Baker & McKenzie's regular article tracking developments in EU law relating to IP, IT and telecommunications

computer law & security report 23 (2007) 495–500

available at www.sciencedirect.com

www.compseconline.com/publications/prodclaw.htm

EU update

Baker & McKenzie’s regular article tracking developments in EU law relating to IP, IT and telecommunications Harry Small, David Halliday, Deena Hazini, Siu Ha Tang, Mandy Tang Baker & McKenzie LLP, United Kingdom

abstract This is the latest edition of Baker & McKenzie’s column on developments in EU law relating to IP, IT and telecommunications. This article summarises recent developments that are considered important for practitioners, students and academics in a wide range of information technology, E-commerce, telecommunications and intellectual property areas. It cannot be exhaustive but intends to address the important points. This is a hard copy reference guide, but links to outside web sites are included where possible. No responsibility is assumed for the accuracy of information contained in these links. ª 2007 Baker & McKenzie LLP. Published by Elsevier Ltd. All rights reserved.

1.

General intellectual property

1.1. OHIM issues Decision consolidating rules on electronic communication On 16 July 2007, the President of the Office of Harmonization in the Internal Market (Trade Marks and Designs) (OHIM) issued a Decision regarding electronic communication with and by OHIM. The Decision repeals previous decisions on the matter and attempts to consolidate all relevant administrative rules into a single administrative act. Amongst its objectives, OHIM attempts to make it possible to renew registered Community designs or request cancellation electronically. OHIM Decision No EX-07-4, 16 July 2007. http://oami.europa.eu/en/office/aspects/pdf/Ex074en.pdf.

1.2. Industrial property: Commission adopts necessary measures for linking EU design registration system with WIPO international system

the European Community (the ‘‘EC’’) to the Geneva Act of the Hague Agreement concerning the international registration of industrial designs. This will allow EU companies to obtain protection of a design not only throughout the EU with the Community design, but also in countries which are members of the Geneva Act. The Geneva Act allows designers to obtain design protection in a number of countries through a single international application filed with the International Bureau of WIPO. So far there are 23 countries who have become party to the Geneva Act, including Singapore, Turkey and Switzerland. The deposition of the instrument of ratification before WIPO is scheduled for the end of September 2007. UK businesses will be able to use the new system from January 2008. Press release: http://europa.eu/rapid/pressReleasesAction. do?reference¼IP/07/1160&format¼HTML&aged¼0&language¼ EN&guiLanguage¼en.

2. On 24 July 2007, the European Commission adopted two Regulations which are necessary to give effect to the accession of

Copyright and trade marks

No developments.

0267-3649/$ – see front matter ª 2007 Baker & McKenzie LLP. Published by Elsevier Ltd. All rights reserved. doi:10.1016/j.clsr.2007.10.001

496

3.

computer law & security report 23 (2007) 495–500

Patents

5.

Competition law

3.1. European Parliament resolution on providing drugs to developing countries

5.1. Advocate General’s opinion on charging for local loop access

On 6 December 2005 the World Trade Organisation (WTO) proposed a protocol amending the agreement on TradeRelated Aspects of Intellectual Property Rights (TRIPs). The protocol seeks to simplify the process of supplying patented drugs to developing countries. On 12 July 2007, the European Parliament adopted a resolution on the proposed amendment to the TRIPS Agreement, calling for more to be done in relation to the sale to and manufacture in developing countries of patented drugs, to give them greater access to medicines. The resolution asks the European Council to help developing countries by maximising the availability of pharmaceutical products at affordable prices. The resolution also calls for the Commission and Member States to provide financial support for the local production of pharmaceuticals in developing countries and to help fund research and development on poverty-related, tropical and neglected diseases. European Parliament resolution: http://www.europarl. europa.eu/sides/getDoc.do?pubRef¼-//EP//TEXTþTAþP6-TA2007-0353þ0þDOCþXMLþV0//EN&language¼EN.

On 18 July 2007, Advocate General Poiares Maduro handed down an opinion on a reference from a German court on the charges that can be applied by a dominant incumbent telecoms operator for access to its local network. The intention of Regulation 2997/2000 which set harmonised conditions for unbundled access to the local loop was to allow new operators to enter the market to provide new competition at local loop level. Member States must not depart from the requirement of limiting the prices charged by notified operators if they are to the detriment of the new operators who wish to access their local network. In his opinion, the Advocate General considers issues relating to determination of cost-orientated charges and on the extent of the discretion of national regulators in assessing such charges. The Advocate General considers that an assessment of whether charges are cost-orientated involves balancing key objective of fostering competition against that of ensuring the necessary level of incentives for investment in infrastructure. Case C55/06, Arcor AG. KG v. Federal Republic of Germany, opinion of Advocate General Poiares Maduro: http://curia. europa.eu/jurisp/cgi-bin/form.pl?lang¼en&Submit¼Recherch er$docrequire¼alldocs&numaff¼C-426/05&datefs¼&datefe¼ &nomusuel¼&domaine¼&mots¼&resmax¼100.

4.

Data protection/privacy

4.1. European Data Protection Supervisor publishes opinion on Commission communication on implementation of Data Protection Directive On 25 July 2007 the European Data Protection Supervisor (EDPS) issued an opinion on the European Commission communication regarding improved implementation of the Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the ‘‘Directive’’). The communication outlines ways in which the fundamental rights of EU citizens, in regards to personal data protection, can be better ensured. The EDPS has agreed with the conclusion of the Commission that the Directive should currently not be amended. The EDPS recommends that in the short term, actions should focus on improving the implementation of the Directive, including effective use of infringement proceedings against Member States. In the long run, if the Directive is to be amended, EDPS considers that a number of areas require further consideration. These areas include: interaction with technology, global privacy and jurisdiction, and law enforcement. A date has not yet been set for a review to prepare for any changes to the Directive. Press release: http://europa.eu/rapid/pressReleasesAction. do?reference¼EDPS/07/8&format¼HTML&aged¼0&language¼ EN&guiLanguage¼en.

5.2. Commission calls for better implementation of the law of the Member States of the European Union to safeguard the interests of citizens and business On 5 September 2007, the European Commission put forward some proposals to improve the application of the law of the Member States of the European Union (Community law) by Member States. This is not specifically directed at the implementation of information technology or intellectual property law but is part of the European Commission’s better regulation priority which aims at having Community law implemented more effectively and at resolving complaints made by citizens and businesses more quickly. In order to maintain Europe’s competitiveness, the Commission seeks to keep Member States responsive to the interests of citizens and businesses and seeks commitment from Member States to improve information-provision and problem-solving for citizens and businesses. The Communication sets out four main areas of action: (1) more targeted problem prevention measures by increasing implementation and enforcement of new legislation; (2) improved information-provision and problem-solving with the aim of reducing the number of infringements; (3) a more efficient system of managing infringement cases by prioritising cases which pose the greatest risks and widespread impact on citizens and businesses; and (4) increased transparency in the application and enforcement of the law.

computer law & security report 23 (2007) 495–500

The Commission also suggests that there be more strategic planning of the implementation, management and enforcement of Community legislation and that there be an increased review of results between Commission, Parliament and Council. Press release: http://europa.eu/rapid/pressReleasesAction. do?reference¼IP/07/1282&format¼HTML&age.

6.

497

(8) the way to establish the geographical limits of the EU, and that reference should be made to Article 299 of the Treaty of the European Union, in that regard. The Regulation: http://eur-lex.europa.eu/LexUriServ/site/ en/oj/2007/l_171/l_17120070629en00320040.pdf. ERG press release: http://erg.eu.int/whatsnew/index_en. htm.

Telecoms

6.1. Commission proposal to select mobile satellite services for EU-wide high-speed data communications On 22 August 2007 the Commission adopted a proposal to select systems for mobile satellite services at European level. The proposal will provide the basis for a single comparative selection and authorisation procedure for services by all 27 EU Member States. The proposed new system will provide advanced services and improve coverage in the EU’s remote areas. Significant economies of scale are expected to result from consistent national authorisation of systems throughout Europe, and will lead to more efficient use of spectrum and reduced risk of harmful interference. Press release: http://europa.eu/rapid/pressReleasesAction. do?reference¼IP/07/1243&format¼HTML&aged¼0&language¼ EN&guiLanguage¼en.

6.2. ERG publishes second guidelines on Roaming Regulation On 22 August 2007, the European Regulators Group (ERG) published a second set of guidelines on mobile roaming under the Mobile Roaming (European Communities) Regulations 2007 (717/2007) (the ‘‘Regulations’’). The Regulations impose caps on wholesale and retail prices that can be charged from mobile-phone customers making or receiving calls in the EU, when travelling outside their home country. The first set of guidelines, published in July 2007, sets out how national regulatory authorities should interpret the provisions of Article 2 of the Regulation’s relating to offers to customers. The second set of guidelines provides for the following: (1) that providers can charge customers on the basis of any interval (e.g. per second or per minute) but that the charge should not exceed the maximum charges set out in the Regulation’s; (2) the ways in which companies should meet the limits on wholesale charges (as defined in the Regulations); (3) guidance on how to calculate charges made in currencies other than the euro; (4) clarification on the requirements of welcome messages which must be sent to users on arrival in a country; (5) the manner in which information should be provided to customers by home providers; (6) clarification that a ‘‘regulated roaming call’’ as set out in the Regulation’s, comprises only voice calls and not fax or data calls, or premium-rate service calls; (7) that the Regulation’s do not apply to calls made to and from ships and planes using satellite networks; and

6.3. European Commission questionnaire on radio and telecoms terminal equipment On 31 July 2007, the European Commission published an online questionnaire on the regulatory environment for radio and telecoms terminal equipment (R&TTE) in the EU. The questionnaire is designed for companies, organisations and professionals who have a good working knowledge of the R&TTE Directive (1999/5/E) and of the national provisions transposing it. The purpose of the questionnaire is to provide the Commission with information for the second scheduled progress report on the operation of the Directive. The review of the R&TTE Directive will also take into account related EU legislation, including the regulatory framework for electronic communications networks and services, as well as radio spectrum policy. The consultation closed on 30 September 2007. Press release: http://ipandit.practicallaw.com/5-375-1076.

6.4. Commission supports French regulator’s call for common approach to lower mobile rates On 14 September 2007, in response to a procedure under the EU telecom rules (set out in the 2002 EU regulatory framework for electronic communications services) regarding mobile termination rates in France, the Commission supported the French telecoms regulator’s (ARCEP) proposal to further lower the wholesale rates charged by French mobile operators – this a clear move towards rates reflecting real costs, which is a core principle of the EU telecom rules. In a letter to ARCEP sent on 14 September 2007, the Commission supported a common approach among Europe’s telecom regulators for a consistent way to calculate appropriate mobile termination rates. Mobile termination rates are currently regulated in all EU countries by the national telecoms regulator. The Commission considers that termination rates should be based on the costs of an efficient operator – this being, in the Commission’s view, an optimal method for setting price caps for mobile termination rates. The Commission intends to harmonise the current approach across the EU, and to work with the European Regulators Group to achieve this as soon as possible. Press release: http://europa.eu/rapid/pressReleasesAction. do?reference¼IP/07/1333&format¼HTML&aged¼0&language¼ EN&guiLanguage¼en.

7.

Information technology

No developments.

498

computer law & security report 23 (2007) 495–500

8.

E-commerce

8.1.

Liability of ISP’s for blocking file sharing

On 29 June 2007 the Belgian courts held that Scarlet, a Belgian ISP, had a legal obligation to implement technology on its network to filter and block the sharing of copyright infringing content via peer-to-peer (‘‘P2P’’) file sharing networks. Article 12 of the E-Commerce Directive (2001/31/EC) provides a defence for ‘‘mere conduits’’ for content transmitted or accessed by their customers. The Court rejected the ISP’s argument that it could lose the protection of the ‘‘mere conduit’’ defence by implementing the measures, since the Court held that such filtering would not constitute selection of the content by the ISP. The Court further held that the ruling did not impose a ‘‘general obligation’’ on the ISP in violation of Article 15 of the Directive, stating that: ‘‘.the provisions of this [the ECommerce] Directive relating to liability should not preclude the development and effective operation, by the different interested parties, of protection and identification and of technical surveillance instruments made possible by digital technology’’ . The Court similarly rejected arguments based on the right to privacy, secrecy of correspondence and freedom of expression. Finally, the Court held that the cost of the solution to the ISP was ‘‘not excessive’’, being less than 50 euro cents per month per customer. The ISP has appealed against this court ruling. Report: http://www.ifpi.org/content/section_news/20070 704b.html.

9.

Internet

No developments.

10.

Media

No developments.

11.

Outsourcing

No developments.

12.

Main articles

12.1. Commission proposal to remove restrictions on radio spectrum for innovative wireless services On 25 July 2007, the Commission published a proposal1 for European Parliament and Council Directive repealing Council Directive 87/372/EEC2 (the ‘‘GSM Directive’’) on the frequency 1

http://ec.europa.eu/information_society/policy/radio_spectrum/ docs/ref_docs/com/com2007_367_en.pdf. 2 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri¼CELEX: 31987L0372:EN:HTML.

bands to be reserved for the coordinated introduction of public pan-European cellular digital land-based mobile communications in the Community (the ‘‘Proposal’’). The Proposal aims to increase the choice of services and technologies available to EU citizens so as to maximise competition in the use of spectrum. Public consultation conducted for the Commission has also shown extensive support from the mobile industry to open up spectrum, with clear benefits for both the mobile industry and its customers.

12.1.1. Current framework Currently, the GSM Directive requires Member States to reserve the whole 890–915 MHz and 935–960 MHz spectrum for GSM, thereby, preventing the bands from being used by panEuropean systems other than GSM. In view of advances in technology resulting in advanced mobile data and multimedia services, such as 3G services that allow video streaming and fast downloads on a mobile handset, the Commission believes that the GSM Directive is now out of date and should be repealed. Once effectively repealed, a new Commission Decision (the ‘‘Decision’’) should be taken, based on Decision 676/2002/EC3 of the European Parliament and Council of 7 March 2002 on a regulatory framework for radio spectrum policy in the European Community, to allow the co-existence of new technologies within these frequencies. The Commission has stressed that the Decision must be complemented by appropriate technical harmonisation measures to preserve the present harmonised status of the frequencies. The Commission also guarantees that the GSM services, currently using the frequencies, will be protected so long as there is a reasonable demand for the service. Where possible, Member States will also be able to introduce additional systems alongside GSM networks and other recognised terrestrial systems within the same frequencies, provided that these can co-exist with GSM systems and other pan-European systems in their own territory and in neighbouring Member States.

12.1.2. Commission’s assessment The Decision has been prepared by the Commission alongside national radio spectrum experts. On 5 July 2006 the Commission issued a Mandate4 to the European Conference of Postal and Telecommunications Administrations (‘‘CEPT’’) to examine the possibility of introducing UMTS throughout the EU in the 900 MHz and 1800 MHz bands in urban, suburban and rural areas in co-existence with GSM networks. The reports5 conducted have shown that UMTS networks can be deployed in these areas by using appropriate values for carrier separation. Initial concerns from users in the adjacent frequency bands about possible interference have been satisfactorily resolved. The reports have also shown no existence of potentially serious risks or irreversible consequences as a result of 3 http://ec.europa.eu/information_society/policy/radio_spectrum/ docs/policy_outline/decision_6762002/en.pdf. 4 http://ec.europa.eu/information_society/policy/radio_spectrum/ docs/current/mandates/ec_to_cept_wapecs_06_06.pdf. 5 http://www.ero.dk/documentation/docs/docfiles.asp?docid¼ 2168&wd¼N, http://www.ero.dk/documentation/docs/docfiles. asp?docid¼2201&wd¼N, http://ec.europa.eu/information_society/ policy/radio_spectrum/docs/ref_docs/rsc18_public_docs/rsc06_99_ ecc_int_rep_wapecs.pdf.

computer law & security report 23 (2007) 495–500

opening up the spectrum. On a proportionality front, the Commission considers that the benefits of implementing the Decision measure outweigh the risks.

12.1.2.1. Benefits to the consumer. As technology advances, systems other than GSM will continue to develop and spread throughout the EU, especially in rural areas, overcoming the geographical divide. As the 900 MHz band covered by the GSM Directive has propagation characteristics which allow coverage of large areas at lower cost, it is better suited to cover less densely populated and rural areas rather than higher frequency bands. The 3G mobile networks are currently restricted to higher frequencies by the GSM Directive, creating higher deployment costs. Moreover, the use of higher frequency is less suited to penetrate buildings, which results in poor quality compared to lower frequencies. Opening up the spectrums as envisaged should therefore lead to better quality of services and lower costs for the consumer. Freedom of choice of services to consumers and spectrum users in the choice of technologies will increase with the introduction of more pan-European services.

12.1.2.2. Benefits to the industry. The Decision would also contribute to the economic development of the electronic communications sector by facilitating the deployment of advanced mobile communications services. As stated above, public consultation has shown that the Decision was heavily supported by the mobile-phone industry. The Commission believes that the Decision will open new revenue streams to operators, and increase the demand for equipment such as network infrastructure and new generations of terminals.

12.1.2.3. Benefits to the environment. The Commission also believes that the Decision would have a positive impact on the environment as the number of base stations required would be reduced through the use of lower frequencies, as well as reduce the risk of disputes over suitable base station locations.

12.1.3. Next steps The Proposal to repeal the GSM Directive requires formal approval of the European Parliament and EU Council of Ministers. It is intended that the measures proposed would be in place by the end of 2007. Press release: http://europa.eu/rapid/pressReleasesAction. do?reference¼IP/07/1170.

12.2. Council concludes 2007 Agreement on airline passenger data with the US 12.2.1. Background Following the events of 11 September 2001, the US passed legislation during November 2001 which required airlines operating flights to the US to provide US Customs with access to Passenger Name Records (PNRs). These records contain detailed individual passenger information, including names, addresses, nationality, race, age and gender.

499

US authorities have threatened to impose penalties upon non-complying airlines, including the forfeiture of US landing rights. This prompted the EU to take action on behalf of its Member States, with particular concern for protecting citizens’ personal data and privacy. The transfer of personal data by the airline operator may also be in contravention of the Data Protection Directive (95/46/EC).

12.2.2. The 2004 US–EU PNR Agreement (the 2004 PNR Agreement) In May 2004, the European Commission concluded an agreement (2004 US–EU PNR Agreement) with the US Department of Homeland Security (DHS), guaranteeing protection in the US for the personal data of EU transatlantic air passengers. The agreement meant that less personal data from Passenger Name Records (PNRs) held by airlines would be passed to the US authorities.

12.2.3. Rejection and review of the 2004 Agreement On 31 March 2004, the European Parliament objected to the 2004 PNR Agreement on the basis that the US did not guarantee adequate levels of data protection and that handing over the data violated passengers’ privacy under the Data Protection Directive.

12.2.4. The ECJ Decision In its judgment of 30 May 2006, the ECJ concluded that the issue of transfer of PNR data to authorities of other countries was exclusively a matter of public security and that public security fell outside the scope of the Directive. The ECJ had given the European Commission and the US until 30 September 2006 to find a new legal solution. In light of this, on 19 June 2006, the Commission adopted two initiatives to put a legally sound framework in place. The two initiatives adopted were as follows:  The Commission recommended to the EU Council that the Commission and Council act together to terminate the agreement through diplomatic channels before the end of June 2006 as, under international law, the agreement would remain in force for a period of 90 days after it was denounced by either party. Accordingly the European Council and the Commission notified the US Government on 3 July 2006 of the termination of the agreement 90 days later.  The Commission asked the European Council for authorisation to open negotiations for a new agreement with the US. This new agreement would be negotiated on a new legal basis (Article 38 of Title VI, Treaty on European Union) as the Commission had determined that Title VI was the correct legal basis to conclude an International Agreement for matters dealing with public security and criminal law matters. Negotiations on an interim agreement were completed in October 2006 and applied ‘‘provisionally’’ with an expiry date of ‘‘no later than 31 July 2007, unless extended by mutual agreement’’. Negotiations for a new agreement began early in 2007.

12.2.5. 2007 Personal Names Record Agreement The European Commission announced on 23 July this year that the EU and the US had successfully completed

500

computer law & security report 23 (2007) 495–500

negotiations for a new US–EU Passenger Name Record Agreement (The ‘‘2007 Agreement’’). The European Council adopted a formal Decision approving a bilateral agreement between the EU and the US permitting the processing and transfer of Passenger Name Record (PNR) data by air carriers to the DHS. The 2007 Agreement is tripartite and comprises (i) an agreement signed by both parties; (ii) a letter which the US sends to the EU in which it sets out assurances on the way in which it will handle EU PNR data; and (iii) a letter from the EU to the USA acknowledging receipt of the assurances and confirming that, on that basis, it considers the level of protection of PNR data in the US as adequate. Negotiators of the 2007 Agreement have attempted to address concerns over the fundamental rights and freedoms of citizens as laid down in Article 6(2) of the Treaty on the EU, notably the right to privacy, the need to ensure legal certainty and the protection of public security. Outlined below is a summary of the key provisions addressed in the 2007 Agreement.  Purpose: The data will be used only for the purpose of (1) terrorism and related crimes; (2) other serious crimes, including organized crime, that are transnational in nature; and (3) flight from warrants or custody for crimes described above. PNR may be used where necessary for the protection of the vital interests of the data subject or other persons, or in any criminal judicial proceedings, or as otherwise required by law.  Technical requirements: From 1 January 2008, airlines in the EU, satisfying certain technical requirements, will be required to push the PNR data in their reservation systems to the US. This system will replace the one under which the DHS currently have the right to access electronically PNR data from air carriers’ reservation/departure control systems. For those air carriers that do not implement such a system, the current systems shall remain in effect until the carriers have implemented a system that complies with DHS’s technical requirements. DHS will continue to electronically access the PNR from air carriers’ reservation systems located within the territory of the Member States of the EU until there is a satisfactory system in place allowing for the transmission of such data by the air carriers.  Amount and type of data collected: Under the interim agreement 34 fields of passenger data were collected by US law enforcement authorities. This has now been reduced to 19 data fields which will be shared between the parties. The categories include name, contact data, payment details, and itinerary information.  Sensitive data: Sensitive data (i.e. data revealing racial or ethnic origin) will be filtered and deleted unless the data are accessed for an exceptional case. An exceptional case is specified to be one where the life of a data subject or of others could be imperilled or seriously impaired. In such circumstances, DHS officials may require and use information in EU PNR other than those listed above, including sensitive data. The DHS will maintain a log of access to any sensitive









data in EU PNR and will delete the data within 30 days once the purpose for which it has been accessed is accomplished and its retention is not required by law. The DHS will also inform the Commission, normally within 48 h, that such data have been accessed. Data retention: The data will be retained in an active database for up to seven years, after which time the data will be moved to an inactive database for up to eight years to be accessed only following approval of a senior DHS official designated by the Secretary of Homeland Security and only in response to an identifiable case, threat, or risk. Level of data protection measures: The DHS expects that it will not be asked to undertake data protection measures in its PNR system that are more stringent than those applied by European authorities for their domestic PNR systems. Similarly, the DHS is not asking European authorities to adopt data protection measures in their PNR systems that are more stringent than those applied by the US for its PNR system. Access and redress: The US has made a policy Decision to extend the access and redress mechanisms to which the DHS is subject, to all people irrespective of citizenship and country of residence. Review: The implementation of the 2007 Agreement and the assurances that will be reviewed periodically.

It should be noted that there is a fair amount of flexibility built into the 2007 Agreement whereby the US is only required to advise the EU regarding the passage of any US legislation which materially affects the 2007 Agreement, and the US also reserves the right to suspend the agreement in certain circumstances (e.g. where the US feels that it is being asked to adopt undertake data protection measures in its PNR system that are more stringent than those applied by European authorities for their domestic PNR systems). The 2007 Agreement aims to provide a long-term solution for the processing and transfer of PNR data and will be valid for a period of seven years. This should provide greater certainty on both sides of the Atlantic, although the Commission will no doubt watch closely how the US may exercise any rights which may push the terms of the 2007 Agreement outside the bounds originally envisaged. More details are available in this EU Joint press release: http://www.consilium.europa.eu/ueDocs/cms_Data/ docs/pressdata/en/er/95500.pdf. The full agreement can also be read at: http://eur-lex. europa.eu/LexUriServ/site/en/oj/2007/l_204/l_20420070804en 00180025.pdf. For further information on any of the above, please contact Harry Small ([email protected]) of the Information Technology/ Commercial Department of the London office of Baker & McKenzie LLP (Tel.: þ44 20 7919 1000). Mr Small was assisted in the preparation of this article by David Halliday, Deena Hazini, Siu Ha Tang and Mandy Tang.