Non classé

Habeas Data, the guardian of personal health data

business-dreyfus-8-150x150In its IP notebook of May 2014, the CNIL took interest in the human body as a new connected object, notably with regard to digital respect of the individual through data and more particularly, in terms of the respect of the body by connected objects. While the Magna Carta provides for Habeas Corpus, the CNIL proposes the idea of a Habeas data to protect health data.
With the proliferation of connected objects related to quantified self, the health data of individuals has increased tenfold. Unlike conventional personal data, health data is of a sensitive nature. Indeed, this data not only affect the individual but also his family due to genetic connections. These data may thus be the source of discrimination based on the health status of the individual.
The CNIL highlights the fact that despite being highly regulated in France and Europe, health data is not clearly defined. While some would prefer a broad definition, leaving room for the courts’ interpretation, others wish to promote a clearer definition for the sake of legal certainty. The draft European regulation on personal data, which is currently under discussion, provides the following definition: “any information relating to the physical or mental health of a person, or the provision of health services to that person.” Another recommended option is gradation of data according to sensitivity so as to treat the data in a less simplistic way than ‘sensitive’ or not.
A paradox can be discerned between the commercial value of the data related to Big Data and the principle of inalienability of the human body. It seems that restrictions of use should be imposed, particularly to prohibit the marketing of health data. Ethical and fundamental principles must be established to curb infringements.
Finally, the CNIL suggests distinguishing apps for medical purposes (providing a diagnosis, treatment or prevention means) from non-medical apps. This would afford more security to the individual from a physical and digital point of view. This highlights the complexity of managing health data which affects not only personal data but also the privacy and dignity of the individual and the dignity that he is legally entitled to.
Owing to their special nature, the European Commission has, on 12 May 2009, recommended the use of Privacy Impact Assessments for quantified self apps. These could provide for more stringent requirements as regards safeguarding the data and information of individuals.

Dreyfus can assists you in auditing your data collection and can help you develop privacy policies consistent with French and European regulations.

 

Read More

Second application round for the new gTLDs: What changes are to be expected?

business-dreyfus-8-150x150Since the beginning of the year, new domain name extensions (new gTLDs) have been hitting the market. More than 1000 new gTLDs will eventually exist alongside the traditional .com and .fr. Yet in 2012, ICANN, through its President and CEO, Fadi Chéhadé, had already committed to open up once more the root of the Internet by offering a new application round for new domain name extensions. While no date has yet been fixed, rumor has it that the opening date of the procedure should be in early 2016.

 

Since then, Internet stakeholders have been suggesting solutions to overcome the shortcomings and defects of the first wave of new gTLDs. Indeed, over time, a number of criticisms were raised such as high application fees and inadequate rights protection mechanisms.

 

Amongst the suggestions made by the community, that of application files tailored to the needs of the different types of TLDs is recurrent since the uniformity of the files, which were not suited to all applications, were widely criticized. To streamline the application process, other observers suggest a system of prioritizing files in a random manner, the pre-evaluation of technical service providers for registries and even a dedicated “customer” service. According to IP Constituency, which is part of the Generic Names Supporting Organization (GNSO), ICANN will have to stick to a defined and predictable process, while simultaneously being able to address unexpected issues.

 

The first phase of the launch of the new gTLDs could be assimilated to a test, especially for “dot brands” (such as .kpmg or .chanel). The second application round should therefore be even more successful. The community also requests ICANN to set a detailed, realistic and public timetable in the interest of applicants. In case of delay in the procedure, ICANN should commit to take corrective measures. In addition, the community requests that application fees be reduced, and be made to correspond to the actual costs incurred by ICANN.

 

However, the most important improvements in the eyes of stakeholders relate to the protection of rights. Thus, the Domains Protected Trademark List (DPML), which allows the registration of a trademark to be blocked, could be extended to all new gTLDs to compensate for an inadequate Trademark Clearinghouse (TMCH). The procedures for dispute resolution should also be updated so as to be more accessible to trademark owners. The URS (Uniform Rapid Suspension) procedure could thus be revamped to allow for lower standards, since currently, domain squatting can only be halted in cases of flagrant trademark infringements.

 

Several other issues are also being debated, such as the lists of premium names containing trademarks, objection mechanisms to applications, the protection of geographical indications or the auction system contemplated by ICANN.

 

All these issues should be clarified before the launch of the second application round for the new extensions. While time is of the essence, all actors, starting with the applicants, intends to defend their interests. The next ICANN meeting scheduled for October in Los Angeles should shed light on many concerns raised by the community.

 

Owing to its cutting edge expertise on new gTLDs, Dreyfus can assist you in preparing for the second round of applications. Please do not hesitate to contact us for more information.

 

Read More

The French Supreme Court cancels the “Argane” trademark for lack of distinctiveness

Symbole copyrightThe French Supreme Court confirmed a lack of distinctiveness in the term “argane,” which constitutes the necessary and generic designation for hygiene and skincare products covered by the trademark. (CCass, Com., SAS Pierre Fabre dermo-cosmétique c/ Sté Clairjoie, 6 May 2014, No.13-16470)
In 2010, Pierre Fabre, owner of the “Argane” trademark since 1983, accused the company Clairjoie of counterfeiting the trademark “Karité-Argane” through commercial usage. In its defense, Clairjoie requested for the trademark “Argane” to be cancelled due to fraudulent filing and a lack of distinctiveness.
The Court of Appeals maintained the judgment of the Court of first instance and upheld the cancelation of the trademark. The Court affirmed that “Argane” is not a neologism which gives the term “argan oil” a feminized dimension, but rather a word of Arabic origin.
The defendant company argued that the judges were confused in differentiating between the evocative and the distinctive characters of the trademark, that no reference was made to consumer perception of the trademark and that the generic and necessary character of the trademark had not been established.
However, the French Supreme Court rejected the arguments of Pierre Fabre, stating that the Court of Appeals rightly decided the issue in referring to the clientele of the products of the brand. The Court also reiterated that the chosen term, also spelt as “argan” and designating a tree or shrub as well as its fruit, used in the manufacturing of soap, “constituted the necessary and generic designation of a plant substance used for hygiene and skin care which should have remained freely available to actors of the industry wishing to include it in their products.” Accordingly, it asserted that “the term was merely descriptive of the constituents of the product covered by the trademark”, thence justifying the cancellation of the latter.
This judgment puts an end to 30 years of use of the mark “Argane” but most importantly, emphasizes a heightening of the judges’ rigid approach with regards to the descriptive character of a trademark, by underscoring its lack of distinctiveness which was not obvious due to the divergence in pronunciation. Furthermore, the term “argane” is seldomly used. This decision also raises the delicate question of the difference between the evocative nature of a trademark and its lack of distinctiveness. Finally, this decision casts a doubt on the requirements for acquiring distinctiveness through the use of the trademark. Indeed, if such a lifespan and such frequent and intensive exploitation of a trademark do not suffice to grant distinctiveness to “Argane”, then what conditions must be satisfied?

 

 

Read More

“Safe Harbor” protection denied to GoDaddy for its parked pages

Last summer, business-dreyfus-8-150x150GoDaddy, a domain name registrar, was denied Safe Harbor protection by the Federal Court of California in relation to its parked pages program. (Academy of Motion Pictures Arts and Sciences v GoDaddy.com Inc., California 2013)

The US Department of Commerce established the Safe Harbor to protect personal data; the program certifies that companies provide an adequate level of protection of personal data, which is at least as stringent as that of the European Economic Area.

In 2010, the Academy of Motion Pictures Arts and Sciences (organizer of the Oscars) initiated legal proceedings against GoDaddy for violation of the provisions of the ACPA, a US law protecting consumers against cybersquatting. The Academy claimed that GoDaddy was a cyber-squatter and that it made profits out of the domain names <academyawardz.com>, <2011Oscars.com> and <Osccarlist.com> by displaying pay-per-click commercial links. GoDaddy called uponthe Safe Harbor protection granted to registrars in its defence.

Indeed, the ACPA grants Safe Harbor immunity to domain name registrars when they’re the subject of claims relating to registration activities and in the absence of malicious intent to profit. This immunity offers a limited liability to the registrar for its passiveness during the course of its activities.

The Academy successfully established that GoDaddy did not just carry out mere registrations and renewals of domain names. In relation to the ACPA, the commercial exploitation of domain names through parked pages is interpreted as “use” of the domain name. The registrar claimed for lack of evidence showing the revenues it made, but the Court held that it falls within the definition of use even in the absence of actual monetization and that GoDaddy is a cyber-squatter.

However, GoDaddy has not yet had its final say and the case is still pending.

 

Read More

Trademark and patent infringement in the United Kingdom: Proposal to review provisions on groundless threats

Symbole copyrightThe UK Law Commission, a body established to keep statutes under review and to recommend reforms, submitted, mid-April, a report suggesting the review of the provisions on groundless threats of infringement proceedings. This report was commissioned by the Department for Business, Innovation and Skills and the UK Intellectual Property Office.
A threat is groundless when there is no actual trademark or patent infringement or when there is no genuine intention to litigate, e.g when right-owners are aware that their rights are weak or no longer protected. The threats aim at frightening alleged infringers or distributors so that they discontinue their activities.
This remedy was created in an attempt to reduce groundless threats. It is currently subject to reform proposals which are under discussion. The proposed amendments aim at increasing the efficiency of the judiciary and limit the abuse thereof.
What are the amendments recommended by the Commission?

  • The protection against groundless threats should be maintained for patents, trademarks and industrial designs, but it should be reformed.
  • The conditions governing communication between right-owners and alleged secondary infringers should be reformed. This provision aims at fostering negotiation prior to litigation.
  • Legal counsels should no longer be liable in respect of threats made in their professional capacity on behalf of a client. This provision effectively implements a limited liability regime for agents to the extent that they act on behalf of their clients.

Through these recommendations, the Commission insists on the importance of negotiation and communication to limit litigation. This is the reason why it wants to see the rules change soon.

 

Read More

Facebook, Digital Searches and Seizures & the Age-Old Act of Balancing Private and Public Interests

Despite bbusiness-dreyfus-8-150x150eing only a decade old, Facebook, has risen to the top of social media and networking services, reaching a market peak in 2012 with a capitalization of $104 billion. In today’s evermore digitized World, Facebook is much more than just a networking site; it is a form of identity and community through which individual people base and narrate their hypermodern experiences. Staying true to its prodigious reputation, the young Facebook, which inhabits an increasingly fast past and technologically driven society, has started to contribute to a conversation that ancient and modern philosophers alike, who lived in a world much different than ours, have battled with for centuries: the intersection of private and public interests.

Although clashes resulting from the intersection of such instances are certainly not limited to this event, the Manhattan district attorney’s office are currently battling it out with Facebook over a government demand for the contents of hundreds of Facebook accounts. Invoking the Fourth Amendment, that is the constitutional right to be free of unreasonable searches, Facebook claims that the Manhattan prosecutors infringed this right by violating the privacy of the data of 381 people, including photos they had liked and private messages.

At first instance, the ruling of a New York judge favored public interests as opposed to private and stated that Facebook had no standing to contest the search warrants because it acts as an online repository of data, and was not the actual target of the criminal investigation. In terms of the investigation itself, the case’s prosecution attorneys sought to bring claims against a variety of civil servants accused of defrauding the Social Security system with fake disability claims. According to Joan Vollero, a spokeswoman for the Manhattan district attorney, there were as many as 1,000 people who defrauded the government for more than $400 million in benefits. Evidence for these claims was derived from Facebook photos showcasing the supposed disabled civil servants participating in a variety of sports, deep-sea fishing and riding personal watercrafts, to say the least.

Although in this particularly case, which is now on appeal, the justification for the violation of the Fourth Amendment and the preference of public interests to private seems relevant, especially considering the excess waste in government money, not all cases pertaining to digital searches and seizures have warranted such a response. In the landmark U.S. decision Riley v. California (2014) the question as to whether an arrest alone could allow a police officer to search the data available on a person’s smartphone, which could include their Facebook, was posed. The decision, attaching itself to the tag line “New rule for a new world” purports to effectuate that police should not have absolute access to all of the information on one’s cell phone just because it is on one’s person during an arrest.

Nevertheless, the facts of these two respective cases do not match up, and the varying legal analysis can be explained accordingly. In the case of Facebook’s contestation to the government seizure of user’s information, it seems unlikely that the privacy of an individual can overcome the public right to benefit from government expenditures, especially in light of the amount of money that stood at stake and was ultimately misused and lost.

Perhaps this case presents an even larger question: is Facebook a private or public realm to begin with? As Facebook is continually changing privacy settings for users and becoming more of an advertising agent than a human networking platform, indicators can arguable be pointed towards the fact that those that occupy Facebook are in fact occupying a more public domain to begin with. Nevertheless, on the other hand, users need to have trust in Facebook that their private messages will remain private, a statement that has not always remained true.

 

 

Like some of the ancients answered, one age old solution that remains applicable to this problem is to simply be cautious as to what you reveal about yourself on the internet. Should you feel that your private rights have been violated by a social media service and or government official, or know someone who is exploiting either service, trusted advice or a solution can be brought to you by Dreyfus.

 

Read More

The CNIL creates a “digital safe” label

business-dreyfus-81-150x150The French Data Protection Authority (CNIL) adopted a recommendation on January 23, which provides a frame of reference for the concept of a “digital safe” and for the implementation of a certification label in relation to these storage services.
The term “digital safe” is now defined by the CNIL as “secure data storage space, accessible online, allowing storage of electronic documents under various formats (texts, photos, scanned papers).” The emergence of this new storage system raises many issues, especially in terms of the integrity and confidentiality of personal data stored there.
The Commission, which specializes in the protection of personal data, has created this trust indicator in order to show the high level of protection of personal data provided by online data storage services when they implement appropriate measures.
In order to benefit from the label, two cumulative requirements have to be met by service providers: the provider must operate the online data storage service and offer services directly to the general public.
In its recommendation, the CNIL also provided a specific regime in relation to health data. Due to their sensitivity, the storage of such data requires prior certification of the provider by the CNIL.
This certification label is the first label made in relation to products, following the path of the pre-existing labels created by the CNIL in relation to training and audit practices.

 

Read More

WCO reports tremendous increase in counterfeit goods: trademarks and individuals take the hit

Symbole copyrightFrom knock-off Louis Vuitton purses to imitation iPhones, the International Chamber of Commerce estimates that ten percent of world trade is in counterfeit goods and that the counterfeit market is worth $500 billion. With this number hitting just “the tip of the iceberg”, the World Customs Organization (WCO) has claimed counterfeit items reported worldwide hit 3 billion for the first time last year. Despite appealing to some consumers wanting to take advantage of a trademark or trademark’s social capital and reputation, counterfeited goods should be recognized as inherently criminal. Not only do these products come into existence on the global market through organized crime, thereby impacting negatively on businesses, more importantly, the social and ethical effects of these products are all too often overlooked.

 

Published within the WCO’s Illicit Trade Report, the “tremendous increase” of fake goods underlines this growing problem, which is evidenced in the fact that more countries are reporting IP-related infringements, a rise numerically represented from 58 to 69. The seizures of pharmaceutical products, clothing and accessories, electronic appliances and food items are most common with China remaining the biggest hotbed for the production of counterfeits and the US being the country they are most destined to hit.

The ten-day clamp in Africa called “Operation Biyela”, where 23 countries sought to perform one of the biggest hauls of counterfeit pharmaceuticals, resulted in the interception of more than one billion illicit products; nearly 50 percent of them being pharmaceuticals. The World Health Organization (WHO) developed this definition of counterfeit medicines:

 

А counterfeit medicine is one which is deliberately and fraudulently mislabeled with respect to identity and/or source. Counterfeiting can apply to both branded and generic products and counterfeit products may include products with the correct ingredients or with the wrong ingredients, without active ingredients, with insufficient active ingredients or with fake packaging.

Clearly, counterfeit medicines can post a serious health risk to consumers. What is even more frightening is that information derived from Operation Biyela reports findings of a variety of different types of counterfeit medicines including diet pills, anti-malaria tablets and antibiotics. The extensive range of these products, from lifestyle medicines to those which are used to treat cancer and heart disease should be concerning to consumers, yet the demand proves otherwise.

Ethical issues brought on by counterfeit products should also be brought be exposed, especially as they apply to labor exploitation and low paid workers facing safety and security concerns. On the other end of the spectrum, Rachel K. Ward, PhD, a media specialist in fashion art and luxury sectors appeals to Utilitarian terms to justify the abolishment of counterfeit goods. According to Ward, “the utilitarian argument is the most used in the fashion industry because it points to the fact that “intellectual property needs to be protected in order to provide sufficient incentive to develop new technology and creative products.” Similarly, Ward goes on to point out the low-quality of counterfeit goods and how easy counterfeit products can be to discern, counteracting the consumer original faith in the product.

Among trademarks, Nike, Apple, Samsung, Rolex and Louis Vuitton make up the top five to be common targets of counterfeiting. In fact, Louis Vuitton was engaged in extensive legal battles with Google over the promotion of counterfeit goods on the search engine.

In order to better understand and solve this global phenomenon, consumers must begin to educate themselves on the effects of their decisions to participate and fund a sphere of illicit trade. If you, or your business requires assistance and or advice when it comes to counterfeit goods, Dreyfus is available for consultation.

 

Read More

.WINE and .VIN: The saga continues at ICANN

note1A revolution is bound to occur in the chain of e-commerce with the advent of new domain name extensions (new gTLDs). Generic extensions such as .search or .shop will have a lasting impact on the Internet. The .wine and .vin gTLDs are, of late, the subject of intense debate between the Internet community and European institutions.

 

None of the French and Europeans actors in the wines and spirits industry have filed any application for these extensions. Foreign companies, most of them from the US, have been the forerunners in applying for the management of these new gTLDs. Donuts Inc filed the sole application for the .vin gTLD while three companies have solicited the .wine gTLD. As a result, ICANN announced that an auction will be held in January 2015 for the .wine gTLD. While these gTLDs are primordial for the online trading of wine-related products, they nevertheless generate major problems.

 

The GAC, an advisory body of ICANN representing governments, issued a warning in respect of the .vin gTLD in 2012. European regulations establish a strict framework with regard to oenological practices and specifically for the “vin” designation. The GAC underscored that the registry should fully prohibit open registrations so that consumers are not misled.

 

Recently, there was an outcry within the European governments, and particularly from the French government concerning the protection of geographical indications such as Champagne or Bordeaux. Indeed, while registered marks are protected, the same does not hold true for geographical indications. Nothing would prevent anyone from registering the ‘champagne.vin’ domain name to market wines hailing from Alsace or Provence or even completely different products. In the end, the consumer would thus inevitably be duped. Moreover, none of the three applications affords any protection with regard to the geographical indications. The French Secretary of State in charge of digital affairs, Axelle Lemaire, has repeatedly reiterated the request of the French government to provide for a procedure similar to the UDRP in respect of geographical indications in these extensions.

 

At this point in time, a consensus is yet to be reached. In September 2013, the Chairman of the GAC conveyed a letter to the Board of ICANN recommending that the applications in respect of the .wine and .vin gTLDs undergo the usual evaluation process. This does not seem to account for the majority of the opinions expressed in GAC.

 

Indeed, the GAC statement issued in November 2013, after the ICANN meeting in Buenos Aires, clearly reveals such contradictions. Opponents of these gTLDs asked that the applications be halted until additional protection mechanisms are arranged. The proponents, on the other hand, deem that the existing safeguards are sufficient and that the prerogative of ICANN does not rest in the regulation of geographical indications.

 

Yet, the issue which arises is a live one, insofar as other industry-specific extensions such as .archi and .bio have established strict registration requirements so that consumers are not misled. But as applications are not amendable; in practice it would be almost impossible to amend the rules with regard to the .wine gTLD to accommodate the requests of everyone.

 

The French Government expressed its regrets at the fact that ICANN rejected the safeguards proposed by organizations for the protection of geographical indications. These were deemed necessary to ensure that producers of wine with the label of origin and consumers likewise are afforded the requisite protection against Internet abuse.

 

As the ICANN meeting was being held in London in June, no consensus has been reached. To be continued!

 

Read More

Connected health and personal data: the CNIL investigates

business-dreyfus-81-150x150At the end of May 2014, the French data protection authority (CNIL) published an IP Report (Cahier IP) on the human body as a new connected object, focusing on personal health data resulting from “quantified self” apps and connected objects.

In its publication, the CNIL has defined this phenomenon of “quantified self. This somewhat confusing expression covers various practices which all tend to measure and compare with others the variables related to our lifestyle: nutrition, physical exercise, sleep and even mood, etc.”

The data automatically captured by the connected objects is then mass processed. The development of this practice calls for user attention vis-à-vis the future of their data. As such data relates to the health of individuals, it is sensitive in nature. There is no definition of “sensitive data” but they are listed extensively.

The Commission highlights the gap between professed privacy policies and actual practices. This often goes unnoticed due to the lack of attention and knowledge of users regarding personal data.

A “client empowerment” movement giving more power and control to the client would allow a rebalancing of the user/data collector relationship. As a matter of fact, the voice of the clients is often neglected by companies. This “empowerment” may also allow the commercialisation of the data with the client’s direct consent, which would be beneficial to data brokers.

Another solution for the protection of user data would be to impose the concept of “privacy by design” as soon as the connected object is conceived, although the CNIL makes no mention of this in its report. The aim is to make the protection of users’ privacy the primary characteristic of the object. Thus, by default, the collected data will not be extensively shared or re-sold.

As French and European laws are very protective of personal data, particularly sensitive data, one must remain vigilant when collecting such data.

 

Dreyfus will assist you in auditing your data and will help you to implement privacy policies compliant with French and European regulations.

 

Read More