Non classé

Apple’s Face ID in View of the General Data Protection Regulation

In tandem with ever stricter legislation, new technologies are increasingly requesting our personal data, often of a sensitive nature.

 

Facial recognition

Facial recognition is an innovation today widely used by major groups in the tech industry, such as Samsung or Huawei. Apple, however, undeniably remains the company having achieved the greatest impact when it released its new iPhone X in November 2017 by presenting its face ID technology, which allows one to unlock their mobile phone effortlessly. To do so, this innovation is based on extremely precise measurements of the user’s face dimensions. This biometric data then makes it possible to detect the user’s face in any circumstance, whatever its position.

 

Both practical and fun, this technology nevertheless raises questions about the compatibility of such data processing by Apple with that of current and future legislation and especially the General Data Protection Regulation that will come into effect on 25 May 2018. As the latter tends to be increasingly stricter with respect to companies collecting personal data, it is interesting to analyse whether collecting such biometric data cannot be challenged by the regulation.

 

Processing of sensitive data

Unlike the previously applicable Personal Data Directive, the General Data Protection Regulation specifies that biometric data falls within the scope of “sensitive data” (Article 9 of the Regulation). Recital No. 51 of the General Data Protection Regulation defines biometric data as data “processed through a specific technical means allowing the unique identification or authentication of a natural person”. Although this definition remains relatively vague, it is a safe bet that the courts will include facial recognition in such a category of personal data. Such a qualification is of great importance, insofar as the General Data Protection Regulation in principle prohibits such a collection, unless this collection fulfils the conditions set out in Article 9-2. It is indeed tolerated if “the data subject has given explicit consent to the processing of those data (…) for one or more specified purposes”. By being careful to rigorously fulfil such conditions, Apple could indeed carry out such data processing, provided that, as authorised under Article 9-3 of the said Regulation, the Member State in which the processing is carried out does not provide for more restrictive provisions.

The company must also endeavour to meet the requirements of Article 35 of the said Regulation. In fact, with regard to the data collected with the use of new technologies that would represent a high risk for the rights and freedoms of individuals, the General Data Protection Regulation requires companies to carry out a detailed analysis concerning the data collected. Through its collection of biometric data via its iPhone X, Apple is in fact faced with such an obligation. The analysis shall include a systematic description of the processing operations envisaged, an assessment of the necessity and proportionality of the processing operations with respect to the purposes, and an assessment of the risks to the rights and freedoms of the persons concerned.

Regarding the potential risks, Apple had already communicated on the degree of increased security that it provided for this type of data: in fact, the company does not keep the user’s biometric data on an external server to the extent that such data is encrypted and locked in the smartphone’s processor via the Secure Enclave (ultra-secure cloud storage). However, such a degree of security had been called into question by a controversy that erupted a few months ago. The American Civil Liberties Union (ACLU), the equivalent of the French data protection authority (CNIL) in the United States, warned that Apple is sharing this biometric data with third-party application developers. Sharing data that concerns facial recognition would allow developers to add new features to their applications. Even though Apple forbade them to use the data for advertisement or marketing purposes, security experts had raised the fact that there was still a risk of fraudulent use of the data by the developers, diverting them from their intended use.

 

Face ID, consistent with the General Data Protection Regulation?

 

Apple will have to take the challenges of the General Data Protection Regulation seriously by simultaneously ensuring users give their explicit and informed consent to the processing of their data, guaranteeing a high level of data security and a use strictly proportionate to the purpose for collecting the images. The company’s innovation through its face ID is in fact a typical example of the growing use of increasingly sensitive data through new technologies. This is indeed what the European Union understood during its reflections on the General Data Protection Regulation. Even if, at this stage, simple assumptions about the alignment of high-tech companies with this legislation can be made, it will be necessary to pay close attention to the interpretatio of the courts regarding the processing of this type of data.

The company’s innovation through its face ID is in fact a typical example of the growing use of increasingly sensitive data through new technologies. This is indeed what the European Union understood during its reflections on the General Data Protection Regulation. Even if, at this stage, simple assumptions about the alignment of high-tech companies with this legislation can be made, it will be necessary to pay close attention to the interpretation of the courts regarding the processing of this type of data.

Read More

Legal Standpoint on Bitcoin

 

Point juridique sur le BitcoinIntrinsically linked to cyberspace, cryptocurrencies have burst into our economy in recent years even though there is still a lack of legislation on them.

The cryptocurrency revolution

Cryptocurrencies are alternative currencies, as they do not have legal tender in any country, are not regulated by any bank and function as a peer-to-peer payment system. Revolutionizing our way of thinking about money, the emergence of these currencies has also shown the public’s growing desire to emancipate themselves from a sometimes excessively regulated financial world. Many cryptocurrencies have been developed, but most work in a similar way and derive from the first full implementation: Bitcoin. Created in 2008 by an individual who goes by the pseudonym Satoshi Nakamoto, Bitcoin represents the archetype of cryptocurrency, so to speak. Its value having experienced an exponential increase by the end of 2017, reaching nearly $20,000 and having subsequently experienced strong fluctuations, is only symptomatic of the craze and fascination that cryptocurrency has aroused. It remains true, however, that the law is struggling to adapt to what is arguably one of the biggest revolutions in recent years.

Bitcoin, a currency?

Not falling under any of the pre-existing legal categories, Bitcoin cannot be recognised as legal tender, or even an electronic currency. It is often substituted for the status of “financial index” or even simply a “valuable intangible asset” that can be the subject of a transaction.  In fact, a currency is conventionally considered as a particular asset issued by the State and whose value is guaranteed by the latter. From the perspective of the law of obligations, a currency is further characterized by its universal discharging effect: the debtor is in fact discharged of his debt once he has turned over to his creditor the amount of money due. The discharging effect is considered to be universal to the extent that the creditor does not need to agree to release the debtor of his debt. This discharging effect is deemed to be automatic, given the power that the law attaches to the currency. However, Bitcoin does not have universal discharging effect insofar as a debtor who would like to pay in Bitcoin must first obtain the agreement of the creditor. Thus, a creditor who refuses such a payment would not be exposed to the sanctions under Article R. 642-3 of the French Penal Code which prohibits the refusal to accept euro banknotes and coins having legal tender.

Bitcoin does no longer fulfils the requirements of an electronic currency. Indeed, Article L.315-1 of the French Monetary and Financial Code, which transposes Article 2.2 of Directive 2009/110/EC, defines electronic money as a monetary value which is stored in an electronic form, representing a receivable from the issuer and which is issued against the remittance of funds for payment transactions. Since Bitcoin is not issued against a remittance of funds, it cannot be classified under this definition.

The Court of Justice of the European Union has nevertheless considered that as Bitcoin “is a means of contractual payment, it cannot, on the one hand, be regarded as a current account, or as a deposit of funds, a payment or a transfer. On the other hand, unlike receivables, claims, cheques and other commercial paper (…), it constitutes a means of direct settlement between the operators who accept it”. In this respect, it had determined that Bitcoin could benefit from the VAT exemptions provided for financial transactions, without giving a more specific definition of the status of cryptocurrencies.

Taxation of Bitcoin

The darkness around the legal status of Bitcoin does not mean that it is exempt from any regulation. The TRAFCIN unit, an agency of the French Ministry of Economy and Finance, in charge of the fight against money laundering and the financing of terrorism, published a report in 2014 on the taxation of Bitcoins. This report specifies that the capital gains on Bitcoins are thus subject to income tax in France as of 11 July 2014, under the category of non-commercial profits if the gains are occasional, or that of industrial and commercial profits if it is a normal activity. This tax is, however, only valid for Bitcoin sales, and does not apply when the cryptocurrency is simply stored in a virtual wallet. Bitcoins are also subject to inheritance and gift tax. As a result, Bitcoins that would be given could be re-qualified as a disguised donation and give rise to the gift tax which could reach up to 60% for non-relatives.

This bit of information given by the TRAFCIN unit, as well as that given by the CJEU provide some clarification of the contours of the legal status of cryptocurrencies, even though they remain unclear. It is therefore important to remain attentive to the understanding of both French and European case law and future legislation on the characterisation of such currencies.

This bit of information given by the TRAFCIN unit, as well as that given by the CJEU provide some clarification of the contours of the legal status of cryptocurrencies, even though they remain unclear. It is therefore important to remain attentive to the understanding of both French and European case law and future legislation on the characterisation of such currencies.

Read More

On the importance of the meaning of signs when analysing the danger of confusion between two trademarks

 

De l’importance de la signification des signes dans l’analyse du risque de confusion entre deux marquesAccording to article L.713-3 of the French Intellectual Property Code, in order to allow that a sign imitates an earlier trademark, a similarity must exist between the signs in question and the products or services must be identical or similar. This must also lead to a risk of confusion for an averagely attentive consumer. The danger of confusion between signs is assessed globally on the basis of all relevant factors in the case in question. With regard to the visual, phonetic and conceptual similarity of the trademarks in question, this global assessment must be based on the overall impression created by the signs, notably taking their distinctive and dominant elements into account.

The visual or conceptual similarity between the trademarks in question has traditionally been assessed by comparing the signs as patented, independent from the use made thereof. In a decision dated 8 February 2018, the Court of Appeal of Douai took into consideration not just the visual and phonetic similarities but also the specific meaning of the signs in order to assess the absence of any danger of confusion between the two trademarks in question (Douai Court of Appeals, 1st Chamber, Section 2, 8 February 2018, no. 17/04715). In this case, the company Décathlon had lodged an objection to the registration of the verbal trademark “Résathlon” on 27 November 2016 on the basis of its earlier EU trademark “Décathlon” dated 28 April 2004. These two trademarks were in fact used to refer to identical services such as advertising, sporting activities and software design. The objection having been rejected by the Director General of the French patent office (INPI), Décathlon then filed an appeal with the Court of Appeal in Douai. This decision has been confirmed by the order issued by the Court.

In fact, the Court considers that “the term “Décathlon” is a proper noun that designates a men’s athletics event consisting of ten different competitions and, therefore, a sporting activity in the literal sense, the term “Résathlon” has been made up. It has been created by using the term “resa” in reference to the notion of reservation, and the suffix “-athlon” in reference to sporting activities. In doing so, it acquires a meaning that is different from that of the brand Décathlon”. Similar interpretations have been applied in numerous decisions. For example, it has been accepted that there is no danger of confusion between the earlier trademark “Cultura” and the trademark “Culturapy”, the Court having considered that the disputed sign constituted an “arbitrary neologism evoking the notion of joy or therapy through culture” (Court of Appeal of Bordeaux, 1st Chamber, 18 January 2016, no. 15/00352). Similar, in the Cicaderma v. Cicareva ruling, the Court concluded that there was no danger of confusion due to the major conceptual differences separating the trademarks: the earlier trademark referred directly to skin creams aimed at reducing the visibility of scarring, while the disputed trademark was a work of the imagination (Court of Appeal of Lyon, 1st Chamber, 25 July 2013, no. 13/01142). Finally, in the Angulus v. Angel’us ruling, given that the earlier trademark was a Latin word meaning angle while the disputed trademark consisted of an association between the words Angel (“ange” in French) and the abbreviation for the United States (US), the Court considered that there was no danger of confusion between the two trademarks in question because of the absence of any conceptual similarity, despite the obvious visual and phonetic resemblance (Court of Appeal of Aix-en-Provence, 2nd Chamber, 25 June 2015, no. 14/14876).

Therefore, in accordance with established case law precedent, it should be noted that the danger of confusion between two signs with strong visual and phonetic similarities must be set aside if these have different meanings.

Read More

An alteration of a work of architecture that does not infringe the rights of the author can be carried out without their prior consent

droit d'auteurThe very essence of copyright is to confer on the author of an original work an exclusive, intangible property right enforceable against all. Pursuant to this exclusive right, no infringement of the work, of any nature whatsoever, can be carried out without the prior consent of the author. The right to the respect of the integrity of the work enshrined in article L.121-1 of the Intellectual Property Code imposes that a work that expresses the personality of the author cannot in theory be subject to a material alteration without the express agreement of the author. Through a judgment on 20 December 2017, the Supreme Court of Appeal has just established a limit to this exclusive right of the author: an alteration of a work of architecture that does not infringe the rights of the author can be carried out without their consent. An original architectural work can be protected in respect of copyright as any other literary or artistic work would be. However, and contrary to a purely aesthetic work, a work of architecture has a functional purpose which results from the fact that a building, in addition to being original, may constitute a place of residence, work or access to culture. In the case at hand, the architectural work intended to house the collections of the “Musée d’Arles antique” had been produced by an architect on behalf of a département, which, without the consent of the architect, proceeded to carry out extension works to the building in order to exhibit a Gallo-Roman trading ship.

 

The functional purpose of the work of architecture means the right to the respect of architecture must be reconciled with the right of the owner of the work. The method applied by the judges is that of the control of proportionality: a limit to the fundamental right (the right of the author) must be accepted but in a way that is justified and proportionate. The Supreme Court of Appeal here validated the reasoning of the 7 January 2016 ruling by the Court of Appeal of Aix-en-Provence which rejected the architect’s claims. To preserve the balance between the prerogatives of author and owner of the work of architecture, the alterations must not exceed what is strictly necessary for the adaptation of the work to new needs and must not be disproportionate with respect to the purpose. In the case at hand, the discovery of the boat and its cargo, dating back to ancient Roman times, declared a “national treasure”, and the necessity of showing both in the museum in question, characterise the existence of a new need which, to be satisfied, required the building of an extension, because the unity attached to the museum excluded the construction of a separate building. The extension produced altered the original construction but made use of the original colours, the white walls and blue facades, and it was not established that it spoilt the overall harmony of the work.

The right to the respect of the work is subject to a variable geometry application depending on the purpose of said work. In terms of a work of architecture, the architect cannot impose absolute intangibility of the premises they produce and must accept infringements of their rights when these are justified and proportionate.

Read More

Raising Awareness among its Staff: An Essential Step in Implementing the General Data Protection Regulation

 

Sensibiliser son équipe : une étape essentielle dans la mise en place du RGPDWhile most companies have understood the challenge of the General Data Protection Regulation (GDPR) that will come into effect on 25 May 2018, the implementation of its provisions remains difficult to grasp. With just two months to go before the regulation enters into force, it is imperative for companies to make their staff aware of the objectives of the regulation and, especially, how to put them into practice.

1.Risk mapping

To implement its compliance plan, the company must start by identifying the processing of personal data, and all computer and manual flows, to determine where each data process comes from, by whom is it carried out, and finally, its purpose. This data mapping will ultimately define the challenges and risks specific to the company. In this context, the CNIL (French data protection authority) offers examples of record sheets to guide work teams on the actions to be taken.

  1. A roadmap sent to its work team

Once the mapping is established, the team must prioritize its actions by drafting a roadmap including:

– a method ensuring management of the risks previously identified by the work team,

– raising awareness of the operational staff within the company,

– establishment of a new governance,

creation of a procedure for data processing management, to ensure the company’s continuous conformity.

  1. Informing the individual when collecting personal data from external sources

Although it is possible to process data collected from external sources such as public databases, social networks, lists of prospects, the provisions of the Regulation must be respected. However, under Article 47 of the GDPR, the company will have to assert a legitimate interest in the collection of such data. This legitimate interest can be asserted when:

  • the data processing takes place in the context of a customer relationship,
  • the processing is carried out for marketing purposes,
  • the processing prevents fraud or ensures the security of the computer systems network.
  1. The choice of the individual in relation to the collection of his personal data

In order to be able to process the personal data, the company must allow the individual to provide his express consent as stipulated under Article 7 of the GDPR. In practice, the pre-checked boxes will be excluded in favour of a provision exclusively devoted to the individual’s consent for each piece of personal data collected. This makes it possible to limit the over-collection of data; for example, collecting the individual’s exact date of birth will no longer be allowed if the year of birth is sufficient to satisfy the purpose of the processing, just as the individual’s exact place of residence if the country is sufficient. Faced with these requirements, the company will have to adapt and store only the data strictly necessary. Moreover, if the individual wishes to modify or even delete his personal data, this operation must be easy to perform, which means making the system for collecting personal data flexible.

  1. Ensuring compliance by subcontractors

Although the regulation is aimed at the direct holders of personal data, said regulation also applies to subcontractors and sales persons when they have access to such data. Indeed, the latter are required to certify their compliance with the GDPR. To do this, it is recommended that, if companies subcontract the data collected, they include standard data protection clauses attesting to their compliance with the GDPR.

  1. What are the working tools of employees covered by the GDPR?

By definition, the GDPR applies when

  • the processing is carried out by “automated means”,
  • the data “is part of a filing system or is intended to form part of a filing system” although the processing is not carried out by automated means in the strict sense of the word.

With regard to the first case, the work teams only convert documents into digital format. The situations referred to in the second case are those of systems for classifying “any structured set of personal data that is accessible according to specific criteria”. In practice, all unorganised paper documents, such as loose documents on a printer or documents on a desk, are not subject to the GDPR. On the other hand, whenever these paper documents are organised by staff so as to be accessible according to defined criteria, the GDPR will apply. For example, files submitted in a file indexed by name, expense reports sorted by function and sorted internally, or files from the department of human resources, will be subject to the GDPR. In light of future changes, we recommend coming into compliance as soon as possible. With a department dedicated to personal data issues and a department with technical skills, Dreyfus & associés is the ideal partner to assist you in this transition process.

In light of future changes, we recommend coming into compliance as soon as possible. With a department dedicated to personal data issues and a department with technical skills, Dreyfus & associés is the ideal partner to assist you in this transition process.

Read More

The bill on the protection of personal data

 

Le projet de loi relatif à la protection des données personnellesThe adoption of the “European data protection package” on 27 April 2016 launched a movement within the Member States to reform national legislation on personal data. The implementation of the General Data Protection Regulation 2016/679 (http://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32016R0679&from=FR) (“GDPR”) particularly marks significant progress in this area. It is from the perspective of the application of this regulation that the French government made public on December 13, 2017 the “bill on the protection of personal data” adapting the Data Protection Act to the GDPR ( http://www.legifrance.gouv.fr/affichLoiPreparation.do?idDocument=JORFDOLE000036195293&type=general&typeLoi=proj&legislature=15)

This draft law highlights the desire, contained in the European regulation, to increase the influence of the national supervisory authorities responsible for personal data. To this end, numerous changes relating to the powers and organization of the CNIL (http://www.cnil.fr/) are planned.  We note the strengthening of its role, especially through the extension of its powers in soft law and sanctions. Some changes also concern its investigative powers and cooperation with other EU supervisory authorities. In this sense, it is noted that the CNIL will henceforth be able to attach to its conclusions a reference for a preliminary ruling to the Court of Justice of the European Union for an assessment of the validity of the European Commission’s adequacy decision and of all the acts taken by the European Commission authorizing or approving the appropriate assurances in the context of data transfers. In addition, its scope of action has been broadened through its ability to ask the State Council 🙁http://www.google.fr/searchq=conseil+d%27%C3%A9tat&rlz=1C1CHBD_frFR778FR778&oq=conseil+d%27&aqs=chrome.0.69i59j0j69i57j0l3.1759j1j4&sourceid=chrome&ie=UTF-8) to order the suspension or termination of the data transfer concerned, if applicable under penalty.

In addition, the draft law establishes a specific procedure for the processing of health data. While this category of processing includes medical research and evaluation of care, it excludes, when they fall under the provisions on sensitive data, processes “necessary for the purposes of preventive medicine, medical diagnosis, the administration of care or treatment, or the management of health services“. Also, in accordance with the GDPR, the bill establishes a fundamental prohibition on the processing of so-called “sensitive” data, genetic and biometric data for the purpose of uniquely identifying a natural person. However, it goes further than Article 9.2 of the GDPR by providing for the possibility for the administration and employers to use biometric data for access control purposes to workplaces, devices and applications. In addition, the bill limits the use of data relating to criminal convictions, offences or related security measures to only certain categories of persons. An exception is, however, provided where such data are used for the purpose of taking legal action as a victim, defendant or on their behalf and enforcing the judgment given. Finally, it has been provided, in procedural matters, that the persons concerned may be represented individually by any organization or association authorized to take group actions in the context of complaints or actions against the CNIL.

Although the bill is in line with the GDPR, there are some discrepancies between the two texts. Indeed, while the GDPR abolishes prior formalities with the supervisory authorities, subject to a few exceptions, the bill keeps them with the CNIL for health data in certain areas. In addition, it also maintains a high level of authorization for processing on behalf of the State, including the use of biometric or genetic data for identification and identity control purposes. Processing requiring the use of the social security number (NIR) will also be authorized within the framework of a decree in the State Council, taken after a reasoned opinion and published by the CNIL which will determine the categories of data controllers and the purposes of these processing operations. The use of NIRs will also be authorized for derogatory purposes for national statistics, electronic relations with the French administration and scientific research. Therefore, the bill is more inflexible in this regard.

It is regrettable that the draft law does not specify the appointment of a Data Protection Officer (“DPO”) or the age of consent required of minors, aspects for which the Member States had a certain amount of leeway.

In conclusion, in the light of these discrepancies, it is certain that, even after the adoption of the law, certain amendments are still necessary to make the French law all the more compatible with the GDPR. However, the impact of these divergences will have to be measured insofar as the European regulation remains directly applicable.

Read More

Fraudulent invoices, a worrying trademark scam

 

article189Faced with cumbersome administrative procedures and numerous incoming letters, companies are facing a very worrying kind of fraud. This takes the form of fraudulent invoices from companies pretending to be official bodies domiciled abroad in order to collect payments for trademark services.

Fraudulent invoices

While rationally, companies are cautious about their accounts and the payment of their invoices, fantom organizations claim payments, alleging to have served as intermediaries for a trademark registration. This practice is ultimately simplistic for these crooks because when a national or European trademark is registered, the trademark will be published in an official gazette such as the BOPI. The criminals then only have to obtain the contact details of the applicants from this publication, , photocopy the announcement and then send them an invoice that they will pay thinking that it is for the costs related to their trademark applications.

The culprits

Many players active in fraud have now been identified, which can help avoid falling into the trap of such fraudulent schemes. The culprits are notably known as Globus Edition SL, Global Edition, Edition the Marks or Trademark Publisher with which the trademark offices, in particular INPI, have no links. Moreover, the services offered by the latter have no official character and are therefore devoid of any legal effect.

A case law favorable to companies

Faced with these fraudulent practices, a case law has gradually emerged in favor of companies. Already in the year 2000, French judges sentenced two Austrian crooks attacked by the INPI. In 2017, the Svea Court of Appeal in Sweden, following a judgment by the Uppsala District Court, sentenced twenty people. This conviction follows the issuing of false invoices between 2011 and 2014 by what appeared to be the European Union Intellectual Property Office (EUIPO) to hundreds of addressees in various States following their applications for registration of a Community trademark with EUIPO. Following the receipt of these invoices, the financial services of the victim companies did not notice the fraud and paid the amount considering them official invoices.

Looking at the facts, the judges considered that “these letters were designed to mislead the recipients by making them pay for something of no value”, explaining their convictions for fraud offenses. However, companies must be extremely vigilant to the risk that such crooks will not be convicted in court for lack of clear evidence that payers were indeed being misled. Indeed, some fraudsters were able to avoid heavy convictions since, in certain cases, the proof that the companies were, in fact, misled was not reported.

The recommendations

Faced with this phenomenon, the EUIPO provides a tool to identify fraudsters via its “false invoices” page. In addition, it is strongly recommended that employees be informed and that proper internal approval procedures are in place before any payments are made. Indeed, these frauds are facilitated since internally, the services making the payments are not those who know the brand.

Fraud awareness is essential, because beyond trademarks, patents and domain names are also victims of these scams. As a precaution, companies should be aware that, for example, only the INPI intervenes in patent matters. Therefore, an invoice from any other entity must raise suspicions. Confronted with these suspicions, WIPO, EUIPO and all national offices and councils are at the disposal of companies in order to advise them on the best way to avoid fraudulent maneuvers. Faced with countless attempts of fraud affecting companies, these companies must be very vigilant about their intellectual property rights and all related elements such as their invoicing. Dreyfus & Associés is dedicated to providing you with all the requisite advice on trademarks and to protect you from any related damage, and is the ideal partner to accompany you in implementing your security strategy.

Read More

The appearance of the London taxis, too indistinguishable.

 

The appearance of the London taxis, too indistinguishable.Two three-dimensional trademarks bearing on the silhouette of the famous London taxi disabled for lack of distinctiveness.

The silhouette of a product registered as a trademark: what are the stakes?

The three-dimensional brand, which aims to protect the silhouette of a product, is a key issue for companies. However, such trademark registration is regularly refused for lack of distinctiveness by the courts. This is evidenced by the decision taken on November 1st, 2017 by the Appeal Court of England and Scotland, which upheld a first instance decision seeking the annulment of European three-dimensional trademarks 951871 and 2440659 in class 12 for vehicles including taxis. These trademarks were registered by the London Taxi Corporation, the famous London taxis. The company had sued its competitor Frazer-Nash Research Ltd & Anor for infringement of its trademarks for the manufacture and marketing of similarly shaped vehicles, which replied by cancelling these trademarks.

This judgment recalls the fundamental principles set out in Community legislation and case law on three-dimensional trademarks. Even if today many brands bear the silhouette of the products they are targeting (e. g. the famous Coca-Cola bottle), it is required that this shape be sufficiently distinctive, that it should carry an arbitrary character in relation to the services or products it designates.

A shape certainly famous, but not very distinctive…

In the present case of November 1st, 2017 (Case No.: A3/2016/0867), the Appeal Court, after defining the target audience for the products marketed under the contested trademarks, namely both taxi drivers and their customers, set out to assess the distinctive character of the latter. This distinctive character is one of the essential elements of trademark registration.

To this end, the Appeal Court followed the first instance decision which had held that the registered trademarks lacked distinctive character because they did not deviate sufficiently from the norms and habits of the sector, as required by case law (CJUE, Judgment of October 20th, 2011, Freixenet / OHIM, C-344/10). Indeed, it was decided that the silhouettes of taxis registered as a trademark can only be perceived by the consumer as a variant of the silhouette typical of a taxi or more generally of a vehicle and not as a form that would really distinguish the origin of the production. Since this inherent distinctiveness was not present, the Court subsequently assessed whether this distinctiveness could have been acquired through use.  Once again, it upheld the trial decision, finding that there was no evidence to suggest that the intended audience, including the customers of taxi drivers, would clearly associate the form of the taxi with the production of the vehicle supplied by London Taxi Corporation. It stressed that, in all circumstances, the silhouette of a product is rarely used as an indicator of origin by the relevant public. It therefore concluded that in the present case, the customer base attached more importance to the service provider and the related London regulations than to the producer of the vehicles in question when using the offered services.

The British courts, tough on the three-dimensional trademark?

This decision is part of a strict assessment of distinctiveness by the UK, and more generally European and Community courts. Indeed, the High Court had already refused to register the shape of the famous KitKat chocolate bar, marketed by Nestlé, as a three-dimensional trademark for lack of distinctiveness, despite the product’s reputation acquired over the last few decades. It thus followed OHIM’s earlier decision. (Decision of the High Court of England and Wales, 20 January 2016, CH/2014/0392, CH/2013/0394)

At the time, it was felt that such registration would have given a significant competitive advantage to the biscuit giant. Such an assessment may also be made in respect of the London taxi manufacturer.
This judgment highlights the difficulty in conferring on the silhouette of a product the right granted by the three-dimensional trademark. It would, however, have been interesting to question the outcome of the present judgment if the form of the taxi had been filed as a design and not as a trademark…

Read More

The cautious attitude of the French Cour de Cassation towards reselling of products issued of a selective distribution network

 

The cautious attitude of the French Cour de Cassation towards reselling of products issued of a selective distribution networkThe French Supreme Court recently stated that a service provider leading a selective distribution network could lawfully forbid any sale of its products on a marketplace. Indeed, in a decision dated September 13, 2017, the Court held that if a lawful selective distribution network is in place, there is no reason to contest its right to forbid the sale of products on online platforms that have not been approved (Cass. Com., September 13, 2017, No. 16-15.067).

In this case, Caudalie, a manufacturer of cosmetic products under its trademark and distributing its products via a selective distribution network, is suing eNova santé on the basis of Article L.442-6, I, 6 of the French Commercial Code for having sold its products on its online platform without being part of the selective distribution network.
Caudalie considered that the sale of its products via the online platform thus outside of the selective distribution network, constituted a manifestly unlawful disturbance. The company argued that such behavior was against the prohibition of selling outside the scope of the selective distribution network to its selective vendors.

In a ruling dated February 2, 2016, the Paris Court of Appeal ruled in favor of eNova santé and held that the restriction requested by Caudalie represented a restriction of competition. It referred to several decisions in which similar facts presented themselves: two decisions of the French Competition Authority of July 23, 2014 and of June 24, 2015 regarding the selective distribution network of Samsung, a decision dated November 18, 2015 of the same Authority regarding an Adidas case and of a decision of the German Competition Authority regarding Asics and Adidas. The facts were similar in each of the cases and the restriction of competition was recognized. Judges held that the interdiction imposed on Caudalie’s selective vendors to use an online platform, whatever the characteristics, could constitute a restriction of competition excluded from the benefice of any exemption. Therefore, no manifestly unlawful disturbance could be found.

The Supreme Court overruled this decision and stated that the Paris Court of Appeal did not explain how the decisions it referred to were susceptible to exclude the existence of a manifestly unlawful disturbance resulting of the violation to the selective distribution network of Caudalie. Said selective distribution network has been precisely held lawful by a decision No. 07-D-07 dated March 8, 2007 of the French Competition Council.

The decision of the Paris Court of Appeal was thus devoid of any legal basis and therefore annulled.

Read More

Amazon Go: ever more innovative retail

 

Amazon Go: ever more innovative retailAmazon shows us once again how the retail trade evolves at the pace of technology, prompting us to consider such changes in judicial terms.

Amazon Go, the revolution of physical commerce

The e-commerce leader intends to revolutionize our shopping habits with a new concept of fullyautomated physical store. Named Amazon Go and equipped with multiple sensors and cameras, it allows customers to make purchases without having to go through the checkout. To do so, consumers scan their phones on an entry portal via a previously downloaded application, pick up their items and go back through the portal. They are subsequently billed automatically via their mobile phone. In short, no cash register staff indicating the amount to be paid and no credit card to validate. So far, this technology has only been tested in the United States, through a single store in Seattle. An event that nevertheless raises the question of the flexibility of French legislation, and even more so European law on such an innovation, if it were to spread overseas.

When does transfer of ownership occur?

Transfer of ownership is the action by which a property changes hands. It takes place for example under French law “at the time the contract is signed” (art. 1196 C. Civ.). Traditionally, in a physical store, transfer is deemed to take place when the item sold is paid for in full at the checkout. (Cass. Com. 8 January 2002, no. 98-13142). It is therefore considered that the final delivery of the object is only granted by the seller to the buyer at the time of payment of the price. In the case of Amazon Go, there is no physical payment per se. At what point can it then be deemed that the transfer of ownership takes place? If we consider that this takes place upon exiting the store, when the automatic invoice is issued, we may wonder whether Amazon would grant itself the right to take back the goods in the event that the payment is not completed due to, for example, a sensor error. This would not be a transfer of ownership for the buyer, then, but merely a holding of the supposedly sold item.

This question actually arose. A journalist tested the system and came out of the store with a pot of yogurt in her hand, which she thought she had paid for. When she looked at the invoice, she noted that the sensor had not taken this purchase into account. Finding herself unwittingly shoplifting – which is, of course, a legal aberration from a criminal point of view, the intentional element being a sine qua non condition for qualifying a robbery – she shared the anecdote on the social networks. The event went viral and the brand demanded payment for the product, which the journalist refused. Not wanting to give in to the bad buzz, the e-commerce giant finally made a commercial gesture by offering the yogurt. Having confidence in its nonetheless fallible system, the brand had not stipulated any means of settling such conflicts in its terms of sale. Similar questions arise in other already identified cases, such as poor distinction between two clients of the same physical size in close proximity. It would be very unpleasant to be charged for a product taken by another consumer….

Amazon Go, a remote retail service?

In addition, this new concept highlights the thin line that now separates physical and online commerce and the legal implications that follow. Insofar as Amazon Go requires online services, such as the billing application, to enable its users to purchase the goods offered for sale, , it is legitimate to wonder whether this constitutes distance selling, in which case it should be subject to the applicable legislation. First of all, Article 10 of European Directive 2011/83 on consumer rights, transposed in Article 121-21 of the French Consumer Code, requires the seller to offer a right of withdrawal. In principle, store purchases are not affected by such a right. Technically, such purchases are firm and definitive. It is true, however, that in practice, many retailers make a goodwill gesture by offering the possibility of exchanging and refunding certain items. Nevertheless, from a purely legal point of view, the question arises in such types of sales. In addition, as an example, French law also specifies a few particularities in terms of “electronic” sales, which could be related to a purchase at Amazon Go. Article 1127-1 of the Civil Code requires, for example, that the customer be provided with “the various steps to follow in order to conclude the contract electronically” and “the technical means enabling the offer recipient, before the conclusion of the contract, to identify any errors made in entering data and correct them“. Amazon Go should therefore ensure that users can benefit from all this data before they leave the store. In addition, even though Amazon Go’s principle is that consumers can make their purchases as quickly as possible, they should always be able to keep an eye on their shopping cart; the question remains as to how, in a fully automated store, they could change, for example, any errors made by sensors.

If Amazon decides to generalize its concept, it would be interesting to see how it would deal with these legal constraints.

Read More