Tag: Data Protection

Yet another Toyota recall

I wrote twice before on product recalls by Toyota and the apparent legislative oversight which meant that there was no legal provision allowing Toyota to obtain records of Toyota owners from the vehicle licensing authorities.

At the time I wrote those posts, the most recent legislation on the issue was the Finance Act 1993 (Section 60) Regulations 2005. Now that Toyota are undertaking another product recall, I discover the  Finance Act 1993 (Section 60) Regulations 2009, which took effect on 25 September 2009 but which, oddly, were not available on the Irish Statute Book when I wrote my posts in 2010 and 2011.

At any rate, the 2009 Regulations revoke and replace the 2005 Regulations and designate specified manufacturers and distributors as being entitled to obtain vehicle licensing records, rather than the generalised category stated in the 1996 Regulations.

So, it appears that I was mistaken, but had no way of knowing it at the time.

Advertisements

The strange, hypocritical attitude of the Irish Government to copyright, the internet and citizens

[Updated, at end] The introduction yesterday of an amendment to the Copyright & Related Rights Acts has been in the works for a long time (posts here, here and here). The issue has generated quite a bit of heat on both sides and the Government would do well to observe that opponents to the law have not held a monopoly on intemperate comment.

The amendment was destined to be introduced by statutory instrument and the concerns of any critics were always going to be ignored but the attitude of Séan Sherlock, junior Minister for Research & Innovation, to the issue is strange and contradictory.

His announcement of the new law contains a significant dig at those who opposed the statutory instrument the Government has just introduced.

I urge all interested parties on all sides to come together and work in a constructive and realistic way to the benefit of all.

This is a boggling statement. Like any campaign there was a lunatic fringe that fired off ill-informed comments. But most opponents were relatively well organised and the Minister met with representatives of some of them (read Michele Neylon’s account here). So, at least some “sides” came together. The Stop Sopa Ireland campaign was up and running in a very short time and, unlike most campaigns of opposition, actually proposed alternative wording to the Minister.

A key paragraph in that alternative wording would have included an obligation on a court to carry out a balancing act when considering whether or not to grant an injunction to a copyright owner.

In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any person likely to be affected by virtue of the grant of any such injunction (including the freedom to conduct business, the right to protection of personal data and the right to receive or impart information) and the court shall give such directions (including a direction requiring that persons likely to be affected be notified of the application) as the court considers appropriate in all of the circumstances.

It appears that Minister Sherlock considers such a proposal to be non-constructive and part of a campaign of setting the “dogs” on him. However, a few weeks ago the Minister bizarrely “welcomed” the decision of the European Court of Justice in Sabam v. Netlog with the following comment:

[T]his decision … reiterate[s] that, in the context of measures adopted to protect copyright holders, national authorities and courts must strike a fair balance between the protection of copyright and the protection of the fundamental rights of individuals who are affected by such measures …

I welcome today’s decision from the European Court of Justice. This will provide further clarity to Irish courts in adjudicating such matters.

What would also have provided clarity to Irish courts in adjudicating such matters is a clause like the one included in the alternative wording submitted to Minister Sherlock.

Instead, a bare-bones statutory instrument has been used to amend the Copyright & Related Rights Acts providing none of the clarity that the Minister otherwise appears to favour.

[Update 7 March 2012] A recent press release by Minister Sherlock’s party colleague, Phil Prendergast MEP demonstrates what appears to be quite a different attitude to citizen engagement with copyright reform.

Commenting on the referral of the Anti-Counterfeiting Trade Agreement to the Court of Justice of the European Union, Ms Prendergast says:

This extraordinary u-turn by the European Commission, who had up until now dismissed legitimate concerns, demonstrates that engaged citizens and civil society groups can have a decisive impact on politics, especially when fundamental freedoms are at stake.

Not under Labour in Ireland, it would seem.

Battle of the Bakers: Round 2 (and an interesting update re Round 1)

Exhibit A
Exhibit A: McCambridge bread

I had assumed that the McCambridge v. Brennan brown bread case was solely one of intellectual property infringement but the judgment of Mr Justice Peart, which has now been published, shows that there is more to it (an Irish Times report of the case is here).

Indeed, Peart J notes that McCambridge do not “have any proprietary rights as such over that type of re-sealable bag, its shape or indeed the shape and size of the loaf of bread inside.” The company itself accepted that it does have such proprietary rights, nor rights over the shape and colour or ingredients of the bread itself.

Notwithstanding that, Peart J agreed that the overall impression on consumers satisfied the conditions for passing off (a form of action used to protect unregistered intellectual property rights).

[I]t would take more care and attention that I believe it is reasonable to attribute to the average shopper for him or her not to avoid confusion between the two packages when observed on the shelf, especially when these are placed adjacently or even proximately so.

Peart J indicated that an injunction should be granted to prevent further passing off. However, the interesting element of the case comes next: he also considered whether McCambridge are entitled to an injunction under section 71 of the Consumer Protection Act 2007 on the basis that Brennans were engaging in a misleading commercial practice.

The Minister for Jobs, Enterprise & Innovation recently announced a planned overhaul of consumer legislation, arguably ignoring that the 2007 Act was supposed to be just that (I wrote about it here in April 2011). The 2007 Act was quite significant, but appears to have been barely used, particularly by the National Consumer Agency. Indeed, Peart J states that they held a watching brief in McCambridge v. Brennan but, strangely, adopted “a neutral position”.

(The failure of the Agency to adopt a position is reminiscent of the refusal of the Data Protection Commissioner to involve his office in the EMI v. eircom case. Ironically, he recently went on to order eircom to halt the three-strikes system which resulted from that case.)

Exhibit B
Exhibit B: Wot, no McCambridge?

Peart J decided that McCambridge were not entitled to an injunction under section 71, apparently (my interpretation) on the basis that the design of its packaging was not a commercial practice involving marketing or advertising.

Peart J was to hear the parties in relation to the exact terms of his proposed injunction, but the decision to grant an injunction has since been appealed to the Supreme Court by Brennans.

As stated, my interpretation of Peart J’s comments (at paragraph 45) is that an injunction was not available because packaging was not “marketing or advertising”. I would have thought that the European Communities (Misleading and Comparative Marketing Communications) Regulations 2007 were aimed at preventing misleading advertising and that the (quite similar) provisions of the 2007 Act were of broader application such as would capture packaging. The 2007 Act is the Irish implementation of the Unfair Commercial Practices Directive which, in the UK, was implemented by statutory instrument. Guidance from the UK’s Office of Fair Trading gives the following example of a prohibited practice:

A trader designs the packaging of shampoo A so that it very closely resembles that of shampoo B, an established brand of a competitor. If the similarity was introduced to deliberately mislead consumers into believing that shampoo A is made by the competitor (who makes shampoo B) – this would breach the [Regulations].

Of course, Peart J had decided that Brennans’ passing off was not deliberate, and so could not have found them to have intended to “deliberately mislead consumers”. Nevertheless, it appears to be a case where the views of the Consumer Protection Agency would have been of use.

New data protection rules on cookies & mandatory data breach reporting for electronic communications providers

 

From George Eastman House
Not those kind of cookies.

Last week, the Minister for Communications, Energy and Natural Resources signed a group of statutory instruments into law which transpose the EU telecommunications reform package.

Among those regulations are the European Communities (Electronic Communications Networks and Services)(Privacy and Electronic Communications) Regulations 2011.

The Regulations are lengthy but the Data Protection Commissioner already has a guidance note online outlining the changes introduced, the most significant being:

  • Compulsory notification of individuals and the Office of the Data Protection Commissioner in the case of data breaches
  • More stringent requirements for user consent for the placing of “cookies” on electronic devices
  • Stricter requirements for the sending of electronic marketing messages and the making of marketing phone calls

I previously wrote about mandatory reporting of data breaches in the context of general data protection law (rather than sector-specific rules).

Leo Moore (William Fry) points out that the new rules on cookies do not provide for a lead in time, as was the case in the UK. This will put pressure on operators subject to the rules to get their house in order quickly. He notes:

Website operators and other interested parties are keenly following how the Cookie Regulations will be interpreted and enforced in Ireland in light of the need to obtain website user consent each time a cookie is placed on a website user’s computer. Many such parties have concerns in relation to the practical implications of complying with such obligations.

For more, try following Ronan Lupton (ALTO), TJ McIntyre (UCD/DRI), Leo Moore (WF) & David Cullen (WF) on Twitter.

Department of Jobs, Enterprise & Innovation (brief) consultation on filesharing injunctions

[Updated 23/06/11] In the (literally) last days of the previous Government, a rumour shot around that the then Minister for Enterprise, Trade and Innovation was about to sign a statutory instrument into law which would address the gap in the law criticised by Mr. Justice Chartleton in the EMI & ors v. UPC case.

A firm denial was issued by the Minister but I’m not sure anyone really believed that a draft SI wasn’t floating around somewhere. Anyway, the newly-titled Department of Jobs, Enterprise & Innovation has put a draft SI out to consultation. The relevant SI text is below.

Deadline for submissions is 1 July 2011: less than 2 weeks from today. That’s pretty swift consultation by any standard. Apparently the Department received a number of requests for an extension to the consultation period, so the new deadline for submissions is Friday 29 July 2011.

New section 40(5A) of the Copyright & Related Rights Acts:

(5A)(a) without prejudice to subsections (3) and (4), the owner of the copyright in the work concerned may apply to the High Court for an injunction against a person who provides facilities referred to in subsection (3) where those facilities are being used by one or more third parties to infringe the copyright in that work.

(b) In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any third party likely to be affected and the court shall make such directions (including, where appropriate, a direction requiring a third party to be put on notice of the application) as the court may deem necessary or appropriate in all the circumstances.

New section 205(9A) of the Copyright & Related Rights Acts:

(9A)(a) without prejudice to subsections (7) and (8), the rightsowner may apply to the High Court for an injunction against a person who provides facilities referred to in subsection (7) where those facilities are used by one or more third parties to infringe any of the rights referred to in Parts III and IV.

(b) In considering an application for an injunction under this subsection, the court shall have due regard to the rights of any third party likely to be affected and the court shall make such directions (including, where appropriate, a direction requiring a third party to be put on notice of the application) as the court may deem necessary or appropriate in all the circumstances.

Thanks to Ronan Lupton for bringing the consultation to my attention.

Privacy and the press

I wrote a short article for last week’s Sunday Business Post on the super-injunctions story and the conflict between freedom of speech and privacy. It appeared in the Computers and Business magazine and is available here.

It’s a difficult topic to tackle in a short article and some more thoughts on the issue are in my earlier rambling blogpost. However, Karlin Lillington dealt with the issue expertly in last Friday’s Irish Times by contrasting the UK super-injunctions saga with the Irish experience of data protection and retention laws.

PRIVACY HAS two definitions. There is the definition that applies if you are wealthy, or a celebrity, or a corporation or organisation, and you wish carefully to protect from the public eye your infidelities, personal peccadilloes, ethically questionable activities, illegal doings or other foibles that might damage your income, reputation or bottom line.

Then, there is the definition that applies if you are just an ordinary citizen and a bank, an insurance company, an electronics manufacturer, a telecommunications company, a law enforcement agency, a government department or other organisation holds or would like to view lots of potentially sensitive information about you.

If you are in the former, elite group, lucky you. You will find you are entitled to all sorts of perks and privileges when it comes to your special definition of privacy. Your national government may come up with laws specifically to protect your version of privacy.

Justice systems may invent special protections that mean not only is no one allowed to mention whatever it is you or your company is said to have done, but no one is even allowed to mention that such a legal protection is there in the first place.

Social media and internet companies may, despite public statements about valuing their users and freedom and democracy, relinquish information about the people who might have said something annoying about you, your company or your government, the better to enable the justice system to get these aggravating people off your back.

If you are in the second group, your privacy is too often a commodity.

Election 2011: Privacy, intellectual property & the internet

With so much of the electoral attention focussed on crisis management, it is easy to ignore other aspects of each party’s manifestos (or the absence of same in the case of many independents).

It is worth checking these manifestos for references to any issues you have a particular interest in: you might be surprised at what you find. Luckily, blogs like Maman Poulet and Human Rights in Ireland are keeping an eye on the aspects of the party manifestos not concerned solely with bond-burning.

Crowd checking the 1931 general election results, Willis Street, Wellington, 1931
Election night results, pre-Twitter

Our courts and citizens are having to deal with an increasing number of issues under our privacy, data protection and intellectual property laws, so I had a look at the parties’ positions in these areas. If I have missed anything, please let me know in the comments, along with suggestions as to what the manifestos should contain.

Fine Gael

  • FG would “review and update Intellectual Property legislation currently in place to benefit innovation.” This commitment is vague and suggests that the party is aware of issues but hasn’t thought about any solutions yet.
  • FG would “clarify the laws relating to on-line copyright infringement and the enforcement of rights relating to digital communications”. This probably refers to the consequences of the IRMA litigation (contrast with the Green Party manifesto, below). Again, the party does not appear to be ready to offer solutions.
  • What is meant by “the enforcement of rights relating to digital communications”? Does it refer to data retention or freedom of speech? The sentence is somewhat worrying in the absence of elaboration.
  • FG will revamp the Patents Office website. This is a bizarrely specific proposal, by contrast with the other high-level proposals.
  • The consultancy industry will be delighted to learn of plans for “an E-day on January 1st, 2016 by which all government services to business will be on-line only.”
  • FG would “develop Ireland as a ‘Digital Island’ and first-mover when it comes to information technology.” One might be forgiven for thinking that is an aspiration that is somewhat unrealistic in 2011.
  • FG would introduce a national DNA database. The process of doing so had already been started by the outgoing administration.
  • The party proposes a Circuit Commercial Court along the lines of the existing Commercial Court but which deals with smaller-value commercial disputes (the Circuit Court can generally hear cases for claims worth up to €38,092.14)

Labour

  • Labour’s Innovation Strategy Agency would, among other things, “make Ireland a world leader in the management of [IP]”.
  • Labour “supports the development of an International Content Services Centre in Ireland, and its potential to make Ireland a European hub for the dissemination of Intellectual Property.” This was, in fact, a commitment of the renewed Programme for Government agreed by Fianna Fáil and the Green Party in October 2009. It is also firmly in Your Country, Your Call territory: one of the winning YCYC proposals was to establish an ICSC. The competition winners were announced in September 2010, almost one year after the establishment of an ICSC became Government policy.
  • Labour propose to introduce civil orders against serious offenders following conviction, for example, restrictions on the use of the internet by those convicted of child sex offences.
  • Labour wants to make Ireland a headquarters location for data centres and cloud computing. The party would establish an expert group to review security and privacy issues arising from these areas. A data protection review group established by the Minister for Justice 2008 published a report in 2010. The EU is also currently reviewing the Data Protection Directive (Irish law implements the Directive) and cloud computing is one issue under review in that context.

Fianna Fáil

I will not be the first to suggest that the FF manifesto consists primarily of a defence of the outgoing Government’s policies and lists of achievements since 1997. It is not surprising, therefore, that party does not appear to offer much in the areas of privacy, IP and the internet.

No direct reference is made to copyright, data protection, privacy or the internet (not one instance of the word internet in the whole manifesto, though commitments are made about broadband). One, incidental, reference is made to IP in the context of publicly-funded research. While FG want to clarify the law on exploiting IP developed by third level institutions, FF want the outcomes of publicly-funded research to be made freely available “save where there are specific commercial intellectual-property issues.”

  • FF commits to supporting research and development and to continue use of the innovation voucher system to help small businesses acquire R&D.
  • Like the Labour party, the FF manifesto commits to fostering cloud computing services. It also commits to establishing the International Content Services Centre (as already mentioned, this has been Government policy since 2009).

Green Party

  • The Greens would “[p]revent private organisations from intruding into a citizen’s privacy”. The Data Protection Acts 1988 and 2003 already do this in general terms, but I assume that the Greens are proposing either reform of those Acts or the implementation of some form of specific privacy law, as was proposed but not implemented by the outgoing administration.
  • The Greens would prevent organisations from “summarily punishing citizens for alleged illegal activities and from interfering with citizens’ legitimate and legal uses of content.” Again, a little interpretation is required, but I assume this suggests that the Greens would deal with the consequences of the IRMA litigation in a manner which favours citizens over companies. As Minister for Communications, Eamon Ryan said that he was seeking the advice of the Attorney General in this area but his holding statement to the Dáil last year did not indicate any thinking along the lines of what is now contained in the manifesto.
  • The party would “[u]pdate the role of the Data Commissioner to ensure evolving technologies are in check with the rights of Irish citizens.” This might refer to increased enforcement powers, which would be welcome.
  • The party would completely oppose the introduction of software patents.

Sinn Féin

The SF manifesto makes no direct reference to copyright, intellectual property, data protection, privacy or the internet. However, the party would “focus on creating new jobs across the agri-food, tourism and IT/pharma sectors, and Research and Development as well as with initiatives that will ensure Ireland becomes a world leader in green energy.”