Facebook Twitter Instagram Linkedin
Contact

GDPR

Are we still really anonymous on social networks in 2021?

Written by Dreyfus10/11/2021

Social mediasAnonymity on the Internet, or the eternal debate about social networks, raises more and more moral and legal questions with an exponential number of disputes brought before the courts.

The popularization of social networks is usually associated with anonymity, and therefore with the eternal debate about the lifting of anonymity in the face of the excesses of certain users. The murder in October 2020 of Professor Samuel Paty, targeted on social networks, or a wave of insults towards a candidate of Miss France at the end of 2020, have re-launched this discussion on the political scene. And especially the desire to add a section to the French legislative proposal “strengthening the respect of the principles of the Republic” to fight against online hate.

 

 

 

 

As a preliminary, it is interesting to really ask ourselves about anonymity on the Internet: are we really anonymous on the Internet?

 

The answer is no in most cases. Indeed, when we browse the Internet, an IP address anchors each of our researches. This address makes it possible to identify each device that connects to the Internet, even indicating the geographical location of the person.

This is one of the reasons why it is very difficult to leave no trace of your passage on the Internet, unless you are a very experienced technician.

The difficulty in reality is related to the obstacles linked to the recovery of these data allowing to identify a user, more than to the existence of anonymity stricto sensu. The Internet actors play a preponderant role in the possibility that some users have to hide their identity. This concealment has increased especially with social media.

 

The position of social networks

Social networks and other platforms argue that they are simply “host” or “technical intermediary” to reject a request to lift anonymity or to delete an account that is the author of contentious content.

Only a court decision can force these platforms to lift anonymity on an account. However, judicial decisions are still discreet. This can be explained on the one hand by the fact that positive law only allows the anonymity of an account to be lifted if the content is clearly illicit. On the other hand, the freedom of expression constitutes an obstacle to the lifting of anonymity.

However, some recent decisions seem to reverse this trend.

 

French jurisprudence on the move

On February 25, 2021, the Paris Judicial Court (Tribunal judiciaire, Paris, (ord. réf.), February 25, 2021, G. B. c/ Sté Twitter International Company) ordered Twitter to communicate the identification data of a user, in a case against a female Youtuber. Under Article 145 of the French Civil Procedural Code, “if there is a legitimate reason to preserve or establish before any trial the evidence of facts on which the solution of a dispute may depend, legally admissible measures of investigation may be ordered at the request of any interested party, on application or in summary proceedings. The influencer filed a request with the Court for the communication of identification data in parallel with the filing of a criminal complaint for defamation.

This communication of data by hosts is provided for by Article 6-II of the law of June 21, 2004. Indeed, this article provides for an obligation for hosts to hold and retain data allowing the identification of persons who have: “contributed to the creation of the content or of one of the contents of the services for which [they] are a provider”.

The Court granted the applicant’s request, as the existence of a legitimate reason was well established, namely the short duration of the storage of these identification data. The court thus ordered Twitter to disclose the necessary information:

♦ The types of protocols and the IP address used to connect to the platform

♦ The identifier used to create the account

♦ The date the account was created

♦ The first and last names or the company name of the account holder

♦ the pseudonyms used

♦ the associated e-mail addresses

 

The European court, also seized of the matter

 

The High Court of Ireland has referred to the Court of Justice of the European Union the issue of lifting anonymity in a case between Facebook Ireland and a school, whose staff was subjected to derogatory comments via an Instagram account (a platform recently acquired by Facebook).

The question posed to the CJEU, concerns the threshold of seriousness that allows an exception to the GDPR, which protects our personal data, and thus be able to condemn the platform concerned to lift the anonymity on the authors of the contentious content.

The answer of the CJEU, will not come before several months, however it will surely allow to have clearer criteria concerning the balance between the respect of freedom of expression, protection of personal data, and infringement of people.

 

These decisions could open the way to a more supervised and therefore better regulated anonymity on social networks. A growing body of case law in this area, could encourage the courts to more condemn more easily these platforms, to communicate these identification data in order to punish the illicit content that users publish too easily, taking refuge behind anonymity and freedom of expression.

 

Dreyfus is at your disposal to assist you in securing these projects.

 

ABOUT THIS TOPIC…

♦ How will the Digital Services Act change the legal framework for the Internet service?

Read More

The current reputation of the trademark is not sufficient to prove bad faith registration of an old domain name

Written by Dreyfus23/03/2021

domain name registrationSource: WIPO, Arbitration and Mediation Center, Nov. 24, 2020, case DRO2020-0007, NAOS c/ Bioderm Medical Center

 

The Bioderma brand has a world-wide reputation but was this reputation already established in Romania at the beginning of the years 2000? The Bioderm Medical Center, a clinic based in Romania, answers no to this question.

NAOS, owner of the Bioderma trademark, has detected the registration by the Centre Médical Bioderm of a domain name reproducing its trademark, namely <bioderma.ro>. However, said domain name is quite old as it has been registered on February 24, 2005.

On September 4, 2020, NAOS filed a complaint with the WIPO Arbitration and Mediation Center to obtain the transfer of this domain name. This complaint is based on an International trademark Bioderma, protected in Romania since 1997.

Nonetheless, the defendant claims to have used the sign Bioderma as its business name for several years, hence the registration of the domain name <bioderma.ro> and the subsequent change of its coporate name.
The expert in charge of the case is particularly thorough in its assessing whether the defendant has the legitimate interest and rights in the disputed domain name or not.
He considers that even if the latter produced a Kbis extract showing that its commercial name, in 2003, was indeed Bioderma, it is insufficient to prove a legitimate interest or rights on the domain name. The defendant should have brought evidence that it was commonly known by the Bioderma name.

The expert also notes that the disputed domain name resolves to an inactive web page and therefore concludes that there was nobona fide use of the name in connection with an offer of goods and services and no legitimate non-commercial use of the name.
It is however on the ground of bad faith that the expert finally decides in favour of Bioderm Medical Center.
The latter notes that the International registration of the applicant’s Bioderma trademark is several years older than the disputed domain name and that this trademark is currently renowned. However, the evidence brought by the applicant are deemed insufficient to demonstrate the possible or actual knowledge of this trademark by the defendant in 2005, at the time of registration of the disputed domain name.

Indeed, although the earlier mark was established in the 70’s in France and was first registered in Romania in 1997, the first subsidiary of the applicant, established in Italy, only opened in 2001: the true starting point of the brand’s internationalization.
Yet, the defendant founded the company in 2003 and carried on its business under the name Bioderma until 2008.

From there, it is not possible to establish that it had targeted the company or its trademark to mislead or confuse Internet users. Moreover, the defendant did not conceal its identity and responded to the complaint, which shows good faith.

This decision is a reminder that it is essential to place oneself at the time of domain name registration in order to assess the aim of the registrant. Even if the prior trademark enjoys a world-wide reputation on the day of the complaint, the dive into the past is inevitable: it must be determined whether the defendant, located in a certain country, had knowledge of the rights or reputation of the trademark. In this case, the expert took into account, among other things, that the defendant used the commercial name “Bioderma” in 2005. Therefore, it is essential to investigate on the registrant and their situation at the time of registration of the domain name, here particularly old. To that end, seeking legal advice from an IP lawyer specialized in UDRP procedures is strongly recommended.

Dreyfus can assist you in the management of your trademarks portfolios in all countries of the world. Please feel free to contact us.

Read More

Data protection : what are today’s real issues?

Written by Dreyfus28/08/2020

 

Consumers are now demanding more privacy and security in t he processing of their personal data.

What are the challenges for the data controller?

There are several challenges for the data controll

er – i.e. the legal or natural person who determines the purposes and means of a processing operation – to overcome at different scales:

information management: reducing the data collected by establishing a precise commercial context, and reducing the risks by taking care of the contracts;

communication with suppliers: being able to find solutions and evaluate each other;

monitoring of data processing: setting up mechanisms for reporting data breaches or threats concerning suppliers (for example, if Easyjet has had a data breach, the data controller, operating in the same business sector as the airline, if notified, can redirect its decisions.

 

What are the risk management methods?

A more effective risk management includes precise identification of suppliers, prior audits when integrating new suppliers, automation of evaluation and control processes, and risk prevention to protect data.

What about cookies?

They are used to collect data. Their presence is materialized by the banners you find on websites that ask for your consent to collect certain data.

In summary, there are 3 types of cookies:

– cookies strictly necessary for the operation of the site;

– cookies intended to improve the performance and functionality of the site;

– advertising cookies (which will soon disappear, Firefox has already put an end to them, and Google has announced that Chrome will no longer use them in 2021).

How do I collect online consent?

Remember that in France, consent must be free, specific, informed and unambiguous (GDPR).

Nevertheless, in order to collect consent, the user must understand what he is consenting to. He must receive clear information (purpose and duration of the use of cookies, list of third parties with whom the information is shared etc…) and the data controller must be particularly attentive to the layout of his banner.

What should be the role of the DPO (Data Protection Officer) in a modern company?

If the company promotes ethics, innovation, data, then the DPO has a key role: they shed light on data collection, and bring their vision on risks from an individual’s point of view.

In the past, their role was purely administrative, but today it is different, the DPO accompanies the company on a permanent basis, but they cannot guarantee compliance on their own: they have to expand a web within the organization (with the digital or marketing departments in particular) in order to promote the essential principles.

What changes are taking place within companies, in terms of GDPR awareness?

When GDPR came into force, programs were launc

hed to raise awareness of it, , and it was necessary to mobilize the entities and ensure they had good skills (setting up e-learning internally, for example).

Despite the existing similarities in legislation, what differences persist and what are the challenges that companies have to face in this respect?

There are technical differences (in terms of data retention time, each country has its obligations) and very important cultural differences, the way in which people in different countries deal with these subjects depends on their history. Consequently, it is difficult to find “golden rules” (= harmonized rules).

How can organizations benefit from their compliance efforts?

One way to recognize that companies have done their job properly is through certifications, such as HDS certification.

 

Dreyfus helps you to comply with these new legislations.

 

Read More
Contact
Sign up for our newsletter and stay informed about the latest developments in intellectual property and the digital economy!
Facebook Twitter Instagram Linkedin

© 2024 Dreyfus – Created by Agence Peach