1. Regulation on cross-border portability of online content services
On July 20, 2017, Regulation (EU) 2017/1128 of the European Parliament and of the Council of 14 June 2017 on cross-border portability of online content services in the internal market (the Portability Regulation) entered into force. Under the Portability Regulation, consumers who pay for online content services in their home country will be able to access them when visiting another country within the EU. Any contractual provisions that restrict portability of online content services, such as agreements between right holders and streaming providers, will not be enforceable.
Conclusion: As of March 20, 2018, the Portability Regulation will apply to providers of paid online content services. Providers whose services are made available free of charge do not fall within the scope of the Portability Regulation. They may, however, decide to enable cross-border portability of their services in accordance with the Portability Regulation. For more information on the Portability Regulation, please visit our blog.
2. ECHR: New case law on employee monitoring
On September 5, 2017, the Grand Chamber of the European Court of Human Rights (ECHR) reached a decision (docket no. 61496/08) pursuant to which unrestricted monitoring is not permitted even if IT policies or agreements with employees are in place that allow monitoring. The ECHR requires transparency in addition to a legitimate interest on the part of the employer. In particular, employees must be informed about the possibility and scope of monitoring as well as the impact on their privacy rights.
Conclusion: Employers must review their policies’ compliance with the criteria determined by the ECHR. Please note that the ECHR has only set out minimum criteria. National law requirements could provide more restrictive requirements that must be complied with.
3. Court of Appeals of Cologne: Requirements for declarations of consent with regard to customer recovery measures
In its judgment of June 2, 2017 (docket no. 6 U 182/16) the Court of Appeals of Cologne ruled that a consent clause for telephone advertising which is intended to allow a company to contact former customers even after their contracts have terminated was too vague where it allowed contact to provide "individual customer service" almost two years after termination of the contractual relationship. It further ruled that the term "individual customer service" was itself inherently too vague, particularly since, after such a long period of time has elapsed, former customers might not know exactly which goods and services their past opt-in consent referred to.
Conclusion: Companies should specify in their consent forms as concretely as possible the goods and services, as well as the time periods, to which the consent relates.
4. Court of Appeals of Celle: Influencer advertising
Surreptitious advertising on social media networks is widespread. Paid posts by influencers on social media platforms usually use tags like #ad, #sponsored, #advertisement or #sponsoredpost. But many use less obvious tags or simply fail to make any acknowledgement of the commercial relationship. In accordance with a recent court decision in Germany (Court of Appeals of Celle, docket no. 13 U 53/17) such connections must be made clear and be conspicuous. Burying the hashtag #ad in the middle of a long caption in a post where there are six other hashtags is not sufficient.
Conclusion: Paid advertising on social media platforms must be highlighted by clearer tags in the future. German state media authorities have recently been quite active in imposing fines for posts that have not been sufficiently labeled as advertisements.
6. Court of Appeals of Berlin: Online platform liable as infringer for infringements of users
The liability of platform providers for the infringements of their users is a perennial issue. In its decision of June 21, 2017 (docket no. 5 U 185/16), the Court of Appeals of Berlin held that an online platform was liable as an infringer for providing incorrect prices for partner restaurants. The platform was not just a mere online marketplace because it did not use an automated process: its employees had entered the content of the partner restaurants themselves. Liability was, therefore, not excluded as it was not third party content but rather the platform’s own content.
Conclusion: The liability of platform providers depends to a great extent on the way in which they influence content.
7. New laws and recommended reads
- German Act to Improve Enforcement of the Law in Social Networks (Network Enforcement Act) now available in English. More on our blog on what social network providers need to know.
- Council of the EU: Revisions to the draft EU ePrivacy Regulation. More on our blog.
- Irish High Court has referred case on validity of EU standard contractual clauses to the CJEU. More on our blog.
- The Article 29 Working Party has published further guidance on GDPR:
- Conference of the German Data Protection Authorities published GDPR guidance (in German only) on:
- List of processing activities
- Supervisory powers and sanctions
- Processing of personal data for advertising purposes
- Data transfer to third countries
- Data protection impact assessment
- Right to information
- Marketplace principle
- Measure plan
- Information duties concerning third party and direct collection of data
- Right to be forgotten
- Bavarian Data Protection Authority has released guidelines on the use of Facebook Custom Audience.
- Advocate General: Opinion on Facebook fan pages.
- CJEU: Opinion on EU-Canada Passenger Name Record Agreement. More on our blog.
- First annual review of EU-US Privacy Shield. More on our blog.
- Rescue drones deployed on beaches - Dr. Andreas Splittgerber interviewed on the television news program “heute”.
- UK Government has announced a new data protection bill. More in our client alert.