Professional Documents
Culture Documents
Barcelona
Conference
September
28,
2012
| G l o b a l n e t w o r k o f a / o r n e y s s p e c i a l i z e d i n e m e r g i n g t e c h n o l o g y l a w
Interna(onal
17 members (worldwide) Same and unique methodology & procedures (cross-border projects) Law & Technologies (IT Law)
Integrated
Specialized
General
Presenta(on
20
30 30
30
30
Q & A
# Data Protec(on
SDPA (99 & 07 & 10) / AEPD High and Stringent Enforcenment ! 20.000.000 / 4000 proceedings Dra\ EU RegulaEon (January 2012)
SDPA applies / AEPD No specic regulaEons AEPD Guidelines (June 2012) / EU Guidelines (July 2012)
Data subject
Data Controller
contract
Data Processor
rights
obligations
Regulation 2007
Proper anonymiza(on
LegiEmate
interest
Key
ObligaEon:
process
personal
data
lawfully
Consent Contractual relations Requirements of the law Emergencies Public Interest Legitimate interest!
Consent:
not
always
available
or
reliable
criteria
LegiEmate
interest
criterion
not
properly
incorporated
The
data
should
apeared
in
public
sources
!
Now
void
->
Ruling Feb. 2012!
Cloud
CompuEng
Oracle
Microsoh
Cloud deniEon
Main risks
LACK OF INFORMATION
LACK OF CONTROL
Guidelines
No
specic
law
regulaEng
cloud
compuEng
but
data
protecEon
law
is
applicable
June ! 2012!
www.agpd.es
July ! 2012!
Jun
Guidelines
General View
SNS Providers
Company as a User
Soh
Law
to
resolve
certain
disputes
Intellectual
Property
Rights,
Privacy,
Iden(ty
theh,
Defama(on
&
others
Cookie is a small text le delivered by a website server onto the computer of visitor Mul(ple func(ons but typically used to taylor website oerings and facilitate targeted ads Rule: Informa(on + Consent before storing or gaining access to any cookie (not exempted)
Problems
Informa(on
?
Consent
?
Browser
/
opt-out
/
opt-in
Bo/om
line
is
#1 Audit
Implement + Review on a regular basis Train employees and monitor compliance Demonstrate it: a policy must be reected in concrete pracEces !
THANK YOU
Page 23
Proposed
EU
General
Data
ProtecEon
RegulaEon
of
January
25,
2012:
State
of
Play
ALAIN
BENSOUSSAN
alain-bensoussan@lexing.eu
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Introduc(on
What are the stakes? harmonize the protection of personal data in the EU ensure the effectiveness of such protection Issue a stronger and more coherent data protection framework in the EU Situation uncertain News International mobilization and debate on personal data protection
Page
25
Agenda
1. Strengthen
the
rights
of
individuals
2. Simplify
processes
for
businesses
3. Extend
liability
4. Impose
s(er
sanc(ons
Page
26
Page 27
One-stop shop
Joint controllers
Mul(na(onals
Excep(on: data transfers outside the EU to a country without adequate level of protec(on
Main establishment of the processor (i.e. place of its central administra(on in the EU)
Page 28
Page 29
Viola(ons
Page
31
Page 32
Contact
" ALAIN
BENSOUSSAN
AVOCATS
Tel.
:
33
1
41
33
35
35
Fax
:
33
1
41
33
35
36
paris@alain-bensoussan.com
Mob. : 33 6 19 13 44 46 ab@alain-bensoussan.com
D.L : 33 1 41 33 35 09
|
F r a n c e
|
M e
A l a i n
B e n s o u s s a n
|
alain-bensoussan@lexing.eu
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Agenda
Background
Overview
of
US
data
protec(on
laws
Role
of
the
US
federal
and
state
agencies
Recent
US
Government
ini(a(ves
Recent
enforcement
ac(ons
Hot
issues
Page 35
Protect individuals residing in a specic state Security breach disclosure laws Security measure requirements Protec(on of drivers license informa(on, medial records, etc.
Page 36
Signicant
Penal(es
Signicant
penalEes
in
case
of
violaEon
FCRA:
up
to
$500,000
total
penalty
per
viola(on
Actual
penalEes
Google
(breach
of
FTC
consent
decree)
$22.5million
ChoicePoint
(breach
of
security)
$15million
Massachuseus
General
Hospital
(HIPPA)
$4.3million
Sony
$1million
(COPPA)
Xanga
$1million
(COPPA)
CVS,
Rite
Aid
pharmacies
$1million
(HIPAA
+
lack
of
security)
Spokeo
$800,000
(FCRA)
Page 38
Page 40
Federal
Trade
Commission
Report
on
Children
and
Mobile
Apps
(February
2012)
Guidelines
on
mobile
apps
for
children
BYOD
Bring
your
own
device
(to
work)
Social
Media
Poten(al
employer
access
to
social
media
account
Behavioral
MarkeEng
Tracking
devices,
cookies,
tags,
zombie
cookies
Franoise
Gilbert
IT
Law
Group
Palo
Alto,
California,
USA
Email:
fgilbert@itlawgroup.com
Phone:
+1
650-804-1235
IT
Law
Group:
itlawgroup.com
Blog:
francoisegilbert.com
Book:
globalprivacybook.com
Twiuer:
@francoisegilbrt
Page
44
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
CLOUD COMPUTING
CLOUD COMPUTING
CLOUD COMPUTING
PRIVATE
CLOUDS
PUBLIC
CLOUDS
OFFERS
SERVICES
TO
ONE
CUSTOMER
ONLY
MORE
SIMILAR
TO
DATA
CENTERS
AN
INFRASTRUCTURE
USED
TO
SERVE
SEVERAL
CUSTOMERS
(ES:
GMAIL)
SERVICE
OFFERING
WITH
MIXTURE
OF
PRIVATE
/
PUBLIC
HYBRID CLOUDS
CLOUD COMPUTING
SECURITY
CONTRACTUAL ISSUES
PRIVACY ISSUES
CLOUD COMPUTING
SUB
CONTRACTING:
WHO
AND
FOR
WHAT
WIDE
USE
OF
SUBCONTRACTING
IS
STD
NEED
TO
HAVE
AGREEMENT
ON
HOW
TO
MANAGE
PROCESS
AN
CONTROLS
CONTINUITY
OF
SERVICE
CHANGES
OF
PLATFORM
/
SW
UPGRADES
DURATION
OF
CONTRACT
TERMINATION
OF
CONTRACT
AND
TRANSITION
TO
NEW
SUPPLIER
BACK UPS? WARRANTIES? NEED TO IMPLEMENT CHANGE MANAGEMENT CONTROLS LONG TERM vs SHORT TERM: PROS AND CONS NEED TO IMPLEMENT APPROPRIATE MANAGEMENT AND PROCESSES
CLOUD COMPUTING
AUDITABILITY - AVAILABILITY
LOCATION OF DATA
SUB CONTRACTORS
CLOUD COMPUTING
CLOUD COMPUTING
MANAGEMENT
OF
SUBCONTRACTORS
MUST
BE
APPOINTED
AS
DATA
PROCESSORS
AND
MUST
BE
AUDITABLE,
BY
CUSTOMER,
BY
PRIVACY
AUTHORITY
OR
OTHER
BODIES
SECURITY
MEASURES
ACCESS
DATA
ARE
PERSONAL
DATA
OBLIGATION
NOT
TO
USE
DATA
RETURN
OR
DESTRUCTION
OF
DATA
AUDITABILITY LIABILITY WHERE ARE THEY, WHO CAN ACCESS THEM, HOW LONG ARE THEY STORED FOR SUPPLIER AND SUBCONTRACTOR SUPPLIER AND SUBCONTRACTORS
CLOUD COMPUTING
LEGAL ISSUES
LIABILITY
OF
CLOUD
PROVIDER
FOR
ILLEGAL
CONTENT
?
NO
LIABILITY
IF
THE
PROVIDER
HAS
NO
KNOWLEDGE
OR
AWARENESS
OF
ILLEGAL
NATURE
AND
REMOVES
OR
BLOCKS
ILLEGAL
DATA
WHEN
IT
DOES
GAIN
KNOWLEDGE
OR
BECOME
AWARE
OF
ILLEGAL
NATURE
(NOTICE
AND
TAKEDOWN)
THE
CHOICE
OF
THE
COMPETENT
COURT
AND
OF
THE
APPLICABLE
LAW
ARE
FUNDAMENTAL;
IF
OUTSIDE
OWN
COUNTRY,
ANY
LITIGATION
CAN
BECOME
PROHIBITIVELY
EXPENSIVE
ARBITRATION
MUST
BE
CONSIDERED
AS
ONE
INTERESTING
OPTION
KEEPING
CONFIDENTIALITY
AND
AVOIDING
PROBLEMS
LIKE
CHOICE
OF
ANOTHER
APPLICABLE
LAW
BY
COURT
DISPUTE RESOLUTION
CLOUD COMPUTING
LEGAL ISSUES
INTRODUCTION
OF
HARMFUL
CODE
(VIRUSES
AND
OTHER
MALICIOUS
CODE)
US
PATRIOT
ACT
NEED
TO
RELY
ON
THE
PROVIDER
APPLYING
SUFFICIENT
PROTECTION
AGAINST
THESE
D A N G E R S ;
N E C E S S I T Y
O F
I M P O S I N G
OBLIGATIONS
TO
THE
PROVIDER
In
certain
circumstances,
the
US
PATRIOT
Act
allows
the
US
government
to
obtain
data
held
anywhere
in
the
world
by
US
companies
or
companies
with
sucient
connec(ons
to
the
US.
This
would
extend
to
data
centres
based
in
UE
that
are
operated
by
US
companies
and
data
centres
based
in
the
US
operated
by
non- US
companies.
NECESSARY
TO
ENSURE
THAT
THE
AGREEMENT
DOES
NOT
TRANSFER
IP
OWNERSHIP
IT PROPERTY OWNERSHIP
CLOUD COMPUTING
LEGAL ISSUES
ISSUES
PARTICULAR
TO
REGULATED
INDUSTRIES
RULES
THAT
LIMIT
THEIR
ABILITY
TO
OFFSHORE
THEIR
OPERATIONS;
EX:
BANKING
OR
INSURANCE
COMPANIES;
TEST
THE
WATERS
WITH
THEIR
REGULATOR
BEFORE
PROCEEDING
WITH
CLOUD
COMPUTING
SERVICE
SOLUTIONS
ALL
THE
RELEVANT
OBLIGATIONS
MUST
THEREFORE
APPLY
ALSO
TO
THE
SUB- PROCESSORS
THROUGH
CONTRACTS
BETWEEN
THE
CLOUD
PROVIDER
AND
SUBCONTRACTOR
REFLECTING
THE
STIPULATIONS
OF
THE
CONTRACT
BETWEEN
CLOUD
CLIENT
AND
CLOUD
PROVIDER
SUBCONTRACTORS
SPECIAL
PRECAUTIONS
BY
THE
PUBLIC
EUROPEAN
GOVERNMENTAL
CLOUD
AS
A
SECTOR
SUPRA
NATIONAL
VIRTUAL
SPACE
WHERE
A
CONSISTENT
AND
HARMONIZED
SET
OF
RULES
COULD
BE
APPLIED?
CLOUD COMPUTING
BE
SURE
TO
IDENTIFY
THE
RIGHT
KIND
SAAS,
PAAS,
OR
IAAS,
PUBLIC,
PRIVATE
OR
OF
OFFER
THAT
IS
APPROPRIATE
FOR
HYBRID
CLOUD
SOLUTIONS
A
CLOUD
CUSTOMER'S
BUSINESS
CLOUD COMPUTING
Ensure that the customer denes its own requirements on the technical and legal security aspects of the processing
30
30
15
Q & A
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Some
issues
on
Social
Networks
Social
networks
are
not
an
apart
world.
Almost
all
the
annoyances
of
society
can
be
found
there,
but
some
more
ohen
:
Defama(on
Harassment
Copyright
infrigement
Privacy
breach
Page
61
B. Hard Law
There
is
always
someone
on
the
lookout
Nothing
is
forgouen
Everything
can
be
reproduced
indenitely
from
a
single
copy
Page
63
Page 64
Lawyers
need
to
be
careful
when
using
leuers
of
formal
no(ce
or
lawsuits
There
is
a
signicant
risk
of
bad
publicity
There
is
a
signicant
risk
to
auract
much
more
a/enEon
due
to
a
inadequate
or
bad
reac(on
than
to
the
rst
event
in
itself
Page
65
Some
guidelines
Be
quick
but
do
not
rush
Be
ready
to
communicate
if
things
go
wrong
Use
the
reporEng
tools
implemented
by
social
networks
It
is
fast
It
tackles
the
problem
at
the
roots
It
prevent
(partly)
the
spread
of
the
problem
Main
issue
Completely
arbitrary
Page
66
Linkedin
hup://www.linkedin.com/sta(c?key=copyright_policy&trk=hb_h_copy
Facebook
hup://en-gb.facebook.com/help/?page=178608028874393&ref=hcnav
FlickR
hup://www.ickr.com/abuse/
Page 68
Google
+
hup://support.google.com/plus/bin/answer.py?hl=en&answer=1253377
YouTube
hup://www.youtube.com/t/copyright_no(ce?gl=BE
Google.com
hups://www.google.com/webmasters/tools/removals?pli=1
Page 69
When the easy way is not enough If : Social network does not comply with your request, or not fast enough You feel you need a stronger ac(on Unholster the usual lawyers
Page 70
First
issue
:
Iden(fy
the
perpetrator
Easy
if
his
real
name
is
disclosed
May
be
really
hard
if
he
uses
a
nickname
In
Belgium,
it
is
almost
impossible
Due
to
recent
case
law,
only
the
criminal
judge
have
the
power
to
compel
providers
to
disclose
the
iden(ty
of
a
user
(><
Spain)
But,
in
Belgium,
criminal
jus(ce
is
totally
overtaken
and
doesnt
really
care
about
or
is
not
really
ecient
to
handle
these
cases
Page
71
The
perpetrator
is
known
And
is
in
a
place
where
you
can
reach
him
Then
you
can
sue
him
using
:
Criminal
law
if
defama(on
or
harassment
(Art.
443
and
following
of
B.
Criminal
Code)
Copyright
law
Civil
law
(Art.
1382
1383
of
B.
Civil
Code)
Commercial
law
Page
72
A
word
about
Criminal
Law
Ohen,
the
rst
idea
when
faced
with
a
problem
(such
as
defama(on)
on
a
social
network
is
to
use
Criminal
Law
But
(in
Belgium
at
least):
You
are
not
in
control
Criminal
procedure
can
be
really
slow
It
may
paralyse
civil
procedure
|
Belgium
|
Me
Jean-Franois
HENROTTE
|
jenroue@philippelaw.eu
Page 73
Lodge
a
Criminal
complaint
against
X
At
the
same
(me,
act
against
the
provider
(social
network
company
in
this
case)
but
:
they
may
benet
from
the
exemp(on
from
liability
they
can
oppose
the
argument
of
freedom
of
speech
they
can
claim
that
they
did
not
commit
any
fault
Page
74
Freedom
of
speech
This
right
is
crucial
to
our
socie(es,
but
not
absolute
You
have
to
prove
that
your
case
stays
into
one
of
these
right's
limita(ons
Page 76
Page
77
Intermediary
conclusions
It
may
be
hard
and
expensive
to
achieve
a
result
(suppression
of
the
content,
not
even
talking
of
compensatory
damages)
with
the
hard
way
Get
yourself
organised
to
control
the
places
of
discussion
Use
the
soh
way
Page
78
What
if
your
content
is
removed
IdenEfy
the
pretext
used
to
jus(fy
the
removal
Use
the
counter-noEce
pages
and
tools
oered
by
social
networks
Act
at
the
same
(me
against
the
person
who
lodged
the
complaint
(when
his
iden(ty
is
known)
and
try
to
obtain
from
him
that
he
withdraws
his
complaint
Page
79
3. Community management
Community
Management
A
new
profession
related
to
the
advent
of
social
networks
This
business
consists
in
managing
and
maintaining
a
community
of
fans
of
a
brand,
a
company,
a
people,
on
social
networks
Page
80
3. Community management
Issues
Liule
or
no
educa(on
to
become
a
community
manager
Ohen
a
poor
understanding
of
the
risks
from
the
execu(ves
Risks
are
even
greater
than
with
spokesman
Speed
and
spontaneity
of
responses
Rapid
dissemina(on
to
the
community
and
beyond
Fans
can
focus
on
personality
of
the
Community
manager
rather
than
on
the
brand
Page
81
3. Community management
Issues
In
most
cases,
applica(on
of
labor
law
(if
the
manager
is
an
employee)
or
standards
liability
rules
In
Belgium,
except
for
gross
negligence,
the
employee
will
not
be
held
responsible
3. Community management
Upon
hiring,
it
must
therefore
be
decided
Who
owns
the
contents
produced
by
the
Community
Manager
in
case
of
break
of
contract
?
In
Belgium,
transfer
of
IP
rights
has
to
be
formally
provided
in
the
contract
(><
Spain)
Who
owns
the
communitys
members
that
he
has
auracted
in
case
of
break
of
contract
?
Page
83
3. Community management
Upon
hiring,
it
must
therefore
be
decided
Who
got
the
ownership
and
access
codes
to
the
account
?
When
possible,
its
beuer
that
execu(ve
opens
the
account
themselves
and
then
gives
(limited)
admin
rights
to
the
community
manager
+
Execu(ve
should
keep
modera(ng
powers
in
case
of
emergency
It
should
be
a
good
idea
to
write
down
in
the
contract
the
unique
ID
of
the
account
|
Belgium
|
Me
Jean-Franois
HENROTTE
|
jenroue@philippelaw.eu
Page 84
Conclusions
Dont
Panic
!
Social
networks
are
powerful
tools
for
communica(on,
adver(sing
and
marke(ng
Social
networks
are
now
part
of
our
everyday
life
and
you
should
use
them,
with
care,
like
every
other
tool
Page
85
Conclusions
Join us on
Page 86
Credits
Picture
of
Barbara
Streisand
:
By
Allan
warren
(Own
work)
[CC-BY-SA-3.0
(hup:// crea(vecommons.org/licenses/by-sa/3.0)
or
GFDL
(hup://www.gnu.org/copyleh/fdl.html)],
via
Wikimedia
Commons
Page 87
| Argen(na | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA
Cookies
Cookies
File
created
by
browser
and
saved
on
a
users
computer
by
website
The
cookie
uniquely
iden(es,
or
records
user
informa(on/preference
Purposes
Measuring
web
site
usage
to
Improve
func(onality
of
the
site;
Fraud
preven(on;
and
Online
behavioral
adver(sing;
InformaEon
collected
IP
address;
pages
visited;
length
of
Eme
spent
on
each
page;
adverEsements
viewed;
arEcles
read;
purchases
made;
search
terms;
user
preferences;
operaEng
system;
geographical
locaEon.
CLOUD COMPUTING
Europe
Canada
Page
93
Europe
ObligaEon
to
provide
explanaEon
of
the
type
and
funcEon
of
cookies
and
obtain
a
user's
explicit
consent
before
installing
a
cookie
Canada
Based
on
relaxed
opt-out
framework.
AnE-spam
law
(CASL)
An
Act
to
promote
the
eciency
and
adaptability
of
the
Canadian
economy
by
regulaEng
certain
acEviEes
that
discourage
reliance
on
electronic
means
of
carrying
out
commercial
acEviEes,
and
to
amend
the
Canadian
Radio-television
and
TelecommunicaEons
Commission
Act,
the
CompeEEon
Act,
the
Personal
InformaEon
ProtecEon
and
Electronic
Documents
Act
and
the
TelecommunicaEons
Act
(S.C.
2010,
c.
23)
General
prohibiEon
InstallaEon
of
computer
program
8.
(1)
A
person
must
not,
in
the
course
of
a
commercial
ac(vity,
install
or
cause
to
be
installed
a
computer
program
on
any
other
persons
computer
system
or,
having
so
installed
or
caused
to
be
installed
a
computer
program,
cause
an
electronic
message
to
be
sent
from
that
computer
system,
unless
(a)
the
person
has
obtained
the
express
consent
of
the
owner
or
an
authorized
user
of
the
computer
system
and
complies
with
subsec(on
11(5);
or
(b)
the
person
is
ac(ng
in
accordance
with
a
court
order.
computer program means data represen(ng instruc(ons or statements that, when executed in a computer system, causes the computer system to perform a func(on;
Cookie
ExcepEon
10
()
(8)
A
person
is
considered
to
expressly
consent
to
the
installaEon
of
a
computer
program
if
(a)
the
program
is
(i)
a
cookie,
(ii)
HTML
code,
(iii)
Java
Scripts,
(iv)
an
opera(ng
system,
(v)
any
other
program
that
is
executable
only
through
the
use
of
another
computer
program
whose
installa(on
or
use
the
person
has
previously
expressly
consented
to,
or
(vi)
any
other
program
specied
in
the
regula(ons;
and
(b) the persons conduct is such that it is reasonable to believe that they consent to the programs installaEon
Withdrawal of consent
Applica(on of PIPEDA to the collec(on/use of data about individuals web ac(vi(es for the purposes of online behavioural adver(sing (OBA) only.
OPC
will
generally
consider
informa(on
collected
for
OBA
to
be
PI,
considering
that:
the
purpose
is
crea(ng
proles
to
serve
targeted
ads;
means
available
for
gathering
and
analyzing
disparate
bits
of
data
and
serious
possibility
of
iden(fying
individuals;
The condi(ons under which opt-out consent to OBA can be considered acceptable are:
Individuals are made aware of the purposes for the prac(ce in a manner that is clear and understandable the purposes must be made obvious and cannot be buried in a privacy policy, at or before the (me of collec(on and provided with informa(on about the various par(es involved in OBA; Individuals are able to easily opt-out of the prac(ce - ideally at or before the (me the informa(on is collected; The opt-out takes eect immediately and is persistent; The informa(on collected and used is limited, to the extent prac(cable, to non-sensi(ve informa(on ; and Informa(on collected and used is destroyed as soon as possible or eec(vely de-iden(ed
JurisdicEon
Canadian
businesses,
to
the
extent
they
process
and
use
data
about
individuals
in
the
European
Union,
through
websites
that
oer
goods
and
services
to
European
viewers
or
use
cookies
to
monitor
European
viewer
behaviour,
will
need
to
comply
with
the
more
stringent
direc(ve.
Deni(on
EU
&
UK
Legal
Framework
EU
&
UK
Independent
Authori(es
Key
Issues
Enforcement
&
Penal(es
Compliance
Page
107
|
United
Kingdom|
Daniel
PREISKEL|
dpreiskel@preiskel.com
According
to
the
Informa(on
Commissioners
Oce
(ICO)
-
that
is
the
independent
authority
in
UK
dealing
with
privacy
and
data
protec(on
-
a
cookie
is
a
small
le,
typically
of
le?ers
and
numbers,
downloaded
on
to
a
device
when
the
user
accesses
certain
websites.
Cookies
are
then
sent
back
to
originaFng
website
on
each
subsequent
visit.
Cookies
are
useful
because
they
allow
a
website
to
recognise
a
users
device
There
are
several
type
of
cookies
depending
on
their
specic
features,
for
instance
there
are
session
cookies
and
persistent
cookies
Page
108
EU
DirecEves:
European
Direc(ve
-
2002/58/EC
-
which
is
concerned
with
the
protec(on
of
privacy
in
the
electronic
communica(ons
sector,
which
has
been
amended
by
Direc(ve
2009/136/EC
UK RegulaEons: the Privacy and Electronic Communica(ons (EC Direc(ve) Regula(ons 2003 (SI 2003/2426) as amended by the Privacy and Electronic Communica(ons (EC Direc(ve) (Amendment) Regula(ons 2011 (SI 2011/1208)
Page 109
Both
the
Direc(ves
and
Regula(ons
apply
to
cookies
and
similar
technologies
for
storing
informa(on
The legal framework states that the use of cookies is only allowed if an end user has been provided with clear and comprehensive informa(on about the purposes for which each cookie is stored and accessed on to his/her computer or mobile device and the user has given his or her informed consent
Page 110
There
is
an
excep(on
to
the
requirement
to
provide
informa(on
about
cookies
and
obtain
consent
where
the
use
of
the
cookie
is:
for
the
sole
purpose
of
carrying
out
the
transmission
of
a
communica(on
over
an
electronic
communica(ons
network;
or
where such storage or access is strictly necessary (i.e. essen(al) for the provision of an informa(on society service requested by the subscriber or user. For instance it is likely to fall within the excep(on a cookie used to remember the goods a user wishes to buy when they proceed to the checkout or add goods to their shopping basket
Page 111
European
Data
Privacy
Supervisor
is
an
independent
supervisory
authority
devoted
to
protec(ng
personal
data
and
privacy
and
promo(ng
good
prac(ce
in
the
EU
ins(tu(ons
and
bodies
Ar(cle
29
Working
Party
on
the
Protec(on
of
Individuals,
that
is
an
independent
European
advisory
body
on
data
protec(on
and
privacy
set
up
under
Ar(cle
29
of
Direc(ve
95/46/EC
The
Informa(on
Commissioners
Oce
is
the
UKs
independent
authority
set
up
to
uphold
informa(on
rights
in
the
public
interest,
promo(ng
openness
by
public
bodies
and
data
privacy
for
individuals
Page
112
Cookie
audit:
Iden(fy
which
type
of
cookies
are
used
Conrm
the
type
of
cookies
and
how
intrusive
they
are
Conrm
the
purpose(s)
of
each
cookie
and
whether
each
cookie
would
be
necessary
to
perform
the
services
requested
Iden(fy
what
data
each
cookie
holds,
and
conrm
whether
the
cookie
is
linked
to
other
data
that
the
cookie
owner
holds
about
a
user
Conrm
the
lifespan
of
each
persistent
cookie
Conrm
whether
the
cookie
is
a
rst-party
or
third-party
cookie
Double
check
that
the
company
has
an
adequate
privacy
policy
posted
on
its
website
with
accurate
and
clear
informa(on
about
each
type
of
cookie
used
by
the
company
Page
113
Ensure
informa(on
about
cookies
and
mechanisms
for
making
choices,
are
as
easily
accessible
as
possible
for
users
of
devices
in
which
cookies
are
stored,
so
as
to
obtain
valid
and
well
informed
consent
by
using:
Prominent links Legal foot notes and privacy policy News items and blog posts A clickable image or icon
Page 114
Use
of
technologies
similar
to
cookies,
for
instance
the
apps
to
access
the
users
loca(on
and/or
personal
informa(on
Page 115
In
cases
where
organisa(ons
refuse
or
fail
to
comply
voluntarily
with
the
Regula(ons
the
ICO
and
the
Courts
have
a
range
of
op(ons
to
available
to
them
to
take
formal
ac(on
where
this
is
necessary
For
instance
the
ICO
may
request:
Page 116
The
person
sevng
the
cookie
is
primarily
responsible
for
compliance
with
the
requirements
of
the
law
Where third party cookies are set through a website, both par(es (the website owner and the person sevng the cookie) will have the responsibility for ensuring users are clearly informed about cookies and for obtaining consent
Page 117
For instance, providers may use pop-Up windows, message bars, header bars or splash pages, browser sevngs, terms and condi(ons, sevng-led consent and/or feature-led consent just to name a few
Page 118
Data protec(on is a complex area Penal(es & Reputa(onal damage Compliance is key
Page 119
Essen(als
of
Cookies
Daniel
PREISKEL
dpreiskel@preiskel.com
Page 120
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
WIPO
Arbitra(on
and
Media(on
Center
has
been
appointed
by
ICANN
as
the
exclusive
provider
of
dispute
resolu(on
services
for
trademark
based
pre- delega(on
Legal
Rights
Objec(ons
under
ICANNs
New
gTLD
Program.
|
G e r m a n y
|
B e l g i u m
|
C a n a d a
|
S p a i n
|
U S A
|
F r a n c e
|
I s r a e l
|
I t a l y
|
M o r o c c o
|
M e x i c o
|
N o r w a y
|
S w i t z e r l a n d
ICANN
oers
three
other
types
of
pre-delega(on
objec(on-based
dispute
resolu(on
procedures
which
are
not
administered
by
WIPO:
-
String
Confusion
Objec(on,
-
Limited
Public
Interest
Objec(on,
and
-
Community
Objec(on.
ICANN
has
furthermore
established
a
process
for
the
ICANN
Governmental
Advisory
Commiuee
(GAC)
to
provide
GAC
Advice
on
New
gTLDs
concerning
applica(ons
iden(ed
by
governments
as
problema(c.
|
G e r m a n y
|
B e l g i u m
|
C a n a d a
|
S p a i n
|
U S A
|
F r a n c e
|
I s r a e l
|
I t a l y
|
M o r o c c o
|
M e x i c o
|
N o r w a y
|
S w i t z e r l a n d
Trademark
protecEon
mechanisms
available
a\er
new
gTLDs
are
approved.
Rights
ProtecEon
Mechanisms
(RPMs).
-
Trademark
Clearinghouse
(for
use
in
connec(on
with
Sunrise
periods
and
Trademark
Claims
services)
-
Uniform
Rapid
Suspension
system
(URS),
and
-
Post-Delega(on
Dispute
Resolu(on
Procedure
(PDDRP).
In
addi(on,
the
exis(ng
Uniform
Domain
Name
Dispute
Resolu(on
Policy
(UDRP)
will
be
applicable
to
all
new
gTLDs.
|
G e r m a n y
|
B e l g i u m
|
C a n a d a
|
S p a i n
|
U S A
|
F r a n c e
|
I s r a e l
|
I t a l y
|
M o r o c c o
|
M e x i c o
|
N o r w a y
|
S w i t z e r l a n d
| G e r m a n y | B e l g i u m | C a n a d a | S p a i n | U S A | F r a n c e | I s r a e l | I t a l y | M o r o c c o | M e x i c o | N o r w a y | S w i t z e r l a n d
ArgenEna
Estudio Mill Antonio & Rosario Mill Suipacha 1111 - piso 11 C1008AAW Buenos Aires T. 0054 11 5297 7000 F. 0054 11 5297-7009 estudio@mille.com.ar www.mille.com.ar
Belgium
Philippe & Partners Jean-Franois Henroue & Alexandre Cruquenaire jenroue@philippelaw.eu hup:// lexing.philippelaw.eu Lige Boulevard dAvroy, 280 4020 Lige T. 0032 4 229 20 10 F. 0032 78 15 56 56 Brussels Avenue Louise, 240 1050 Bruxelles T. 0032 2 250 39 80 F. 0032 78 15 56 56
Canada
Langlois, Kronstrm, Desjardins Richard Ramsay & Jean-Franois De Rico jean-francois.derico@lkd.ca www.langloiskronstromdesjardins.com Montreal 1002, rue Sherbrooke Ouest, 28e tage H3A3L6 Montral T. 0015 148 42 95 12 F. 0015 148 45 65 73 Quebec 801, Grande Alle Ouest, Bureau 300 G1S1C1 Qubec T. 0014 186 50 70 00 F. 0014 186 50 70 75
France
Alain Bensoussan, Isabelle Tellier & Frdric Forster www.alain-bensoussan.com Paris 29, rue du Colonel Pierre Avia F75508 Paris cedex 15 T. 0033 141 33 35 35 F. 0033 141 33 35 36 paris@alain-bensoussan.com Grenoble 7, place Firmin Gau(er F38000 Grenoble T. 0033 476 70 09 95 F. 0033 476 70 09 96 grenoble@alain-bensoussan.com
Germany
Buse Heberer Fromm Rechtsanwlte Bernd Reinmller, Tim Caesar & Stephan Menzemer Neue Mainzer Strasse 28 60311 Frankfurt Am Main T. 0049 699 71 09 71 00 F. 0049 699 71 09 72 00 reinmueller@buse.de www.buse.de
Israel
Livnat, Mayer & Co Russell D. Mayer Jrusalem Technology Park, Building 9, 4th Floor P.O. Box 48193 Malcha 91481 Jrusalem T. 0097 226 79 95 33 F. 0097 226 79 95 22 mayer@lmf.co.il www.livmaylaw.co.il
Italiy
Studio Legale Zallone Raaele Zallone 31 Via DellAnnunciata 20121 Milano T. 0039 229 01 35 83 F. 0039 229 01 03 04 r.zallone@studiozallone.it www.studiovallone.it
Luxembourg
Philippe & Partners Marc Gouden & Jean-Franois Henroue 41 avenue de la Libert 1931 Luxembourg T. 00352 266 886 F. 00352 266 887 00 luxembourg@philippelaw.eu hup://lexing.philippelaw.eu
Mexico
Langlet, Carpio y Asociados Enrique Ochoa Torre Axis Santa Fe Prolongacin Paseo de la Reforma # 61, PB-B1 Col. Paseo de las Lomas 01330 Mxico, D.F. T. 0052 55 25 91 10 70 F. 0052 55 25 91 10 40 eochoa@lclaw.com.mx www.lclaw.com.mx
Morocco
Bassamat & Associe Fassi-Fihri Bassamat 30 rue Mohamed Ben Brahim Al Mourrakouchi 20000 Casablanca T. 00212 522 26 68 03 F. 00212 522 26 68 07 contact@cabinetbassamat.com www.cabinetbassamat.com
Norway
Fyen Advkairma DA Arve Fyen Postboks 7086 St. Olavs pl. 0130 Oslo T. 0047 21 93 10 00 F. 0047 21 93 10 01 arve.foyen@foyen.no www.foyen.no
South Africa
Michalsons Lance Michalson and John Giles lance@michalsons.co.za www.michalsons.co.za Johannesburg Ground Floor Twickenham Building The Campus, 57 Sloane & Cnr Main Road 2021 Bryanston T. 0027 11 568 0331 F. 0027 86 529 4276 Cape Town Boyes Drive St James 7945 Cape Tow T. 0027 21 300 1070 F. 0027 86 529 4276
Spain
Alliant Abogados Asociados SLP Marc Gallardo Gran Via Corts Catalanes 702 08010 Barcelone T. 0034 93 265 58 42 F. 0034 93 265 52 90 marc.gallardo@alliantabogados.com www.alliantabogados.com
Switzerland
SbasEen FanE Avocat & Notaire 8B rue de Pr-Fleuri, CP 497 1951 Sion T. 0041 27 322 15 15 F. 0041 27 322 15 70 sebas(en.fan(@sebas(enfan(.ch www.sebas(enfan(.ch
Tunisie
Cabinet Younsi & Younsi Yassine Younsi 4, Rue Pe(te Malte 1001 Tunis T. 00 216 71 346 564 cabinetyounsi_younsi@yahoo.fr hup://younsiandyounsilawrm.e- monsite.com
United Kingdom
Preiskel & Co LLP Danny Preiskel 5 Fleet Place London EC4M 7RD T. 0044 20 7332 5640 F. 0044 20 7332 5641 dpreiskel@preiskel.com www.preiskel.com
USA
IT Law Group Franoise Gilbert 555 Bryant Street #603 Palo Alto, CA 94301 T. 0016 508 04 12 35 F. 0016 507 35 18 01 fgilbert@itlawgroup.com www.itlawgroup.com
| G l o b a l n e t w o r k o f a / o r n e y s s p e c i a l i z e d i n e m e r g i n g t e c h n o l o g y l a w