Italy Archives - IPOsgoode /osgoode/iposgoode/tag/italy/ An Authoritive Leader in IP Wed, 26 Oct 2022 16:00:02 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Jean Paul Gaultier, Birth Your Own Venus /osgoode/iposgoode/2022/10/26/jean-paul-gaultier-birth-your-own-venus/ Wed, 26 Oct 2022 16:00:02 +0000 https://www.iposgoode.ca/?p=40142 The post Jean Paul Gaultier, Birth Your Own Venus appeared first on IPOsgoode.

]]>

Ariel Goldberg a 1L JD candidate at Osgoode Hall Law School.


French fashion brand garments featuring Botticelli’s Birth of Venus are heading off the rack and to legal battle. (“Uffizi”), based in Florence, Italy, are pursuing legal action against Jean Paul Gaultier for “illicit” unauthorized use of Botticelli’s Birth of Venus which violates Italy’s (Code of the Cultural and Landscape Heritage )(the “Italian Code”). The Code of the Cultural and Landscape Heritage’s legal force is separate from copyright laws and remains in effect when copyright protection does not.

Jean Paul Gaultier’s “Le Musée” capsule collection uses Botticelli’s Birth of Venus on including a scarf, skirt, sleeveless top and trouser. Jean Paul Gaultier originally used Birth of Venus in its S/S 1995 Collection on a sheer mesh top. In , Uffizi sent a cease-and-desist in response to Jean Paul Gaultier’s current use of the Birth of Venus, but the fashion brand never replied and continued its unauthorized use.

(Photo Credits: ; )

The Italian Code , which came into effect in 2004 and was updated in 2016, . The Italian Code protects which can be historical, artistic, ethno-anthropological and archaeological. , objects require authorization and a licence fee to be used commercially by third parties regardless of whether the work is in the public domain. of the images by private individuals for the purpose of creative expression, study, research and enhancing cultural heritage are excluded from these legal obligations.

The refers to works not protected by copyright, which means the works can be used without acquiring permission or paying a fee. Generally, copyright protection expires after a period following the death of the author. In Canada, under the copyright protection remains for the life of the author and 50 years following the end of the calendar year the author died in unless otherwise stated within the Act.

The Birth of Venus is in the public domain because it was created by Botticelli in the mid-1480s. However, Gaultier allegedly violated Italy’s Cultural Heritage Code by proceeding with commercial use of the image without authorization and paying a licence fee. Jean Paul Gaultier’s use would not likely qualify for creative expression exception because of its commercial nature and because Jean Paul Gaultier is a fashion brand rather than private individual. , a lawyer and comparative cultural heritage, art and fashion law scholar, states that Jean Paul Gaultier could argue that some uses are of Botticelli’s Birth of Venus which would exclude the use from the

Uffizi’s Director Eike Schmidt commented that such as Leonardo da Vinci, Caravaggio, Titian, Raphael and Giotto di Bondone. The prevalent use of Uffizi’s artworks despite Italian law led to to police whether artworks are used to sell products, especially on social media. This hyperfocus on social media reflects the double-edged nature of social media, providing a greater connection through increased sharing and platforms while also allowing easier access and subsequently, easier appropriation of works.

Last year, a similar conflict emerged from the use of the Birth of Venus. online guide to erotic art which used the artwork. Hopefully, the Birth of Venus does not birth more legal issues in the immediate future.

The post Jean Paul Gaultier, Birth Your Own Venus appeared first on IPOsgoode.

]]>
On the newly proposed Italian Regulation on Copyright Protection in Audiovisual Media Services /osgoode/iposgoode/2013/08/02/on-the-newly-proposed-italian-regulation-on-copyright-protection-in-audiovisual-media-services/ Fri, 02 Aug 2013 14:00:04 +0000 http://www.iposgoode.ca/?p=21982 The re-posting of this analysis is part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media in a Comparative Perspective. Last Thursday the Italian Communication Authority (“AGCOM”) has issued a new draft regulation entitled “Draft regulation on copyright on the electronic communication networks and implementing measures pursuant to Legislative Decree of April […]

The post On the newly proposed Italian Regulation on Copyright Protection in Audiovisual Media Services appeared first on IPOsgoode.

]]>
The re-posting of is part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media in a Comparative Perspective.


Last Thursday the Italian Communication Authority (“AGCOM”) has issued a new draft regulation entitled “” (Annex A to the AGCOM decision no. 452/13/CONS of July 25, 2013) (“Regulation”).

Among other provisions specifically focused on online copyright enforcement (), the Regulation provides for a new administrative procedure before the AGCOM in case of copyright infringements carried out by Audiovisual Media Services Providers (“MSP”).

The AGCOM launched a 60-day public consultation to collect stakeholder comments on each article of the Regulation and to allow stakeholders to propose specific amendments to the Regulation itself. Afterwards AGCOM will evaluate the comments received and it will decide whether or not to embrace them in the context of the final regulation. According to Article no. 19 of the Regulation will entry into force on next February 3, 2014.

1. The provisions focused on Audiovisual Media Services

The 19 articles regulation is divided into five chapters. The forth chapter entitled “Provisions on the Protection of Copyright on the Media Services” (articles 11-15) provides for a new administrative procedure before AGCOM that can be followed to obtain the stoppage of the broadcasting on Audiovisual Media Services of works which infringe copyright or allied rights.

According to article 12 of the Regulation when copyright or an allied right is infringed by means of a linear or an on-demand audiovisual media service or a program is broadcasted in breach of the license agreement (even with reference to the timescale of the broadcasting) the right holders might file a complaint before AGCOM (using a specific form provided by the same authority) requiring to order the MSP to stop the broadcasting of the relevant program.

Using the complaint-form rights holders shall provide the details of the alleged infringement (i.e. documentation which shows the ownership of the rights on the program, copy of the program, brief description of the alleged infringement, contact details of the relevant Audiovisual Media Service Provider etc.).

Within 10 days starting from the receipt of the complaint AGCOM’s direction for media services might decide to:

1) dismiss the case when:

  • the right holder has not used the AGCOM compliant form or failed to provide key information on the alleged infringement of its right;
  • the complaint is related to a subject matter which is out of the scope of the Regulation;
  • the complaint seems manifestly groundless to AGCOM; or

2) start a formal investigation on the case by sending a notice to the MSP informing him on the details of the case and the outcomes of the preliminary investigations carried out by AGCOM competent direction.

The MSP might file a counter-complaint before AGCOM explaining its defensive arguments within 7 days starting from the receipt of the AGCOM notice.

In 20 days starting from the sending of the notice the AGCOM’s direction ends the investigation and propose to the AGCOM board for services and products the adoption of the appropriate measures towards the relevant MSP. During the investigations AGCOM’s direction might require to third parties the disclosure of information or documents which are relevant for the case. Such parties shall provide AGCOM’s direction with the requested information or documents within 5 days starting from the request.

The AGCOM’s board within the following 40 days shall issue its decision on the case.

The board could dismiss the case when the investigations revealed the groundlessness of the complaint or it might adopt the following measures:

  • a warning letter to the linear MSP requiring the stoppage of the broadcasting of the relevant program which infringes the copyright of the right holder;
  • a stoppage order towards the on demand MSP requiring to remove the relevant program form the ones made available to their users.

Even if it is not expressly recalled within the Regulation, according to Article 1 of the Law no. 249/1997 in case of non-compliance with the AGCOM’s decisions, AGCOM might issue fines towards the involved MSP ranging from EUR10,000 to EUR250,000.

Finally, article 15 of the Regulation provides with a specific procedure in connection with the infringement carried out by the satellite providers which are under the Italian jurisdiction or which are not subject to the jurisdiction of any European member State.

2. Conclusive remarks

Generally speaking the provisions related to MSPs seem more balanced and in line with the AGCOM field of competence on copyright protection (as depicted by Article 32-bis of the Italian Code on Audiovisual media and radio services) as compared with the ones proposed in connection with the online copyright enforcement.

The public consultation launched by AGCOM will be helpful to collect the opinions of the stakeholders on the proposed regulation and hopefully to refine the above outlined provisions that will provide right holders with an effective and fast tool to ascertain the infringement of their rights and then collect the relevant damages by means of actions to be started before the competent courts.

Marco Bellezza is a media lawyer and Senior Associate atPortolano Cavallo Studio Legale. He is also a member of the Managing Committee of .

The post On the newly proposed Italian Regulation on Copyright Protection in Audiovisual Media Services appeared first on IPOsgoode.

]]>
The Italian ‘Google Vividown’ Case: ISPs’ Liability for User-Generated Content /osgoode/iposgoode/2013/05/29/the_italian_google_vividown_case/ Wed, 29 May 2013 15:10:52 +0000 http://www.iposgoode.ca/?p=21153 The re-posting of thisanalysisis part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media ina Comparative Perspective. On 21 December 2012, the Milan Court of Appeals overturnedthe decision issued in 2010 by the Court of Milan in the’Google Vividown’ case. Filed on 27 February 2013, the Courtof Appeals’ decision was based on […]

The post The Italian ‘Google Vividown’ Case: ISPs’ Liability for User-Generated Content appeared first on IPOsgoode.

]]>
The re-posting of thisis part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media ina Comparative Perspective.


On 21 December 2012, the Milan Court of Appeals overturnedthe decision issued in 2010 by the Court of Milan in the’Google Vividown’ case. Filed on 27 February 2013, the Courtof Appeals’ decision was based on and confirmed the generalprinciple that Internet Service Providers (ISPs) have nogeneral duty to monitor user-uploaded content on theirsystems. Laura Liguori and Federica De Santis, Partner andAssociate respectively at Portolano Cavallo Studio Legale,analyse the impact of the case on ISPs’ liability and the widerlandscape of overlapping interests in the digital climate.

In this case, three executives from Google were sentenced to a six-monthsuspended conviction for unlawful data processing pursuant to Italian dataprotection laws after a video showing an autistic boy being bullied by hisclassmates was uploaded to the Google Video platform. The Milan Court ofAppeals overturned the 2010 first instance ruling by finding the Googleexecutives not guilty for unlawful data processing under Italian law.

Court of Appeals

First, the Court of Appeals upheld the lower court’s decision to acquit theGoogle executives of defamation, since Google had no duty to review thecontent on its system. According to the Court of Appeals, an ISP’s functionalitywould be clearly impaired if it were required to prevent defamation on itsplatform, as the ISP would have to apply general filtering systems on theuploaded content to prevent defamatory postings.

The Court of Appeal also ruled:

  • the jurisdiction of the Italian Courts applies in the case at hand, as thedamages (the diffusion of the relevant content) occurred in Italy, regardless ofwhere the Google servers with the uploaded content are located.
  • the Italian Data Protection Code (Legislative Decree no. 196/2003) applies toGoogle Italy either because it is established in Italy according to Section 5,paragraph 1 of the Data Protection Code or because Google Italy should beconsidered as ‘non-automated equipment’ located in Italy for processingpersonal data according to Section 5, paragraph 2 of the Data ProtectionCode.

Nevertheless, the decision reversed the unlawful data processing conviction forthe following reasons:

  • No general duty to monitor may be imposed on ISPs, in accordance with therelevant provisions under the EU E-commerce Directive (2000/31/EC),implemented in Italy by the E-commerce Decree (Legislative Decree no.70/2003). From a technical standpoint, it would be impossible to imposesuch a duty, which could undermine freedom of expression.
  • Failure to provide data subjects with a proper privacy notice does not resultin unlawful data processing, punished as a crime under Section 167 of theItalian Data Protection Code, and is subject only to administrative finesaccording to Section 161 of the Code.
  • Only the user who processed the autistic boy’s data when she recorded thedisputed video and then uploaded it to the Google Video platform shouldhave obtained the boy’s parents’ consent before the video was uploaded toGoogle Video, as she was the relevant data controller with regard to suchdata. This did not apply to Google which, according to the Court, is not thecontroller of the data in the video uploaded by users nor is processing datawhen storing such data.
  • Unlawful data processing is considered as a crime only when personal dataare processed (i) with a view to gain an advantage; or (ii) with wilful intent tocause harm to others. The Court of Appeals held that in the case at hand,Google had no intent to profit from the disputed video since no sponsoredlink appeared on it and the Google executives did not act with ‘wilful intent’since they were not aware of the content of the disputed video before it wasuploaded.

Conclusion

The Court of Appeals decision offers a comprehensive overview of Italian caselaw regarding an ISP’s liability for when users violate laws or infringe on others’rights, especially in cases of violation of personal data protection laws. Againstthis backdrop, the decision does not address Google’s role from a dataprotection standpoint nor it clarifies why handling a video (e.g. storing or deletingit) is not tantamount to processing of personal data.

While there are still unclear issues in the decision, the latter will contributesignificantly to the ongoing debate about how to balance the competinginterests involved in the digital environment: protecting personal data and thirdparties’ rights vs. safeguarding freedom of speech and internet freedom.

The post The Italian ‘Google Vividown’ Case: ISPs’ Liability for User-Generated Content appeared first on IPOsgoode.

]]>
Protecting brands on the Internet. A look at approaches taken by the EU, US and Italy /osgoode/iposgoode/2013/04/11/protecting-brands-on-the-internet-a-look-at-approaches-taken-by-the-eu-us-and-italy/ Thu, 11 Apr 2013 17:55:34 +0000 http://www.iposgoode.ca/?p=20737 The re-posting of thisanalysisis part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media ina Comparative Perspective. Introduction Online advertising is the backbone of the internet business model. However, the practice by online advertisers in bidding to use keywords purchased from search engines featuring famous brand names may hurt brand owners’ reputation […]

The post Protecting brands on the Internet. A look at approaches taken by the EU, US and Italy appeared first on IPOsgoode.

]]>
The re-posting of thisis part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media ina Comparative Perspective.

Introduction

Online advertising is the backbone of the internet business model. However, the practice by online advertisers in bidding to use keywords purchased from search engines featuring famous brand names may hurt brand owners’ reputation or divert consumers.

Moreover, the internet offers more opportunities for counterfeiters. Indeed, many online stores, usually run by providers outside the European Union, imitate stores selling genuine products and induce consumers into thinking they are purchasing genuine goods at discounted prices.

So how can brand owners strengthen their brands and protect themselves while third parties are exploiting their trademarks online (e.g. through paid search words, within a website or in the websites’ metatags, etc)? Set out below is an outline of the EU and US approach on the matter.

Liability of Advertisers and Website
Operators for Trademark Infringement

Advertisers bidding keywords identical to trademarks (thus exploiting such trademarks online without the brand owner’s authorization), as well as website operators selling counterfeits may be liable for trademark infringement: this has not been generally questioned either by EU or US courts.

It is worth noting that, to be successful in such trademark infringement claims, trademark owners need to provide adequate evidence (e.g. surveys, testimony) that the use of their trademark online is likely to cause confusion or, especially for well-known trademarks, to dilute the selling power of the trademark.

In the EU, the Court of Justice of the European Union (CJEU) has held that advertisers that purchase keywords identical with a third party’s trademark triggering the display of their own adverts make use of said trademark in the course of trade for the purposes of trademark infringement under EU law (Google France SARL v. Louis Vuitton Malletier SA) (see ‘‘Adwords Liability Shifts From Google to Advertisers After ECJ Ruling’’ [24 WIPR 4, 4/1/10]).

The Court of Justice went on to rule that a trademark owner (in the specific case, the French luxury brand Louis Vuitton) may oppose the use of a keyword corresponding to its trademark where the adverts triggered by the keyword do not enable users, or enable them only with difficulty, to ascertain whether the goods or services being advertised originate from the trademark owner or, on the contrary, from a third party.[1]

Liability of Internet Service Providers
Direct Liability — ‘‘Use in Commerce’’

Whilst the liability of advertisers or counterfeiters is not a controversial point, a key issue is the extent of liability for service providers selling paid adverts or hosting website selling counterfeits.

In particular, debate arises on whether trademark owners may successfully argue that providers are directly/primarily liable for trademark infringement in that they also make ‘‘use in commerce’’ of the trademarks.
Courts across the US and Europe have reached different conclusions at various times.

‘‘[T]o be successful in trademark infringement claims, trademark owners need to provide adequate evidence that the use of their trademark online is likely to cause confusion or dilute the selling power of the trademark’’.

Courts in the United States have found the sale of trademarks as keywords by service providers to be a ‘‘use in commerce’’. Based on this finding, US courts have held providers directly liable for trademark infringement where use of trademarks by such providers was likely to cause confusion or to dilute the selling power of the trademarks. For example:

• Rescuecom Corp. v Google, Inc, where the Court of Appeals for the 2nd Circuit ruled that the recommendation and sale by Google of keywords featuring Rescuecom’s trademark constituted a ‘‘use in commerce’’ for purposes of US trademark law, as far as use of Rescuecom’s trademark causes likelihood of confusion or mistake, and this circumstance needed to be proved by Rescuecom through a trademark infringement lawsuit on remand.

• Rosetta Stone Ltd v. Google Inc, where, whilst a district court in Virginia dismissed the case in 2010, reasoning that the sale of the keywords was not likely to confuse consumers, in April 2012 the Court of Appeals for the 4nd Circuit partially overturned that ruling, holding that the plaintiff provided sufficient evidence to suggest that Google’s use of Rosetta Stone’s trademark was intended to cause likelihood of confusion (see ‘‘US Appeal Court Overturns Summary Dismissal of Rosetta Stone v. Google’’ [26 WIPR 29, 5/1/12]).

Meanwhile in Europe, the Court of Justice ruled that trademark owners could not prevent a keyword advertising platform from selling their trademarks as keywords because that platform does not make ‘‘use’’ of the trademarks in the course of trade for purposes of trademark infringement under EU law by merely enabling its customers to display on its website signs corresponding to trademarks.[2]

The court did not investigate whether the provider, by selling keywords identical with trademarks triggering the display of adverts, was causing confusion on the part of the public. The likelihood of confusion is, instead, as above reported, a relevant test which US courts apply in order to find an internet intermediary directly liable for trademark infringement.

Contributory Liability — Active or Passive Role of the Provider

Apart any direct liability issues, recent landmark trademark cases, both in the US and in Europe, indicate that service providers may be held to contributory liability for third parties’ infringements on their platform for their involvement in, or control over, the infringing activity.

Having regard to the hosting of websites selling counterfeits, the approach of US courts is that, having direct control over the ‘‘master switch’’ that keeps the infringing websites online, web hosts have affirmative obligations to intervene against trademark infringement,[3] resulting in the risk of liability where they do not promptly honor a takedown request.

In addition, some of the most relevant cases in the US include the following:

• The US Supreme Court’s decision in Inwood Laboratories v. Ives Laboratories set forth the traditional test for contributory liability for trademark infringement. The Supreme Court held that contributory liability should be imposed on a defendant that either (a) intentionally induces another to infringe a trademark, or (b) continues to supply its product to one whom it knows or has reason to know is engaging in trademark infringement;[4]

• In Tiffany v. eBay, the US Court of Appeals for the 2nd Circuit ruled that eBay was not liable for contributory trademark infringement on ground that eBay had no more than a general knowledge that sellers were offering counterfeit Tiffany jewelry on its marketplace. Therefore, Tiffany failed to prove that eBay had specific knowledge of specific sellers of counterfeit Tiffany products and had continued to supply services to those sellers.[5]

• In Europe, the Court of Justice’s landmark decision in Google France v. Louis Vuitton clarified that a keyword advertising platform may be held to contributory liability for the potentially infringing activity carried out by advertisers on its platform if it played an active/not merely technical role in facilitating the infringement.

Following this ruling, a Paris court in Olivier Martinez v. Google and Prisma Press found that Google’s provision of its AdWords service had not been merely technical, automatic and passive, on ground that Google had knowledge of the keywords and of the content of the advertisement, and played an active role. In that case, the court gave relevance, inter alia, to the fact that Google’s terms of use provided Google with editorial control over the content of the adverts.[6]

‘‘Operators of an online marketplace that provide assistance in optimizing the presentation of online offers for sale or promoting such offers perform an active role [and] thus cannot rely on the liability exemption’’.

The extent of providers’ liability for trademark infringements carried out on the internet was further discussed in L’Ore´al v. eBay, handed down by the CJEU on July 12, 2011 (see ‘‘CJEU Determines Extent of Duty for Marketplace Websites to Prevent Trade Mark Infringement’’ [25 WIPR 47, 9/1/11]).[7] On this occasion, the Court of Justice significantly pointed out that:

• Operators of an online marketplace that provide assistance in optimizing the presentation of online offers for sale or promoting such offers perform an active role, thus they cannot rely on the liability exemption that the E-Commerce Directive (2000/31/EC) grants to online service providers in certain circumstances;

• Even if the provider did not provide such assistance, it may nonetheless be held liable if it is aware of facts or circumstances from which the unlawful information is apparent and fails to remove this information from its platform;

• National courts should be able to issue orders against online service providers to take measures which contribute not only to bringing to an end trademark infringements by users of that marketplace, but also to preventing further infringements of that kind. These measures could strongly help trademark owners in protecting their brand on the internet.

Italian Law

Italian law does not provide specific rules in connection with the exploitation of trademarks on the internet. Therefore, the general rules governing the use of trademarks in the physical world are applied.
Trademark owners may bring proceedings before courts to:

• Claim that unauthorized use of their trademarks by third parties infringes their trademark rights and, when the third party is a competitor of the trademark owner, constitutes unfair competition;

• Seek compensation for damages suffered from the infringement and ask for publication of the court’s decision.

• In most serious cases trademark owners might seek preventive seizure of the infringing websites, to be enforced by means of a court order requiring Italian ISPs to block the relevant websites so that internet users in Italy would be unable to access them. According to recent Italian case law:

• If a website wrongfully uses a registered trademark (for example in one case, the word ‘‘Moncler’’) in its domain name, and if a court order is sought to block access to the website, such an order cannot be granted unless the applicant produces evidence of the website’s illicit content or purpose;

• In order to block access to a website that offers counterfeit goods, a trademark owner must produce adequate evidence of the illicit activity carried out through the website.[8]

• Moreover, it is worth noting that an increasing number of recent cases show a new Italian perspective on nontraditional IPR remedies, such as the shutdown of websites found liable for unfair commercial practices.

Indeed, brand owners can look for protection by notifying infringement of their trademark rights to the Italian Antitrust Authority (‘‘IAA’’), which has recently started ordering the blocking of some websites involved in the online sale of fashion products, enforced through the collaboration of the law enforcement agency Guardia di Finanza.

In 2012, the IAA banned a number of websites referred to as the Private Outlet Network from being accessed by users residing in Italy on grounds of infringement of consumer protection rules,[9] and in January 2013 the authority ordered the blocking of a number of Chinese websites selling counterfeits of luxury goods ‘‘made in Italy’’ (Gucci, Prada, Hogan). [10]

The IAA found the websites liable for unfair commercial practices towards Italian consumers on the bases that they:

• Provided misleading information on the nature and characteristics of the products bearing the famous brands, which have been ascertained to be counterfeits;

• Omitted relevant information on the vendor’s identity and contact details and on post-sale consumers’ rights (e.g. withdrawal right);

• Failed to inform consumers of their rights under the legal warranty, which could not be offered as the products were counterfeits.

• Moreover, the unfair commercial practices carried out by two of the websites were found to be particularly insidious as they imitated the look of the luxury goods companies’ online stores and induced consumers into thinking they were purchasing genuine goods from official resellers.

Protecting Brands

The case law in both the EU and the US may provide brand owners with a road map as to how to protect their trademarks online. Here are some top tips for online brand protection:

• Monitor the use of trademarks on the internet, also with the assistance of specialized companies, and save screenshots of possible violations.

• Promptly notify service providers of any alleged infringement of trademark rights by providing any relevant information and identifying the exact URL of the relevant webpage. Legal assistance in drafting proper notices and cease-and-desist letters is in any case recommended to incisively enforce trademark rights.

• Develop a strategy for dealing with infringements, by identifying the key threats for brands and prioritizing infringements.

 

Notes

[1] Joined Cases C-236/08, C-237/08 and C-238/08, March 23 2010.
[2] Id.
[3] Louis Vuitton Malletier SA v. Akanoc Solutions Inc (658 F 3d 936, 9th Cir 2011).
[4] 456 US 844 (1982).
[5] 600 F 3d 93 (2nd Cir 2010).
[6] Decision of November 14, 2011.
[7] L’Ore´al SA and Ors v. eBay (Case C-324/09).
[8] Court of Padua, decision of November 4, 2011.
[9] Resolution of March 6, 2012.
[10] Resolution of January 23, 2013.

Published on Bloomberg BNA – World Intellectual Property Report

The post Protecting brands on the Internet. A look at approaches taken by the EU, US and Italy appeared first on IPOsgoode.

]]>
Developments in Data Protection in 2012 and Trends for 2013 /osgoode/iposgoode/2013/03/05/developments-in-data-protection-in-2012-and-trends-for-2013/ Tue, 05 Mar 2013 19:08:40 +0000 http://www.iposgoode.ca/?p=20375 The re-posting of thisanalysisis part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media ina Comparative Perspective. 2012 was a very busy year for Italian lawmakers. Several laws significantly amended the Italian data protection legal framework, as set forth in the Italian Data Protection Code (Legislative Decree No. 196/2003). It is, however, […]

The post Developments in Data Protection in 2012 and Trends for 2013 appeared first on IPOsgoode.

]]>
The re-posting of thisis part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media ina Comparative Perspective.

2012 was a very busy year for Italian lawmakers. Several laws significantly amended the Italian data protection legal framework, as set forth in the Italian Data Protection Code (Legislative Decree No. 196/2003).

It is, however, questionable whether these changes genuinely succeeded in achieving their main objective: reducing the administrative burdens on enterprises processing personal data. Furthermore, the various amendments to the Data Protection Code made the overall framework even less clear.

Here follows a selection of the most relevant innovations in the Italian data protection legal framework and a preview of the trends for 2013.

REVIEW OF 2012

• New definition of personal data and data subject
In December 2011 the Italian Government passed Decree no. 201/2011, which excluded legal entities from the definitions of “data subject” and “personal data”.

These amendments aimed at reducing the bureaucratic requirements and administrative burdens on data controllers processing personal data. However, uncertainty arose as to whether legal entities had been excluded in toto from the protection afforded by the Data Protection Code.

With its Resolution of September 20, 2012 the Italian Data Protection Authority (Garante) gave an official interpretation of the aforementioned amendments, clarifying that legal entities were still included in the definition of “subscribers”, and that the provisions set forth by the Data Protection Code for the latter (e.g. unsolicited marketing communications and telemarketing rules) therefore still apply to them.

• Cookies
With long-awaited Legislative Decree no. 69/2012, after almost a year of delay, Italy implemented EU e-Privacy Directive no. 2009/136/EC, which amended Directive 2002/58/EC and provided for an “opt-in” principle regarding the use of cookies (i.e. small files that store information on users’ computer equipment).

As a result of the implementation of the e-Privacy Directive:

− Storing information on users’ computer equipment and retrieving said information in the form of cookies is lawful only after having obtained users’ consent.

− Consent must be informed, i.e. data subjects shall be provided with an information notice, which can be simplified according to a resolution issued by the Garante.

− Consent can be expressed through the settings of a piece of software or other device.

User consent is not always required. In line with the guidance provided by the Article 29 Data Protection Working Party, users’ prior consent shall not be obtained for technical cookies such as session-ID cookies (e.g. shopping cart session cookies used for purchasing items online); authentication cookies and multimedia player cookies (e.g. FlashPlayer cookies), provided they expire at the end of each session; customization cookies (e.g. language preference cookies) or social network content sharing cookies for users who are “logged in” to the relevant social network.

Information shall in any case be provided to users, although consent need not be obtained.

As regards the information requirement, with Resolution of November 22, 2012 the Garante launched a public consultation among consumers and the main relevant operators to gather proposals and lay down appropriate user information mechanisms. The public consultation, which opened on December 19, 2012, will close on March 19, 2013.

• New data breach notification requirements
Legislative Decree no. 69/2012 required providers of publicly available electronic communications services (e.g. telecoms operators and Internet access providers) to deal with personal data breaches (i.e. breaches of security leading to the accidental destruction, loss, or unauthorized disclosure of, or access to, personal data processed in connection with the provision of a publicly available electronic communications service).

Under the new provisions, providers shall notify the Garante of the personal data breach without undue delay. In the most serious cases, providers shall also report breaches to the subscriber or other relevant individuals without delay.

On July 26, 2012, the Garante issued guidelines and instructions for the implementation of the new security requirements in specific connection with the circumstances in which a provider shall be obliged to notify of personal data breaches, the format of the notification and the manner in which the notification shall be made.

Furthermore, the Garante launched a public consultation on certain topics related to the implementation of the new requirements in order to harmonize the procedures and modalities of the notification of personal data breaches.

While the public consultation is closed, its outcome has not yet been published.

• Security measures
A recent Decree (no. 5/2012) simplified the security obligations imposed on data controllers.

In particular, the Decree abolished the obligations of those processing sensitive data (e.g. data disclosing racial or ethnic origin, sexual orientation or health) or judicial data (e.g. data disclosing convictions for criminal offences) by electronic means to draft and update a security policy document (“Documento Programmatico sulla Sicurezza”) by March 31 of each year.

This document shall include, amongst other content, a description of the relevant data processing operations carried out and the security measures implemented. In addition, the adoption of, and any significant update to, the security policy document shall be referred to in the minutes of a Board of Directors’ meeting.

Nonetheless, the other security measures prescribed by the Data Protection Code remain in place (e.g. computerized authentication, such as usernames and passwords, the use of authorization systems, and the implementation of back-up and restoration procedures for safeguarding data and systems).

• The processing of judicial data
Decree no. 5/2012 extended the possibility of data controllers processing judicial data. Before the Decree, the processing of judicial data was only allowed where authorized by either a specific statutory provision or by the Garante, specifying a substantial public interest justification, the categories of the processed data and the operations that may be performed on the data.

The Decree introduced the additional possibility of processing judicial data in accordance with agreements to prevent and counter organized crime entered into with the Ministry for Home Affairs and/or its peripheral offices. Such agreements shall specify the categories of processed data and the processing operations to be performed.

PREVIEW OF 2013

In 2013 there will be a new government in Italy, which will hopefully move towards a more comprehensive approach to data protection. Here follows a preview of the top privacy trends for 2013.

• Cookies
Recent changes to the rules on cookies are less substantial in Italy than in the rest of Europe. Indeed, the opt-in rule was actually already provided by the Italian Data Protection Code, even though it only applied to technical cookies. Any other type of unauthorized access or storage in the user’s PC was prohibited.

This rule, however, had never been enforced by the Garante and an opt-out through the user’s browser settings had been (and still is) common practice.

The opt-in rule for the use of cookies by website operators has stirred controversy about how to implement it from a practical standpoint.

Will the Garante’s new guidance on cookies help website operators to deal with the “opt-in” rule?

• Data breaches
2013 should be the year that more companies embrace the concept of security breaches within the context of their broader IT strategy in order to deal with security vulnerabilities.

Security on mobile devices should also be a major issue in 2013.

Guidance from the Garante is expected based on the recently closed public consultation.

• Mobile advertising
As the use of mobile devices and apps grows, tracking and profiling technologies will pose increasing risks to users’ online privacy and new challenges for the online/mobile business.

• Privacy by design and privacy by default
Mobile devices pose privacy challenges that are unique to the mobile context. Specifically, controllers and app developers will increasingly consider privacy issues from the very outset of the design process, under a privacy by design and privacy by default approach.

This approach will also characterize the development of any product or software involving the processing of personal data.

• Cloud computing
The ever-expanding adoption of cloud computing technologies by companies will raise significant issues, mainly surrounding a lack of control over personal data and questions about how, where and by whom personal data is processed.

• Binding corporate rules (BCR)
BCR are internal codes of conduct that establish policies for the transference of personal data outside the EU. European Data Protection Authorities launched BCR for processors on January 1, 2013. Over the next twelve months we expect an increasing number of multinational companies to start using BCR.

• EU Data Protection Regulation
The Italian data protection framework is set to be shaken up by the future EU Data Protection Regulation, proposed by the European Commission on January 25, 2012, which aims to reform data protection laws across the EU. The proposal is currently under scrutiny at EU level. Once it is formally adopted, the Regulation will be directly applicable to all Member States and businesses will have a two-year timetable to become compliant with the new obligations. Companies may wish to start considering the new requirements now in order to be well prepared once the Regulation enters into force.

The post Developments in Data Protection in 2012 and Trends for 2013 appeared first on IPOsgoode.

]]>