The new convention between the French State and AFNIC comes into force on 1st July 2022

Written by Dreyfus01/09/2022

This agreement will set out AFNIC‘s work priorities for the years to come. One of the main aims is the development of the <.fr>.

The growth of the <.fr> will be achieved through concrete actions such as helping companies in their digital transition. In fact, AFNIC has implemented a support system to enable SMEs and VSEs to develop their presence online.

In this Convention, AFNIC has committed to investing 2% of its turnover in order to apply tariff cuts as well as to simplify registration interfaces and to organise a faster and more efficient data management system.

AFNIC has also committed to investing 10% of its turnover in innovation to consolidate its social and environmental responsibility and is committed to achieve carbon neutrality for the <.fr>.

AFNIC and the French State wish to continue the work that has already been started with the aim of developing and strengthening the <.fr>.

Why does good trademark protection in the Middle East require registration in Israel as well as in Palestine?

Written by Dreyfus22/08/2022

The Palestinian territory is the subject of much controversy, however, trademark rights are not as insignificant as they might seem.

There are several reasons why the Palestinian market should be considered in a Middle East brand protection strategy. In fact, despite the separation of the Israeli and Palestinian legal systems, it is almost impossible to separate the two markets into two jurisdictions.

How to protect your trademark rights in Palestine?

There are a number of elements that illustrate the obvious geographical and commercial links that confirm that, in order to ensure full protection of trademark rights in the Middle East, it is essential to register trademarks not only in Israel, but also in Palestine. For Palestine, it is necessary to register trademarks in both the West Bank and Gaza, which have separate trademark jurisdictions. Naturally, Israeli and Palestinian jurisdictions require separate registration in each territory in order to fully protect and enforce trademark rights. However, obtaining protection in Israel is far from providing full protection if the mark has not been registered in Palestine. The opposite is also true.

So, what are the reasons for registering trademarks in both Israel and Palestine?

This is due to the geographical situation between Israel and Palestine. The economic reality is clear: 80% of Palestine’s foreign trade is with Israel.

This necessarily has an impact on the circulation of goods and services in the region. It is therefore advisable to register trademarks in both Israel and Palestine if you want to protect your trademark in the Middl East.

Thus, given the obvious geographical and commercial links between the two states, it seems crucial to have valid registrations in three different jurisdictions, namely Israel, the West Bank and the Gaza Strip, in order to obtain trademark rights in the region and ensure full protection.

What are the suggested modifications to the UDRP?

Written by Dreyfus06/07/2021

Following the UDRP ‘s new gTLD program, new Rights Protection Review Mechanisms (RPM) have been implemented to protect trademark holders, such as the Uniform Rapid Suspension System (URS) procedure.

ICANN has now decided to address changes suggested by trademark holders and intellectual property experts regarding the UDRP. For instance, one of these suggestions is that a domain name should be considered abusive if it is registered OR if it is used in bad faith, instead of requiring that both these conditions are met. The idea is to lighten the burden of proof on the rights owner to take into account a more up-to-date reality. Another suggestion is to provide for an accelerated procedure in case of abusive conduct and to get a decision more rapidly if the defendant fails to respond to the complaint.

It has also been proposed to provide for a presumption of bad faith if the registrant has lost three UDRP complaints and to require any repeat offender to pay a response fee to defend the case. The central issue at this stage of the study is to understand the extent to which the UDRP principles should be changed in favour of trademark owners, while knowingt hat it may weaken the UDRP principles.

Sources:

Overview: The Rights Protection Mechanisms (RPM) Review https://newgtlds.icann.org/en/reviews/cct/rpm

Phase: 1 Initial Report of the Review of All Rights Protection Mechanisms in All gTLDs Policy Development Process :

https://www.icann.org/public-comments/rpm-initial-report-2020-03-18-en

Domain name right : bona fide offer of goods or services

Written by Dreyfus18/06/2021

A right or legitimate interest in a domain name may be demonstrated by its use in the context of a bona fide offer of goods or services. This assessment requires to take into account how the domain name has been used, but also the space-time framework: When was the domain name registered? By whom? In which country?

Founded in 2003, Ba & sh is a French company operating in the field of design, manufacturing and distribution of women’s ready-to-wear clothing and fashion accessories.

Having detected the registration of the domain names <bashshitever.com> registered in 2014 and <bashclothing.co> in 2020, Ba & sh filed a complaint with the WIPO Arbitration and Mediation Center in order to obtain the transfer of these domain names.

While the construction of the <bashshitever.com> domain name is somewhat intriguing, the fact that the <bashclothing.co> name contains the term “clothing” may have led Ba & sh to consider that its rights were being infringed.

In any event, since the domain names include the sign “BASH” except for the ampersand, the panellist acknowledges a likelihood of confusion.

Nevertheless, the panellist deems that Respondent has chosen these domain names independently of Complainant’s trademark and has used them in the context of a bona fide offer of its goods on the corresponding websites.

Indeed, Respondent is from Malaysia, where the company was founded in 2015, while Ba & sh has provided no evidence of actual use of its BA & SH mark in that territory. Khor Xin Yu, Respondent, explains that he co-founded “BASH CLOTHING” in 2013 when he was 18 years old and that the mark was also used in Singapore in 2017. Initially, the sign used was “Bash Shit Ever”, later changed in 2020 to “Bash Clothing” as part of a branding update.

Similarly, Respondent provided an explanation and documentation justifying the selection of the sign BASH because of the meaning of the dictionary term “bash”. Finally, Respondent used a logo that differs from that of Complainant.

Complainant has not shown that Respondent registered and used the disputed domain names in bad faith.

Indeed, when the first disputed domain name <bashshitever.com> was acquired by Respondent, Complainant had been operating in France and worldwide for about 11 years and had owned an international trademark for about 7 years, designating Malaysia. However, Complainant has not presented any evidence of actual use of its BA & SH trademark in Malaysia at the time of registration of the first disputed domain name.

In addition, a Google search for “bash” shows several results unrelated to Complainant or its trademark. Respondent has also provided a plausible explanation as to why he chose the term “bash”, an English dictionary term related to the idea of a party insofar as its initial target was female students.

Finally, although the parties operate in the same market segment (i.e. ready-to-wear and accessories), Respondent’s use of the disputed domain names does not show an intention to compete with Complainant and its trademark, given the different logos/layouts, the significantly lower prices at which the Respondent’s clothing is offered for sale, and the absence of any information on Respondent’s website that would lead users to believe that the website is operated by Complainant or any of its affiliated entities.

The complaint is, therefore, dismissed.

Ba & sh should have investigated Respondent’s motives before initiating a UDRP proceeding, including whether its trademark was known in Respondent’s country when the first domain name was registered. It should also have determined for how long Respondent had been using the “Bash” sign for fashion activities. An investigation could have revealed these elements. Respondent explains that he first marketed the Bash clothing on social networks. And, depending on the answers to these two questions, write a proper letter to the defendant

Why is the well-knownness of an earlier trademark not enough to qualify bad faith?

Written by Dreyfus09/06/2021

La notoriété d’une marque ne suffit pas à garantir le transfert d’un nom de domaine similaire

Rémy Martin & C fait partie du groupe Rémy Cointreau, une grande entreprise de cognac. Fondée en 1724, cette maison est l’un des principaux acteurs de la production et de la fabrication du cognac en France.

Le groupe détient un large portefeuille de la notoriété d’une marque comprenant les éléments verbaux « louis » et « louis xiii » en lien avec son cognac Louis XIII le plus célèbre et le plus cher.

Suite à la détection du nom de domaine < louisthirteen.com >, E. Remy Martin & C a déposé une plainte auprès du Centre d’Arbitrage et de Médiation de l’OMPI, afin d’obtenir le transfert de ce nom de domaine.

Le nom de domaine est composé de « louis » qui est identique à la première partie de la marque et est suivi de « treize ». Un nom de domaine qui consiste en une traduction d’une marque est généralement considéré comme identique ou similaire à cette marque . « Treize » est la traduction littérale en anglais du chiffre romain « xiii », comme l’a reconnu l’expert.

Or, en examinant les différentes pages du site Internet de l’intimé, le panéliste constate que le nom est utilisé pour une véritable offre de produits en marque blanche, notamment des masques de protection contre les bactéries et les virus dans le cadre de la lutte contre le Covid-19. Bien que le Défendeur n’ait pas répondu à la plainte, des mentions légales sont présentes sur le site et une recherche rapide sur Internet des sociétés britanniques montre un enregistrement de la société Louis Thirteen Group Limited en juin 2019, soit 18 mois avant le dépôt de la plainte.

Même si la marque antérieure bénéficie d’une large protection, l’expert précise qu’il n’est pas évident que le Plaignant puisse s’opposer à l’utilisation d’un nom commercial « louis thirtheen » pour des activités aussi différentes des siennes.

La lourde charge de la preuve incombant au Plaignant pour s’opposer à l’usage de la notoriété d’une marque.

Dans l’Union européenne et au Royaume-Uni, le titulaire d’une marque notoirement connue ne peut s’opposer à l’utilisation d’une marque similaire/identique que si l’utilisation par le tiers tire indûment profit de ladite marque ou porte atteinte au caractère distinctif ou à la renommée. de cette marque.

L’expert constate que le Plaignant a manqué à sa charge de la preuve dans la mesure où il existe une possibilité réelle que le nom correspondant au nom de domaine ait été utilisé dans le cadre d’une offre de bonne foi de biens et de services antérieure à la notification du litige.

Dès lors, l’expert considère qu’il n’est pas prouvé que l’intimé n’ait aucun droit ou intérêt légitime sur le nom de domaine. Ainsi, il n’a pas à établir que le nom de domaine a été enregistré et utilisé de mauvaise foi.

La possibilité de saisir la justice reste ouverte

Pour les motifs qui précèdent, la plainte est rejetée. Cependant, l’expert déclare que cette décision n’affecte pas le droit du Plaignant d’intenter une action en contrefaçon de marque contre le Défendeur devant les tribunaux.

Une recherche rapide sur Internet aurait dû permettre au Plaignant d’identifier l’existence de Louis Thirteen Group Limited et de conclure que l’UDRP n’était pas un for approprié pour ce litige, qui devait être abordé de manière globale et non limité au seul nom de domaine. .

Par ailleurs, Louis XIII est le nom d’un roi de France et la marque antérieure n’est donc pas fantaisiste , élément que le panéliste a pu prendre en compte dans son analyse, même s’il ne l’a pas mentionné explicitement.

International Trademark: Islamic Republic of Pakistan joins the Madrid System

Written by Dreyfus09/03/2021

As of May 24, 2021, the Madrid System will officially welcome its 108th member: the Islamic Republic of Pakistan.

On February 24, 2021, Pakistan deposited its instrument of accession to the Madrid System with the Director General of the World Intellectual Property Office (WIPO). The arrival of this new member brings the number of countries covered by the Madrid System to 124, and highlights the importance of this international system for the filing and registration of Trademarks.

The Madrid System provides a practical and cost-effective solution for the registration and management of trademarks worldwide. More than 1.5 million international trademarks have been registered since its creation in 1891. While the system has been in place for more than 125 years, three quarters of its member countries have joined it in the last three decades. After the recent accessions of Canada, Samoa, Thailand, and the Sultanate of Brunei, it is now up to Pakistan to join the protocol.

Pakistan’s adhesion to the Madrid Protocol enables the harmonization of Pakistani trademark law at the international level. With the filing of a single international Trademark application, Pakistani applicants now have the possibility to apply for protection in 124 countries. Likewise, Pakistan can be designated by applications from any state party to the Madrid system and international Trademark owners can easily extend their protection in the Pakistani market.

The international trademark system is a major asset for the registration of your trademarks abroad at a lower cost.

Dreyfus can assist you in the management of your trademarks portfolios in all countries of the world. Please feel free to contact us.

Data protection : what are today’s real issues?

Written by Dreyfus28/08/2020

Consumers are now demanding more privacy and security in t he processing of their personal data.

What are the challenges for the data controller?

There are several challenges for the data controll

er – i.e. the legal or natural person who determines the purposes and means of a processing operation – to overcome at different scales:

– information management: reducing the data collected by establishing a precise commercial context, and reducing the risks by taking care of the contracts;

– communication with suppliers: being able to find solutions and evaluate each other;

– monitoring of data processing: setting up mechanisms for reporting data breaches or threats concerning suppliers (for example, if Easyjet has had a data breach, the data controller, operating in the same business sector as the airline, if notified, can redirect its decisions.

What are the risk management methods?

A more effective risk management includes precise identification of suppliers, prior audits when integrating new suppliers, automation of evaluation and control processes, and risk prevention to protect data.

What about cookies?

They are used to collect data. Their presence is materialized by the banners you find on websites that ask for your consent to collect certain data.

In summary, there are 3 types of cookies:

– cookies strictly necessary for the operation of the site;

– cookies intended to improve the performance and functionality of the site;

– advertising cookies (which will soon disappear, Firefox has already put an end to them, and Google has announced that Chrome will no longer use them in 2021).

How do I collect online consent?

Remember that in France, consent must be free, specific, informed and unambiguous (GDPR).

Nevertheless, in order to collect consent, the user must understand what he is consenting to. He must receive clear information (purpose and duration of the use of cookies, list of third parties with whom the information is shared etc…) and the data controller must be particularly attentive to the layout of his banner.

What should be the role of the DPO (Data Protection Officer) in a modern company?

If the company promotes ethics, innovation, data, then the DPO has a key role: they shed light on data collection, and bring their vision on risks from an individual’s point of view.

In the past, their role was purely administrative, but today it is different, the DPO accompanies the company on a permanent basis, but they cannot guarantee compliance on their own: they have to expand a web within the organization (with the digital or marketing departments in particular) in order to promote the essential principles.

What changes are taking place within companies, in terms of GDPR awareness?

When GDPR came into force, programs were launc

hed to raise awareness of it, , and it was necessary to mobilize the entities and ensure they had good skills (setting up e-learning internally, for example).

Despite the existing similarities in legislation, what differences persist and what are the challenges that companies have to face in this respect?

There are technical differences (in terms of data retention time, each country has its obligations) and very important cultural differences, the way in which people in different countries deal with these subjects depends on their history. Consequently, it is difficult to find “golden rules” (= harmonized rules).

How can organizations benefit from their compliance efforts?

One way to recognize that companies have done their job properly is through certifications, such as HDS certification.

Dreyfus helps you to comply with these new legislations.

The Supreme Court of the Russian Federation adopted Resolution No. 10/2019 and thus provided welcome clarifications on domain names

Written by Dreyfus20/09/2019

On April 23^rd 2019, the Russian Supreme Court adopted Resolution No. 10/2019, which clarified the provisions of Part 4 of the Russian Civil Code relating to intellectual property rights, and therefore to domain names, which are the subject of this article.

Among the clarifications provided, the Russian Supreme Court decided in particular that the commercial courts had jurisdiction to rule on disputes relating to distinctive signs (with the exception of appellations of origin, however), whether the party concerned is an individual person, a private entrepreneur or a company. Previously, the commercial courts and the general courts had jurisdiction based on the identity of the holders of intellectual property rights.

Furthermore, it is increasingly difficult to obtain information on the identity of Russian domain name registrants.

Indeed, although it is possible to make a request to registrars to disclose the identity of domain name registrants, obtaining this information has become increasingly complicated without legal action since many registrars refuse to disclose this information by taking refuge behind applicable legislation or requesting additional documents.

Resolution No. 10/2019 specifies that this information may be obtained through a court by filing a request for disclosure of personal data in legal proceedings. However, this is complicated when the identity of the domain name registrants is unknown. One solution would be to take legal action against registrars and then file a request for disclosure of personal data. It would be then possible to substitute the defendant.

In addition, with regard to infringement of a trademark by registration and use of a domain name, the Russian Supreme Court ruled that trademark infringement is characterized by the use of a domain name for goods and services similar to those designated by the trademark in question, and in some cases still, by registering the domain name only. Consideration should be given to the purpose behind registering the domain name to judge whether there is trademark infringement.

Finally, the Russian Supreme Court provides various additional clarifications. For example, a monetary claim may be filed against the current user of a domain name. In addition, it is possible to request provisional measures in respect of domain names. Finally, in cases concerning domain names, evidence consisting of printed screenshots of websites clearly showing i) the address of the websites in question, ii) the time at which the screenshots were taken and iii) whether they have been verified by the parties to the proceedings is admissible.

These clarifications are welcome. We will keep you informed of any further developments in this regard. Dreyfus is a specialist in domain name protection and defense strategy and can find solutions adapted to your needs. Do not hesitate to contact us.

RDAP replaces WHOIS

Written by Dreyfus11/09/2019

The WHOIS protocol now appears to be outdated due to the evolution of technical requirements in the digital era. Indeed, this tool, provided by registrars, is inter alia not capable of working with either encoding or with non-latin characters. Consequently, since 2015, ICANN in collaboration with the Internet Engineering Task Force (IEFT) has been working on the replacement of WHOIS through the RDAP (Registration Data Access Protocol), in compliance with the Temporary Specifications and the GDPR.

Like WHOIS, the RDAP provides registration data, although its implementation is different since it allows standardization, security data access and enquire response formats. As a result, it will be possible to search all the registration data available from various registrars, unlike WHOIS that is limited to the database being searched. It also takes into account the internationalisation of domain names.

The possibility of granting different accesses to the registration data is being considered. For instance, access for anonymous users could be limited whereas authenticated users could have full access to all data.

While some elements still have to be worked out, registrars are required to implement the RDAP service prior to August 26, 2019.

This brief was published in the July-August 2019 issue of the French magazine “Propriété industrielle”.

The EU cybersecurity certification Framework

Written by Dreyfus30/08/2019

Cyber-attacks are on the rise, and they are becoming more sophisticated. Our current business model is globally interconnected; commercial transactions and even social life transcend national borders. Consequently, our vulnerability to cyber-attacks has been increased, however, the competences of the cyber security and police authorities, as well as political responses, are predominantly national.

This situation has made European authorities aware of the need to deal with these threats in an effective and coordinated way, relying their actions on policies dealing specifically with cybersecurity within the European Union. By means, the aim is thus to improve cooperation, exchange of information and coordination between the Member States and the institutions, bodies, offices and agencies of the Union.

The European Commission, as part of the Digital Single Market Strategy, has approved Regulation No. (EU) 2019/881, on ENISA (the European Union Agency for Cybersecurity) and on certification of information and communications technology cybersecurity, which came into force on June 27, 2019.

This new regulation has two main objectives. On the one hand, to give ENISA (the European Agency for Cybersecurity, now named the European Union Agency for Cybersecurity) a greater role in the field of cybersecurity, establishing a series of objectives and tasks. On the other hand, the creation of a common certification framework at European level, with the aim of guaranteeing an adequate level of cybersecurity of ICT products, services and processes in the EU, avoiding the fragmentation of the internal market.

Concerning the first objective, the first substantive point of the Regulation is to give more powers to the European Union Agency for Cybersecurity (ENISA). It will now have a permanent mandate facilitating the exercise of the new functions assumed, one of which is to increase cooperation on cybersecurity within the Union, for example in cases of large-scale cyberattacks or cross-border crises. This strengthening is also reflected in the economic resources for ENISA, increasing from 11 to 23 million euros over a period of five years.

It is noteworthy that European regulation focuses on users by addressing concepts such as users’ awareness, and the application of good practices online. Both public bodies and private stakeholders will receive recommendations on safe configurations and maintenance of their devices, and the availability and duration of updates, as well as the perceived risks.

With regard to the second objective, the regulation creates a framework for European Cybersecurity Certificates for products, processes and services that will be valid throughout the EU. It is the first EU legislation on the internal market to take up the challenge of enhancing the security of connected products, Internet of Things devices and critical infrastructure through such certificates.

The creation of the cybersecurity certification framework incorporates security features in the early stages of their technical design and development (security by design). It also enables their users to ascertain the level of security assurance, and ensures that these security features are independently verified.

As to the second objective of the regulation, the certification framework will provide EU-wide certification schemes as a comprehensive set of rules, technical requirements, standards and procedures. This will be based on agreement at EU level for the evaluation of the security properties of a specific ICT-based product or service, for instance, smart cards. This will certify that ICT products and services which have been certified in accordance with such a scheme comply with specified requirements. In particular, each European scheme should specify: a) the categories of products and services covered, b) the cybersecurity requirements, for example by reference to standards or technical specifications, c) the type of evaluation such as self-assessment or third party evaluation, and d) the intended level of assurance for instance, basic, substantial and/or high.

ENISA’s mandate is immediate from the entry into force of the Regulation, whereas the cybersecurity certification framework will have to be developed. In this respect, the Commission’s agenda has already included the submission of proposals to ENISA for the preparation of certification projects, as well as the creation of expert groups on cybersecurity.

Finally, this European regulation not only seeks to increase users’ confidence in the use of connected devices, but also to strengthen the European cybersecurity industry and the European Single Market, positioning it as a global benchmark, in line with other markets such as the United States or China.

With significant expertise in protecting innovative products and designs, and in defending intellectual property rights on the Internet, Dreyfus is well positioned to assist you in enhancing your assets on the web.

News