German DPAs: Situation regarding consent for cookies is “unacceptable”

In February 2015, the German data protection authorities adopted a resolution with the title “Tracking of user behavior on the Internet” (German).

In this resolution, the authorities urge the German government to finally transpose the standards of European directive 2002/58/EC (so called ePrivacy Directive). The authorities are of the opinion that the current German data protection law (especially the German Telemedia Act (Telemediengesetz)) does not correctly implement Art. 5 para 3 of directive 2002/58/EC (in the revised version of directive 2009/136/EC). According to Art. 5 para 3 of the ePrivacy Directive, European “Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing”. Continue reading

eBay Again – Your Ended Auctions Can Cause Some Trouble, Too

An eBay seller who has used copyright protected photos without the author’s permission and made a corresponding desist declaration is obliged not only to end the auction but rather to delete the pictures from the ended auctions entirely. Continue reading

ECJ-decision: International jurisdiction in case of copyright infringement on a website

By judgment of 22 January 2015 (C-441/13), the European Court of Justice (ECJ) decided on the interpretation of Art. 5 para 3 of Regulation 44/2001 (Brussels I) on international jurisdiction of courts in a copyright infringement case. According to the ECJ, in case of an alleged infringement of copyrights and rights related to copyright by placing of protected photographs online on a website, the court is competent in the district where this website is accessible in its territorial jurisdiction. But this national court has jurisdiction only to rule on the damage caused in the European Member State within which the court is situated.
Continue reading

Protection for protection rights: The Federal Court of Justice on safeguard measures for video games

The German Federal Court of Justice (“BGH”, Videospielkonsolen II) has stated that technical safeguard measures for video games fall under the scope of section 95a (3) nr. 3 of the German Copyright Act (“UrhG”), if such measures (in the case decided: Nintendo DS cards for Nintendo DS games consoles) are specifically designed to prevent illegal copies of the games which are played on the consoles.
Continue reading

District Court of Berlin: Google Germany not responsible for ‘right to be forgotten’-requests

On 21 August 2014, the District Court of Berlin ruled (27 O 293/14, German) that the subsidiary of Google in Germany, Google Germany GmbH, is not responsible for the fulfillment of requests of natural persons under the so called ‘right to be forgotten’, created by the European Court of Justice (ECJ) in its much-noticed judgment in May 2014 (C-131/12). The Berlin court held that only the American company, Google Inc., can be regarded as the ‘data controller’ in the sense of European data protection law because only Google Inc. is the operator of the search engine. As a consequence, legal actions must be brought against Google Inc., not the subsidiary in Hamburg. Natural persons who want a link to third party websites to be removed from the search result list following a search made on the basis of a person’s name would therefore have to sue Google Inc. and not the European subsidiary.
Continue reading

Creative Commons and “non-commercial” use of works on websites

In a very recent ruling of 31 October 2014, the Higher Regional Court of Cologne (“OLG”) has further defined the scope of “commercial use” within the meaning of the Creative Commons Licenses According to the OLG (Az. 6 U 60/14), the use of a picture licensed under the CC-BY-NC 2.0-License to illustrate an article on a radio station’s website is “non-commercial” use within the meaning of the CC-License, even if users pay for the website by paying radio license fees. The OLG further discusses the question, when cutting a picture into shape can be considered as “adaptation” within the meaning of the license.
Continue reading

Do XING profiles require a masthead?

This past summer, a decision of the Stuttgart Regional Court became known by the name #XINGGATE. In its decision (LG Stuttgart, decision of June 27, 2014 – file number: 11 O 51/14), the court held XING profiles to be independent telemedia, to which § 5 Telemediengesetz, the German Law on Telemedia (TMG) applies, meaning that personal XING profiles have be equipped with a masthead under German law.

Continue reading

Will the use of social networks fall outside the scope of future data protection law?

If private persons use social networking services (e.g. Facebook, Twitter, GooglePlus) in the Internet these days, hardly anyone might think about legal obligations for these users under the current data protection regime. Why should natural, private persons be considered “data controllers” in the sense of Art. 2 (d) of the European data protection directive (95/46/EC), if they share photos or write comments? They are only acting in a private and personal capacity. Well, this view might be true from a factual perspective. But with regard to European data protection law, already in a 2009 opinion (PDF), the Article 29 Working Party (an independent European advisory body on data protection, formed by representatives of European data protection authorities) held that “a high number of contacts could be an indication that the household exception does not apply and therefore that the user would be considered a data controller”. Conclusion: if you share a photo, name etc. with many people on Facebook, you might be a data controller in the eyes of data protection authorities and would therefore have to proof the lawfulness of the respective data processing operation. Continue reading

Smart cars: Who owns the data?

The ‘Internet of Things’ is one of the current buzzwords in the international data protection sphere. In the future, more and more home appliances will have a connection to the Internet and will serve as sensors in our homes, facilitating our life as one may for example turn on the heating via an app while driving home at night from the office.

Not only will we see more and more smart devices in our homes, but also car manufacturers are increasing their efforts for future solutions of the next generation of smart cars. At this year’s CeBit in Hannover, privacy issues surrounding the smart car were one of the top themes. “I clearly say yes to Big Data, yes to greater security and convenience, but no to paternalism and Big Brother”, said Martin Winterkorn, Chairman of the Volkswagen Group, at the opening ceremony.
Continue reading

… Until Authorship is Proven

Under German copyright law, injunctive reliefs are subject to the condition of danger of repetition. Such danger is assumed once a copyright infringement occurred, but it is eliminated, if the infringer signs a declaration of discontinuance with a penalty clause (in German “strafbewehrte Unterlassungerklärung”) within the set deadline. The Higher Regional Court of Hamburg (OLG Hamburg, decision of October 16, 2014 – file number: 5 U 39/13) now held that such declaration of discontinuance is insufficient, if it includes a so-called potestative clause, i.e. the declaration is subject to the claimant proving his authorship.

Continue reading

Are Dynamic IP-Addresses “Personal Data” As Defined By the EU Data Protection Directive?

And if so; May they be recorded? – The German Federal Court of Justice (BGH) in its decision dated October 28, 2014, court ref. VI ZR 135/13 referred to the to the European Court of Justice (ECJ) for a preliminary ruling regarding the interpretation of the EU Data Protection Directive concerning the definition of the term “personal data” therein and recording of dynamic IP-addresses. Continue reading

For bloggers and other content sharers: why framing of third party content does not violate third party copyright

The European Court of Justice (ECJ) has stated that framing of content (such as embedding Youtube videos or other content on blogs and other websites via link) does not violate the copyright of the author of the respective content. In particular, such framing is not considered a “making available to the public” according to the European directive on copyright in the Information Society (2001/29/EC) and section 19a of the German Copyright Act (“UrhG”). However, it can be derived from the court ruling that this applies only if the reproduction is not meant for a new audience and does not use a different reproduction technique.

Continue reading

Home office solutions for employees – requirements under German data protection law

Under German data protection law, as well as under the European data protection directive (95/46/EC), there exist no specific provisions that would govern the processing of personal data in home office scenarios. Only few German data protection authorities published recommendations on how or which kind of technical or organizational measures should be implemented, if a company wants to grant its employees the benefit of working at home. The few existing recommendations remain mainly vague and don’t name specific measures which must be taken.
Continue reading

The Title of an App Can Be Protected as a Work Title under German Trademark Law – If it Is Not Merely Descriptive

The Higher Regional Court of Cologne (OLG Köln) held in its decision (court ref. 6 U 205/13) dated September 5, 2014 that the title of a mobile app can enjoy protection against similar titles for similar services. However, the claimant who is the operator of a German weather information website that runs under the domain <> and an app with identical content also titled <> cannot prohibit the use of the title <wetter DE> or <wetter-de> for a similar weather app by the defendant. Continue reading

Copyright Law: The Author’s Right to be Named

According to the district court of Kassel’s decision of June 6th, 2014 (file number: 410 C 3000/13) authors of copyrighted works can exercise their right to decide if and how they want to be named as author of their works through terms and conditions. Continue reading

(More) certainty ahead: liability of commercial operators of open WLAN networks

Commercial WLAN operators will soon be certain about when and in how far they are liable for violations of third party rights by their users. The District Court in Munich (7 O 14719/12) has stayed the proceedings in a pending litigation and has submitted questions to the European Court of Justice (ECJ).

Inter alia, the court asks the liability privilege regulated in the European e-commerce directive and the German Teleservices Act (“Telemediengesetz” – TMG) is to be interpreted in a way that claims for injunctive relief, damage claims, and claims for the reimbursement of costs for warnings and court proceedings are excluded against the WLAN-operator in general or at least with regard to the first violation of third party rights. According to the respective provisions in the directive and the TMG; access providers are not responsible for the information submitted through their services.

Continue reading

European data protection law and minors – no legal certainty

The fundamental right to the protection of personal data as enshrined in Art. 8 (1) of the Charter of Fundamental Rights of the European Union (PDF) as well as the right to informational self-determination, derived from Art. 2 (1) and 1(1) of the German Constitution are not exclusive right of adults. Also children’s personal data are protected by these fundamental rights and consequently by the European Data Protection Directive (Directive 95/46/EC) or the respective national laws.

But if it comes to the practical compliance for companies, for example if you want to develop an app for children, European data protection laws currently will leave providers alone with an answer to the question, when a consent by minors might serve as the legal basis for the processing of their data. Continue reading

Court Decision: Companies Allowed to run Fanpages on Facebook

The Administrative Court of Schleswig (Verwaltungsgericht Schleswig) held today in three parallel decisions that companies that run their own fanpages on Facebook are not responsible for the social network’s data collection and processing under German data protection law. Continue reading