The protection of personal data is a growing concern for consumers whose data are being collected. The new General Data Protection Regulation (GDPR, Regulation 2016/679 of 27 April 2016) will be implemented on 25 May 2018. Its new provisions introduce new obligations with heavy penalties of up to several million euros. The G29 clarified some of these obligations. Particularly, it is now mandatory to document the steps taken to comply, to keep a register or to designate a Data Protection Officer in some cases.
In order to comply, it is advised to put in place an audit which establishes a precise mapping of all data processing within the company.
Everyone is concerned, be it big accounts or start-ups. Your company is concerned: through its website, its social networks, its loyalty programs, through databases of clients and prospects or through the management of marketing campaigns. The regulation is intended to be applicable to the processing of any personal data of everyone located in the territory of the European Union.
A 3-step action plan seems to be the most appropriate:
1st step: mapping the processing of personal data
This is all about identifying the processing of the data collected within the company: the categories of processed personal data, the objectives pursued by the data processing operations, the actors processing this data, and finally the in and out-flows while specifying their origin and destination.
2nd step: conduct a compliance audit
Thanks to the first step, a summary and personalized recommendations can be established. Based on this information, you will have a global view of the steps to be taken in order to ensure that your business meets the requirements of the regulation.
3rd step: accountability – Compliance
Finally, an action plan should be drawn up based on the results of the mapping and the audit. An industrial property Attorney will help you to overcome any shortcomings in your current protection: the holding of a register, the designation of a Data Protection Representative, the right to portability of data etc.
This action plan may also be accompanied by a security audit.
Given the importance of these changes, we recommend that compliance should be initiated as soon as possible. Now endowed with a department dedicated to the problems of personal data and a department with technical skills, Dreyfus & associés is the ideal partner to accompany you in this transition process.
It is not necessary to rely on its concise drafting, “the overall assignment of future works is nul.”; the consequences are more than important: invalidity of the assignment will result to an act of counterfeiting of the contracting party which is entitled to a compensation.
If two doctrinal positions oppose themselves, a strict interpretation, prohibiting the assignment of more than one future work and the other prohibiting only the assignment of all future works thus allowing the transfer of the patrimonial rights on certain future works subject to determining precisely what works are the object of the assignment (formalism of article L. 131-3 of the IPC). The jurisprudence tends towards this latter position in that it accepts the validity of assignments relating to future works when these works can be individualized and determinable.
Based on the solutions given by the case law, the drafter may infer an applicable framework where it is necessary to frame the assignment of rights in future works, as is particularly the case for the creation of employees or regular orders to the same author.
A perfect practice would be to have a copyright assignment contract for each of the works created as the collaboration develops; this solution is not possible when the number of works is too much or the company does not have the necessary structuring for such a device.
The company must therefore endeavour to minimise the risk of infringement of the prohibition of article L. 131-1 of the IPC by means of alternative solutions:
– Promises of contract or assignment: this allows the employer to compel its employees or the sponsors to give him the priority to the assignment of the copyrights on their future works. With the disadvantage that despite the reform of the law of contracts, it does not seem possible for the employer, in the event of a breach of the promise, to resort to forced execution. Future jurisprudence will be decisive in the interpretation of the new article 1124 of the French civil Code by the courts.
– The addition of a clause in the employment contract or the framework contract of orders providing the transfer of the author’s patrimonial rights as it is established: it is essential that this clause indicates the determinable or distinct character of works created within the framework of these contracts and to strive to define the criteria for the determinability of the works.
The Security may be strengthened by forward-looking referring to annexes or amendments to the employment contract or the frame work contract to establish a complete and up-to-date list of the works covered by the assignment of rights clause. It must be ensured, however, that this task is carried out assiduously and regularly, as a defect of diligence leads the courts to declare the transfer obsolete (judgment of the Paris CA of 31 May 2011). Companies must therefore ensure the feasibility of the system of annexes and amendments before predicting it in the original contract.
– Arguing that the contract of employment or of order allows the employee or the general partner to terminate the contract and regain his freedom. This possibility makes it possible to exclude the contract from the field of the “bulk assignment” of article L. 131-1 of the IPC.
Regardless of the strategy adopted by the company, it is essential that it ensures, through the concluded contracts with its employees or sponsorships, that good information has been made to the author. In order to do so, it must ensure that it is as explicit as possible in the contracts on the taking into account of the legal difficulty of the prohibition of the bulk assignment of future works and that the author is fully informed about the strategies commonly implemented.
In May 25, 2018, the European General Data Protection Regulations (GDPR) will enter into force and replace the European Data Protection Directive 95/46/EC that currently harmonizes data privacy laws. There is a growing concern among consumers to protect their privacy. With the constant evolution of technology and the increase in the quantity of data collected, the 1995 Directive had to be updated in order to stay relevant. One of such changes concerns WHOIS databases. Indeed, the GDPR provides new standards concerning the way WHOISes work.
The WHOIS database contains registrants’ names and contact details. Currently, ICANN is looking to replace the WHOIS system with the Registration Directory Service (RDS). Such a change will lead to different approaches regarding data storage and publication. On the one hand, judicial authorities and intellectual property practitioners wish better access to data in order to act against cybercrimes. However, on the other hand, privacy and data protection groups would rather obtain more restrictions on access and storage of data to protect the privacy of web users.
The GDPR will set the standards regarding those issues by imposing obligations upon businesses, registrars and registries. There is concern that the standards within the next generation gTLD Registration Directory Service and in the GDPR will not be compatible. Indeed, if a registrar or a registry complies with the new standards prescribed by ICANN, they might be in breach of the GDPR. WHOISes operated by registrars and registries will probably have to be handled differently, but should they follow the new provisions established by ICANN or by the GDPR? Both provide for sanctions in the event of a breach of their standards. The ones provided by the GDPR appear to be higher fines than the sanctions set by ICANN. Some registrars and registries have concluded that a breach of the next generation gTLD RDS is preferable than a breach of the GDPR.
ICANN discussed the matter at the Johannesburg meeting where it decided to create an ad hoc group to determine how WHOIS are used. The aim is to collect what they call “user stories” to assess the degree of compliance with the GDPR.
Hopefully, a solution will have been found by May 2018. Otherwise registrars and registries will have trouble complying with both the GDPR and the RDS. Dreyfus has been specialized for years in the field of domain names. Regarding this subject, we can provide legal advice on the best way to uncover the identity of domain name registrants.
Starting from November 7th, 2017, the Madrid Protocol will formally welcome its 99th member, Thailand, thereby underlining the importance of this international trademark registration system in the business world.
The emergence of a need to centralize international registration is part of the evolution of trade and globalization. In order to acquire a certain attractiveness, the Madrid Union has been constantly evolving in order to conform to the specificities which emerged during the last century before founding the Madrid Protocol, and on which the international registration system for trademarks is largely based. Simplicity and economy are the decisive factors that have convinced 99 states to join.
This is an opportunity to rethink protection strategies, especially in Asia, in high potential countries such as Thailand, China, Cambodia, Vietnam and recently Brunei.
Registration directly to the CIIPO: it is official; there is no prior need to register an English or European trademark in order to obtain trademark rights in the Cayman Islands. The CIIPO (Cayman Islands Intellectual Property Office) is now authorized to receive registration requests for trademarks directly.
Opposition period: it is provided by paragraph 16 of the Trade Marks Law 2016. It takes effect at the date of publication of acceptance of the application, and lasts for 60 days. Previously, a trademark in the Cayman Islands was an extension of an English or European trademark, and there was no such opposition period.
Absence of revocation for non-use: the new law still has not introduced the possibility for revocation of a trademark because of non-use (§44 of the Trade Marks Law 2016).
Temporal Applicability of the Law
For this purpose, the Trade Marks (Transitional provisions) Regulations 2017 was published on July 18, 2017. It clarifies the consequences of the new regulation on existing trademarks, pending proceedings, current infringements, assignments and transmission of registered trademarks, and licensing.
Starting August 01, 2017, existing trademarks will be transferred to the new registrar until their renewal date and they will be subjected to the new law. If the trademark is expired or pending for non-payment of annual fees, it will not be automatically transferred to the new registrar. In these instances, trademark owners will have to file for a new trademark application under the new law. Finally, pending disputes concerning a trademark registered under the old law as well as infringement cases also registered before the implementation of the new act will still be subjected to the old law.
Since the creation of the UDRP procedure at the end of 1999, law practitioners have expressed their desire for a memorandum summarizing the consensuses among UDRP decisions. The main argument was based around the classical concept of legal certainty. The World Intellectual Property Organization was receptive and has started publishing official Overviews. The third issue was announced on May 23, 2017 (version 3.0), replacing the previous one published in 2011(version 2.0). During the past 6 years, more than 17000 UDRP decisions have been rendered. In the new Overview more than 1000 decisions have been examined against 380 previously, and more than 265 panels have been quoted as opposed to 180 in the previous edition. In total, the WIPO provides solutions to about 64 issues, as opposed to 2011 when only 46 issues had been examined. Hence, needless to say that there have been some significant changes that are worth examining.
1/ The consequences of the multiplication of TLDs
Indeed, many gTLDs have been created with the launch of the new gTLDs project by ICANN. The first cycle of applications opened in January 2012. After examination, the new gTLDs were allowed on the market in October 2013. A second wave of applications is announced around 2020.
To date, these new gTLDs were neglected in the appreciation of the 3 criteria which compose a UDRP complaint. It now appears they would be of importance concerning proof of rights or legitimate interests as well as registration and use in bad faith.
According to the Overview 3.0, they would become relevant when the TLDs are “descriptive of or relate to goods or services (…), a geographical region, or other term associated with the complainant”. In this event, the choice of TLD would allow parties to argue in their favour.
The same observations are relevant for IDNs (International Domain Name) which have recently been the subject of great developments. Thanks to them, a registrant can now register a domain name that includes non latin letters or symbols. Many countries have taken the opportunity to register the extension of their country, as Qatar did for example. Panels are now taking these translated domain names into account while rendering decisions in UDRP proceedings.
2/ What evidence is relevant?
A second issue, which had remained unsolved by the Overview 2.0 to date,, was dealt with in the new version. Indeed, paragraph 4(c) of the UDRP principles lays down3 scenarios susceptible of allowing a respondent to demonstrate his rights and legitimate interests in the use of a domain name. However, there is no indication as to the type of evidence that panels would consider sufficient in order to demonstrate such scenarios. As of now, the Overview 3.0 sets recommendations to parties and has also annexed a selection of relevant UDRP decisions (WIPO Overview 3.0, para.2.5).
Thus, the OMPI lists 3 main factors that are the “nature of the domain name” the “circumstances beyond the domain name itself” and “commercial activity”. All elements are both defined and illustrated for educational purposes.
Concerning the second factor, it is said that panels look “at thedomain name and any additional terms appended to it (…), panels assess whether the overall facts and circumstances of the case support a claimed fair use”. Relevant circumstances would be, for example, looking at whether the respondent has a tendency to register domain names including trademarks, or whether internet users would be misled into believing that the website belongs to the complainant, or yet again whether the domain name is used in relation to bona fide activities.
3/ Enforcement of UDRP decisions
A third issue concerns procedure. It is the first time that the WIPO raises the question of the enforcement of UDRP decisions. The Overview 3.0 reminds us that the WIPO’s involvement ends with the notification of the decision to parties and to the registrar, the latter being subject to a contractual obligation with ICANN to execute the decision. The registrar can be held liable.
In this way, if a complainant is faced with difficulties ensuring enforcement of its decision, they can now contact ICANN. A procedure exists to ensure compliance with the decision.
4/ The relationship between the URS and UDRP procedures
The URS procedure was created to handle disputes concerning new gTLDs. As the UDRP procedure can also be used to settle such disputes it is possible for a complainant to use both procedures in order to try and achieve their purpose. The complainant may hesitate as to which procedure should be used. The WIPO specifies that a complainant can file a UDRP complaint after a URS complaint, and even while a URS complaint is ongoing, but, it is not possible to open a URS complaint if a UDRP procedure is ongoing. The reason for this is that the standard of proof differs in both procedures. In URS procedures, the complainant must demonstrate the facts by “clear and convincing evidence”, while panels do a “balance” in UDRP procedures (WIPO, D2016-1172, SRAM, LLC v. Li Qing).
5/ WIPO recommendations and reminders
Finally, WIPO warns that the Overview is destined to parties and is not mandatory for panels to follow. Panels are free to decide regarding the facts of the case in a way they deem fair. Parties themselves cannot simply copy the content of the Overview without adding any elements to their complaint.
In conclusion, the new version published by WIPO is helpful to practitioners by shedding new light on the procedures. This procedure is still complex. The drafting of a UDRP complaint requires the assistance of a specialized attorney. Dreyfus & associés has been specialized in this field for years, and will be able to provide you the advice and assistance needed each step of the procedure, which has gotten more complicated over the years.
Dreyfus & associés was honoured to welcome Jean-Gabriel Ganascia on June, 15th 2017, Professor at Université Pierre-et-Marie-Curie specialized in artificial intelligence and chairman of the CNRS Ethics Committee, in order to present his latest book « The Myth of Singularity – Should we fear artificial intelligence ? » published by Editions du Seuil.
In his book, Jean-Gabriel Ganascia focuses on artificial intelligence online. In his conclusions, he explains that the use of robots for tasks requiring the subjective appreciation of a human being would not be a perfect guarantee of efficiency. Indeed, according to him, the involvement of a human being will always be necessary. Some tasks could never be performed exclusively by artificial intelligence. For example, regarding moderation of discriminatory speech and incitement to online hatred, how could a robot make the difference between serious and ironic remarks ? Mr. Ganascia’s demonstration fits perfectly into his justification of a « Myth of Singularity », which implies that artificial intelligence is not a danger to humans and will never replace them.
Jean-Gabriel Ganascia described his work during the presentation of Respect Zone (http://www.respectzone.org), an association that he supports and that actively promotes respectful behaviour on the Internet. Indeed, the social concerns dealt with by this association answer to scientific questions related to artificial intelligence.
Dreyfus & Associés, well aware of the issues raised by NICTs, has proudly adopted the Respect Zone label. Respect Zone fights cyber-violence, harassment, racism, antisemitism, sexism, homophobia, glorification of terrorism and stigma surrounding the handicapped. It offers an ethical label, free of charge, accessible to all those who believe in respect on the Internet and who wish to adhere to Respect Zone’s ethical charter.
This procedure constitutes an efficient solution to fight abusive registration and malicious use of domain names that infringe trademark rights. Furthermore, it is expeditious and guarantees the effective execution of a domain name transfer or cancelation.
To this day, 17 000 domain name disputes have been resolved by the UDRP procedure and its related procedures.
The mandatory recourse to administrative proceedings
The requirements for the UDRP procedure are as follows:
The domain name is identical or similar and likely to cause confusion with a registered trademark of goods or services over which the plaintiff has rights
No right nor legitimate interest is attached to the domain name
The domain name is registered and used in bad faith
Administrative proceedings are compulsory in the context of a contractual relationship between the reserving party of the domain name, the registration office and ICANN ; however it does not preclude the possibility of appeal on the merits before a court of competent jurisdiction.
An appeal on merits is not excluded
Legal proceedings may be brought simultaneously, prior to or following administrative proceedings.
The UDRP procedure may be combined with legal proceedings. Res judicata only applies to judicial proceedings.
The absence of res judicata
A UDRP decision does not acquire the effect of res judicata, as confirmed by a judgement of the Cour d’appel of Paris, of November 8, 2016 whhich opposed the Swedish company Team Ranger AB and the Maltese company Stone Age Ltd to Mr. X, a business man in Yemen.
The present case concerned Team Ranger AB, a company specialised in the design of goods and services in the mobile technology sector. . The company owns a community trademark named Moobitalk, registered on February 10, 2011 in classes 9,12 and 38 which covers telecommunications.
On April 17, 2011, Mr. X, who operates a whole range of services named Moobichat and Moobitalk located in the Near East and the Middle east, registered the moobitalk.com domain name. Communications costs being particularly steep in this area, the services proposed by Mr. X enabled users to exchange at attractive rates.
Team Ranger filed a UDRP complaint with the WIPO to order the transfer of the domain name which infringed its trademark rights. On July 29, 2013, WIPO ordered the transfer of the domain name in favour of the plaintiffs.
On April 14, 2014, Team Ranger AB relinquished its right over Moobitalk to the company Stone age Ltd.
On August 27, 2013, Mr. X brought an action before the Tribunal de Grande Instance of Paris to obtain recovery of the domain name moobitalk.com arguing that he is the legitimate holder.
In first instance, the judges admitted trademark infringement.
The Cour d’appel reversed the decision considering that trademark law is governed by the principles of specialty and territoriality, which extend to the Internet. As a consequence, considering the target audience in the Near and Middle East and the extension “.com” which refers to a commercial activity without any geographical meaning, the territoriality principle is applicable. Since one of the trademarks is protected in the European Union while the other is protected in the Near and Middle East, both trademarks may coexist as they do not target the same market. This is all the more applicable since Mr. X has a legitimate interest in owning this domain name on account of the communication costs in the area, and since he demonstrated his good faith during the UDRP proceedings against him.
Accordingly, both trademarks show no sign of any risk of collusion and the judges therefore ruled in favour of Mr. X by ordering the restitution of the domain name to its original owner.
From this case it is noteworthy that the judges are always susceptible of challenging a UDRP decision. This decision is in line with Miss France and “pneuonline.com” precedents. The Miss France judgement, delivered by the Cour d’appel on June 17, 2004, held that the UDRP procedure is similar to arbitral proceedings but does not acquire the effect of res judicata. Moreover, in the “pneuonline.com” judgement, delivered on January 31, 2008, the Cour d’appel of Lyon held that the distinctiveness of a previously registered trademark prohibits registration of subsequent domain names replicating this trademark and operating in the same field. This ruling was delivered in spite of the WIPO expert decision which denied the transfer on grounds of non-distinctiveness of the earlier trademark.
Nathalie Dreyfus has been listed in the latest edition of Who’s Who Legal France 2017. She has been named amongst 30 other trademarks specialists. WWL says: “Nathalie Dreyfus is a recognised trademarks expert with considerable experience advising clients on cross-border matters. As a registered French and European trademark attorney, she is ideally placed to offer clients a comprehensive service.” WWL also highlights the firm, emphasizing the firm’s awards and the expertise of its team.
Dreyfus thanks Who’s Who Legal for having recommend us. It encourages us to keep providing work of quality.
Dot brands are on a roll (2017 – continuation of blog article n° 76 – New extensions: all set for “.brand”?)
Domain names: status of the <.brand> in 2017
In June 2011, the ICANN launched the new gTLDs program in order to boost innovation and competition. This is how we uncovered new gTLD applications in October 2013.
Surprisingly, many <.brand> applications were submitted (cf. https://dreyfus.fr/en/marques/new-extensions-all-set-for-brand/). Companies using registered brands were consequently able to apply for their own top level domain name extensions, at the same root level as the <.com>.
The top level domain name registration process is far more complex than domain name registration insofar as it is compulsory to become a registry operator to achieve the former. It is a time-consuming and expensive process and no one can, at the present time, submit an application anymore. A new round is scheduled for 2020. In order to become a certified registry operator, the ICANN would need to conduct an operational and technical assessment on an application basis. The applicant would submit its infrastructures (servers and networks) for examination in order to inspect its viability and security. In addition, the applicant would have to pay application fees of 185,000 US dollars, followed by an annual payment of 25 000 US dollars per “extension” to the ICANN. Once the assessment process is complete, the applicant would obtain the pre-delegation and sign a registry agreement (Registry Agreement) with the ICANN in order to guarantee compliance with its operating guidelines. Should the applicant not possess the technical skills, he may contact a service provider who would have to pass the operational and technical tests.
In January 2017, there were 551 <.brand> “extensions” in total. However 2016 proved to be the <.brand> year: 46% of delegated top level domain names were <.brand> “extensions”.
New gTLDs (generic Top Level Domains), and in this instance the <.brand>, are becoming increasingly widespread for a number of reasons.
First of all, the <.brand> extension implies not only better visibility on the Internet but also increased security insofar as this type of domain may only be registered by brand owners.
These top level domains enable the likelihood of confusion to be averted when the brand appears in the domain or sub-domain name. Indeed, in order to acquire a top level domain delegation, evidence of earlier rights over the brand must be provided to the ICANN. It therefore represents an effective means to reduce cybercriminality such as phishing. In that respect, one could easily speculate that websurfers will be more suspicious of domain names that have other “extensions” once they will have gotten used to the matching <.brand>. This security is an essential spur to some brands, particularly to banks as they are frequent victims of phishing. For this reason, as depicted by studies done by Alexa Internet, an American company specializing in data analysis, two of the most popular “extensions” are respectively owned by Banco Bradesco, a brasilian bank, and BNP Paribas.Barclays also recently registered the <.barclays> “extension”.
Secondly, the launch of the new gTLDs program has triggered the creation of entities such as The dot brand Observatory, whose activity is to assist brands in creating their own <.brand> extension.
Brand strategies on the Internet, in fact, have become an unavoidable issue for professionals but success is never guaranteed. By the end of 2015, The dot brand Observatory was created to assist companies in their top level and second-level domain name strategy. This research program entails a full analysis of brands registered as top level or second level domains which takes into account their environment, brand naming strategy and marketing approach. The observatory immediately noticed a rapid increase in <.brand> top level domains.
Finally, the growth of top level domains allows for better brand outreach on the Internet and facilitates access because the <.brand> extension is better referenced, in most cases leading to enhanced brand visibility. In addition, companies can provide exclusive access to their clients, employees and prospective clients, or make a single website accessible to the three user groups.
It is worth noting that nowadays many brands use the extension <.brand> for their own different purposes. According to the Dot Brand Observatory’s statistics, most brands use the <.brand> extension for their main website. However some prefer to dedicate the <.brand> extension exclusively to consumers, or only internally. Some companies use a <.brand> extension to fulfill both purposes such as <.bnpparibas>, the only company so far that has destined its’ <.brand> to its’ clients and its’ intranet users.
A new <.label> extension category has been developed around the <.brand> use. An example : the <.eco>.
The <.eco> extension was launched on February 1st, 2017, with the purpose of enabling domain name registrants who wish to use this extension to showcase their activity’s ecological awareness to consumers. The <.eco> is open to everyone willing to commit themselves to the ecological cause, whether it is an association or a company, so long as they demonstrate that it is in accordance with their actions. The project is supported by leading international organisations in ecology such as World Wildlife Fund, Greenpeace and the UNEP (United Nations Environment Programme) which have laid down strict requirements for eligibility to a <.eco> registration.
This project is shaping the future of domain names by developing <.label> extensions which are meant to guarantee genuine quality of the registrant to the public.
However, the downside of this system lies in the fact that it is possible for domain names to be reserved without yet having been activated, and while waiting for the registrant to undergo the post-registration check.
Our site uses cookies to offer you the best service and to produce statistics, and measure the website's audience. You can change your preferences at any time by clicking on the "Customise my choices" section.
When browsing the Website, Internet users leave digital traces. This information is collected by a connection indicator called "cookie".
Dreyfus uses cookies for statistical analysis purposes to offer you the best experience on its Website.
In compliance with the applicable regulations and with your prior consent, Dreyfus may collect information relating to your terminal or the networks from which you access the Website.
The cookies associated with our Website are intended to store only information relating to your navigation on the Website. This information can be directly read or modified during your subsequent visits and searches on the Website.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Dreyfus is concerned about protecting your privacy and the Personal Data ("Data"; "Personal Data") it collects and processes for you.
Hence, Dreyfus complies every day with the European Union legislation regarding Data protection and particularly the European General Data Protection Regulation Number 2016/679 of 27 April 2016 (GDPR).
This Privacy Policy is aimed at informing you clearly and comprehensively about how Dreyfus, as Data Controller, collects and uses your Personal Data. In addition, the purpose of this Policy is to inform you about the means at your disposal to control this use and exercise your rights related to the said processing, collection and use of your Personal Data.
This Privacy Policy describes how Dreyfus collects and processes your Personal Data. The collection happens when you visit our Website, when you exchange with Dreyfus by e-mail or post, when exercising our Intellectual Property Attorney and representative roles, when we interact with our clients and fellow practitioners, or on any other occasion when you provide your Personal Data to Dreyfus, in particular when you register for our professional events.