Posts Tagged 'european union'

The strange, hypocritical attitude of the Irish Government to copyright, the internet and citizens

Published 1 March 2012 Intellectual Property Comment
Tags: , , , , , , ,

[Updated, at end] The introduction yesterday of an amendment to the Copyright & Related Rights Acts has been in the works for a long time (posts here, here and here). The issue has generated quite a bit of heat on both sides and the Government would do well to observe that opponents to the law have not held a monopoly on intemperate comment.

The amendment was destined to be introduced by statutory instrument and the concerns of any critics were always going to be ignored but the attitude of Séan Sherlock, junior Minister for Research & Innovation, to the issue is strange and contradictory.

His announcement of the new law contains a significant dig at those who opposed the statutory instrument the Government has just introduced.

I urge all interested parties on all sides to come together and work in a constructive and realistic way to the benefit of all.

This is a boggling statement. Like any campaign there was a lunatic fringe that fired off ill-informed comments. But most opponents were relatively well organised and the Minister met with representatives of some of them (read Michele Neylon’s account here). So, at least some “sides” came together. The Stop Sopa Ireland campaign was up and running in a very short time and, unlike most campaigns of opposition, actually proposed alternative wording to the Minister.

A key paragraph in that alternative wording would have included an obligation on a court to carry out a balancing act when considering whether or not to grant an injunction to a copyright owner.

In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any person likely to be affected by virtue of the grant of any such injunction (including the freedom to conduct business, the right to protection of personal data and the right to receive or impart information) and the court shall give such directions (including a direction requiring that persons likely to be affected be notified of the application) as the court considers appropriate in all of the circumstances.

It appears that Minister Sherlock considers such a proposal to be non-constructive and part of a campaign of setting the “dogs” on him. However, a few weeks ago the Minister bizarrely “welcomed” the decision of the European Court of Justice in Sabam v. Netlog with the following comment:

[T]his decision … reiterate[s] that, in the context of measures adopted to protect copyright holders, national authorities and courts must strike a fair balance between the protection of copyright and the protection of the fundamental rights of individuals who are affected by such measures …

I welcome today’s decision from the European Court of Justice. This will provide further clarity to Irish courts in adjudicating such matters.

What would also have provided clarity to Irish courts in adjudicating such matters is a clause like the one included in the alternative wording submitted to Minister Sherlock.

Instead, a bare-bones statutory instrument has been used to amend the Copyright & Related Rights Acts providing none of the clarity that the Minister otherwise appears to favour.

[Update 7 March 2012] A recent press release by Minister Sherlock’s party colleague, Phil Prendergast MEP demonstrates what appears to be quite a different attitude to citizen engagement with copyright reform.

Commenting on the referral of the Anti-Counterfeiting Trade Agreement to the Court of Justice of the European Union, Ms Prendergast says:

This extraordinary u-turn by the European Commission, who had up until now dismissed legitimate concerns, demonstrates that engaged citizens and civil society groups can have a decisive impact on politics, especially when fundamental freedoms are at stake.

Not under Labour in Ireland, it would seem.

Battle of the Bakers: Round 2 (and an interesting update re Round 1)

Published 4 January 2012 Intellectual Property Leave a Comment
Tags: , , , , , ,
Exhibit A

Exhibit A: McCambridge bread

I had assumed that the McCambridge v. Brennan brown bread case was solely one of intellectual property infringement but the judgment of Mr Justice Peart, which has now been published, shows that there is more to it (an Irish Times report of the case is here).

Indeed, Peart J notes that McCambridge do not “have any proprietary rights as such over that type of re-sealable bag, its shape or indeed the shape and size of the loaf of bread inside.” The company itself accepted that it does have such proprietary rights, nor rights over the shape and colour or ingredients of the bread itself.

Notwithstanding that, Peart J agreed that the overall impression on consumers satisfied the conditions for passing off (a form of action used to protect unregistered intellectual property rights).

[I]t would take more care and attention that I believe it is reasonable to attribute to the average shopper for him or her not to avoid confusion between the two packages when observed on the shelf, especially when these are placed adjacently or even proximately so.

Peart J indicated that an injunction should be granted to prevent further passing off. However, the interesting element of the case comes next: he also considered whether McCambridge are entitled to an injunction under section 71 of the Consumer Protection Act 2007 on the basis that Brennans were engaging in a misleading commercial practice.

The Minister for Jobs, Enterprise & Innovation recently announced a planned overhaul of consumer legislation, arguably ignoring that the 2007 Act was supposed to be just that (I wrote about it here in April 2011). The 2007 Act was quite significant, but appears to have been barely used, particularly by the National Consumer Agency. Indeed, Peart J states that they held a watching brief in McCambridge v. Brennan but, strangely, adopted “a neutral position”.

(The failure of the Agency to adopt a position is reminiscent of the refusal of the Data Protection Commissioner to involve his office in the EMI v. eircom case. Ironically, he recently went on to order eircom to halt the three-strikes system which resulted from that case.)

Exhibit B

Exhibit B: Wot, no McCambridge?

Peart J decided that McCambridge were not entitled to an injunction under section 71, apparently (my interpretation) on the basis that the design of its packaging was not a commercial practice involving marketing or advertising.

Peart J was to hear the parties in relation to the exact terms of his proposed injunction, but the decision to grant an injunction has since been appealed to the Supreme Court by Brennans.

As stated, my interpretation of Peart J’s comments (at paragraph 45) is that an injunction was not available because packaging was not “marketing or advertising”. I would have thought that the European Communities (Misleading and Comparative Marketing Communications) Regulations 2007 were aimed at preventing misleading advertising and that the (quite similar) provisions of the 2007 Act were of broader application such as would capture packaging. The 2007 Act is the Irish implementation of the Unfair Commercial Practices Directive which, in the UK, was implemented by statutory instrument. Guidance from the UK’s Office of Fair Trading gives the following example of a prohibited practice:

A trader designs the packaging of shampoo A so that it very closely resembles that of shampoo B, an established brand of a competitor. If the similarity was introduced to deliberately mislead consumers into believing that shampoo A is made by the competitor (who makes shampoo B) – this would breach the [Regulations].

Of course, Peart J had decided that Brennans’ passing off was not deliberate, and so could not have found them to have intended to “deliberately mislead consumers”. Nevertheless, it appears to be a case where the views of the Consumer Protection Agency would have been of use.

New data protection rules on cookies & mandatory data breach reporting for electronic communications providers

Published 4 July 2011 Data Protection Comment
Tags: , , , ,

 

From George Eastman House

Not those kind of cookies.

Last week, the Minister for Communications, Energy and Natural Resources signed a group of statutory instruments into law which transpose the EU telecommunications reform package.

Among those regulations are the European Communities (Electronic Communications Networks and Services)(Privacy and Electronic Communications) Regulations 2011.

The Regulations are lengthy but the Data Protection Commissioner already has a guidance note online outlining the changes introduced, the most significant being:

  • Compulsory notification of individuals and the Office of the Data Protection Commissioner in the case of data breaches
  • More stringent requirements for user consent for the placing of “cookies” on electronic devices
  • Stricter requirements for the sending of electronic marketing messages and the making of marketing phone calls

I previously wrote about mandatory reporting of data breaches in the context of general data protection law (rather than sector-specific rules).

Leo Moore (William Fry) points out that the new rules on cookies do not provide for a lead in time, as was the case in the UK. This will put pressure on operators subject to the rules to get their house in order quickly. He notes:

Website operators and other interested parties are keenly following how the Cookie Regulations will be interpreted and enforced in Ireland in light of the need to obtain website user consent each time a cookie is placed on a website user’s computer. Many such parties have concerns in relation to the practical implications of complying with such obligations.

For more, try following Ronan Lupton (ALTO), TJ McIntyre (UCD/DRI), Leo Moore (WF) & David Cullen (WF) on Twitter.

Department of Jobs, Enterprise & Innovation (brief) consultation on filesharing injunctions

Published 20 June 2011 Intellectual Property Comments
Tags: , , , , , , ,

[Updated 23/06/11] In the (literally) last days of the previous Government, a rumour shot around that the then Minister for Enterprise, Trade and Innovation was about to sign a statutory instrument into law which would address the gap in the law criticised by Mr. Justice Chartleton in the EMI & ors v. UPC case.

A firm denial was issued by the Minister but I’m not sure anyone really believed that a draft SI wasn’t floating around somewhere. Anyway, the newly-titled Department of Jobs, Enterprise & Innovation has put a draft SI out to consultation. The relevant SI text is below.

Deadline for submissions is 1 July 2011: less than 2 weeks from today. That’s pretty swift consultation by any standard. Apparently the Department received a number of requests for an extension to the consultation period, so the new deadline for submissions is Friday 29 July 2011.

New section 40(5A) of the Copyright & Related Rights Acts:

(5A)(a) without prejudice to subsections (3) and (4), the owner of the copyright in the work concerned may apply to the High Court for an injunction against a person who provides facilities referred to in subsection (3) where those facilities are being used by one or more third parties to infringe the copyright in that work.

(b) In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any third party likely to be affected and the court shall make such directions (including, where appropriate, a direction requiring a third party to be put on notice of the application) as the court may deem necessary or appropriate in all the circumstances.

New section 205(9A) of the Copyright & Related Rights Acts:

(9A)(a) without prejudice to subsections (7) and (8), the rightsowner may apply to the High Court for an injunction against a person who provides facilities referred to in subsection (7) where those facilities are used by one or more third parties to infringe any of the rights referred to in Parts III and IV.

(b) In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any third party likely to be affected and the court shall make such directions (including, where appropriate, a direction requiring a third party to be put on notice of the application) as the court may deem necessary or appropriate in all the circumstances.

Thanks to Ronan Lupton for bringing the consultation to my attention.

Election 2011: Privacy, intellectual property & the internet

Published 23 February 2011 Online law Comments
Tags: , , , , , , ,

With so much of the electoral attention focussed on crisis management, it is easy to ignore other aspects of each party’s manifestos (or the absence of same in the case of many independents).

It is worth checking these manifestos for references to any issues you have a particular interest in: you might be surprised at what you find. Luckily, blogs like Maman Poulet and Human Rights in Ireland are keeping an eye on the aspects of the party manifestos not concerned solely with bond-burning.

Crowd checking the 1931 general election results, Willis Street, Wellington, 1931

Election night results, pre-Twitter

Our courts and citizens are having to deal with an increasing number of issues under our privacy, data protection and intellectual property laws, so I had a look at the parties’ positions in these areas. If I have missed anything, please let me know in the comments, along with suggestions as to what the manifestos should contain.

Fine Gael

  • FG would “review and update Intellectual Property legislation currently in place to benefit innovation.” This commitment is vague and suggests that the party is aware of issues but hasn’t thought about any solutions yet.
  • FG would “clarify the laws relating to on-line copyright infringement and the enforcement of rights relating to digital communications”. This probably refers to the consequences of the IRMA litigation (contrast with the Green Party manifesto, below). Again, the party does not appear to be ready to offer solutions.
  • What is meant by “the enforcement of rights relating to digital communications”? Does it refer to data retention or freedom of speech? The sentence is somewhat worrying in the absence of elaboration.
  • FG will revamp the Patents Office website. This is a bizarrely specific proposal, by contrast with the other high-level proposals.
  • The consultancy industry will be delighted to learn of plans for “an E-day on January 1st, 2016 by which all government services to business will be on-line only.”
  • FG would “develop Ireland as a ‘Digital Island’ and first-mover when it comes to information technology.” One might be forgiven for thinking that is an aspiration that is somewhat unrealistic in 2011.
  • FG would introduce a national DNA database. The process of doing so had already been started by the outgoing administration.
  • The party proposes a Circuit Commercial Court along the lines of the existing Commercial Court but which deals with smaller-value commercial disputes (the Circuit Court can generally hear cases for claims worth up to €38,092.14)

Labour

  • Labour’s Innovation Strategy Agency would, among other things, “make Ireland a world leader in the management of [IP]“.
  • Labour “supports the development of an International Content Services Centre in Ireland, and its potential to make Ireland a European hub for the dissemination of Intellectual Property.” This was, in fact, a commitment of the renewed Programme for Government agreed by Fianna Fáil and the Green Party in October 2009. It is also firmly in Your Country, Your Call territory: one of the winning YCYC proposals was to establish an ICSC. The competition winners were announced in September 2010, almost one year after the establishment of an ICSC became Government policy.
  • Labour propose to introduce civil orders against serious offenders following conviction, for example, restrictions on the use of the internet by those convicted of child sex offences.
  • Labour wants to make Ireland a headquarters location for data centres and cloud computing. The party would establish an expert group to review security and privacy issues arising from these areas. A data protection review group established by the Minister for Justice 2008 published a report in 2010. The EU is also currently reviewing the Data Protection Directive (Irish law implements the Directive) and cloud computing is one issue under review in that context.

Fianna Fáil

I will not be the first to suggest that the FF manifesto consists primarily of a defence of the outgoing Government’s policies and lists of achievements since 1997. It is not surprising, therefore, that party does not appear to offer much in the areas of privacy, IP and the internet.

No direct reference is made to copyright, data protection, privacy or the internet (not one instance of the word internet in the whole manifesto, though commitments are made about broadband). One, incidental, reference is made to IP in the context of publicly-funded research. While FG want to clarify the law on exploiting IP developed by third level institutions, FF want the outcomes of publicly-funded research to be made freely available “save where there are specific commercial intellectual-property issues.”

  • FF commits to supporting research and development and to continue use of the innovation voucher system to help small businesses acquire R&D.
  • Like the Labour party, the FF manifesto commits to fostering cloud computing services. It also commits to establishing the International Content Services Centre (as already mentioned, this has been Government policy since 2009).

Green Party

  • The Greens would “[p]revent private organisations from intruding into a citizen’s privacy”. The Data Protection Acts 1988 and 2003 already do this in general terms, but I assume that the Greens are proposing either reform of those Acts or the implementation of some form of specific privacy law, as was proposed but not implemented by the outgoing administration.
  • The Greens would prevent organisations from “summarily punishing citizens for alleged illegal activities and from interfering with citizens’ legitimate and legal uses of content.” Again, a little interpretation is required, but I assume this suggests that the Greens would deal with the consequences of the IRMA litigation in a manner which favours citizens over companies. As Minister for Communications, Eamon Ryan said that he was seeking the advice of the Attorney General in this area but his holding statement to the Dáil last year did not indicate any thinking along the lines of what is now contained in the manifesto.
  • The party would “[u]pdate the role of the Data Commissioner to ensure evolving technologies are in check with the rights of Irish citizens.” This might refer to increased enforcement powers, which would be welcome.
  • The party would completely oppose the introduction of software patents.

Sinn Féin

The SF manifesto makes no direct reference to copyright, intellectual property, data protection, privacy or the internet. However, the party would “focus on creating new jobs across the agri-food, tourism and IT/pharma sectors, and Research and Development as well as with initiatives that will ensure Ireland becomes a world leader in green energy.”


Irish data retention law now in force

Published 2 February 2011 Data Protection Comments
Tags: , , , ,

There has been so much political uncertainty in recent weeks that one wonders what business of Government has gone on unnoticed. One such item of business, I discovered from the A&L Goodbody legislative FAQ referred to earlier, was the passing by the Oireachtas of the Communications (Retention of Data) Act 2011.

This controversial piece of legislation is not available,  as yet, in its final form as none of the Department of JusticeHouses of the Oireachtas or Irish Statute Book have published it.

The President signed the Act into law on 26 January 2011 but, as far as I am aware, this has not been reported on anywhere. The commencement date is not known but the latest draft available does not contain a commencement clause so, if one was not inserted before it was passed by the Oireachtas, it is now in effect.

[Update: I wasn't correct in stating that the introduction of the Act hasn't been reported on. I had missed Eoin O'Dell's reference to its passing on his blog and Karlin Lillington's coverage in the Irish Times. She also covered the Seanad debates on twitter. However, it is still noteworthy that this news has been confined to analysis pieces and has not been headline news, by contrast with other rushed legislation recently signed by the President.]

According to the Internet Service Providers Association of Ireland:

ISPs providing Internet services to the public are now obliged to retain certain data, as set out in the Act, identifying the occurrence of a communication (but not about the content of the communication itself). This must be done for every user, whether they are a private or business customer. In the case of Internet communications the ISP must keep the data for a period of one year … [The] ISPAI regrets [the passing of the Act] despite the trojan efforts of non-government Senators who argued the amendments (which were defeated) aimed at giving greater clarity to the legislation and particularly to minimise its potential to put Ireland at a cost disadvantage to our EU neighbours for Internet based business.

Digital Rights Ireland summarised the effect of the legislation when it was first put before the Oireacthas as follows:

In essence, the Bill requires telecommunications companies, internet service providers, and the like, to retain data about communications (though not the content of the communications); phone and mobile traffic data have to be retained for 2 years; internet communications have to be retained for one year … This will impose significant costs on those obliged to retain and secure the data, and those costs will be passed on to their already hard-pressed customers. And it is likely to drive international telecommunications and internet companies to European states which have introduced far less demanding regimes.

The Irish Council for Civil Liberties made submissions to the Department of Justice about the legislation. Digital Rights Ireland took a constitutional challenge against the legislation and that challenge is en route to the European Court of Justice (the Act implements the EU data retention directive).

Privacy & Human Rights in Europe

Published 31 January 2011 Data Protection Comment
Tags: , , ,

Privacy InternationalPrivacy International have published their latest study reviewing privacy and human rights in Europe.

I contributed to the Irish chapter of the report, along with TJ McIntyre and Colin Irwin. It gives a good overview of current Irish law on privacy and data protection.

The report concludes that, while Europe is the world leader in privacy rights, there remains much work to be done in the field.

The Directive on Data Protection has been implemented across EU member states and beyond, but inconsistencies remain. Surveillance harmonisation that was once threatened is now in disarray. Yet there are so many loopholes and exemptions that it is increasingly challenging to get a full understanding of the privacy situations in European countries. The cloak of ‘national security’ enshrouds many practices, minimises authorisation safeguards and prevents oversight.

The report includes a report card in its key findings, the highlights of which for Ireland include criticisms that Ministerial warrants can override privacy law protections and that powers allowing for interception of VoIP calls are ambiguous.

For more on international privacy law, Morrison Foerster have a very useful library which acts as an online sourcebook.

Conspiracy theorists (and others): who is writing our laws?

Published 15 December 2010 Business Law Leave a Comment
Tags: ,

Perhaps it’s only fitting, with the IMF and the EU pulling the State’s financial strings, that Irish legislation is taking on a European flavour.

© Rem Koolhaas and/or others

Irish primary legislation usually consists of a short title, a long title, operative sections and schedules. The short title is the name by which legislation is known to and the long title describes it further. For example, the long title to the Finance Act 2010 is:

AN ACT TO PROVIDE FOR THE IMPOSITION, REPEAL, REMISSION, ALTERATION AND REGULATION OF TAXATION, OF STAMP DUTIES AND OF DUTIES RELATING TO EXCISE AND OTHERWISE TO MAKE FURTHER PROVISION IN CONNECTION WITH FINANCE INCLUDING THE REGULATION OF CUSTOMS.

It has 165 operative provisions and four schedules, the latter containing tables of rates and other technical amendments. Background information is contained in the explanatory memorandum which accompanies legislation at draft stage (the 35-page explanatory memo for the Finance Bill 2010 is here).

Murdoch‘s notes:

In Irish legislation, preambles [which include descriptive recitals] are mainly found in Acts to amend the Constitution [eg. the 2009 ratification of the Lisbon Treaty], and Private Acts [eg. the Limerick Markets Act 1992].

Take 2006 as representative: 42 acts passed in a pre-crash year, with no constitutional amendments or private acts. None of those 42 acts contains recitals.

recently observed that legislative mission statements were present in new Irish financial laws. These include operative sections outlining the purpose of the legislation (rather than the actual effect) and recitals, which I said were “common in continental European civil law systems and familiar to Irish lawyers thanks to the regulations and directives of the European Union.” Take, for example, Directive 2010/65 which puts up 28 recitals for the reader to wade through before getting to the good stuff: reporting formalities for ships in EU ports (though article 1(1) again sets out the purpose of the directive).

Yesterday, the Minister for Finance published the Credit Institutions (Stablisation) Bill 2010. This is a substantial piece of legislation containing sweeping powers for the Minister, but on a superficial level, it was striking that the Bill again contains a purpose provision (section 4) and a lengthy set of recitals which shout the background (reproduced below).

One might be inclined to speculate as to the source of this Europeanisation of Irish legislation.

Recitals to the Credit Institutions (Stabilisation) Bill 2010

WHEREAS THERE IS A SERIOUS DISTURBANCE IN THE ECONOMY OF THE STATE;

AND WHEREAS MEASURES ARE NECESSARY TO ADDRESS A UNIQUE AND UNPRECEDENTED ECONOMIC CRISIS WHICH HAS LED TO DIFFICULT ECONOMIC CIRCUMSTANCES AND SEVERE DISRUPTION TO THE ECONOMY;

AND WHEREAS THERE IS A CONTINUING SERIOUS THREAT TO THE STABILITY OF CERTAIN CREDIT INSTITUTIONS IN THE STATE, AND TO THE FINANCIAL SYSTEM GENERALLY;

AND WHEREAS IT IS NECESSARY, IN THE PUBLIC INTEREST, TO MAINTAIN THE STABILITY OF THOSE CREDIT INSTITUTIONS AND THE FINANCIAL SYSTEM IN THE STATE;

AND WHEREAS IT IS NECESSARY, IN THE INTERESTS OF THE COMMON GOOD, TO CONTINUE THE PROCESS OF REORGANISATION, PRESERVATION AND RESTORATION OF THE FINANCIAL POSITION OF ANGLO IRISH BANK CORPORATION LIMITED BEGUN WITH THE ANGLO IRISH BANK CORPORATION ACT 2009;

AND WHEREAS THE FUNCTIONS AND POWERS CONFERRED BY THIS ACT ARE NECESSARY TO SECURE FINANCIAL STABILITY AND TO EFFECT A REORGANISATION OF CERTAIN CREDIT INSTITUTIONS;

AND WHEREAS IT IS NECESSARY TO AMEND THE EUROPEAN COMMUNITIES (REORGANISATION AND WINDING-UP OF CREDIT INSTITUTIONS) REGULATIONS 2004 (S.I. NO. 198 OF 2004) TO IMPLEMENT DIRECTIVE 2001/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 4 APRIL 2001 TO PRESERVE OR RESTORE THE FINANCIAL POSITION OF CERTAIN CREDIT INSTITUTIONS;

AND WHEREAS THE CONSIDERABLE FINANCIAL SUPPORT PROVIDED BY THE STATE TO CERTAIN CREDIT INSTITUTIONS HAS HELPED THOSE INSTITUTIONS TO MEET THEIR FINANCIAL AND REGULATORY OBLIGATIONS;

AND WHEREAS THE STATE WISHES TO PROVIDE FOR THE PERFORMANCE OF THE FUNCTIONS CONFERRED BY THIS ACT IN ORDER TO ACHIEVE THE FINANCIAL STABILISATION OF THOSE CREDIT INSTITUTIONS AND THEIR RESTRUCTURING (CONSISTENTLY WITH THE STATE AID RULES OF THE EUROPEAN UNION) IN THE CONTEXT OF THE NATIONAL RECOVERY PLAN 2011–2014 AND THE EUROPEAN UNION/INTERNATIONAL MONETARY FUND PROGRAMME OF FINANCIAL SUPPORT FOR IRELAND;

AND WHEREAS THE COMMON GOOD REQUIRES PERMANENT OR TEMPORARY INTERFERENCE WITH THE RIGHTS, INCLUDING PROPERTY RIGHTS, OF PERSONS WHO MAY BE AFFECTED BY THE PERFORMANCE OF THOSE FUNCTIONS;

AND WHEREAS THE URGENT REORGANISATION OF CERTAIN CREDIT INSTITUTIONS IS OF SYSTEMIC IMPORTANCE TO THE STATE;

AND WHEREAS IT IS NECESSARY TO MAINTAIN PUBLIC CONFIDENCE IN, AND ENHANCE, THE PROTECTION OF DEPOSITS IN CREDIT INSTITUTIONS GENERALLY;

AND WHEREAS IT IS DESIRABLE TO PROMOTE AND FACILITATE INVESTMENT BY PERSONS OTHER THAN THE STATE IN CREDIT INSTITUTIONS TO REDUCE THEIR
RELIANCE UPON STATE SUPPORT;

AND WHEREAS BECAUSE CERTAIN CREDIT INSTITUTIONS IN THE STATE ARE PARTIES TO CONTRACTS AND OTHER ARRANGEMENTS GOVERNED BY THE LAW OF A STATE OTHER THAN THE STATE;

BE IT ENACTED BY THE OIREACHTAS AS FOLLOWS:

Transfers of EU citizens’ data to Israel

Published 3 September 2010 Data Protection Comment
Tags: ,

[Update: The European Commission decided on 31 January 2011 that the State of Israel is considered as providing an adequate level of protection for personal data. This permits data transfers in relation to automated processing only and excludes the exchange of data for national security purposes. It is mostly relevant to intra-company transfers; for example where an EU multinational has a place of business in Israel which might provide back-office services to the EU parent (eg. payroll processing or CRM).]

The Irish media yesterday gave prominence to the unexpected decision of the European Commission to halt a procedure under which Israeli data protection law would be recognised in the European Union. The Irish Times and RTÉ news reports on Thursday evening both opened with almost the exact same sentence:

The European Commission has halted a proposal to allow Israel access to potentially sensitive data on European Union citizens following concerns expressed by the Irish Government.

To me, this sentence suggests that the Israeli government would somehow have access to personal data about EU citizens. This is not the case. The proposal would merely have simplified cross-border transfers of personal data which can and do already occur. The failure of the Commission to approve Israel does not mean that such transfers cannot take place, only that they require extra paperwork.

It’s a technical legal issue, but one which has been simplified to a disappointingly misleading extent. (Today’s print report from the Times was a little more accurate.)

The use of bogus Irish passports by assassins and the suggestion that a stash of personal data was en route to Israel, but for the efforts of Dermot Ahern, makes for an exciting story. Unfortunately, reality is more mundane.

© Life Magazine

Israel: All your base are belong to us?

Transfers abroad

The Data Protection Directive imposes obligations on data controllers (holders) and data processors (users) of personal data. The Directive is implemented in Irish law by the Data Protection Acts 1988 and 2003, section 11 of which provides:

The transfer of personal data by a data controller to a country or territory outside the European Economic Area may not take place unless that country or territory ensures an adequate level of protection for the privacy and the fundamental rights and freedoms of data subjects in relation to the processing of personal data …

The question of whether or not a country ensures an adequate level of protection for privacy and fundamental rights is primarily determined by the European Commission, which can approve countries for that purpose. The Commission has approved Switzerland, Canada, Argentina, Guernsey and the Isle of Man. The Commission has also approved certain transfers to the US, once they fall under the Department of Commerce Safe harbor Privacy Principles or the Bureau of Customs and Border Protection Air Passenger Name Record system.

So, the default position is that personal data cannot be transferred from the EU to an unapproved country. However, this is not an absolute prohibition on such transfers: section 11(4) of the DPA provides that the restriction does not apply in certain circumstances, which can be summarised as follows:

  • if the transfer required or authorised by law;
  • if the data subject has consented to the transfer;
  • if the transfer is necessary for contractual reasons in the interests of the data subject;
  • if the transfer is necessary for reasons of substantial public interest;
  • if the transfer is necessary for the purposes of obtaining legal advice;
  • if the transfer is necessary in order to prevent injury or other damage to the health or property of the data subject;
  • if the transfer is of part only of personal data on a public register;
  • if the transfer has been authorised by the Data Protection Commissioner; or
  • the transfer is made on terms of a kind approved by the Commissioner.

This represents a variety of ways in which the section 11 prohibition on transfers abroad can be worked around, though guidance on using these exemptions means that they are not as wide as they may seem at first.

Nevertheless, these exemptions are frequently used to facilitate cross-border data transfers. The most common examples of such transfers are those between group subsidiaries or transfers to service providers, usually for back-office services (finance, customer support, etc).

The most frequently used exemptions to section 11 are data subject consent, contractual necessity and transfers on terms approved by the Commissioner. This latter category involves the use of European Commission-approved model contracts which must be entered into by the transferor and transferee, or the use of binding corporate rules in the case of multinationals. These pass through EU data protection standards and obligations to the recipient of the data transfer.

The Israel incident

The European Commission websites do not appear to have any details of the recent developments in relation to Israel, but it is assumed that the proposal before the European Commission was to approve Israel as a country which ensures an adequate level of protection for privacy and fundamental rights.

If approval had gone through (and it seems that it may yet), transfers of personal data could have been made to Israel from the EEA without having to put in place additional measures like data subject consent or inter-party contracts. However, the transferor would still be subject to domestic data protection legislation and an Irish transferor would, for example, still be liable to data subjects.

The proposal would not have given anyone, as of right, access to the personal data of EU citizens. Neither does the failure of the proposal prevent the transfer of such data from the EEA to Israel: such transfers will just have to continue to operate under the exemptions listed above.

ECJ to decide on Irish hotel room royalties case

Published 23 March 2010 Intellectual Property Leave a Comment
Tags: , , ,

In general, if you want to show someone else’s media in public, you need a licence to do so. That licence can come from the copyright owner or, where the copyright owner has joined a copyright licensing body, that body has the power to grant collective licenses.

This collective licensing system enables shops, hotels, pubs and offices to use copyrighted materials on their premises without obtaining a licence from every songwriter, publisher or company to do so. These commercial venues must pay annual fees to the main Irish copyright licensing bodies (IMRO/MCPSI and PPI) in return for a licence which allows them to play music or use televisions on their premises.

A licence is required if the shop or pub merely tunes into the local radio station or cable news channel and does not create its own playlist. To take an extreme example: if a musician has joined IMRO and also happens to own a pub, that pub requires a licence even if it only plays looped recordings of the owner’s compositions, recorded exclusively in his or her home studio.

The extensive powers of copyright licensing bodies to extract royalties did not arise without controversy and IMRO appears to have found it necessary, in their FAQs, to offer an answer to the question: “Who says such a system is fair?”

If a commercial premises shows cable television, such as from BSkyB, it requires an additional licence in the form of a commercial subscription agreement, denoted by the presence of a pint-glass “bug” on-screen.

Hotel bars, nightclubs and common areas playing media require IMRO and/or PPI licences, but a licence is not required in respect of hotel rooms. This is provided for in section 97 of the Copyright and Related Rights Act 2000 which says that it is not copyright infringement to show media in sleeping accommodation or as part of the amenities provided exclusively or mainly for residents. The exemption does not apply where a specific charge arises for admission into that part of the premises where the broadcast is made. So, if you showed a Premiership football match in a residents’ lounge, but charged residents €1 per person to enter the lounge while the match was on, section 97 will not apply and a licence is required. (I have used the phrase “specific charge”, though section 97 refers to a “discrete charge”. This was actually the source of debate and it appears that it was intended to use the phrase “special charge”, but “discrete” survived enactment.)

Section 97 was included in response to lobbying by the Irish Hotel Federation. The reasoning behind the exemption is that royalties should arise where there is a public performance of a copyrighted work, but a guest in a hotel room is in a similar position to an individual in their private living room and therefore no public performance takes place. However, the European Court of Justice has previously decided that public performance of a recording can take place in a hotel room.

In a recent case involving a hotel in Kerry, section 97 was unsuccessfully pleaded in defending an action taken against a hotel which had shown Premiership football matches in the residents’ lounge without having the appropriate licence from BSkyB. Details of the arguments advanced are not available but it is possible that section 97 was found not to apply because the bar was not provided only for the use of residents (ie. non-residents could enter the bar and watch the matches).

PPI, the copyright licensing body responsible for collecting royalties in respect of copyright in recordings, wants the section 97 exemption to be abolished and taken legal action against the State to that end. Ms. Justice Finlay-Geoghan has referred a number of questions arising from the proceedings to the ECJ. According to the Irish Times:

Among the issues the ECJ will have to decide is whether a hotel operator, as a result of providing TVs and radios in guestrooms, is a “user” of copyrighted music that can be played in a broadcast for the purposes of EU directive 2006/115/EC. If the operator is such a user, the ECJ will then have to decide whether the same directive require the operator to pay a charge additional to royalties already being paid by TV and radio station operators. The ECJ also has to decide whether hotel operators are exempt from such payments on grounds the playing of such music is for “private use” as provided for under the same directive. A further issue is whether the directive permits the exemption of hotel operators from paying if the music is played by means other than TV or radio.

The IHF devoted a section of its 2009 annual report to copyright issues, stating:

The battle to protect our members against attacks by copyright and neighbouring rights holders continues … It is our advice that the state has a good case to defend. But the process may not end there as there is a view that this is an attempt by the major international record companies to have the case referred to The European Court of Justice with the hope of getting a favourable decision which would have Europewide effect … Should [PPI] be successful in their pursuit it would result in an annual cost to hoteliers and guesthouse owners of over €3m per year. The Council of the Federation recognises the risks in this case and have obtained legal advice on how to deal with this matter as it progresses.

Update (19 April 2010)

The questions addressed by Ms. Justice Finlay Geoghegan to the ECJ are as follows:

(i) Is a hotel operator which provides in guest bedrooms televisions and/or radios to which it distributes a broadcast signal a “user” making a “communication to the public” of a phonogram which may be played in a broadcast for the purposes of Article 8(2) of Codified Directive 2006/115/EC of the European Parliament and the Council of 12th December, 2006?

(ii) If the answer to paragraph (i) is in the affirmative, does Article 8(2) of Directive 2006/115/EC oblige Member States to provide a right to payment of equitable remuneration from the hotel operator in addition to equitable remuneration from the broadcaster for the playing of the phonogram?

(iii) If the answer to paragraph (i) is in the affirmative, does Article 10 of Directive 2006/115/EC permit Member States to exempt hotel operators from the obligation to pay “a single equitable remuneration” on the grounds of “private use” within the meaning of Article 10(1)(a)?

(iv) Is a hotel operator which provides in a guest bedroom apparatus (other than a television or radio) and phonograms in physical or digital form which may be played on or heard from such apparatus a “user” making a “communication to the public” of the phonograms within the meaning of Article 8(2) of Directive 2006/115/EC?

(v) If the answer to paragraph (iv) is in the affirmative, does Article 10 of Directive 2006/115/EC permit Member States to exempt hotel operators from the obligation to pay “a single equitable remuneration” on the grounds of “private use” within the meaning of Article 10(1)(a) of Directive 2006/115/EC?

View Rossa McMahon's profile on LinkedIn

Photostream

Failure to launch

Spring bud

All mod cons.

Neighbourhood watch. (Convenient that you'll be shot on site, rather than having to travel.)

The Birds.

Fusileers' cannon

More Photos
Know Your Rights


Bloggers' Rights at EFF

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,536 other followers

Please read the disclaimer and notes.
Follow

Get every new post delivered to your Inbox.

Join 2,536 other followers