What Are The Latest Trends In IT Law And How Can You Leverage Them?

Written by Dreyfus13/03/2023

The legal landscape of the tech industry is constantly changing, making it difficult to keep up with the latest developments in IT law. Companies must stay up to date with the latest laws and regulations to ensure that their businesses remain compliant. Understanding the latest trends in IT law can help companies ensure that they are taking advantage of the latest legal opportunities and protecting their intellectual property.

One of the most important trends in IT law is the increasing focus on data privacy. As technology has advanced, companies have begun collecting and storing more information about their customers than ever before. In response, governments around the world have implemented new regulations to protect consumer data and ensure that companies are held accountable for how they store and use customer information. Companies must understand these laws and make sure that their practices are compliant. Another important trend in IT law is the emergence of cloud computing.

Cloud computing allows companies to store and access data remotely, eliminating the need for physical storage devices. However, this also creates a new set of legal issues, as companies must consider the legal implications of storing and accessing data in a cloud environment. Companies must be aware of the applicable laws and regulations in order to ensure that their use of cloud computing is compliant. Finally, IT law is also increasingly focusing on cyber security. Companies must be aware of the legal requirements for protecting their networks and data against cyber attacks. Companies must also be aware of the legal implications of any cyber security breaches that may occur. Understanding the latest trends in cyber security law can help companies ensure that they are taking the necessary steps to protect their networks and data.

So, how can companies leverage these trends in IT law? Firstly, they should ensure that they are up to date with the latest laws and regulations. Companies should also consider the legal implications of any new technologies they are using, such as cloud computing or cyber security solutions. Companies must also make sure that they are taking the necessary steps to protect their networks and data against cyber attacks. Finally, companies should consult with an experienced IT lawyer to ensure that they are taking advantage of the latest legal opportunities and protecting their intellectual property.

We offer our clients a dedicated and unique experience of expertise that is necessary for the exploitation of intangible assets. We will also endeavor to keep you informed and up-to-date about intellectual property and digital economic issues through our articles and newsletters written by the Dreyfus Legal Team.

Are we still really anonymous on social networks in 2021?

Written by Dreyfus10/11/2021

Anonymity on the Internet, or the eternal debate about social networks, raises more and more moral and legal questions with an exponential number of disputes brought before the courts.

The popularization of social networks is usually associated with anonymity, and therefore with the eternal debate about the lifting of anonymity in the face of the excesses of certain users. The murder in October 2020 of Professor Samuel Paty, targeted on social networks, or a wave of insults towards a candidate of Miss France at the end of 2020, have re-launched this discussion on the political scene. And especially the desire to add a section to the French legislative proposal “strengthening the respect of the principles of the Republic” to fight against online hate.

As a preliminary, it is interesting to really ask ourselves about anonymity on the Internet: are we really anonymous on the Internet?

The answer is no in most cases. Indeed, when we browse the Internet, an IP address anchors each of our researches. This address makes it possible to identify each device that connects to the Internet, even indicating the geographical location of the person.

This is one of the reasons why it is very difficult to leave no trace of your passage on the Internet, unless you are a very experienced technician.

The difficulty in reality is related to the obstacles linked to the recovery of these data allowing to identify a user, more than to the existence of anonymity stricto sensu. The Internet actors play a preponderant role in the possibility that some users have to hide their identity. This concealment has increased especially with social media.

The position of social networks

Social networks and other platforms argue that they are simply “host” or “technical intermediary” to reject a request to lift anonymity or to delete an account that is the author of contentious content.

Only a court decision can force these platforms to lift anonymity on an account. However, judicial decisions are still discreet. This can be explained on the one hand by the fact that positive law only allows the anonymity of an account to be lifted if the content is clearly illicit. On the other hand, the freedom of expression constitutes an obstacle to the lifting of anonymity.

However, some recent decisions seem to reverse this trend.

French jurisprudence on the move

On February 25, 2021, the Paris Judicial Court (Tribunal judiciaire, Paris, (ord. réf.), February 25, 2021, G. B. c/ Sté Twitter International Company) ordered Twitter to communicate the identification data of a user, in a case against a female Youtuber. Under Article 145 of the French Civil Procedural Code, “if there is a legitimate reason to preserve or establish before any trial the evidence of facts on which the solution of a dispute may depend, legally admissible measures of investigation may be ordered at the request of any interested party, on application or in summary proceedings. The influencer filed a request with the Court for the communication of identification data in parallel with the filing of a criminal complaint for defamation.

This communication of data by hosts is provided for by Article 6-II of the law of June 21, 2004. Indeed, this article provides for an obligation for hosts to hold and retain data allowing the identification of persons who have: “contributed to the creation of the content or of one of the contents of the services for which [they] are a provider”.

The Court granted the applicant’s request, as the existence of a legitimate reason was well established, namely the short duration of the storage of these identification data. The court thus ordered Twitter to disclose the necessary information:

♦ The types of protocols and the IP address used to connect to the platform

♦ The identifier used to create the account

♦ The date the account was created

♦ The first and last names or the company name of the account holder

♦ the pseudonyms used

♦ the associated e-mail addresses

The European court, also seized of the matter

The High Court of Ireland has referred to the Court of Justice of the European Union the issue of lifting anonymity in a case between Facebook Ireland and a school, whose staff was subjected to derogatory comments via an Instagram account (a platform recently acquired by Facebook).

The question posed to the CJEU, concerns the threshold of seriousness that allows an exception to the GDPR, which protects our personal data, and thus be able to condemn the platform concerned to lift the anonymity on the authors of the contentious content.

The answer of the CJEU, will not come before several months, however it will surely allow to have clearer criteria concerning the balance between the respect of freedom of expression, protection of personal data, and infringement of people.

These decisions could open the way to a more supervised and therefore better regulated anonymity on social networks. A growing body of case law in this area, could encourage the courts to more condemn more easily these platforms, to communicate these identification data in order to punish the illicit content that users publish too easily, taking refuge behind anonymity and freedom of expression.

Dreyfus is at your disposal to assist you in securing these projects.

ABOUT THIS TOPIC…

♦ How will the Digital Services Act change the legal framework for the Internet service?

The Public Interest Registry creates an institute specialized in the fight against DNS abuse

Written by Dreyfus06/07/2021

The Public Interest Registry (PIR), registry for the .org top-level domain, launched the domain name system Abuse Institute on February 17, 2020. The purpose is to help protect Internet users from the threat of domain name system abuse.

The institute’s mission includes helping to identify and report DNS abuse, establishing best practices in the area of domain name system abuse and funding domain name system research.

The Institute’s activities cover three main areas:

– Innovation: Developing best practices for registries and registrars and funding research on cyber security and domain name system abuse;

– Education: Through the development of a library of available information and practices;

– Collaboration: The Institute will operate as a networking forum and sharing centre for stakeholders interested in these issues.

A hotline has also been created to assist registries and registrars with questions about DNS abuse.

Sources :

https://dnsabuseinstitute.org/about-the-dns-abuse-institute/

Why does the willingness to sell a domain name is not conditioned on an active approach?

Written by Dreyfus18/05/2021

(OMPI, Centre d’arbitrage et de médiation, 23 février 2021, affaire n° D2020-3322, Netflix Inc. c. WhoisGuard, Inc. / Siddharth Sethi)

Avons-nous encore besoin d’introduire Netflix ? Cette plateforme proposant des services de streaming vidéo compte 195 millions de membres dans plus de 190 pays et semble être connue dans le monde entier. Pourtant, certaines personnes tentent de se soustraire à cette notoriété pour tenter de se construire une légitimité artificielle et justifier l’enregistrement d’un nom de domaine .

En effet, alors que la société Netflix détient de nombreux enregistrements dans le monde pour le signe « NETFLIX » en tant que marque , la société a détecté l’enregistrement du nom de domaine <netflix.store> . En conséquence, elle a déposé une plainte auprès du Centre d’arbitrage et de médiation de l’OMPI pour obtenir son transfert.

Le nom de domaine, enregistré le 3 septembre 2017, pointe vers une page qui présente une animation composée d’un effet d’éclatement de couleur et se termine par un écran de couleur vierge.
Le titulaire soutient que le nom de domaine ne reproduit pas la marque NETFLIX mais est plutôt composé de deux termes , “net” et “flix”. Or, comme prévu, l’expert considère que la marque NETFLIX est reproduite à l’identique dans le nom de domaine.
L’expert considère que si l’utilisation du nom de domaine n’est pas commerciale, son enregistrement ne serait pas non plus considéré comme légitime. En effet, le site mis en place vise à légitimer l’enregistrement afin de dissimuler l’intention de vendre le nom de domaine au Plaignant. Ni la reproduction de la marque NETFLIX dans le nom de domaine litigieux, ni l’extension <.store> n’ont de sens si le projet devait effectivement être non commercial.

En conséquence, il estime que l’intimé n’a aucun droit ou intérêt légitime sur le nom de domaine .
Par ailleurs, l’expert constate que le Défendeur connaissait le Plaignant et son activité et prévoyait qu’en achetant le nom de domaine, il serait en mesure de le revendre au Plaignant avec un bénéfice significatif. Cette stratégie a été partiellement couronnée de succès, car Netflix a fait une offre que l’intimée a refusée, essayant d’obtenir une somme considérablement plus élevée.

Or, l’enregistrement d’un nom de domaine qui correspond à la marque d’un Plaignant avec l’intention de le vendre au Plaignant lui-même , établit la mauvaise foi. L’expert précise que le titulaire « [n’aurait pu] raisonnablement penser qu’un tiers serait en mesure d’utiliser commercialement le Nom de domaine litigieux ». Il convient également de noter que l’intimé a tenté de faire croire à la personne qui l’a contacté qu’il avait reçu d’autres offres plus élevées. En effet, le représentant de Netflix, qui n’avait pas indiqué qu’il agissait pour Netflix, ce qui était un secret de polichinelle, avait proposé la somme de 2 000 USD, que le déclarant jugeait trop faible.

L’expert commente ce comportement récurrent de certains cybersquatteurs : « Peu importe que le Défendeur n’ait pas proposé activement à la vente le Nom de domaine litigieux. Il n’est pas rare que des déclarants opportunistes de noms de domaine incluant une marque tierce attendent d’être approchés, réalisant qu’une offre active de vente du nom de domaine peut faciliter un procès UDRP à leur encontre ».

En conséquence, l’expert conclut que le nom de domaine litigieux a été enregistré et est utilisé de mauvaise foi et ordonne ainsi son transfert au Plaignant.

Sauf dans les cas où un nom de domaine reproduisant une marque notoire telle que NETFLIX est utilisé à des fins de critique sans usage commercial, ou pour un usage commercial minimal, il est quasiment inconcevable d’imaginer qu’un tel nom de domaine ait pu être enregistré de bonne foi . Netflix savait évidemment qu’elle gagnerait le procès, mais a visiblement choisi d’essayer de négocier un rachat à l’amiable pour un budget légèrement inférieur à celui d’une procédure UDRP, si l’on compte les 1 500 USD d’honoraires et les honoraires d’avocat. Cette approche, si elle réussissait, aurait permis d’économiser du temps et de l’argent, mais la simple offre de rachat a pour effet d’encourager le cybersquattage.

How does the bad faith duplicate between registration and bad faith use?

Written by Dreyfus29/04/2021

UDRP While one generally refers to the “three criteria” of the UDRP (a trademark similar to the domain name; the absence of rights or legitimate interests of the defendant in the disputed domain name; and the bad faith of the registrant), it should be kept in mind that bad faith in UDRP matters has two aspects: the first is bad faith registration and the second is bad faith usage. Therefore, proving only one of these elements is insufficient even though it may be considered “fair” that a name used in bad faith should be transferred to the applicant.
In the present case, Great American Hotel Group, Inc. complained that its former vice-president retained the domain name <greatamericanhg.com> and changed the password of the account used to manage this name with the registrar.

It all started in 2011 when the applicant decided to adopt the name Great American Hotel Group. Its president at the time asked Mr. Greene, then vice-president of the company, to reserve the domain name <greatamericanhg.group>.
The latter did so, but – apparently without notifying his superior – reserved the domain name in his name instead of that of the company. He did, however, record the company’s postal address, and pay with the company card. In 2012, he hired an anonymity service to hide his data.

Since its registration, the name had been used for the company and Mr. Greene had always treated the domain name as part of the company’s assets.

However, following disagreements, Mr. Greene was suspended from office in 2015 and dismissed in 2016. In 2017, the name was renewed by the company’s technical teams even though Mr. Greene was no longer present. However, the latter subsequently changed the password so that the name could no longer be renewed by the company. The applicant’s counsel proceeded to send Mr. Greene a letter of formal notice, which remained unanswered, leading to the filing of a UDRP complaint.

The panellist acknowledged that the applicant had common law trademark rights through the use of the sign “Great American” and that the registrant did not have any legitimate rights or interest in the name as it was created for the applicant company.
He also acknowledged that the domain name was used by Mr. Greene in bad faith.

Nevertheless, the panellist was more sceptical regarding the issue of bad faith registration. Indeed, the name had been reserved by Mr. Greene at the request of the president of the applicant company, which, in principle, had, in fact, been a registration in good faith.

In order for registration by an employee to qualify as having been done in bad faith, the panellist specified that the employee must have, from the beginning, had “an intention to cause harm”. Therefore, the evaluation must be factual and done on a case-by-case basis.

In this case, Mr. Greene had registered the domain name in his own name. The panellist found that “this may be subject to questioning, and the fact that he did not mention the company does not constitute a good domain name management practice”, however, the president and the company seemed to be equally as uninterested in formalizing the reservation of the name.

For four years, until he was suspended from his functions, the registrant had always displayed conduct that demonstrated that he understood that the name belonged to the company. Thus, there is no reason to suppose that by reserving the name four years earlier, he had intended to compete with the applicant or to benefit from some type of tactical advantage against him.

Consequently, the plaintiff’s complaint was dismissed as the registration in bad faith had not been established. Nevertheless, the panellist specified that the applicant could turn to other avenues to try to obtain relief.

The significance of this decision, in addition to highlighting the dual condition of bad faith, is that it reiterates the need to set up an internal naming charter to avoid any dispersion of assets, both in terms of trademarks and domain names.

Can ICANN provide a solution for IT security problems?

Written by Dreyfus14/04/2021

The DNS NEWS report No. 271 highlights the overall criticism of ICANN solution for not intervening as much as its powers allow in Internet security issues, even though the DNS breaches do not decrease the number of hits. A sort of criticism derives from this observation: should ICANN become a kind of Internet welfare state or should it remain in the background, which would be recommended by the defenders of Internet neutrality.

It should be noted that in 2018, ICANN solution had already undertaken measures to make the Internet a little more secure, by changing the cryptographic key used to protect the Internet’s address book, the DNS (Domain Name System). However, further efforts are expected.
Domain Name System. – V. ICANN, 16 sept. 2018, Approved Board Resolutions [ R]egular Meeting of the ICANN Board).

Source: Dns-news.fr, date, rapp. n° 271,

To discover…

♦ ICANN Summit: the fight against DNS abuse, a GAC priority

The current reputation of the trademark is not sufficient to prove bad faith registration of an old domain name

Written by Dreyfus23/03/2021

Source: WIPO, Arbitration and Mediation Center, Nov. 24, 2020, case DRO2020-0007, NAOS c/ Bioderm Medical Center

The Bioderma brand has a world-wide reputation but was this reputation already established in Romania at the beginning of the years 2000? The Bioderm Medical Center, a clinic based in Romania, answers no to this question.

NAOS, owner of the Bioderma trademark, has detected the registration by the Centre Médical Bioderm of a domain name reproducing its trademark, namely <bioderma.ro>. However, said domain name is quite old as it has been registered on February 24, 2005.

On September 4, 2020, NAOS filed a complaint with the WIPO Arbitration and Mediation Center to obtain the transfer of this domain name. This complaint is based on an International trademark Bioderma, protected in Romania since 1997.

Nonetheless, the defendant claims to have used the sign Bioderma as its business name for several years, hence the registration of the domain name <bioderma.ro> and the subsequent change of its coporate name.
The expert in charge of the case is particularly thorough in its assessing whether the defendant has the legitimate interest and rights in the disputed domain name or not.
He considers that even if the latter produced a Kbis extract showing that its commercial name, in 2003, was indeed Bioderma, it is insufficient to prove a legitimate interest or rights on the domain name. The defendant should have brought evidence that it was commonly known by the Bioderma name.

The expert also notes that the disputed domain name resolves to an inactive web page and therefore concludes that there was nobona fide use of the name in connection with an offer of goods and services and no legitimate non-commercial use of the name.
It is however on the ground of bad faith that the expert finally decides in favour of Bioderm Medical Center.
The latter notes that the International registration of the applicant’s Bioderma trademark is several years older than the disputed domain name and that this trademark is currently renowned. However, the evidence brought by the applicant are deemed insufficient to demonstrate the possible or actual knowledge of this trademark by the defendant in 2005, at the time of registration of the disputed domain name.

Indeed, although the earlier mark was established in the 70’s in France and was first registered in Romania in 1997, the first subsidiary of the applicant, established in Italy, only opened in 2001: the true starting point of the brand’s internationalization.
Yet, the defendant founded the company in 2003 and carried on its business under the name Bioderma until 2008.

From there, it is not possible to establish that it had targeted the company or its trademark to mislead or confuse Internet users. Moreover, the defendant did not conceal its identity and responded to the complaint, which shows good faith.

This decision is a reminder that it is essential to place oneself at the time of domain name registration in order to assess the aim of the registrant. Even if the prior trademark enjoys a world-wide reputation on the day of the complaint, the dive into the past is inevitable: it must be determined whether the defendant, located in a certain country, had knowledge of the rights or reputation of the trademark. In this case, the expert took into account, among other things, that the defendant used the commercial name “Bioderma” in 2005. Therefore, it is essential to investigate on the registrant and their situation at the time of registration of the domain name, here particularly old. To that end, seeking legal advice from an IP lawyer specialized in UDRP procedures is strongly recommended.

Dreyfus can assist you in the management of your trademarks portfolios in all countries of the world. Please feel free to contact us.

The creation of a data access system Whois by ICANN

Written by Dreyfus27/01/2021

Since the advent of the General Data Protection Regulations (GDPR), it has become really difficult to obtain information about the registrant of a domain name. This obviously complicates the dialogue between trademark and domain name holders.

ICANN has proposed a project to create a System for Standardized Access/Disclosure (SSAD), which would allow standardized access to non-public data on domain name registrations.
The objective of the SSAD is to provide a predictable, transparent, efficient and accountable framework for access to non-public registration data. It must also be consistent with the GDPR.
However, the decision whether or not to grant requests would still belong to the registrars, as legal constraints on personal data may vary from country to country.

This project accelerated in August during Stage 2 of the policy development process, during which a final report was presented that provides 22 recommendations for the system.
The creation of this SSAD could, in the coming years, facilitate the fight against cybersquatting, which has been strongly impacted by the GDPR and WhoIs anonymization processes. It should be remembered that the next round of requests for domain name extensions should take place in 2023, bringing a whole new set of challenges in the fight against Internet attacks.

Source: LexisNexis, N°1 (January 2021)

Domain names in <.suck> : between attack to brand image and freedom of expression

Written by Dreyfus26/01/2021

Sources: Domain Incite, Free speech, or bad faith? UDRP panels split on Everything.sucks domains, Oct. 22, 2020:

Free speech, or bad faith? UDRP panels split on Everything.sucks domains

Mirapex.sucks, Case n° 103141, 2020-06-29 : https ://udrp.adr.eu/adr/decisions/decision.php ?dispute_id=103141
Bioderma.sucks, Case n° 103142, 2020-07-01 : https ://udrp.adr.eu/adr/decisions/decision.php ?dispute_id=103142DNS News No. 270, Oct. 2020

The top-level domain name extension <.sucks> was open for registration by ICANN in 2015. At the time, some brands were already concerned about the risk of cybersquatting on these extensions, and the possible damage to the brand image that this could generate. In fact, many domain names that use trademarks known and ending in <.sucks> were born. Very often, these domain names refer to pages where Internet users can complain about the brand in question, whether they are consumers or former employees.

During the past months, the phenomenon has intensified with a lot of reservation numbers, clearly done by the same registrar of the domain name in <.sucks>. Suddenly, new online pages have emerged, with the same structure and bad comments about renowned brands. A system of resale at prices between $199 and $599 is also in place.
The question of the dispute resolution about the <.suck> is complex, since the situation raises issues relating to freedom of expression.

Two recent cases with two opposite outcomes illustrate this complexity. The domain names <mirapex.sucks> and <bioderma.sucks> were both registered by the same registrar and are both the subject of UDRP complaints. In response to these two complaints, the defendant based his argument on freedom of expression. For <mirapex.sucks>, the complaint was unsuccessful, on the contrary, for <bioderma.sucks>, the name transfer was ordered.

In the case of <bioderma.sucks>, the expert had taken into consideration the fact that the registrar didn’t use the domain name for bad comments on the trademark in question but was simply a third party who registered the domain name seeking to resell it. The reseller was a company located in the Turks and Caicos Islands whose activity is the purchase and resale of names in <.sucks>. The latter had no way of verifying if the bad comments were authentic. Especially because those comments seemed to have been added only after the complaint was filed.

On the other hand, in the decision on <mirapex.sucks>, reserved by the same company, the transfer was refused. The expert gave special attention to the nature of the <.sucks> and to the freedom of expression, while underlining the insufficiency of the argumentation of the applicant.
One thing is sure: prevention is better than cure, therefore it would preferable to register a brand in the extension <.sucks>, on a purely defensive basis.

Webinar – Intellectual property questions for a successful digital transition

Written by Dreyfus01/10/2020

Webinar September 10, 2020 :

Intellectual property questions for a successful digital transition

How to secure and optimize your website? What precautions to take? How to defend your intellectual property rights on the Internet?

When you want to succeed in your digital transition, you have to ask yourself certain questions.

Whether you are thinking of selling online or strengthening your e-commerce, intellectual property is a key element.

Webinar replay

Data protection