| Global network of a/orneys specialized in emerging technology law Barcelona Conference September 28, 2012 #lexingbcn
Nov 06, 2014
| G l o b a l n e t w o r k o f a / o r n e y s s p e c i a l i z e d i n e m e r g i n g t e c h n o l o g y l a w
Barcelona Conference
September 28, 2012
#lexingbcn
Interna(onal • 17 members (worldwide)
Integrated
• Same and unique methodology & procedures (cross-‐border projects)
Specialized • Law & Technologies (IT Law)
First internaEonal network of lawyers focused on informaEon technology law
Data Protec(on 30’
Cloud Compu(ng 30’
Social Media 30’
Cookies 30’
New Domain Names 15’
Q & A
General Presenta(on … 20’
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Privacy, Cloud, Social Media & Cookies Overview of Spanish Law
Marc GALLARDO [email protected]
BARCELONA, FRIDAY, SEPTEMBER 28, 2012
# Data Protec(on
# Cookies
# Social Media
# Cloud Compu(ng
SDPA (‘99 & ’07 & ‘10) / AEPD High and Stringent Enforcenment ! € 20.000.000 / 4000 proceedings Dra\ EU RegulaEon (January 2012)
SDPA applies / AEPD – No specific regulaEons AEPD Guidelines (June 2012) / EU Guidelines (July 2012)
SDPA applies / AEPD – No specific regulaEons No general Guidelines / EU Guidelines
Eprivacy Rule in LSSI / AEPD No general Guidelines / EU Guidelines (June 2012)
Data Controller
Data Processor Data subject
Spanish Data Protection Law (SDPL)
rights obligations
" Notification requeriments " Information provision obligations " Legal basis for processing data " Confidentiality & Security " Data Protection Principles
contract
Organic Law 1999
Regulation 2007
• Professionals & Individual traders Self-‐Employed ac(ng as traders
• Secondary purpose for processing (B2B) • Name, surname, job, address, tel. & fax number
Data rela(ng to contact persons
Proper anonymiza(on
LegiEmate interest
✓ Consent ✓ Contractual relations ✓ Requirements of the law
✓ Emergencies ✓ Public Interest ✓ Legitimate interest!
Ruling Feb. 2012!
legitimate !interest DC!
data subject!rights!
DP principles!
Key ObligaEon: process personal data lawfully
Consent: not always available or reliable criteria LegiEmate interest criterion not properly incorporated The data should apeared in public sources ! Now void -‐>
Cloud CompuEng
Amazon AWS
IBM
Microsoh
Salesforce
Oracle
Arsys
Dropbox
Apple
Cloud definiEon
LACK OF CONTROL
LACK OF INFORMATION
Main risks
Jun
Guidelines
June !2012! www.agpd.es
July !2012!
No specific law regulaEng cloud compuEng but … data protecEon law is applicable
# User is the Data Controller
# CC Provider is the Data Processor
cont
ract
contract Guidelines
Tools & Services that facilitate conversa(on
General View
SNS impact on all branches of law ๏ Privacy ๏ Intellectual Property ๏ Marke(ng and Consumer Protec(on ๏ Contests and Promo(ons
๏ Employment ๏ Free speech ๏ Children protecEon ๏ E-‐reputa(on
Internal: SM used within a company Hosted: Public SM controlled by a company Public: Public SM outside the control of a company
SNS Providers
• e-‐Commerce Liability Exemp(on • No obliga(on to monitor infringements
SNS: Informa(on Society Service
• All obliga(ons rela(ng to privacy protec(ons • Children verifica(on age procedures (under 14)
SNS Provider is a data controller
= Authors of Apps + Adver(sers [SNS & Mobile]
Company as a User
• No household exemp(on In some circumstances, also Data Controllers
• Intellectual Property Rights, Privacy, Iden(ty theh, Defama(on & others
Soh Law to resolve certain disputes
• Opt-‐ in rule (B2B + B2C) & soh opt-‐in (if client) • Transparency (id. sender) • Right to object (valid electronic address)
Electronic Commercial Communica(ons
SituaEon > 1st April
‘Cookie’ is a small text file delivered by a website server onto the computer of visitor
Mul(ple func(ons but typically used to taylor website offerings and facilitate targeted ads
Rule: Informa(on + Consent before storing or gaining access to any cookie (not exempted)
Problems
Informa(on ? Consent ? Browser / opt-‐out / opt-‐in
Guidelines on Exempted Cookies a. Technical cookies & b. Strictly necessary cookies
No enforcement over e-‐privacy consent rule (LSSI) ! Enforcenment possible if PD is collected (SDPA).
#1 Audit
#2 Put in Place Policies & Programs
#3 Implement and review
✓ Conduct a comprehensive and thorough risk assessment ✓ Iden(fy risks
✓ Evaluate the risks ✓ Address the risks
✓ Implement + Review on a regular basis ✓ Train employees and monitor compliance ✓ Demonstrate it: a policy must be reflected in concrete pracEces !
Bo/om line is …
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Proposed EU General Data ProtecEon RegulaEon of January 25, 2012:
State of Play
ALAIN BENSOUSSAN alain-‐[email protected]
BARCELONA, FRIDAY, SEPTEMBER 28, 2012
EU GENERAL DATA PROTECTION REGULATION -‐ FRANCE
| France| Me Alain BENSOUSSAN |alain-‐[email protected]
Page 25
What are the stakes? – harmonize the protection of personal data in the EU – ensure the effectiveness of such protection
Issue – a stronger and more coherent data protection framework in the EU
Situation – uncertain
News – International mobilization and debate on personal data protection
Introduc(on
EU GENERAL DATA PROTECTION REGULATION -‐ FRANCE
| France| Me Alain BENSOUSSAN |alain-‐[email protected]
Page 26
1. Strengthen the rights of individuals
2. Simplify processes for businesses
3. Extend liability
4. Impose s(ffer sanc(ons
Agenda
EU GENERAL DATA PROTECTION REGULATION -‐ FRANCE
| France| Me Alain BENSOUSSAN |alain-‐[email protected]
Page 27
1. Strengthen the rights of individuals
Strengthen the rights of individuals
Right to be forgouen
Clarifica(on about consent
Clarifica(on about the exercise of data
subject rights
Right to data portability
EU GENERAL DATA PROTECTION REGULATION -‐ FRANCE
| France| Me Alain BENSOUSSAN |alain-‐[email protected]
Page 28
2. Simplify processes for businesses
Cuvng red tape
Abolish the general obliga(on to no(fy
processing
Excep(on: data transfers outside the EU to a country without adequate
level of protec(on
Excep(on: sensi(ve processing
One-‐stop shop
Mul(na(onals
Main establishment of the processor
(i.e. place of its central administra(on in the EU)
Approval of BCR by one
supervisory authority
Joint controllers
Joint defini(on of:
-‐purposes; -‐condi(ons; -‐means of processing
EU GENERAL DATA PROTECTION REGULATION -‐ FRANCE
| France| Me Alain BENSOUSSAN |alain-‐[email protected]
Page 29
3. Extend liability (1)
• Maintain documenta(on of all processing opera(ons • Obliga(on for each controller, processor and, if any, the controller's representa(ve. • Content
Documenta(on (art. 28)
• Processing carried out by a public authority or body • Processing carried out by an enterprise employing 250 persons or more • Processing opera(ons which, by virtue of their nature, their scope and/or their purposes require regular and systema(c monitoring of data subjects
• Designated for a period of at least 2 years
Data protec(on officer (art. 35)
• No later than 24 hours aher having become aware of it • Otherwise, reasoned jus(fica(on should be given
No(fica(on of personal data breach (art. 31)
EU GENERAL DATA PROTECTION REGULATION -‐ FRANCE
| France| Me Alain BENSOUSSAN |alain-‐[email protected]
Page 30
3. Extend liability (2)
• Designa(on of a data protec(on officer with variety of rules to ensure his independence • Demonstrate by documenta(on compliance with rules on security, processing opera(ons and impact assessment • Implement mechanisms to ensure the effec(veness of measures
Accountability (art.22)
• Deployed and implemented by default at the (me of the determina(on of the means for processing and at the (me of processing
• Ensure the implementa(on of data minimiza(on principle
Privacy by Design (art.23)
• Specific risks presented by processing opera(ons to the rights and freedoms of data subjects • This includes: informa(on on sex life, health, video surveillance, gene(c data, biometric data … • Content: a general descrip(on of the envisaged processing opera(ons, an assessment of the risks to the rights and freedoms of data subjects, safeguards, security measures, mechanisms to demonstrate compliance with the Regula(on
Impact assessments (art. 33)
EU GENERAL DATA PROTECTION REGULATION -‐ FRANCE
| France| Me Alain BENSOUSSAN |alain-‐[email protected]
Page 31
4. Impose s(ffer sanc(ons (1) Viola(
ons
-‐ No mechanisms for requests by data subjects -‐ No prompt response to requests by data subjects -‐ Charging a fee for the informa(on or for responses to the requests of data subjects
-‐ Not providing informa(on, or providing incomplete informa(on, or not providing informa(on in a sufficiently transparent manner
-‐ Not providing access for the data subject, not rec(fying personal data, not communica(ng relevant informa(on to a recipient
-‐ Not complying with the right to be forgouen or to erasure -‐ Not providing a copy of the personal data in electronic format
-‐ Not or not sufficiently maintaining documenta(on -‐ Not or not sufficiently determining the respec(ve responsibili(es with co-‐controllers
€250,000 or 0,5% of annual worldwide turnover
€500,000 or 1% of annual worldwide turnover
EU GENERAL DATA PROTECTION REGULATION -‐ FRANCE
| France| Me Alain BENSOUSSAN |alain-‐[email protected]
Page 32
4. Impose s(ffer sanc(ons(2) -‐ Processing personal data without any or sufficient legal basis -‐ Processing special categories of data in viola(on of the Regula(on
-‐ Not complying with an objec(on -‐ Not complying with the condi(ons in rela(on to measures based on profiling
-‐ Not implemen(ng accountability (Privacy by Design, Privacy Impact Assessment)
-‐ Not designa(ng a representa(ve -‐ Processing data in viola(on of the Regula(on -‐ Not aler(ng on or no(fying a personal data breach or not (mely no(fying the data breach
-‐ Not carrying out a data protec(on impact assessment -‐ Not designa(ng a Data Protec(on Officer -‐ Carrying out or instruc(ng a data transfer to a third country without appropriate safeguards
-‐ Not complying with an order by the supervisory authority
€1,000,000
or 2% of annual
worldwide turnover
| F r a n c e | M e A l a i n B e n s o u s s a n | alain-‐[email protected]
" ALAIN BENSOUSSAN AVOCATS 29 rue du colonel Pierre Avia Paris 15 FRANCE Tel. : 33 1 41 33 35 35 Fax : 33 1 41 33 35 36 paris@alain-‐bensoussan.com
" Alain Bensoussan D.L : 33 1 41 33 35 09 Mob. : 33 6 19 13 44 46
ab@alain-‐bensoussan.com
Contact
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Data ProtecEon in the United States Recent Developments
Françoise GILBERT Managing Director – IT Law Group
Silicon Valley, California +1 650-‐804-‐1235 [email protected] | www.globalprivacybook.com | francoisegilbert.com | @francoisegilbrt
BARCELONA, FRIDAY, SEPTEMBER 28, 2012
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 35
– Background – Overview of US data protec(on laws – Role of the US federal and state agencies – Recent US Government ini(a(ves – Recent enforcement ac(ons – Hot issues
Agenda
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 36
– No na(onal data protec(on law; but dozens of Federal sectoral laws • 1890: “Right to Privacy” defines the concept • 1966: Freedom of Informa(on Act (access to informa(on held by government • 1968: Wiretap Act (intercep(on of aural communica(ons and disclosure of these communica(ons in court) • 1970: Fair Credit Repor(ng Act (credit repor(ng agency disclosure of credit reports) • 1974: Privacy Act (disclosure of government records) • 1974: Family Educa(onal Rights and Privacy Act (disclosure of school records) • 1978: Right to Financial Privacy Act (banking and financial transac(ons) • 1978: Foreign Intelligence Surveillance Act (electronic surveillance; foreign intelligence) • 1986: Computer Fraud & Abuse Act (to reduce hacking, use of viruses) • 1986: Electronic Communica(on Privacy Act (stored or in transit informa(on) • 1996: Health Insurance Portability and Accountability Act (health informa(on) • 1998: Children Online Privacy Protec(on Act (children informa(on) • 1999: Financial Services Moderniza(on Act (GLBA) (financial informa(on) • 2003: CAN SPAM Act (commercial messages)
– Hundreds of State sectoral laws (+ some states have cons(tu(onal rights) • Protect individuals residing in a specific state • Security breach disclosure laws • Security measure requirements • Protec(on of driver’s license informa(on, medial records, etc.
US Data Protec(on Laws
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 37
– No “na(onal data protec(on agency” • Numerous federal agencies play role similar to that of the Data Protec(on Agencies in European Union
– Federal Trade Commission – Department of Health & Human Services – Financial Services Agencies – Securi(es & Exchange Commission
• Numerous state agencies, play similar role at the State Level – State Auorney General – Other State Agencies
– Substan(al coopera(on between State and Federal Agencies
Federal & State Agencies
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 38
– Significant penalEes in case of violaEon • FCRA: up to $500,000 total penalty per viola(on
– Actual penalEes • Google (breach of FTC consent decree) $22.5million • ChoicePoint (breach of security) $15million • Massachuseus General Hospital (HIPPA) $4.3million • Sony $1million (COPPA) • Xanga $1million (COPPA) • CVS, Rite Aid pharmacies $1million (HIPAA + lack of security) • Spokeo $800,000 (FCRA)
Significant Penal(es
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 39
– Federal Trade Commission (FTC): • Top regulator in the US with respect to protec(on of personal informa(on
• Powers under FTC Act (§5), COPPA, FCRA, HIPAA – Numerous acEons against companies for:
• Failure to comply with privacy promises • Failure to provide adequate security measures for personal informa(on
• Unclear and decep(ve terms, which concealed important disclosure regarding un-‐an(cipated use of personal informa(on
• Failure to comply with requirements of Fair Credit Repor(ng Act • Failure to comply with COPPA requirements
Federal Trade Commission
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 40
– Google (Aug. 2012, Dec. 2011) – Spokeo (Jun. 2012) – MySpace (May 2012) – RockYou (Mar. 2012) – Facebook (Mar. 2011) – Playdom/Disney (May. 2011) – Twi/er (Mar. 2011) – RiteAid Pharm (Nov. 2010) – Lifelock (Nov. 2010) – Sears (Sep. 2009)
– Sony BMG Music (Dec. 2008; Jan 2011)
– TJX (Aug. 2008) – Reed Elsevier (Aug. 2008) – ValueClick (Mar. 2008) – ChoicePoint (Jan. 2006) – BJ Wholesale (Sep. 2005) – Microso\ (Aug. 2002) – Geoci(es / Yahoo (1999)
FTC Enforcement Ac(ons
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 41
– White House Consumer Bill of Rights (Feb. 2012) • Restates Fair Informa(on Prac(ce Principles
– Federal Trade Commission Report on Consumer Privacy (March 2012)
• Privacy by Design, Privacy by Default, Online Behavioral Tracking and Adver(sing
– Federal Trade Commission Report on Children and Mobile Apps (February 2012)
• Guidelines on mobile apps for children – Federal Trade Commission Guidelines on Mobile Apps (August
2012) • General guidelines on the publica(on of mobile apps
– Par(cipa(on in APEC Cross Border Privacy Rules System
Recent US Efforts on Privacy
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 42
– FTC v. Google (August 2012) • $22.5 million fine • Viola(on of pre-‐exis(ng consent decree with FTC • FTC looked at promises made in Privacy Policy or about privacy measures, including in Google’s representa(ons that it complied with the NAI Code of Conduct
– FTC v. Facebook (August 2012) • Viola(on of representa(ons made in Privacy Policy • Including representa(on that FB followed the Safe Harbor Principles
• 20-‐year supervision by Federal Trade Commission
Recent Enforcement Ac(ons
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 43
– Mobile • Mobile apps, mobile payments, mobile privacy
– BYOD • Bring your own device (to work)
– Social Media • Poten(al employer access to social media account
– Behavioral MarkeEng • Tracking devices, cookies, tags, zombie cookies
– Big Data – Cloud CompuEng
• Reform of Electronic Communica(ons Privacy Act
Other Hot Issues
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 44
Françoise Gilbert IT Law Group
Palo Alto, California, USA
Email: [email protected] Phone: +1 650-‐804-‐1235
IT Law Group: itlawgroup.com Blog: francoisegilbert.com
Book: globalprivacybook.com Twiuer: @francoisegilbrt
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
CLOUD COMPUTING LEGAL ISSUES UP IN THE AIR
Raffaele ZALLONE -‐ Sébas(en FANTI [email protected] -‐ sebas(en.fan(@sebas(enfan(.ch
BARCELONA, FRIDAY, SEPTEMBER 28, 2012
CLOUD COMPUTING
NATIONAL INSTITUTE OF STANDARD AND TECNOLOGY: A MODEL FOR ENABLING CONVENIENT, ON-‐DEMAND NETWORK ACCESS TO SHARED POOL OF COMPUTING RESOURCE
SOFTWARE AS A SERVICES SAAS OFFERS ACCESS TO A SERVICE (ES: MAIL, ACCOUNTING, SPREADSHEET)
PLATFORM AS A SERVICES PAAS OFFERS ACCESS TO DEVELOPMENT TOOLS
INFRASTRUCTURE AS A SERVICES IAASOFFERS HW+SW ON DEMAND (MEMORY, PROGRAMS, ETC)
WHAT IS CLOUD COMPUTING
THERE ARE 3 DIFFERENT SERVICES MODELS
CLOUD COMPUTING
PRIVATE CLOUDS
OFFERS SERVICES TO ONE CUSTOMER ONLY MORE SIMILAR TO DATA CENTERS
PUBLIC CLOUDS
AN INFRASTRUCTURE USED TO SERVE SEVERAL CUSTOMERS (ES: GMAIL)
HYBRID CLOUDS
SERVICE OFFERING WITH MIXTURE OF PRIVATE / PUBLIC
CLOUD COMPUTING
CLOUD COMPUTING
CLOUD COMPUTING MAIN ISSUES
SECURITY
CONTRACTUAL ISSUES
PRIVACY ISSUES
CLOUD COMPUTING
CONTRACTUAL ISSUES: MANY ARE THE SAME AS PER OUTSOURCING CONTRACT
SERVICE LEVELS AND RELATED MEASUREMENTS
WHAT TO MEASURE AND HOW CONSEQUENCES PENALTIES
PROTECTION OF DATA (AVAILABILITY, RELIABILITY)
DATA MUST ALWAYS BE AVAILABLE, IS SUPPLIER REL IABLE?
SUB CONTRACTING: WHO AND FOR WHAT WIDE USE OF SUBCONTRACTING IS STD NEED TO HAVE AGREEMENT ON HOW TO MANAGE PROCESS AN CONTROLS
CONTINUITY OF SERVICE BACK UPS? WARRANTIES?
CHANGES OF PLATFORM / SW UPGRADES NEED TO IMPLEMENT CHANGE MANAGEMENT CONTROLS
DURATION OF CONTRACT LONG TERM vs SHORT TERM: PRO’S AND CON’S
TERMINATION OF CONTRACT AND TRANSITION TO NEW SUPPLIER
NEED TO IMPLEMENT APPROPRIATE MANAGEMENT AND PROCESSES
CLOUD COMPUTING
SPECIFIC CLOUD COMPUTING CONTRACTUAL ISSUES
LICENSE vs SERVICE IF THERE IS NO LICENSE, TERMINATION OR TRANSITION TO NEW SUPPLIER MAY BE A REAL PROBLEM
AUDITABILITY -‐ AVAILABILITY MUST HAVE DATA ALWAYS AVAILABLE FOR AUDITS MUST BE POSSIBLE TO AUDIT SUPPLIER ITSELF
LOCATION OF DATA PRIVACY AND LIABILITY ISSUE
SUB CONTRACTORS RIGHT TO APPROVE AND AUDIT
CLOUD COMPUTING
SPECIFIC CLOUD COMPUTING CONTRACTUAL ISSUES
INTELLECTUAL PROPERTY MAKE SURE CRITICAL I.P. IS PROTECTED
OPEN vs PROPRIETARY SWITCHING TO NEW SUPPLIER MAY BE A PROBLEM
CHANGE MANAGEMENT SUPPLIER MAY DECIDE TO CHANGE SW, PLATFORM, SUBCONTRACTORS? HOW AND WITH WHAT RIGHTS/NOTICE
STANDARD CONTRACTUAL TERMS NEED OF CONTROL / FLEXIBILITY / REGULATION OF SPECIFIC ISSUES
DATA PRIVACY ISSUES ATTITUDE OF SUPPLIERS
CLOUD COMPUTING
DATA PRIVACY ISSUES WHERE ARE THE DATA? KNOWING THE LOCATION OF DATA IS
ESSENTIAL UNDER UE PRIVACY LAWS
CAN SUPPLIER TRANSFER DATA? SAME AS ABOVE
MANAGEMENT OF SUBCONTRACTORS MUST BE APPOINTED AS DATA PROCESSORS AND MUST BE AUDITABLE, BY CUSTOMER, BY PRIVACY AUTHORITY OR OTHER BODIES
SECURITY MEASURES AUDITABILITY – LIABILITY
ACCESS DATA ARE PERSONAL DATA WHERE ARE THEY, WHO CAN ACCESS THEM, HOW LONG ARE THEY STORED FOR
OBLIGATION NOT TO USE DATA SUPPLIER AND SUBCONTRACTOR
RETURN OR DESTRUCTION OF DATA SUPPLIER AND SUBCONTRACTORS
CLOUD COMPUTING
LEGAL ISSUES LIABILITY OF CLOUD PROVIDER FOR ILLEGAL CONTENT ?
NO LIABILITY IF THE PROVIDER HAS NO KNOWLEDGE OR AWARENESS OF ILLEGAL NATURE AND REMOVES OR BLOCKS ILLEGAL DATA WHEN IT DOES GAIN KNOWLEDGE OR BECOME AWARE OF ILLEGAL NATURE (NOTICE AND TAKEDOWN)
JURISDICTIONAL ISSUES AND APPLICABLE LAW
THE CHOICE OF THE COMPETENT COURT AND OF THE APPLICABLE LAW ARE FUNDAMENTAL; IF OUTSIDE OWN COUNTRY, ANY LITIGATION CAN BECOME PROHIBITIVELY EXPENSIVE
DISPUTE RESOLUTION ARBITRATION MUST BE CONSIDERED AS ONE INTERESTING OPTION KEEPING CONFIDENTIALITY AND AVOIDING PROBLEMS LIKE CHOICE OF ANOTHER APPLICABLE LAW BY COURT
CLOUD COMPUTING
LEGAL ISSUES INTRODUCTION OF HARMFUL CODE (VIRUSES AND OTHER MALICIOUS CODE)
NEED TO RELY ON THE PROVIDER APPLYING SUFFICIENT PROTECTION AGAINST THESE DANGERS; NECESS ITY OF IMPOSING OBLIGATIONS TO THE PROVIDER
US PATRIOT ACT In certain circumstances, the US PATRIOT Act allows the US government to obtain data held anywhere in the world by US companies or companies with sufficient connec(ons to the US. This would extend to data centres based in UE that are operated by US companies and data centres based in the US operated by non-‐US companies.
IT PROPERTY OWNERSHIP NECESSARY TO ENSURE THAT THE AGREEMENT DOES NOT TRANSFER IP OWNERSHIP
CLOUD COMPUTING
LEGAL ISSUES ISSUES PARTICULAR TO REGULATED INDUSTRIES
RULES THAT LIMIT THEIR ABILITY TO OFFSHORE THEIR OPERATIONS; EX: BANKING OR INSURANCE COMPANIES; TEST THE WATERS WITH THEIR REGULATOR BEFORE PROCEEDING WITH CLOUD COMPUTING SERVICE SOLUTIONS
SUBCONTRACTORS ALL THE RELEVANT OBLIGATIONS MUST THEREFORE APPLY ALSO TO THE SUB-‐PROCESSORS THROUGH CONTRACTS BETWEEN THE CLOUD PROVIDER AND SUBCONTRACTOR REFLECTING THE STIPULATIONS OF THE CONTRACT BETWEEN CLOUD CLIENT AND CLOUD PROVIDER
SPECIAL PRECAUTIONS BY THE PUBLIC SECTOR
EUROPEAN GOVERNMENTAL CLOUD AS A SUPRA NATIONAL VIRTUAL SPACE WHERE A CONSISTENT AND HARMONIZED SET OF RULES COULD BE APPLIED?
CLOUD COMPUTING
CONCLUSIONS AND RECOMMENDATIONS
CLEARLY IDENTIFY THE DATA AND THE PROCESSING THAT WILL BE ENTRUSTED TO THE CLOUD PROVIDER
EX: HEALTH DATA, WHICH CAN ONLY BE STORED BY A CLOUD PROVIDER LICENSED BY THE FRENCH MINISTRY OF HEALTH
UNDERTAKE A RISK ANALYSIS TO ENSURE THAT THE CUSTOMER IS GETTING THE RIGHT LEVEL OF SECURITY UPDATE THE RISK ANALYSIS REGULARLY
REFER TO THE GUIDELINES OF ENISA (EUROPEAN NETWORK AND INFORMATION SECURITY AGENCY) WHEN CONDUCTING THE RISK
BE SURE TO IDENTIFY THE RIGHT KIND OF OFFER THAT IS APPROPRIATE FOR A CLOUD CUSTOMER'S BUSINESS
SAAS, PAAS, OR IAAS, PUBLIC, PRIVATE OR HYBRID CLOUD SOLUTIONS
CLOUD COMPUTING
CONCLUSIONS AND RECOMMENDATIONS Choose a cloud provider with
sufficient service and privacy level guarantees
essen(al elements that should appear in the cloud contracts
Rethink YOUR own IT security policy such as rules on authen(ca(on of users, and employees' use of mobile devices to access the employer's network…
Ensure that the customer defines its own requirements on the technical and legal security aspects of the processing
Localiza(on of the data, reversibility and data portability
Social Media 30’
Cookies 30’
New Domain Names 15’
Q & A
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Some issues on Social Networks
Jean-‐François HENROTTE j�[email protected]
BARCELONA, SEPTEMBER 28, 2012
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 60
1. How to manage issues on Social Networks A. First, the easy way B. Then the hard way
2. How to react if your content is removed
3. Community management, a new business
Some issues on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 61
• Social networks are not an apart world. • Almost all the annoyances of society can be
found there, but some more ohen : • Defama(on • Harassment • Copyright infrigement • Privacy breach • …
Some issues on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 62
A. Soh Law
How to react ?
1. How to manage issue on Social Networks
B. Hard Law
Use the tools provided by social networks themselves
Use leuer of formal no(ce, cease-‐and-‐
desist order, lawsuit,…
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 63
Internet is a par(cular area where :
Old fashioned legal tools are good, but…
Nothing is forgouen
Everything can be reproduced indefinitely
from a single copy
There is always someone on the lookout
1. A How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 64
Beware of the Barbara Streisand’s effect
1.A How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 65
Lawyers need to be careful when using leuers of formal no(ce or lawsuits • There is a significant risk of bad publicity
• There is a significant risk to auract much more a/enEon due to a inadequate or bad reac(on than to the first event in itself
1.A How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 66
• Be quick but do not rush • Be ready to communicate if things go
wrong • Use the reporEng tools implemented by
social networks • It is fast • It tackles the problem at the roots • It prevent (partly) the spread of the problem • Main issue è Completely arbitrary
Some guidelines
1.A How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 67
• First, the abuse must be defined • Break of terms and policies • Copyright (or other IP right) infrigement • Defama(on • Privacy mauer • Harassment • …
• Then, follow the adequate procedure
Tools to report abuse
1.A How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 68
• Linkedin hup://www.linkedin.com/sta(c?key=copyright_policy&trk=hb_h_copy
• Facebook hup://en-‐gb.facebook.com/help/?page=178608028874393&ref=hcnav
• FlickR hup://www.flickr.com/abuse/
1.A How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 69
• Google + hup://support.google.com/plus/bin/answer.py?hl=en&answer=1253377
• YouTube hup://www.youtube.com/t/copyright_no(ce?gl=BE
• Google.com hups://www.google.com/webmasters/tools/removals?pli=1
1.A How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 70
If : • Social network does not comply with your
request, or not fast enough • You feel you need a stronger ac(on
è Unholster the usual lawyers
When the easy way is not enough
1.B How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 71
• Easy if his real name is disclosed • May be really hard if he uses a nickname
• In Belgium, it is almost impossible ∟ Due to recent case law, only the criminal judge
have the power to compel providers to disclose the iden(ty of a user (>< Spain)
∟ But, in Belgium, criminal jus(ce is totally overtaken and doesn’t really care about or is not really efficient to handle these cases
First issue : Iden(fy the perpetrator
1.B How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 72
And is in a place where you can reach him… è Then you can sue him using :
∟ Criminal law if defama(on or harassment (Art. 443 and following of B. Criminal Code)
∟ Copyright law ∟ Civil law (Art. 1382 – 1383 of B. Civil Code) ∟ Commercial law
The perpetrator is known
1.B How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 73
Ohen, the first idea when faced with a problem (such as defama(on) on a social network is to use Criminal Law But (in Belgium at least): • You are not in control • Criminal procedure can be really slow • It may paralyse civil procedure
A word about Criminal Law
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 74
Or you can’t reach him
èLodge a Criminal complaint against X
è At the same (me, act against the provider (social network company in this case) but : ∟ they may benefit from the exemp(on from liability ∟ they can oppose the argument of freedom of speech ∟ they can claim that they did not commit any fault
The perpetrator is unknown
1.B How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 75
Introduced by Direc(ve 2000/31/EC on electronic commerce
You have to prove that: • they do not fit into the category of intermediary
service providers (hoster in this case) as provided by the Direc(ve
• they had previous knowledge of the illegality or had not responded adequately when they were made ��aware of this illegality
èInjuc(on are s(ll possible
Exemp(on from civil liability
1.B How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 76
This right is crucial to our socie(es, but not absolute è You have to prove that your case stays into
one of these right's limita(ons
Freedom of speech
1.B How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 77
è You need to prove that, once the provider has been made aware of the illegality, he commits a fault if he doesn’t react quickly to remove or to disable access to the informa(on
The lack of fault
1.B How to manage issue on Social Networks
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 78
It may be hard and expensive to achieve a result (suppression of the content, not even talking of compensatory damages) with the hard way
1.B How to manage issue on Social Networks
Intermediary conclusions
Get yourself organised to control the places of discussion
Use the soh way
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 79
• IdenEfy the pretext used to jus(fy the removal
• Use the counter-‐noEce pages and tools offered by social networks
• Act at the same (me against the person who lodged the complaint (when his iden(ty is known) and try to obtain from him that he withdraws his complaint
What if your content is removed
2. How to react if your content is removed
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 80
• A new profession related to the advent of social networks
• This business consists in managing and maintaining a community of “fans” of a brand, a company, a people,… on social networks
Community Management
3. Community management
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 81
• Liule or no educa(on to become a community manager
• Ohen a poor understanding of the risks from the execu(ves
• Risks are even greater than with spokesman • Speed ��and spontaneity of responses • Rapid dissemina(on to the community and beyond • Fans can focus on personality of the Community manager
rather than on the brand
Issues
3. Community management
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 82
• In most cases, applica(on of labor law (if the manager is an employee) or standards liability rules
• In Belgium, except for gross negligence, the employee will not be held responsible
• Par(cular auen(on should be paid to contract !
Issues
3. Community management
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 83
• Who owns the contents produced by the Community Manager in case of break of contract ?
• In Belgium, transfer of IP rights has to be formally provided in the contract (>< Spain)
• Who owns the community’s members that he has auracted in case of break of contract ?
Upon hiring, it must therefore be decided
3. Community management
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 84
• Who got the ownership and access codes to the account ?
• When possible, it’s beuer that execu(ve opens the account themselves and then gives (limited) admin rights to the community manager + Execu(ve should keep modera(ng powers in case of emergency
• It should be a good idea to write down in the contract the unique ID of the account
Upon hiring, it must therefore be decided
3. Community management
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 85
• Social networks are powerful tools for communica(on, adver(sing and marke(ng
• Social networks are now part of our everyday life and you should use them, with care, like every other tool
Don’t Panic !
Conclusions
| Belgium | Me Jean-‐François HENROTTE | j�[email protected]
Page 87
• Picture of Barbara Streisand : By Allan warren (Own work) [CC-‐BY-‐SA-‐3.0 (hup://crea(vecommons.org/licenses/by-‐sa/3.0) or GFDL (hup://www.gnu.org/copyleh/fdl.html)], via Wikimedia Commons
Credits
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
RegulaEng Cookies in Canada
Jean-‐François De Rico Langlois Kronström Desjardins llp
BARCELONA, FRIDAY, SEPTEMBER 28, 2012
Cookies
web beacons
supercookies
device data zombie cookies
Online Behavioural Advertising
Cookies
• File created by browser and saved on a user’s computer by website
• The cookie uniquely iden(fies, or “records” user informa(on/preference
Purposes
Measuring web site usage to • Improve func(onality of the site; • Fraud preven(on; and • Online behavioral adver(sing;
InformaEon collected
• IP address; • pages visited; • length of Eme spent on each page; • adverEsements viewed; • arEcles read; • purchases made; • search terms; • user preferences; • operaEng system; • geographical locaEon.
CLOUD COMPUTING
Europe
Canada Page 93
Europe
ObligaEon to provide explanaEon of the type and funcEon of cookies and obtain a user's explicit consent before installing a cookie
Canada
Based on relaxed “opt-‐out” framework.
AnE-‐spam law (CASL) An Act to promote the efficiency and adaptability of the Canadian economy by regulaEng certain acEviEes that discourage reliance on electronic means of carrying out commercial
acEviEes, and to amend the Canadian Radio-‐television and TelecommunicaEons Commission Act, the CompeEEon Act, the Personal InformaEon ProtecEon and Electronic
Documents Act and the TelecommunicaEons Act (S.C. 2010, c. 23)
AnE-‐spam law (CASL)
Expressly allows cookies to be installed on a user's computer ….provided the user's behaviour suggests he or she would consent to the installaEon… (?)
General prohibiEon
InstallaEon of computer program
8. (1) A person must not, in the course of a commercial ac(vity, install or cause to be installed a computer program on any other person’s computer system or, having so installed or caused to be installed a computer program, cause an electronic message to be sent from that computer system, unless – (a) the person has obtained the express consent of the owner or an
authorized user of the computer system and complies with subsec(on 11(5); or
– (b) the person is ac(ng in accordance with a court order.
“computer program” means data represen(ng instruc(ons or statements that, when executed in a computer system, causes the computer system to perform a func(on;
Cookie ExcepEon
• 10 (…) (8) A person is considered to expressly consent to the installaEon of a computer program if
• (a) the program is – (i) a cookie, – (ii) HTML code, – (iii) Java Scripts, – (iv) an opera(ng system,
– (v) any other program that is executable only through the use of another computer program whose installa(on or use the person has previously expressly consented to, or
– (vi) any other program specified in the regula(ons; and
• (b) the person’s conduct is such that it is reasonable to believe that they
consent to the program’s installaEon.
Withdrawal of consent
Policy PosiEon on Online Behavioural AdverEsing
Applica(on of PIPEDA to the collec(on/use of data about individuals’ web ac(vi(es for the purposes of online behavioural adver(sing (OBA) only.
OPC will generally consider informa(on collected for OBA to be PI, considering that:
Ø the purpose is crea(ng profiles to serve targeted ads;
Ø means available for gathering and analyzing disparate bits of data and serious possibility of iden(fying individuals;
The condi(ons under which opt-‐out consent to OBA can be considered acceptable are:
• Individuals are made aware of the purposes for the prac(ce in a manner that is clear and understandable – the purposes must be made obvious and cannot be buried in a privacy policy, at or before the (me of collec(on and provided with informa(on about the various par(es involved in OBA;
• Individuals are able to easily opt-‐out of the prac(ce -‐ ideally at or before the (me the informa(on is collected;
• The opt-‐out takes effect immediately and is persistent; • The informa(on collected and used is limited, to the extent prac(cable, to
non-‐sensi(ve informa(on ; and • Informa(on collected and used is destroyed as soon as possible or
effec(vely de-‐iden(fied
JurisdicEon
Canadian businesses, to the extent they process and use data about individuals in the European Union, through websites that offer goods and services to European viewers or use cookies to monitor European viewer behaviour, will need to comply with the more stringent direc(ve.
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
COOKIES EU & UK LAW PERSPECTIVE
Daniel PREISKEL Preiskel & Co LLP
5 Fleet Place London EC4 7RD United Kingdom
BARCELONA, 28 SEPTEMBER 2012
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 107
• Essen(als of Cookies
• Defini(on • EU & UK Legal Framework • EU & UK Independent Authori(es • Key Issues • Enforcement & Penal(es • Compliance
Table of Contents
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 108
What is a cookie?
• According to the Informa(on Commissioner’s Office (ICO) -‐ that is the independent authority in UK dealing with privacy and data protec(on -‐ a cookie is “a small file, typically of le?ers and numbers, downloaded on to a device when the user accesses certain websites. Cookies are then sent back to originaFng website on each subsequent visit. Cookies are useful because they allow a website to recognise a user’s device”
• There are several type of cookies depending on their specific features, for instance there are session cookies and persistent cookies
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 109
Legal Framework
• EU DirecEves: European Direc(ve -‐ 2002/58/EC -‐ which is concerned with the protec(on of privacy in the electronic communica(ons sector, which has been amended by Direc(ve 2009/136/EC
• UK RegulaEons: the Privacy and Electronic Communica(ons (EC Direc(ve) Regula(ons 2003 (SI 2003/2426) as amended by the Privacy and Electronic Communica(ons (EC Direc(ve) (Amendment) Regula(ons 2011 (SI 2011/1208)
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 110
Legal Framework
• Both the Direc(ves and Regula(ons apply to cookies and similar technologies for storing informa(on
• The legal framework states that the use of cookies is only allowed if an end user has been provided with clear and comprehensive informa(on about the purposes for which each cookie is stored and accessed on to his/her computer or mobile device and the user has given his or her informed consent
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 111
Legal Framework
• There is an excep(on to the requirement to provide informa(on about cookies and obtain consent where the use of the cookie is:
• for the sole purpose of carrying out the transmission of a communica(on over an electronic communica(ons network; or
• where such storage or access is strictly necessary (i.e. essen(al) for the provision of an informa(on society service requested by the subscriber or user. For instance it is likely to fall within the excep(on a cookie used to remember the goods a user wishes to buy when they proceed to the checkout or add goods to their shopping basket
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 112
EU & UK Independent Authori(es
• European Data Privacy Supervisor is an independent supervisory authority devoted to protec(ng personal data and privacy and promo(ng good prac(ce in the EU ins(tu(ons and bodies
• Ar(cle 29 Working Party on the Protec(on of Individuals, that is an independent European advisory body on data protec(on and privacy set up under Ar(cle 29 of Direc(ve 95/46/EC
• The Informa(on Commissioner’s Office is the UK’s independent authority set up to uphold informa(on rights in the public interest, promo(ng openness by public bodies and data privacy for individuals
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 113
Key issues
• Cookie audit:
• Iden(fy which type of cookies are used • Confirm the type of cookies and how intrusive they are • Confirm the purpose(s) of each cookie and whether each cookie would be
necessary to perform the services requested • Iden(fy what data each cookie holds, and confirm whether the cookie is linked
to other data that the cookie owner holds about a user • Confirm the lifespan of each persistent cookie • Confirm whether the cookie is a first-‐party or third-‐party cookie • Double check that the company has an adequate privacy policy posted on its
website with accurate and clear informa(on about each type of cookie used by the company
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 114
Key issues
• Ensure informa(on about cookies and mechanisms for making choices, are as easily accessible as possible for users of devices in which cookies are stored, so as to obtain valid and well informed consent by using:
• Prominent links • Legal foot notes and privacy policy • News items and blog posts • A clickable image or icon
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 115
Key issues
• Cookies as “equipment” and applicable law
• Use of technologies “similar” to cookies, for instance the apps to access the user’s loca(on and/or personal informa(on
• Mul(-‐jurisdic(onal issues in the interpreta(on, applica(on and enforcement of the law
• Con(nuing dialogue with authori(es
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 116
Enforcement & Penal(es
• In cases where organisa(ons refuse or fail to comply voluntarily with the Regula(ons the ICO and the Courts have a range of op(ons to available to them to take formal ac(on where this is necessary
• For instance the ICO may request:
• Informa(on No(ce • Undertaking • Enforcement No(ce • Monetary Penalty No(ce
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 117
Compliance
• The person sevng the cookie is primarily responsible for compliance with the requirements of the law
• Where third party cookies are set through a website, both par(es (the website owner and the person sevng the cookie) will have the responsibility for ensuring users are clearly informed about cookies and for obtaining consent
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 118
Compliance
• Providers must obtain users' consent:
• Before the cookie is set • Through an affirma(ve step
• For instance, providers may use pop-‐Up windows, message bars, header bars or splash pages, browser sevngs, terms and condi(ons, sevng-‐led consent and/or feature-‐led consent just to name a few
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 119
Conclusion
• Data protec(on is a complex area • Penal(es & Reputa(onal damage • Compliance is key
Essen(als of Cookies
COOKIES -‐ EU & UK LAW PERSPECTIVE
| United Kingdom| Daniel PREISKEL| [email protected]
Page 120
Daniel PREISKEL [email protected]
Essen(als of Cookies
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
Trademark Rights ProtecEon Mechanisms for New gTLD´s
Enrique Ochoa
Langlet, Carpio y Asociados
BARCELONA, 28 SEPTEMBER 2012
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
New GTLD´s -‐ .love -‐ .app -‐ .microsoh -‐ .barcelona -‐ .nyc -‐ .lawyer
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
-‐ Legal Rights Objec(ons (LRO).
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
WIPO Arbitra(on and Media(on Center has been appointed by ICANN as the exclusive provider of dispute
resolu(on services for trademark based “pre-‐delega(on” Legal Rights
Objec(ons under ICANN’s New gTLD
Program.
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
ICANN offers three other types of pre-‐delega(on objec(on-‐based dispute resolu(on procedures which are not administered by WIPO: -‐ “String Confusion Objec(on,” -‐ “Limited Public Interest Objec(on,” and -‐ “Community Objec(on.” ICANN has furthermore established a process for the ICANN Governmental Advisory Commiuee (GAC) to provide “GAC Advice on New gTLDs” concerning applica(ons iden(fied by governments as problema(c.
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
Trademark protecEon mechanisms available a\er new gTLDs are approved. “Rights ProtecEon Mechanisms” (RPMs). -‐ Trademark Clearinghouse (for use in connec(on with Sunrise periods and Trademark Claims services) -‐ Uniform Rapid Suspension system (URS), and -‐ Post-‐Delega(on Dispute Resolu(on Procedure (PDDRP). In addi(on, the exis(ng Uniform Domain Name Dispute Resolu(on Policy (UDRP) will be applicable to all new gTLDs.
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
Enrique Ochoa [email protected]
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
| G l o b a l n e t w o r k o f a / o r n e y s s p e c i a l i z e d i n e m e r g i n g t e c h n o l o g y l a w
Germany Buse Heberer Fromm Rechtsanwälte Bernd Reinmüller, Tim Caesar & Stephan Menzemer Neue Mainzer Strasse 28 60311 Frankfurt Am Main T. 0049 699 71 09 71 00 F. 0049 699 71 09 72 00 [email protected] www.buse.de
Belgium Philippe & Partners Jean-‐François Henroue & Alexandre Cruquenaire j�[email protected] hup://lexing.philippelaw.eu Liège Boulevard d’Avroy, 280 4020 Liège T. 0032 4 229 20 10 F. 0032 78 15 56 56 Brussels Avenue Louise, 240 1050 Bruxelles T. 0032 2 250 39 80 F. 0032 78 15 56 56
Canada Langlois, Kronström, Desjardins Richard Ramsay & Jean-‐François De Rico jean-‐[email protected] www.langloiskronstromdesjardins.com Montreal 1002, rue Sherbrooke Ouest, 28e étage H3A3L6 Montréal T. 0015 148 42 95 12 F. 0015 148 45 65 73 Quebec 801, Grande Allée Ouest, Bureau 300 G1S1C1 Québec T. 0014 186 50 70 00 F. 0014 186 50 70 75
Spain Alliant Abogados Asociados SLP Marc Gallardo Gran Via Corts Catalanes 702 08010 Barcelone T. 0034 93 265 58 42 F. 0034 93 265 52 90 [email protected] www.alliantabogados.com
USA IT Law Group Françoise Gilbert 555 Bryant Street #603 Palo Alto, CA 94301 T. 0016 508 04 12 35 F. 0016 507 35 18 01 [email protected] www.itlawgroup.com
France Alain Bensoussan, Isabelle Tellier & Frédéric Forster www.alain-‐bensoussan.com Paris 29, rue du Colonel Pierre Avia F75508 Paris cedex 15 T. 0033 141 33 35 35 F. 0033 141 33 35 36 paris@alain-‐bensoussan.com Grenoble 7, place Firmin Gau(er F38000 Grenoble T. 0033 476 70 09 95 F. 0033 476 70 09 96 grenoble@alain-‐bensoussan.com
Israel Livnat, Mayer & Co Russell D. Mayer Jérusalem Technology Park, Building 9, 4th Floor P.O. Box 48193 Malcha 91481 Jérusalem T. 0097 226 79 95 33 F. 0097 226 79 95 22 [email protected] www.livmaylaw.co.il
Italiy Studio Legale Zallone Raffaele Zallone 31 Via Dell’Annunciata 20121 Milano T. 0039 229 01 35 83 F. 0039 229 01 03 04 [email protected] www.studiovallone.it
Luxembourg Philippe & Partners Marc Gouden & Jean-‐François Henroue 41 avenue de la Liberté 1931 Luxembourg T. 00352 266 886 F. 00352 266 887 00 [email protected] hup://lexing.philippelaw.eu
Morocco Bassamat & Associée Fassi-‐Fihri Bassamat 30 rue Mohamed Ben Brahim Al Mourrakouchi 20000 Casablanca T. 00212 522 26 68 03 F. 00212 522 26 68 07 [email protected] www.cabinetbassamat.com
Mexico Langlet, Carpio y Asociados Enrique Ochoa Torre Axis Santa Fe Prolongación Paseo de la Reforma # 61, PB-‐B1 Col. Paseo de las Lomas 01330 Mxico, D.F. T. 0052 55 25 91 10 70 F. 0052 55 25 91 10 40 [email protected] www.lclaw.com.mx
Norway Føyen Advøka�irma DA Arve Føyen Postboks 7086 St. Olavs pl. 0130 Oslo T. 0047 21 93 10 00 F. 0047 21 93 10 01 [email protected] www.foyen.no
United Kingdom Preiskel & Co LLP Danny Preiskel 5 Fleet Place London EC4M 7RD T. 0044 20 7332 5640 F. 0044 20 7332 5641 [email protected] www.preiskel.com
Switzerland SébasEen FanE Avocat & Notaire 8B rue de Pré-‐Fleuri, CP 497 1951 Sion T. 0041 27 322 15 15 F. 0041 27 322 15 70 sebas(en.fan(@sebas(enfan(.ch www.sebas(enfan(.ch
South Africa Michalsons Lance Michalson and John Giles [email protected] www.michalsons.co.za Johannesburg Ground Floor Twickenham Building The Campus, 57 Sloane & Cnr Main Road 2021 Bryanston T. 0027 11 568 0331 F. 0027 86 529 4276 Cape Town Boyes Drive St James 7945 Cape Tow T. 0027 21 300 1070 F. 0027 86 529 4276
Tunisie Cabinet Younsi & Younsi Yassine Younsi 4, Rue Pe(te Malte 1001 Tunis T. 00 216 71 346 564 [email protected] hup://younsiandyounsilawfirm.e-‐monsite.com
ArgenEna Estudio Millé Antonio & Rosario Millé Suipacha 1111 -‐ piso 11 C1008AAW Buenos Aires T. 0054 11 5297 7000 F. 0054 11 5297-‐7009 [email protected] www.mille.com.ar