURE HOLDERS
According to Draft Law, cyberinfrastructure holders (except for internet host providers and providers of cybersecurity services) shall have the following obligations:
- to ensure the implementation of the minimum cybersecurity requirements – these minimum requirements are not provided under Draft Law, but will be further established by the competent regulatory and control authorities;
- to promptly notify the competent authority with respect to identified incidents of cybersecurity;
- to ensure that the data and/or information regarding the configuration and protection of cyberinfrastructures is disclosed exclusively to the persons authorised to receive it;
- not to allow access to content data within cyberinfrastructures, in the absence of written notification from the competent authorities regarding the existence of court authorisation;
- to manage cybersecurity incidents; and
- not to hinder, by their own actions, the security of other cyberinfrastructures.
Apart from the obligations listed above, holders of cyberinfrastructures of national interest must also fulfill other obligations such as the performance of cybersecurity audits (annually or when necessary), or drafting of action plans for each level of cybersecurity alert and compliance with such plans if a certain level of alert is set up.
AMENDMENTS TO TRADEMARK LAW EXPECTED
A public debate on the draft proposal of amendments to the Trademark Law was held in December 2015. The amendments to the existing Trademark Law (Official Gazette of the Republic of Serbia, Nos. 104/2009 and 10/2013) have been proposed predominantly due to the necessity to make the trademark protection procedure more compatible and compliant with the relevant EU regulations, as well as to eliminate deficiencies detected so far in the application of this law. One of the important novelties provided in the draft proposal is the introduction of a right to file an opposition against a trademark application. It remains to be seen when and in what form the said amendments will finally be adopted by the Serbian Parliament.
LAW ON INFORMATION SECURITY
In January 2016, Serbian Parliament adopted the Law on Information Security (Official Gazette of the Republic Serbia No. 6/2016), effective as of 5 February 2016, which regulates measures of protection from security risks in information-communication systems, the responsibilities of legal persons in managing such systems, and the competent bodies for implementing protection measures. The Law on Information Security was passed, inter alia, for the purpose of further harmonisation of Serbian regulations with relevant EU regulations. In addition, the purpose was to increase the level of protection and security of information systems in Serbia and also raise awareness of public administration bodies and citizens on the dangers that could follow if such systems are not sufficiently and properly protected.
NEW ADVERTISING LAW
The Serbian Parliament adopted a new Advertising Law (Official Gazette of the Republic of Serbia No. 6/2016), which entered into force on 6 February, 2016 and will be effective as of 6 May, 2016. The new Advertising Law, replacing thereby the previous Advertising Law that was passed in 2005, was adopted for the purpose of providing better solutions for some of the issues detected in practice, as well as for the purpose of further harmonisation with relevant EU regulations. It covers all forms of commercial advertising, regardless of the medium used.
NEW COPYRIGHT ACT
The new Copyright Act No. 185/2015 Coll. came into effect on 1 January 2016 and replaced the previous act which had been effective for the last 12 years.
The Act reflects the latest European intellectual property trends as well as case-law of the CJEU and aims to improve the enforceability of intellectual property rights, especially by control of collective management organisations, such as the Slovak Performing and
Mechanical Rights Society, by publishing required information to intellectual property rights holders and the wider public. It further defines specific forms of work arrangements, including employee work, school work, work on order and joint work. Moreover, it removes agreement work as well as commissioned artwork and introduces changes to license agreements. The Act addresses, in particular, audiovisual work and computer programmes. It introduced an extended collective license agreement which covers all work or other protected subject matters, including those of rights holders, who are not represented by the collective management society.
NEW NATIONAL CONCEPT OF INFORMATISATION OF THE PUBLIC ADMINISTRATION HAS BEEN PROPOSED
The Ministry of Finance has proposed the new national concept of informatisation of public administration, which sets out the main strategic aims and principles for the period of 2014–2020. The main priorities lie in increasing high-speed internet accessibility, optimising and improving the public electronic services, which should be reflected in reducing the administrative burdens, better use of data, and also improving cyberspace security (see below). The continued building of the government cloud system, which should offer SaaS, PaaS and IaaS services, is also expected.
NEW CYBER SECURITY PROGRAMME
The government approved the action plan concerning the cyber security programme. It defines the tasks necessary to secure national cyber security. A new Cyber Security Act should be prepared by 30 September 2016. It shall explicitly set out the competences of public authorities, establish new obligations for subjects using information and communications technologies in cyberspace, and also bindingly define terminology and standards. Cyber security, on a national level, should be delegated to the scope of power of the National Security Agency NBU, in the framework of which a new National Unit for Incidents Solutions (CERT/CSIRT team) shall be created.
The Action Plan also identifies concrete tasks in the fields of cyber security education, international cooperation and scientific research support.
2015 TECHNOLOGY FAST 500 RANKING
Deloitte published its 2015 Technology Fast 500 ranking - six Slovak IT companies ranked among the fastest growing technology firms in Europe: BSP Applications (83rd place), with Companies Visibility, Pixel Federation, CEIT Technical Innovation, Promiseo and Eset following.
NEW COMPANIES / BUSINESSES
The Slovak Government signed a memorandum with a new investor in the IT sector and subsequently approved a direct EUR 18 million stimulus (in the form of a tax break and dotation). The Dubai-based company RKN Global, which manufactures a range of security and screening products, will employ 1,200 employees in its new plant. The investor plans to manufacture about 30 different products, including secure IDs, e-cards,
screening technologies, payment cards and control mechanisms for airports, which should detect false travel documents. Production is set to start in 2017.
The Czech IT firm Unicorn Systems has set up a new software development center in Prešov. Currently it employs 20 developers, but this number will gradually increase to
120. They will develop various software solutions.
Mühlbauer is preparing a new EUR 30 million investment in its Nitra-based plant, which should create 100 new positions. The company develops and processes payment cards, IDs, drivers' licenses, passports and mobile phone components.
The US software company GlobalLogic proposed a plan to expand production in its plant in Košice, and therefore increase the number of employees from 60 to 500 by 2017. It develops IT solutions and applications for Hewlett Packard, Google, Panasonic or The Economist.
TENDERS AND PUBLIC PROCUREMENTS
The Transport Ministry called a tender for the supply and maintenance of an information system Registry of Flats. The registry, with a cost of EUR 8.5 million, will contain a complex database of residential premises and be financed by EU funds.
The national health information center NCZI plans to procure new IDs for clients of all three health insurers. The EUR 22.7 million project, supposed to be financed by EU funds, has been frozen, due to heavy criticism from NGOs and the IT sector, which claimed it would be a wasteful use of money and its functions can be achieved through the existing eIDs.
The parliament approved a new Act on the Central Traffic Information System. The system, which is a part of eGovernment, provides electronic services to citizens and companies (e.g. technical checks, registration of cars or technical approval of cars).
The Act on National Infrastructure for Spatial Information was amended, transposing EU
Directive 2007/2/EC, which established the Infrastructure for Spatial Information in the EC (Inspire).
The parliament adopted a new Act on Lawmaking and Collection of Acts of the Slovak Republic. It established an electronic version of the Collection of Acts, which is legally binding.
A RESPONSE OF THE SLOVENIAN INFORMATION COMMISSIONER TO THE CJEU DECISION REGARDING THE US SAFE HARBOR CERTIFICATION
As a response to CJEU judgement C-362/15 dated 6 October 2015, the Slovenian Information Commissioner ("IC"), which supervises the implementation of the provisions of the Slovenian Data Protection Act ("DPA"), issued a statement on 19 October 2015 declaring that the IC will initiate a revision of the proceedings determining that the USA provides an adequate level of protection of personal data, which is transferred to the USA to Safe Harbor certified companies and that transfer of personal data to the USA may no longer be based on the invalidated EC Decision 2000/250 (Safe Harbor Decision). EU data controllers who transfer personal data to the USA must comply with the national (Slovenian) law until a decision has been made to the contrary.
SLOVENIAN INFORMATION COMMISSIONER ISSUED GUIDELINES FOR THE CONTRACTUAL PROCESSING OF PERSONAL DATA
In November 2015, the Slovenian Information Commissioner ("IC") issued guidelines for the contractual processing of personal data. In the guidelines, the IC explains, by giving practical examples, what could be considered as the contractual processing of personal data in accordance with DPA, the obligations of data controllers and data processors and explains the challenges and provides recommendations for the contractual arrangement of processing activities, which include personal data.
ELECTRONIC COMMUNICATIONS ACT AMENDMENT
On 14 November 2015, the Act amending the Electronic Communications Act entered into force. Until the new amendment, disputes between consumers and operators (undertakings providing network or service) in the area of electronic communications could have been settled only with the assistance of the Agency for Communication Networks and Services of the Republic of Slovenia. The amended Electronic Communications Act introduced the possibility to engage other alternative dispute resolution entities, provided they fulfil the necessary criteria as defined by the Law on Out-of-Court Consumer Dispute Resolution.
SLOVENIAN INTELLECTUAL PROPERTY ORGANIZATION
AND CHAMBER OF COMMERCE SIGNED A COOPERATION AGREEMENT
In December 2015, the Slovenian Intellectual Property Organization ("SIPO") and Slovenian Chamber of Commerce ("CoC") signed a cooperation agreement. The aim of the agreement is to offer the Slovenian business sector information on the management of intellectual property rights, which also includes the protection and enforcement of rights and the organization of more educational events in cooperation with other national and international organisations in the future.
In cooperation with the CoC, the SIPO plans to provide the so-called services "First i" (storitve Prva i). These services will be offered to small and medium-sized innovative
companies to verify which of their products could be protected by intellectual property rights and what the advantages of such protection are.
SUPREME COURT OF THE REPUBLIC OF SLOVENIA RULED ON THE SCOPE OF THE COMPETENCES OF THE SLOVENIAN INTELLECTUAL PROPERTY ORGANISATION
In January 2016, the Supreme Court of the Republic of Slovenia issued a decision in which the court explained the competencies of the Slovenian Intellectual Property Organization ("SIPO") when exercising supervision over Slovenian collecting societies (i.e. organisations which manage or administer copyright or rights related to copyright as their sole purpose or as one of their main purposes).
According to the Slovenian Copyright Act, the SIPO's supervision is limited to the general review of legality of performance of collecting societies' duties and should be conducted in the public interest.
However, only individual copyright holders have the right to claim from collecting societies' equitable remuneration for the use of their copyright works. In case of infringement of their rights, the SIPO does not have the authority to control the process of obtaining redress for infringement. Furthermore, the SIPO is not authorised to order collecting societies to pay copyright holders the unpaid remuneration for the use of their copyright works. Based on the decision of the Supreme Court, such authority lies with the competent court, whereas the right to equitable remuneration for the use of copyright work should be enforced by the individual right holders.
INNOVATIVE BANKING SERVICE LAUNCH
In March 2016, the biggest Ukrainian bank, PrivatBank, launched a peer-to-peer crediting platform in the national currency for small business and individuals. The individuals (creditors) are entitled to use their deposits to credit the debtors of PrivatBank, whereby the interest rate for this kind of deposit is higher than for conventional deposits. The debtors' details will not be known to the individual creditors, however they are chosen by the bank among its reliable debtors pool. The maximum credit amount is UAH 300,000 (approximately EUR 9,930).
The majority of bank individual deposits are ensured by the Fund of the Individual Deposits, except for this type of deposits. However, the risks of individual creditors are insured.
PrivatBank expects to boost crediting of small and medium-sized business by these new types of deposits and provides for the basic education of the potential individual creditors at the initial stage of the new service.
ENTRANTS TO THE UKRAINIAN MARKET
Netflix, a popular U.S. provider of on-demand Internet streaming media, started providing its services to Ukraine from January 2016. The minimal monthly subscription fee is EUR 7.99. No local language content is available so far. However, the Ukrainian customers welcomed the launch of the service in Ukraine. Netflix considered entry to the Ukrainian market in 2013. In 2015, it co-produced "Winter on Fire," a documentary film about the Ukrainian Revolution, which was short-listed for the 2016 Academy Awards.
Uber, the U.S. international transportation network company, announced its entry to the Ukrainian market, starting in Kyiv (the capital) and Lviv. Ukrainian governmental officials expressed their support to the new market player of taxi services. Currently, the company operates in 58 countries and 300 cities worldwide.
INVESTMENTS INTO ECOLOGY EFFICIENCY TECHNOLOGIES
Ecoisme, a Ukrainian start-up has won a prize in a UK based tech-acceleration programme run by Richard Branson’s Virgin Media and U.S. Techstars. The start-up will initially receive USD 20,000 and USD 100,000 at a later stage. Thus, it will be entitled to receive up to USD 120,000 to further develop its energy saving solutions. Besides, the startup team will be trained on the commercial aspects by Mr. Branson and experts from technology companies such as Facebook, Twitter, Stripe and Twilio.
Ecoisme proposes a single household device for tracking the energy consumption of domestic appliances. The relevant data is then sent to the consumer's smartphone together with energy-saving tips. Thus, the consumer receives comprehensive control over power consumption.
The Ecoisme team appeared in 2013 during a Ukrainian hackathon. The start-up has already attracted USD 100,000 investments from T-Venture (venture fund of Deutsche Telekom) and established a branch in Krakow, Poland. Its co-founder Mr. Pasichnyk was included in the Forbes list of the 30 most successful people in Europe aged up to 30 years, in the industry sector.
BRUSSELS LAUNCHES NEW WEB
A new webpage has been launched by the European Commission to help consumer protection and consumer business dispute resolution and to make it easier for consumers to make complaints against the behaviour of retailers. A number of local consumer protection institutions have already joined this initiative (e.g., the Czech Trade Inspection Authority and the Czech Telecommunication Office). It is expected to raise consumers' capabilities to file complaints against unfair business practices of retailers.
IT'S OK FOR AN EMPLOYER TO CHECK PRIVATE COMMUNICATION OF THE EMPLOYEE
A Romanian man whose employer terminated his employment for private messaging during work time did not succeed with his complaint before the ECHR. Employers may violate rights to privacy of their employees in order to verify whether they devote themselves to work. The ECHR stated that the violation of the right was not inadequate and that the termination of the employment was valid.
EU PRIVACY SHIELD
The European Commission published a complete draft of the transatlantic treaty that governs the transfer of personal data between EU countries and the USA. The so-called "Privacy shield" is supposed to ensure European citizens' personal data protection overseas. The USA is supposed to establish an office of the Public Defender of Rights that will oversee rightful dealings with personal data. However, the treaty is already being criticised by professionals for not ensuring sufficient guarantees for dealings with European citizens' personal data and for making only minor changes to current regulations, when a more dynamic approach should have been taken.
IF YOU NEED ASSISTANCE TO PURSUE ONE OF THE OPPORTUNITIES, PLEASE CONTACT
ONE OF US (contact details on the back cover).
ABOUT WOLF THEISS
Wolf Theiss is one of the leading law firms in Central, Eastern and South-Eastern Europe. We have established our reputation over a combination of unsurpassed local knowledge and strong international capabilities. We opened the first Wolf Theiss office in Vienna over 55 years ago, and today our team is comprised of about 320 associates with different practice areas, working in offices spread in 13 countries in Central and Eastern Europe.
For more information about our services, please contact:
Partner email@example.com T: +43 1 51510 5090
Associate firstname.lastname@example.org T: +420 234 765 252