Ireland IP & Technology Law Blog

Data Protection Commissioner publishes Annual Report for 2012

Davinia Brennan — Wed, 22 May 2013 17:35:09 +0100

The Data Protection Commissioner (the DPC) has published his Annual Report for 2012. On launching his report the DPC highlighted, in particular, his concerns over the issue of sharing personal data in the public sector.

Whilst the DPC accepted the benefits of such data sharing in terms of efficient delivery of public services, he stated that such data sharing must be done in a manner that respects the rights of individuals to have their personal data treated with care and not accessed or used without good reason. The Report includes a special report on an investigation of data sharing through the INFOSYS system provided by the Department of Social Protection, which revealed significant failures to comply with the Data Protection Acts 1988 and 2003 (the Acts).

Complaints

The DPC's Office received 1,349 complaints for investigation during 2012, 606 of these complaints concerned unsolicited direct marketing, and 442 complaints concerned access rights. The vast majority of complaints were resolved amicably without the need for a formal decision or enforcement. The Commissioner made a total of 36 formal decisions, and 195 prosecutions were taken against 11 entities.

Data Security Notifications

The DPC's Office dealt with 1,666 personal data security breach notifications. The E-privacy Regulations, S.I. 366 of 2011, introduced a mandatory requirement for telecommunications companies and Internet Service Providers (ISPs) to notify the DPC, without undue delay, of a data security breach and to also notify any individuals adversely affected by such a breach. In September 2012, two telecommunications companies were prosecuted for failing to meet their legal obligations in this regard. The Report notes that in the first year of S.I. 336 of 2011 being in effect, a total of 60 data security breach notifications were received from telecommunications companies and ISPs.

The Report notes that the DPC's Office has taken a more proactive stance in relation to potential data security breaches and has initiated investigations into matters that have been identified through mention in areas such as social media sites.

Over two thirds of all breach notifications received by the Office involved letters being issued by post, either to an incorrect address or containing a third party's personal data. The majority of such notifications were received from the Financial Sector, such breaches having occurred due to bank accounts being set up incorrectly and change of addresses not being processed correctly.

Privacy Audits

The DPC can carry out scheduled audits and on-the-spot inspections to ensure compliance with the Acts and to identify possible breaches. During 2012, 40 audits and inspections were carried out. The Report contains a summary of the findings and recommendations of a series of inspections carried out by the DPC of financial institutions, in regard to their reporting processes to the Irish Credit Bureau.

Case Studies

The Report includes case studies of eighteen specific investigations undertaken by the DPC, which provide useful guidance on a range of data protection issues, including:

· Unacceptable delay in processing access request;

· Right of access to personal data despite existence of legal proceedings;

· Customer data transfer in the context of the sale or transfer of a business;

· Whether an employer can the nature of an illness to be specified in a medical certificate; and

· Client list taken by ex-employee to new employer.

Consultation on Consumer Rights Directive

Davinia Brennan — Tue, 21 May 2013 15:14:18 +0100

The Department of Jobs, Enterprise and Innovation have published a Consultation Paper on the implementation of the Consumer Rights Directive (2011/83/EU) (the Directive). The Directive must be transposed into national law by EU Member States by 13 December 2013 and must be applied in Member States from 13 June 2014.

The Directive repeals and replaces the current Directive on Contracts Negotiated Away from Business Premises (85/577/EEC) and the Distance Selling Directive (97/7/EC). The Directive on Certain Aspects of the Sale of Consumer Goods and Associated Guarantees (1999/44/EC), and the Unfair Terms in Consumer Contracts Directive (93/13/EEC), are amended but will remain in force.

Most of the provisions of the Directive apply only to off-premises contracts (contracts concluded away from the trader's premises, such as in the consumer's home or workplace), and distance selling contracts (contracts concluded by means of distance communication, such as contracts concluded online, over the telephone, or by post).

The Directive, subject to a few minor exceptions, is a maximum harmonisation instrument. This means that Member States cannot go beyond, or add to, the Directive's harmonised provisions in national legislation.

The questions on which views are sought in the Consultation relate to:

The possible extension of the Directive's provisions to certain contracts outside its scope - Views are sought on the possible extension of the Directive's core provisions on consumer information and the right of withdrawal to contracts outside its scope relating to social services, healthcare and gambling.

The Directive's optional provisions - Member States can opt to exempt off-premises contracts, with a value of less than €50 from the scope of the Directive's provisions on information and withdrawal rights. Member States can also opt not to apply the Directive's information requirements to goods or services of a routine nature that are concluded on the trader's premises, such as in-store purchases of groceries or other household staples.

There is a further option of applying a lighter information regime for off-premises repair contracts, with a value of less than €200, which are performed immediately. Member States have the option to provide that, where a distance contract is to be concluded by telephone, the trader has to confirm his offer to the consumer who is bound only after he has signed this offer or sent his written consent. Member States can additionally require that the trader's confirmation must be in writing or on another durable medium.

Matters relating to the enforcement of the Directive - The Directive requires Member States to ensure that adequate and effective means exist to ensure compliance with its provisions. To give effect to this requirement, it is proposed to permit the National Consumer Agency to apply in the District Court, Circuit Court, or High Court, for an order prohibiting a trader from engaging in breaches of the Directive.

It is also proposed, other than in respect of the provisions of the Directive on delivery and the passing of risk in contracts for sale, to empower the Agency to bring criminal proceedings for alleged breaches by traders. The omission of criminal law enforcement for the provisions relating to contracts of sale is due to the fact that the Sale of Goods Act 1893 and 1980 and the Regulations implementing the EU Directive on Consumer Sales are only enforceable by the buyer under contract law.

Responses to the Consultation must be sent by Monday 1 July, by email to conspol@djei.ie or by post to Competition and Consumer Policy Section, Department of Jobs, Enterprise and Innovation, Earlsfort Centre, Lower Hatch Street, Dublin 2.

Start Up Dublin Day- Friday 17th May

Alison Obernik — Wed, 15 May 2013 16:14:38 +0100

This Friday 17^th May is officially Start Up Dublin Day as part of the MBA World Trophy three day event taking place at the Marker Hotel. The event sees assembled speakers discussing topics such as finance, leadership and growth together with numerous practical workshops, seminars and networking events taking place throughout the day.

Highlights of the day include a panel discussion with Margaret Molloy (Velocidi, NY), David Smith (Tirna Partners), Barry O'Brien (Silicon Valley Bank), Joe Haslam (IE Business School) and Stephen McIntyre (Twitter) and Hayley Conick (Elance) sharing there valued insights on growing a business.

An exciting line up for what will be a great event!

Inaugural MBA World Trophy Event in Dublin 16-18 May 2013

Alison Obernik — Wed, 15 May 2013 16:03:13 +0100

I will be attending the inaugural event of the MBA World Trophy from 16-18 May this week in Dublin at the Marker Hotel. This exciting three day event focusing on entrepreneurship and business development is the brainchild of two MBA students (John O'Loughlin and Stephen Smith) from Smurfit Business School.

The event will provide a unique showcase of entrepreneurial talent from 25 of the world’s finest graduate colleges, during the course of which teams will pitch their business models to an exclusive panel of VCs, participate in workshops in Innovation, Finance, Growth and Leadership. Each team will be paired with a mentor. On the final day each team will present their final pitch to the judging panel. The winning team will receive $10,000 and the MBA World Trophy by Heritage Crystal.

Speakers and Judges at the event include David Smith (Silicon Valley Connector, Tirna Partners), Ruairí Quinn (Minister for Education and Skills, Ireland), Gina Quin (CEO, Dublin Chamber of Commerce) and Vivek Wadhwha (Academic, Researcher, Writer and Entrepreneur, Stanford, Singularity and Duke Universities).

As part of the event they also launched a Twitter competition searching for Ireland's top female entrepreneur, so we will keep you posted on all the worthy winners!

Global Technology Leaders Summit 2013 - Silicon Valley

Kate Gorey — Wed, 15 May 2013 09:59:44 +0100

The ILTG Global Technology Leaders Summit 2013 takes place in Mountain View this week, 14 and 15 May 2013. The event is a two day gathering which will emphasise the significant economic, political and commercial trends affecting global technology industries. A particular highlight of the event will be the Annual Silicon Valley Awards Gala which will recognise and award the top Irish Technology start-ups. The esteemed list of 20 Finalist fast Pitch companies can be viewed here. The event marks a great signal for the positive impact Ireland has on Silicon Valley business and is an unrivalled opportunity to showcase Irish start-ups on the West Coast. The event will be attended by A&L Goodbody's Palo Alto based partners, John Whelan (IP & Technology) and Paul Fahy (Tax).

US Department of Commerce clarifies how Safe Harbor Framework applies to Cloud Computing

Davinia Brennan — Thu, 09 May 2013 11:24:31 +0100

The US Department of Commerce's International Trade Administration (ITA) has provided some clarification regarding how the US-EU Safe Harbor Framework applies to cloud computing.

The ITA does not believe that cloud computing represents an entirely new business model or presents any unique issues for the Safe Harbor. The ITA clarifies that the existing Safe Harbor Privacy Principles are comprehensive and flexible enough to address the issues raised by the cloud computing model.

The ITA's guidance states:

· The U.S.-EU Safe Habor applies to cloud service provider agreements (i.e. agreements that involve the transfer of personal data from the EU to organisations established in the U.S).

· A cloud service provider is required to enter into a contract even if it is Safe Harbor-compliant and is receiving personal data merely for processing.

· Safe Harbor does not require that the contract incorporates the EU standard contractual clauses. The EU standard contractual clauses represent an alternative to Safe Harbor certification, not an additional requirement.

· The Commission has not issued any new requirements regarding Safe Harbor that would reduce the value of certification to cloud service providers.

· The ITA notes that Article 29 Working Party Opinion on Cloud Computingrecommends that "companies exporting data should not merely rely on the statement of the data importer claiming that he has a Safe Harbor certification", but instead should "obtain evidence that the Safe Harbor self-certifications exist and request evidence demonstrating that their principles are complied with". The ITA points out that the Opinion is non-binding. In addition, the U.S. Department of Commerce maintains a public list of organisations which have self-certified their compliance with Safe Harbor. EU data controllers can easily and authoritatively verify whether a given U.S. data processor appears on the list and whether their status is "Current" or "Not Current".

· Additional requirements cannot be imposed exclusively on U.S. service providers processing personal data transferred from the EU simply because they satisfy the "adequacy" requirement through Safe Harbor certification (i.e. the same basic rules apply to all cloud service providers whether they are located in the EU or an "adequate" country, or Safe Harbor-compliant).

· Member State data protection authorities must recognise Safe Harbor certification as a valid means of demonstrating that a service provider ensures an 'adequate' level of data protection.

· The Commission's draft Data Protection Regulation expressly states that existing 'adequacy' findings will be recognised, which means that Safe Harbor should continue to offer eligible U.S. organisations an accepted means of demonstrating 'adequacy'.

Guidance on U.S.-EU Safe Harbor and Cloud Computing

A&L Goodbody Named Ireland's IP Law Firm of the Year at European Legal Awards Ceremony

Ciara Cullen — Tue, 30 Apr 2013 12:17:54 +0100

A&L Goodbody has just been awarded "Ireland's Intellectual Property (IP) Law Firm of the Year 2013" by the leading international IP publication Managing Intellectual Property (MIP), at a global awards ceremony in London.

The MIP award, which covers Asia-Pacific, Europe and the Americas, recognises one firm in each jurisdiction that advised on the most innovative and challenging IP work.

A&L Goodbody advises a range of technology, pharmaceutical and corporate clients on the development and management of their IP and tech strategies in Europe.

John Whelan, Partner at A&L Goodbody, said: "Ireland’s IP legal and regulatory framework is one of the best in the world, making the country a leader for intellectual property investment in Europe. Ireland remains the country of choice for indigenous companies as well as multinationals requiring a sophisticated framework to support the continued creation, protection and exploitation of their intellectual property."

“A&L Goodbody has in recent years invested significantly in building a team of market leading Commercial, IP and Tech lawyers and we are delighted to have received this acknowledgement for the quality of our work in those areas” he added.

A&L Goodbody is internationally recognised as one of Ireland's leading corporate law firms and advises both domestic and international clients across every facet of business law. With offices in Dublin, Belfast, London, New York and Palo Alto, the Firm has 78 Partners and nearly 600 staff.

UK term of copyright protection for industrially exploited artistic designs set to benefit under the Enterprise and Regulatory Reform Act

Michelle Halton — Fri, 26 Apr 2013 16:46:46 +0100

The term of copyright protection under the Copyright Designs and Patents Act 1988 (CDPA) in the UK for an artistic work is life of the creator plus 70 years. However, section 52 of the CDPA, which relates to the exploitation of design derived from artistic work, provides for an exception which effectively limits the term of copyright protection to 25 years if the article is mass produced, with the copyright owner's consent, by use of an industrial process.

An equivalent exception to the term of copyright protection for artistic works was introduced in Ireland in the Copyright and Related Rights Act, 2000 by section 89(e) of the Industrial Designs Act, 2001.

The Enterprise and Regulatory Reform Act which passed into law yesterday, repeals Section 52 of the Copyright Designs and Patents Act 1988 (CDPA). The effect of the repeal means that copyright applies for the life of the creator plus 70 years to artistic works manufactured on the industrial scale, the same period of protection that applies to all other copyright works. The provision is understood to have been introduced in order to bring UK legislation in line with other EU member states. In particular, following the decision of the Court of Justice of the European Union in Flos .v. Semeraro (Case C-169/08), the UK Government considers section 52 to be inconsistent with the Copyright Term Directive.

There is no similar proposal to repeal the equivalent provision in Ireland at present, which will remain one of only three member states in the European Union, (namely Romania and Estonia) with such a provision.

Hargreaves Predicts: The Copyright Reform Round-up

Sally Anne Hinfey — Fri, 26 Apr 2013 14:10:36 +0100

Professor Ian Hargreaves speaking last night at a very successful event here in A&L Goodbody's offices recommended that all copyright reform followers should read the new UK publication "A Manifesto for a Creative Economy". This is a new and very interesting set of proposals just published by Nesta, a UK charity with a remit in encouraging and promoting innovation.

Professor Hargreaves also provided a very helpful and insightful summary of the recommendations made in his 2010 Digital Economy report. Speaking to a rapt audience, Professor Hargreaves noted that the proposal for a Digital Copyright Exchange, which he had made in his report, was now being spearheaded by his colleague Richard Hooper CBE (albeit that the original idea has experienced some rebranding). The now renamed Copyright Hub's main focus and aim will be to become a marketplace for a vast array of copyrights and Professor Hargreaves expressed the view (and aspiration) that the Hub would eventually lead to "one click" licensing system in the UK.

Professor Hargreaves also mentioned that the long standing issue of orphan works was going to be finally addressed in the long awaited Enterprise and Regulatory Reform Bill. Even as Professor Hargreaves spoke, this Bill was receiving its Royal Assent in the UK which now paves the way for the collective licensing of orphan works in the United Kingdom. For further information in relation to the Enterprise and Regulatory Reform Bill see the press release from the UK Department of Business, Innovation and Skills.

Finally, Professor Hargreaves touched on the importance of copyright reform being driven at the Europe Community level and noted that the Irish Presidency of the European Union has made this a key focus of its presidency and in particular has indicated its eagerness to progress the draft Collective Rights Management Directive which is currently with the Commission and which aims to improve upon the current European Collecting Society structure and ensure greater cohesion of approach in the context of collective licensing in Europe.

All in the all the event and Professor Hargreaves' contribution to it, was a great success. We thank all our blog readers, clients, colleagues and others who attended yesterday evening and contributed with their questions. We hope to see you again at the next event!

Plain Packaging - the Constitutional, EU and International Law Dimensions

John Cahir — Fri, 19 Apr 2013 18:06:56 +0100

Earlier this week, at the Law Society's Professional Training Conference on Intellectual Property, I gave a presentation on the Irish constitutional dimensions of proposed plain packaging legislation for tobacco products. The conference made for a good debate and all angles were explored. I outlined that trade marks and goodwill are likely to be regarded as constitutionally protected forms of private property, and that plain packaging legislation would therefore have to be assessed from the perspective of the Constitutional protections (Article 43 and 40.3.2) granted to private property rights generally, rights which can be invoked by companies as well as by individuals. It can certainly be argued that plain packaging legislation undercuts these constitutional guarantees on the basis that legislation of this nature extinguishes the core function of a trade marks recognised under law, namely, to act as a signifier of origin of goods and services. Opposing this view, the State could argue that trade mark law confers only "negative" rights on brand owners, and as such a limitation on how brands may be used in a positive sense does not amount to an infringement of the constitutional guarantees. I expressed the view that the positive –v- negative right distinction was a technical one and that it was not likely therefore be determinative of the Irish constitutional issue.

From a purely Irish constitutional perspective, in light of the relatively weak support given by the Irish courts to property rights, I nevertheless concluded that, on balance, plain packaging legislation is unlikely to be struck down on Irish constitutional property grounds. The devil will of course be in the detail of the proposed measure and the evidence relied upon to support it. If the Government was to legislate in this area, the measure would have to be shown to be proportionate to any stated public policy objective. If the legislation is demonstrably disproportionate then it would in principle be vulnerable to challenge. In the event of a constitutional challenge to any such measure both the State and the party challenging the measure would be entitled to introduce evidence supporting or disputing the contention that the proposed measure is a proportionate interference with property rights. Accordingly, the precise terms of the measure and the evidence adduced by both sides would have to be weighed up by the Court in making a proportionality determination.

While my presentation was focussed on the position under Irish domestic law, the other speakers on the panel (Alistair Payne of Matheson and Mary Bleahane of FR Kelly) addressed other potential grounds on which to challenge plain packaging legislation, including EU and international law arguments. Alistair made the point that the draconian nature of plain packaging legislation meant that it could be characterised as a form of "confiscation" of property rights, and thus the constitutional proportionality test would need to be analysed from that perspective. Mary provided a very thorough synopsis of the numerous EU law and international arguments against plain packaging legislation. These arguments, rather than domestic Irish constitutional arguments, are more likely to provide a basis on which to successfully challenge plain packaging legislation. In particular, Mary argued that plain packaging legislation introduced at a national level would contravene the "unitary" character of the Community trade mark. In other words, it would be impermissible for any one Member State to introduce legislation impacting on Community trade marks (such as tobacco device and logo marks) that had the effect of giving a different standard of protection as afforded across other Member States to those brands by virtue of the Community trade mark. In addition, Mary argued that plain packaging legislation falls squarely within the prohibition contained in Article 20 of TRIPS against the State adopting "special requirements" that unjustifiably encumber the use of a trade mark in the course of trade.

The EU Charter of Fundamental Rights (CFR) and European Convention on Human Rights (ECHR) grounds for challenging plain packaging legislation should also be mentioned. Article 17(2) of the CFR states that "intellectual property should be protected" and as such is afforded the same fundamental right status as tangible property under the CFR. Article 1 of Protocol 1 to the European Convention on Human Rights states that every natural or legal person is entitled to the peaceful enjoyment of their possessions and cannot be deprived of them. In Anheuser - Bush –v- Portugal, the ECHR has held that this provision encompasses intellectual property rights, including trade mark registrations and applications. It is also well established that corporations can invoke rights conferred by the CFR and ECHR, as well as the Irish Constitution.

Accordingly, a range of challenging legal issues will require careful consideration by the Government in deciding whether to introduce such a plain packaging measure, and will need to be addressed by the Courts in the event of a legal challenge. In addition to such legal issues there are also a range of policy considerations to be addressed when considering the regulatory impact of any such measure. Is it really the best way to advance the policymaker's objective? Do the potential side effects outweigh the perceived benefits? Will the perceived benefits really be achieved as a result of such a measure? What will be the negative consequence in terms of impact on competition, on consumer choice, and so on. There is widespread concern about illicit sales of tobacco products in an attempt to avoid tax. The Government would doubtless be concerned that a plain packaging regime may facilitate the circulation of such contraband product. This raises potential concerns not only because of the implications in terms of forgone revenue but also because of the risk that such illicit products will not be produced according to the same standards and requirements which the Government imposes on legitimate, duty paid, tobacco products.

AmCham event - Data: Protection, Regulation and Innovation

Kate Gorey — Fri, 19 Apr 2013 14:07:36 +0100

A number of members of our team attended the "Data: Protection, Regulation & Innovation" forum which took place on Friday 12th April 2013 in The Shelbourne Hotel. The event was organised by the American Chamber of Commerce and proved a very useful forum for discussion on both topics covered. The first segment of the morning was dedicated to the new EU Data Protection rules while the second segment focused on the future of Data Innovation.

The welcome address was delivered by Mr Alan Shatter T.D. who gave some interesting insights on the need for a coherent and practical set of data protection rules at national and European levels. It is a priority of the Irish Presidency of the Council of the European Union to achieve political agreement on key aspects of the proposed reform of the European Union's data protection regime. Mr Shatter also detailed the specific issues which will be taken into account in drafting the new regulation.

The key message from the day was the need to strike a balance between protecting individuals' privacy rights and to facilitate business in the digital age. The need for reform is particularly pertinent given the huge technological advances that have taken place since 1995, the year of adoption of the current EU Data Protection Directive.

The range of distinguished panellists offered diverse, interesting and thought-provoking views on the issues discussed. Closing remarks were delivered by Mr John Hennessy-Niland, Chargé d'Affaires, the US Embassy. Thank you to the American Chamber of Commerce for organising this event.

UK Supreme Court seeks clarification from CJEU on Article 5.1 of the Copyright Directive

Sally Anne Hinfey — Wed, 17 Apr 2013 17:23:46 +0100

The UK Supreme Court delivered its judgment in the copyright protection case NLA v Meltwater today.

In this case the appellants scan newspaper websites for articles containing search words which its end-users have given it. The end-users then receive search results, via email or by viewing them on the appellant's website. The first respondent sought a declaration on whether the end-users of the appellant's service require a licence or consent in order to lawfully receive and/or use the service. The High Court and Court of Appeal held that they did need a licence. This was based largely on the ground that making copies, however temporary, in the end-user’s computer while browsing was generated by the user’s voluntary decision to access the webpage. Due to the international dimension of this appeal and possible implications for internet users on an EU-wide scale the Court, while expressing its own view on the matter, stated that it must first seek clarification from the CJEU.

The question arose as to whether the copies created when accessing a webpage are exempt from copyright protection by reason of the temporary copies exception provided by s.28A of the Copyright, Designs and Patents Act 1988 which gives effect to the Directive 2001/29/EC ("the Copyright Directive"). The Court found that cache copies are stored automatically by browsing and deleted automatically by a lapse of time coupled with continuing browser use, rather than being dependent on discretionary human intervention. The Court therefore felt that the exception in Article 5.1 of the Copyright Directive applied to temporary copies generated by an end-user of the internet, and as such, a licence should not be required.

The Court will now refer for a preliminary ruling to the CJEU the question of whether the requirements of Article 5.1 of the Copyright Directive are satisfied and in particular, whether requirements that acts of reproduction should be (i) temporary; (ii) transient or incidental; and (iii) an integral and essential part of the technological process, are satisfied, having regard in particular to the fact that copies may remain in the cache after the browsing session that generated them has ended until overlaid by other material, and a screen copy will remain on screen until the browsing session is terminated by the end-user.

Professor Ian Hargreaves - Discussion On Copyright

John Cahir — Tue, 16 Apr 2013 17:59:56 +0100

We have previously blogged (see earlier blogs here) that the Government has appointed a Copyright Review Committee who will shortly publish its proposals for reforming Irish copyright law. To promote understanding and discussion about this important area of public policy, A&L Goodbody has invited Professor Ian Hargreaves to share his reflections on Copyright law reform in the UK at 4.30pm on Thursday 25 April 2013. We are happy to now extend an invitation to the event to all our blog readers.

Professor Hargreaves holds the Chair of Digital Economy at Cardiff University, and recently conducted the "Hargreaves Review of Intellectual Property" on behalf of the UK Government. This review is similar in scope to the Irish Government's initiative and it has resulted in the publication of legislative proposals by the UK government.

The event will be chaired by Michael McDowell SC, former Attorney General and Minister for Justice.

We believe this event will be of interest to stakeholders in the creative industries, the technology sector (both domestic and international), academia and the media.

If you are interested in registering for this please contact Jenny Wallis by email or phone +353 1 649 2224 at any time. The event will take place at our offices in the IFSC.

High Court Sets Aside Compensation Award

Davinia Brennan — Tue, 16 Apr 2013 12:58:10 +0100

The High Court in Collins v FBD Insurance Plc [2013] IEHC 137 has set aside an award of compensation made by the Circuit Court to a data subject for breach of his data protection rights, on the grounds that no loss or damage resulted from the breach.

The Facts
The Circuit Court ordered the defendant insurance company to pay the plaintiff €15,000 in damages, on the grounds that it had breached the Acts by failing to supply personal data requested by the plaintiff within the prescribed 40 day time limit; by omitting to reveal the existence of a private investigator's report in its possession; by failing to have in place a written contract with the private investigator (data processor); whom it had contracted to investigate the plaintiff; and by failing to access District Court conviction orders in the proper manner. This was the first compensation award made by the courts pursuant to section 7 of the Data Protection Acts 1988 and 2003 (the Acts).

On appeal, the issue arose as to whether as a matter of law the data subject was entitled to compensation pursuant to section 7 of the Acts, in the absence of evidence of actual loss or damage.

The Decision
The High Court set aside the award of €15,000, but ordered the defendant to pay the plaintiff's costs. The Court held that section 7, which imposes a statutory duty of care on a data controller to the data subject, does not go beyond the obligation for compensation contained in the Data Protection Directive 95/46/EC. The obligation under the Directive does not provide for either strict liability or the automatic payment of compensation, but limits itself to providing for the existence of a duty of care within the law of torts. For that duty of care to arise, it is necessary for a claimant to establish that there has been a breach, that there has been damage, and that the breach caused the damage.

In the present case, the plaintiff had failed to prove any damage resulting from the breach of the duty of care owed by the defendant. Therefore the plaintiff was not entitled to an award of damages. In addressing the question of costs, the Court had regard to the manner in which the defendant had conducted itself, and also to the fact that the issue as to the limitation of the nature of damages under section 7 of the Acts, which resulted in the defendant succeeding in the appeal, had not been argued in the Circuit Court. Accordingly the High Court directed that the insurance company pay the costs of the proceedings.

Comment
This decision clarifies that in order for a data subject to be awarded compensation under section 7 for breach of the Acts, he or she must prove that the breach caused him or her damage. It shows that in cases where such damage is proved, the courts are willing to award significant amounts of compensation.

The decision also serves as a reminder that companies must have a written agreement in place when engaging Private Investigators (or other data processors), and that companies should disclose Investigators' reports to data subjects upon request. It is worth noting that the Data Protection Commissioner, in his last Annual Report, highlighted that none of the restrictions to the right of access to personal data, which are set down in Section 5 of the Acts, could reasonably be applied to refuse an access request by an individual for a copy of a surveillance report or accompanying photographs or video footage taken by a private investigator.

Trademark Clearinghouse to assist in cybersquatter battle

Ciara Cullen — Fri, 12 Apr 2013 15:33:40 +0100

Following on from the proposed significant expansion in the number of new generic Top Level Domains (gTLDs) ICANN launched the Trademark Clearinghouse (TMCH) on March 26. This is a central database which will provide trademark owners and licensees with added protection from cybersquatting and online infringement.

The TMCH allows for trademark registration for periods of either 3, 5 or 7 years and the cost per year will be dependent on the number of trademarks registered and the length of registration. In order to be eligible for registration in the TMCH, trademarks must be either registered in a national or regional registry, validated by a court proceeding "at the national level," or protected by statute or treaty. Proof of use must also be submitted for all registered trademarks. Trademark owners and licensees will be able to register up to 50 variations on their marks in the TMCH, provided that those variations had previously been the subject of successful litigation or UDRP arbitration due to abuse by third parties.

Once registered with the TMCH, the trademark owner will receive a notification if a third party registers a new gTLD for an identical trademark within a 60-day Trademark Claims period following Sunrise Registration. This will enable owners to take prompt action against potential infringers. However, owners should be aware that if an agent carries out the registration for them it will be the agent, and not the owner, who will receive this important notification.

U-turn on decision to destroy blood samples

Kate Gorey — Thu, 28 Mar 2013 12:40:20 +0100

As explained in last month's blog on this topic 'Balancing Act: Data Protection and Health Requirements', the Office of the Data Protection Commissioner (ODPC) ordered the destruction of all "heel prick test" samples taken from babies born between 1984 and 2002. The decision to destroy the samples followed a single complaint to the ODPC that the samples were held without consent. People born between those dates had until 31 March 2013 to apply to the Health Service Executive (HSE) for the return of the card, which carries invaluable genetic material on it.

This week, Minister for Health James Reilly communicated his concern surrounding the proposed destruction of the samples and ordered the HSE not to take any action until an expert group can meet and consider how the cards can be maintained in a manner which satisfied the concerns of the ODPC. Minister Reilly says that the expert group will look at how these samples, known as "guthrie cards", have not been destroyed in other EU countries which are subject to the same data protection controls as Ireland.

This decision to endeavour to maintain the samples will be welcomed by many – the Irish Heart Foundation had expressed major concerns over the issue and launched a national campaign to halt the destruction of samples which could save the lives of extended family members of more than 1,000 young victims of Sudden Cardiac Death.

Mad Men at the centre of IP dispute

Ciara Cullen — Fri, 22 Mar 2013 18:58:22 +0100

Former 1950's model Gita Hall May, now 79, has sued Lionsgate Entertainment over the use of her image without her consent during the opening credits of Mad Men, the award-winning TV show. May claims that her face appears on a New York skyscraper and that the image used is a cropped version of an image of her taken from a 1950s Revlon advert shot by the well-known Richard Avedon.

Although May does not actually own the photograph, she seeks to rely on the right to her likeness in claiming compensation from the show's producers. She further claims that such use is in breach of her common law privacy rights, a misuse of her right of publicity for commercial purposes, a false advertisement and a breach of competition law. She claims to be entitled to revenues generated by the show, on the basis that the use of her image contributed to its profits. Despite Mad Men winning an Emmy for its opening credits, its producers are refusing to compensate May.

It will be interesting to see how the Los Angeles Superior Court rules on this one - we'll be sure to keep you posted.

More building of "blocks" on the web in the UK!

Kate Gorey — Wed, 13 Mar 2013 11:09:34 +0100

Following on from our previous related blogs last year: Music Body Asks BT to Block User Access to Pirate Bay Site; Controversial Draft Copyright Legislation Published - It's No "SOPA" and ISPs Remain Target for Blocking Orders in UK Courts, the European Union (Copyright and Related Rights) Regulations 2012 were signed into law in March 2012 (the Regulations). These Regulations provide that copyright owners may seek injunctions against internet intermediaries, including ISPs. Effectively, the Regulations have passed the role of defining the limits of Irish copyright law to the Courts.

On a related note, the High Court in the UK has ordered the chief ISPs to block three websites - Kickass Torrents, H33T and Fenopy - that link to pirated material. The British Phonographic Industry (BPI) said that there is "significant" infringement arising from these sites, although opponents have argued that this type of blocking is ineffective.

This block follows a similar ruling made last year regarding The Pirate Bay, a large Swedish site. While data suggests that the blocking of Pirate Bay was only effective on a short-term basis in terms of pirate activity online, a recent report from market research firm NPD suggested that there had in fact been a big reduction in the number of users illegally downloading music, who are instead opting to use legal options such as streaming site Spotify.

The BPI has welcomed the decision to block piracy sites, saying that blocking illegal sites helps guarantee that the legal digital market can grow and labels can continue to sign and develop new talent. Conversely, the leader of Pirate Bay UK, a site which offered users a workaround for the Pirate Bay Ban, said the BPI was "out of control", claiming that the music industry had no positive results to show from such blocking.

It remains to be seen whether Irish courts will follow suit and whether the scope of the Regulations would permit such blocking orders.

No appeal where Data Protection Commissioner finds complaint is frivolous or vexatious

Davinia Brennan — Wed, 27 Feb 2013 11:17:17 +0100

In a recent case, Fox v The Office of the Data Protection Commissioner [2013] IEHC 49, the High Court confirmed that the Circuit Court has no jurisdiction to hear an appeal in relation to an opinion by the Data Protection Commissioner (DPC) that a complaint is frivolous or vexatious.

The Facts
The applicant appealed to the Circuit Court, following receipt of a letter from the DPC's office that his complaints were not being investigated as they were considered to be "frivolous or vexatious". The applicant considered the DPC's opinion to be "a decision" on his complaints, in respect of which he had a right to appeal under section 26 of the Data Protection Act 1988, as amended (the Act).

Section 26 makes provision for an appeal against, inter alia, "d) a decision of the Commissioner in relation to a complaint under section 10(1)(a) of [the] Act". The Circuit Court dismissed the applicant's appeal, ruling that a decision by the DPC that a complaint is frivolous or vexatious is not one in respect of which an appeal lay. The applicant appealed against this decision to the High Court.

The Decision
The High Court dismissed the appeal and upheld the decision of the Circuit Court. The Court held that the Circuit Court has no jurisdiction to hear an appeal where the DPC finds a complaint to be frivolous or vexatious.

Peart J., stated "there is a clear sequencing" evident in section 10 of the Act. He noted that Section 10(1) (a) provides that the DPC may investigate a complaint. Section 10(b)(i) goes on to require the DPC to investigate a complaint "unless he is of the opinion that it is frivolous or vexatious". In the latter case he is not required to investigate the complaint at all. Section 10(b)(ii) then provides that where the DPC does investigate the complaint (i.e. where it is not deemed to be frivolous or vexatious) he must try and have the matter resolved amicably, and if unsuccessful in that regard, must notify the complainant in writing of his decision and the complainant may "if aggrieved by the decision, appeal against it to the Court under section 26 of [the] Act."

Peart J. held that the reference in section 10 (1)(b)(ii) to "the decision", must relate to the decision made following the investigation. Therefore it cannot include the opinion formed for the purpose of section 10(1)(b)(i) that the complaint is frivolous or vexatious. In turn, the reference to "a decision" in section 26 of the Act must be read as meaning a decision reached in relation to the complaint after it has been investigated.

Peart J. noted that this issue has already been the subject of a judgment in Nowak v Data Protection Commissioner [2012] IEHC 449, where the High Court reached the same conclusion, that where the DPC declines to investigate a complaint, the Circuit Court has no jurisdiction to hear an appeal.

See our Client Bulletin of 4 December 2012 for more information on the Nowak case.

Unified Patent Court Agreement: Italy and Spain opt-out

Alison Obernik — Wed, 20 Feb 2013 17:15:56 +0100

This week saw 25 member states signing the Unified Patent Court Agreement in Brussels which represents the latest aspect towards achieving a new EU-wide unitary patent system. While Spain and Italy have at this stage opted out of the agreement, the agreement will enter into force once 13 countries have ratified it including France, Germany and the UK.

The agreement provides for a specialised patent court providing more comprehensive access to patent protection at European level, moving away from the traditional model where national courts and authorities decide on the infringement and validity of European patents. The Unified Patent Court will have exclusive jurisdiction for litigation relating to European patents and European patents with unitary effect.

The creation of the unified patent system will largely benefit small and medium enterprises in their quest for optimum patent protection. With 27 member states, the patent process has been complex and expensive with enterprises dealing with different legal systems and languages. Innovation will be facilitated by EU wide patent protection.

Request for unitary patents can be filed once the legal provisions for both the unitary patent and the Unified Patent Court have entered into force. The two EU regulations on the unitary patent (one on unitary patent protection and the second on the translation arrangements) entered into force on 20 January 2013. These Regulations will only apply from 1 January 2014 or the date of ratification of the Unified Patent Court Agreement, whichever is later.