C-494/15 – Tommy Hilfiger: No Difference between Online and Real World Marketplaces for IP Enforcement

In the following piece, Christina Angelopoulos, post-doc researcher at the Information Law and Policy Centre of the University of London, analyses the recent judgment of the CJEU in case C-494/15 Tommy Hilfiger. The post was originally published on the Kluwer Copyright Blog.

On 7 July 2016, the CJEU (Court of Justice of the European Union) handed down its decision in Tommy Hilfiger (case C-494/15). The case concerned the imposition of an injunction on Delta Center, a company that sublets sales areas in the “Prague Market Halls” (Pražská tržnice) to traders, after it was found that counterfeit goods were sold in the marketplace.

The requested injunction would require that Delta Center refrain from: a) renting space to persons previously found by the courts to have engaged in trademark infringement; b) include terms in their rental contracts that oblige market traders to refrain from infringement; and c) publish an apology for past infringements by third party traders. [To continue reading the rest of the post on the Kluwer Copyright Blog, click here.]

Pokémon Go has revealed a new battleground for virtual privacy

Pokemon go and virtual privacyAndres Guadamuz, University of Sussex

People have been lingering outside Boon Sheridan’s house all through the night. The designer lives in an old church in Massachusetts that has been designated a “gym” in the new smartphone game Pokémon Go. Because the game requires players to visit places in the real world, Sheridan now has to put up with people regularly stopping outside his building to play.

It has got to the point where he has started wondering if there is anything the law can do in situations like this. He wrote on Twitter: “Do I even have rights when it comes to a virtual location imposed on me? Businesses have expectations, but this is my home.” This problem of virtual activities impinging on physical spaces in only likely to grow with the increasing popularity of the augmented reality used in games such as Pokémon Go to overlay digital landscapes on real ones. But there may be a way to deal with this before it becomes a serious legal problem for more people.

Pokémon Go encourages players to interact with their actual environment by using realistic maps of their surroundings as part of the game. Certain landmarks, monuments and public buildings are tagged as “stops”, where players can collect items, and some public spaces including churches, parks and businesses are tagged as “gyms”, where users can battle each other.

It is the tagging element that has prompted a few interesting legal questions about the role of augmented reality. The game’s developer, Niantic, is using a combination of data from Google Maps and user-generated tags collected from an earlier game called Ingress. This data is used to identify real-life spots as either a stop or a gym. But what happens when the data mistakenly identifies a house as a public space, as happened to Sheridan?

As it turns out, Niantic offers people the chance to highlight problems with a location. And in the grand scheme of things, whether a person’s house is mis-tagged in a game does not seem like something worthy of new laws, particularly when the developer offers to correct any errors. But Pokémon Go is just the beginning. The game has proven the potential of augmented reality to appeal to a very large audience, so we can expect many other applications of the technology to come our way.

The wild success of location-based gaming may bring about a horde of imitators, so expect a new generation of augmented reality gaming to hit the app stores soon. And the technology’s potential also goes beyond gaming so we can expect more mainstream applications of geo-tagging and location-based interaction, especially with the growth of wearable technology such as fitness trackers. You can imagine that soon we will have a world in which ever house, every car, even every person could come with an added virtual tag full of data. The potential for innovation in this area is staggering.

But what if your house is tagged in a global database without your permission and you value your privacy so do not want any passersby to know that you live there? Or what if a commercially-sensitive database identifies your business with incorrect data and you cannot reach the developer or they refuse to amend it? People looking for businesses in your area may miss you and go to a competitor that is correctly listed. Even more worrying, what if your house was previously occupied by a sex offender and is tagged in an outdated database with that information?

The problems would go far beyond what is happening with Sheridan’s house. These cases could have real negative effects on people’s lives, privacy, or business prospects.

The potential for trouble will be worse with the launch of apps that allow users to tag public or private buildings themselves. Why will abusers and trolls bother spray-painting a house, when they can geo-tag it maliciously? Paint washes away, but data may be more difficult to erase.

My proposal is to extend data protection legislation to virtual spaces. At the moment, data protection is strictly personal as it relates to any information about a specific person, known as a data subject. The data subject has a variety of rights, such as having the right to access their data and rectify and erase anything that is inaccurate or excessive.

Protecting objects

Under my proposal, the data subject’s rights would remain as they are, but the law would contain a new definition, that of the data object. This relates to data about a specific location. The rights of data objects would be considerably more limited than those of a data subject. But classifying them like this would take advantage of the data-protection mechanisms that already exist for when someone is intrinsically linked to a location.

In other words, just tagging a location on an augmented reality database wouldn’t violate the data protection. But mis-tagging a location as a public space in a way that could impinge on people’s enjoyment of that location could trigger action by the regulator to have the tag amended, removed or even erased. This would be especially useful for private spaces such as Sheridan’s house. If the app developer fails to make a change to the data, the property owner could make a request to the data protection authority, who would then force developers to change the data – or face fines.

There are limits to this proposal. Such a regime would only apply to companies based in the same country as the data protection regulator. So, for example, European countries wouldn’t be able to force Niantic to make changes to Pokémon Go’s tags, because the company is based in the US. There would also need to be strict restrictions on exactly what counts a data object and what is worth amending or deleting, otherwise the system could be abused.

But one thing is already certain: Pokémon Go is just the beginning of a new world of location-based data applications, and we need to find better ways to protect our digital rights in that space.

The ConversationAndres Guadamuz, Senior Lecturer in Intellectual Property Law, University of Sussex

This article was originally published on The Conversation. Read the original article.

Photo: Eduardo Woo, CC BY-SA 2.0

Analysing the Advocate General’s opinion on data retention and EU law

7562831366_66f986c3ea_o (1)Last week, the Advocate General published an opinion on a case brought to the European Court of Justice concerning the compatibility of the UK and Sweden’s data retention laws with EU law.

In a detailed analysis, Lorna Woods, Professor of Internet Law at the University of Essex considers the potential implications of the opinion for national data retention regimes (including the UK’s Investigatory Powers Bill) and the legal tensions which arise from the Advocate General’s opinion. This post first appeared on Professor Steve Peer’s EU Law Analysis blog.     

The Advocate General’s opinion concerns two references from national courts which both arose in the aftermath of the invalidation of the Data Retention Directive (Directive 2006/24) in Digital Rights Ireland dealing with whether the retention of communications data en masse complies with EU law.

The question is important for the regimes that triggered the references, but in the background is a larger question: can mass retention of data ever be human rights compliant. While the Advocate General clearly states this is possible, things may not be that straightforward. Continue reading

“Right to be forgotten” requires anonymisation of online newspaper archive

In this post, Hugh Tomlinson QC discusses the implications of a ruling in the Belgian justice system for the application of the “right to be forgotten” for news organisations. Tomlinson is a member of Matrix Chambers and an editor of the Inforrm blog. The post was first published on the Inforrm blog and is cross-posted here with permission. 

In the case of Olivier G v Le Soir (29 April 2016, n° C.15.0052.F [pdf]) the Belgian Court of Cassation decided that, as the result of the “right to be forgotten”, a newspaper had been properly ordered to anonymise the online version of a 1994 article concerning a fatal road traffic accident.

The applicant had been convicted of a drink driving offence as a result of the accident but his conviction was spent and the continued online publication of his name was a violation of his Article 8 rights which outweighed the Article 10 rights of the newspaper and the public.

Continue reading

The socio-legal aspects of 3D printing: Between “chaos” and “control”

Socio-legal aspects bookNot so long ago 3D printing was being discussed alongside the internet, file sharing and digital currencies as a sign of the beginning of an era of post-control and post-scarcity.

There were fears that governments would struggle to regulate the activities of a new generation of “prosumers” (producer-consumers) and that economic and legal certainties would be challenged by an increase in the decentralised “free” supply of goods.

Last night, at the Information Law and Policy Centre, Dr Angela Daly and Dr Dinusha Mendis presented a more nuanced view of the prospects of 3D printing as a “disruptive” technology to mark the launch of Daly’s new book, Socio-Legal Aspects of the 3D Printing Revolution.

Daly, a research fellow at Queensland University of Technology Faculty of Law, shared findings from postdoctoral research at the Swinburne University of Technology considering the legal aspects of 3D printing from the standpoint of the US, UK-EU and Australian legal systems.

s200_angela.dalyDaly’s transnational lens enabled her to identify a number of divergent legal approaches to 3D printing in relation to exceptions to infringement, intermediary liability, copyright and DMCA takedowns.

She found that the legal implications of 3D printing were hard to generalise despite attempts at the harmonisation of international law. More often the legal status of 3D printing was both nationally and scenario specific. To this end, Daly noted that it would also be interesting to research how legal jurisdictions in emerging economies were tackling 3D printing.

Focussing particularly on the potential problems created for Intellectual Property law by 3D printing, Daly concluded that the technology was neither leading to “total chaos” nor “total control”.

She highlighted that 3D printing has not yet become a mainstream practice – despite entry level 3D printers selling for around £500, far fewer people own one than they do a smartphone or computer. Daly also emphasised that incumbent businesses and companies are incorporating 3D printing into their business models.

She stated, therefore, that although there was some chaos around the edges – such as the ability for people to print 3D guns – the overall picture was that from a socio-legal perspective the technology was not currently particularly ‘disruptive’.

Dinusha MendisDaly’s position was reinforced by a presentation from Dr Dinusha Mendis, Co-Director of the Centre for Intellectual Property Policy and Management (CIPPM) at Bournemouth University. Mendis has conducted research on the Intellectual Property and Copyright implications of 3D printing including work which was commissioned by the UK government’s Intellectual Property Office.

Of fundamental concern here is the potential illegal copying and use of the computer-aided design (CAD) files required to print objects in 3D. Her research identified hundreds of online platforms for the distribution of 3D printing files which were providing access to hundreds of thousands of designs.

Mendis’ research into online platforms reveals that interest in 3D printing has grown immensely between 2008 and 2014, but she identified limitations to the spread of the practice.

Potential users do not always have access to the right materials, funds to be able to purchase more sophisticated printers or the legal knowledge to license their work. Moreover, companies and businesses in this field informed her that there was currently little commercial impact on either automotive or domestic products. They predicted that 3D printing would remain limited for the next five to ten years.

For both Mendis and Daly, then, 3D printing has not yet lived up to initial hype over its ‘disruptive’ potential. Mendis recommended a ‘wait and see’ approach to UK government, concerned that legislating too hastily in this area might stifle creativity.

Nevertheless, as 3D printing technology improves and becomes cheaper, it might become the focus of increasing interest for legal scholars in the future.

Further Reading

A. Daly (2016) Socio-Legal Aspects of the 3D Printing Revolution, Palgrave MacMillan: UK
D. Mendis (2015) A Legal and Empirical Study into the Intellectual Property Implications of 3D Printing.
D. Mendis (2014) “Clone Wars”: Episode II – The Next Generation: The Copyright Implications relating to 3D Printing and Computer-Aided Design (CAD) Files. Law, Innovation and Technology, 6 (2), 265-281.
D. Mendis (2013) ‘The Clone Wars’ – Episode 1: The Rise of 3D Printing and its Implications for Intellectual Property Law – Learning Lessons from the Past?,  European Intellectual Property Review, 35 (3), 155-169.

Addressing the challenge of anonymous sources in the digital age

Dr Aljosha Karim Schapals, research assistant at the Information Law and Policy Centre, reports from the launch of a new book by Eric Barendt, Emeritus Professor of Media Law at UCL, on anonymous speech in the context of literature, law and politics.

On 28 June, Professor Eric Barendt launched his new book ‘Anonymous Speech: Literature, Law and Politics’ at the Institute of Advanced Legal Studies (IALS). His book critically examines the arguments for and against anonymity, which in the context of online communications draw attention to complex and important moral and legal questions.

It is on this basis that Barendt started outlining the pros and cons of anonymous speech, both online as well as offline: on the one hand, the use of pseudonyms has enabled great writers such as Jane Austen to publish anonymously and to have their privacy protected on the grounds of gender and socio-economic class considerations. Furthermore, anonymity allows writers to have their work considered solely on the basis of its merits rather than the additional ‘baggage’ that comes with being an established writer.

On the other hand, however, anonymity can be used to deceive audiences or inflict harm. Barendt stressed that anonymity on the Internet can encourage more socially disinhibited behaviour leading to hate speech, threats of rape and violence as well as cyberbullying.

Continue reading

What is the impact of the Brexit vote on the Investigatory Powers Bill?

IP bill 2 copyThe Investigatory Powers Bill is currently proceeding through parliament – its second reading in the House of Lords took place on Monday 27 June.

Readers may have missed reports on the Lords debate amidst financial losses, Labour Party resignations, the Conservative Party leadership race and, of course, England’s embarrassing exit from Euro 2016 (among other things).

Given the ongoing political uncertainty and distractions after the Brexit vote, Open Rights Group campaigners have called on the government to halt the passage of the Bill on the basis that it cannot be adequately scrutinised by parliamentarians, the media and the public.

The Open Rights Group suggests that the passage of the Bill could be affected by the political crisis – the Bill could be accelerated or delayed depending on whether a General Election is called.

Ongoing legal cases may also affect its passage – particularly the impending European Court of Justice ruling on a case brought by MPs Tom Watson and David Davis in relation to the Data Retention and Investigatory Powers Act (DRIPA). In the Lords debate, Lord Butler described the DRIPA ruling as “hanging over the whole issue”.

Elements of DRIPA – emergency legislation passed in 2014 – have been included in the Investigatory Powers Bill. If the ECJ upholds a decision by the High Court in July 2015 that the sections on self-authorised access and bulk retention of data breach fundamental EU Charter rights under Articles 7 and 8, then this could have a significant impact on the IP Bill.

It is likely that any temptation to ignore ECJ rulings relevant to the IP Bill (and more generally) in light of the leave vote will be resisted as any failure to comply with current EU treaty obligations could possibly provide a pretext for greater EU action against the UK to speed up Brexit. Although there is no mechanism to formally expel the UK from the EU, indirect action could be explored which might put pressure on the UK’s control of the exit process through Article 50.

In the Lords debate, there was disagreement over the impact of the leave vote on the Bill. Lord Rosser noted that the vote to leave the EU had “added to the complexity” of the Bill due to uncertainties over European cooperation on security issues, but the Advocate General for Scotland, Lord Keen of Elie did not believe that any changes to the Bill would be required in light of the Brexit vote.

For the time being, the Bill continues its path to Royal Assent – the House of Lords committee stage is due to begin on 11 July.

Whistleblowers and journalists in the digital age

Snowden

Dr Aljosha Karim Schapals, research assistant at the Information Law and Policy Centre, reports on a research workshop hosted by the University of Cardiff on Digital Citizenship and the ‘Surveillance Society’.

A workshop led by researchers at the Cardiff School of Journalism, Media and Cultural Studies (JOMEC) on 27th June in London shared the findings of an 18 month ESRC funded research project examining the relationships between the state, the media and citizens in the wake of the Snowden revelations of 2013.

It was the concluding event of a number of conferences, seminars and workshops organised by the five principal researchers: Dr Arne Hintz (Cardiff), Dr Lina Dencik (Cardiff), Prof Karin Wahl-Jorgensen (Cardiff), Prof Ian Brown (Oxford) and Dr Michael Rogers (TU Delft).

Broadly speaking, the Digital Citizenship and the ‘Surveillance Society’ (DCSS) project has investigated the nature, opportunities and challenges of digital citizenship in light of US and UK governmental surveillance as revealed by whistleblower Edward Snowden.

Touching on more general themes such as freedom of expression, data privacy and civic transparency, the project aligns with the research activities of the Information Law and Policy Centre, which include developing work on journalism and whistleblower protection, and discussions and analysis of the Investigatory Powers Bill. Continue reading

What is the impact of Brexit on data protection and the GDPR?

A consensus already appears to be emerging among legal commentators that many UK organisations will need to comply with the provisions of the European Union’s General Data Protection Regulation regardless of the progress of the UK’s path to Brexit.

The GDPR was due to be adopted by the UK in May 2018 after a long process of EU legislative reform. As soon as the UK officially leaves the EU, in theory it is possible that the GDPR could be ignored – data protection is already written into UK law in the Data Protection Act 1998. In practice, however, if the UK continued to be part of the European Economic Area then the UK would have to abide by GDPR.

Moreover, as Andrew Cormack points out, any organisation outside the EU that wishes to process the data of “data subjects who are in the Union” will also have to abide by GDPR (Article 3(2)). This would be relevant to a number of UK organisations who need to process the data of EU clients, customers, students etc.

Further, any EU organisation sending personal data to the UK as a non-member state would no longer be able to guarantee that there was “adequate protection” of data in the UK, unless the UK sought to obtain a declaration to the contrary.

The position of the UK vis-à-vis GDPR was summarised by the ICO in a statement published in response to the referendum result:

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

It is likely, therefore, that elements of the GDPR will be incorporated into UK law however Brexit progresses. Both Anya Proops QC and Eduardo Ustaran argue that any UK business which provides services into the EU will need to understand and comply with GDPR.

Brendan Van Alsenoy: I tweet therefore I am … subject to data protection law?

In this guest blog post, Brendan Van Alsenoy – legal researcher at the Centre for IT and IP Law, University of Leuven – analyses the scope of the personal use exemption under the new EU General Data Protection Regulation (GDPR).

A note with regard to the relevance of the GDPR to the UK: this post was written before the EU referendum result on 24th June. For the ICO’s statement on the potential regulatory implications of a UK exit from the EU please see this link.

The blog post was originally posted on the CiTiP blog at KU Leuven. It is based on a draft paper included in the CiTiP Working Paper Series. You can follow the CiTiP on Twitter here.


In less than 30 years, individuals have transcended their role as passive “data subjects” to become actively involved in the creation, distribution and consumption of personal data. Unless an exemption or derogation applies, individuals are – at least in theory – subject to data protection law.

The evolving role of the individual

We use information and communication technologies every day. Mobile devices tell us where to eat, who to meet and how to get there. We share pictures, post videos and tweet reviews. We google everything and everyone.

With all these processing capabilities at our fingertips, the question can be asked: are we subject to EU data protection law?

Continue reading