On Liability and Liability Clauses in German Law

When you negotiate agreements between German companies and companies with a – broadly speaking – common law background, especially the U.S., one issue that keeps appearing is the parties’ liability for damages. Groundhog day, if you will.

“Liability” is certainly a difficult legal term to being with, especially as you have to first decide what you are actually talking about when using the word. Continue reading

License Termination: Thoughts on Scorpio v. Willis and a Pirates Proposal

Recently, the news broke that Village People songwriter Victor Willis (for those who don’t know who he is just one word: YMCA!) had won an important case (see here and here) on the issue of US copyright termination rights (sec. 203 of the Copyright Act). I’ve wanted to write about this topic ever since, but well, there was so much going on in the IP/IT world lately, and, whoops, four weeks have passed like nothing. Anyway, I just came across a proposal of the German Pirates involving the introduction of a license termination mechanism similar to the US approach and thought I’d just shoot out a few observations and thoughts. Continue reading

No liability for third party content embedded via RSS-feed unless made aware of infringement

With judgment dated 27 March 2012 the German Federal Court of Justice (Bundesgerichtshof, BGH) held that the provider of an information portal who puts news online that may easily be detected as third party content – in this case: RSS-feeds – is  generally not required to check the articles with regard to potential rights infringements prior to publishing them.

Once the provider of an information portal has been made aware of an infringement of the personality right by the person affected the provider may be held liable to prevent such infringements in the future.

The reasons of the BGH’s decision dated are now available in German.  Continue reading

„Implied Consent“ to Cookies Being Set Suffices in the UK

Contrary to what had been the understanding before, the ICO in its capacity as data privacy watchdog in the UK has now declared in his guidance (download it here) that implied consent – if actually given – is just as valid a form of consent as explicit consent. That is not to say that website owners can simply continue to as before. When you read through the ICO’s advice on how implied consent may be brought about, it becomes quite clear that there really is not much difference from what the website owner must do to obtain explicit consent. Continue reading

CNIL’s Sends Second Questionnaire to Google on Google’s New Privacy Policy

Google’s new privacy policy is not that new, as it “went into force” on March 1. It is still big news in data protection terms, though, at least as far as European data protection authorities are concerned. CNIL, commissioned by the Art. 29 Working Party, has now sent a second rather comprehensive questionnaire to Google. Obviously they were not completely sold on Google’s answers to the first set of questions CNIL had sent in March. Continue reading

Tracking and Controlling Your Child’s Mobile Phone Activities

I just came across a post on golem.de (a rather good IT news site – in German only, sadly) about bemilo, a service in the UK that (I quote)

“puts [parents] in full control of [their] child’s mobile service”;

“puts [parents] in the driving seat, 24 hours a day”;

“[gives parents] FULL control [w]ho [their] children can contact and who can contact them, time of das [their] children can use their phone, WHEN they can browse the web”;

“[enables parents to] [r]eview all calls & SMS messages at any time, block bullies at the flick of a switch, control mobile spend with no fuss [emphasis added].”

Do watch the intro on the website. It’s rather, well, unique, besides the fact that it the little toy man in the intro looks suspiciously similar to a typical LEGO design. Continue reading

German E-Commerce Law: “Button Solution” To Come into Force in August 2012

In March 2012 the German Federal Legislator adopted several comsumer protection statutes that will have considerable impact on B2C e- and m-commerce business activities in Germany, implementing, in particular, Art. 8 (2) of Directive 2011/83/EU. The new law applies to any contractural transaction that is entered into via electronic means of communication and leads to payment obligations for the consumer, i.e. any purchase of a book in an online shop, any subscription of content services made as an in app purchase, as well as any other such contract unless it is free of charge. Continue reading

Germany is Ready for Cloud Computing? Well, if the BSA says so…

According to the Business Software Alliance’s (BSA) “Global Cloud Computing Scorecard”, Germany is ready for the cloud computing age, ranking at a spectacular No. 3, ahead of such cloud computing powerhouses as the United States, Italy and Poland! If you’re interested in the methodology (a word that my spell check has never heard of) uses by the BSA, go here. Either way, the result is interesting. Because, and I know I’m repeating myself, if you ask data protection practitioners in Germany, “ready” is certainly not the term that comes to mind when dealing with the cloud. Continue reading

Fraunhofer Study on the (Lack of) Data Security of Cloud Storage Services

Popular cloud storage sercives often lack data security. This is the result of a detailed study published by MP3 inventor Fraunhofer Institute. Fraunhofer has scrutinized  Dropbox, Cloudme, Crashplan, Mozy, Teamdrive, Ubuntu One and Wuala. Continue reading

Mark Twain, Lord Macauly and the Duration of Copyright

Mike Masnick from Techdirt put out a nice little piece on Mark Twain’s stance on copyright protection and its duration. It seems that the celebrated writer embodied – 100 years ago – both extreme positions that still shape our current discussions on copyright. Quite a fascinating read. And a funny one as well. Just try to imagine how Mr. Samuel L. Clemens appeared before a congressional committee and said the following two sentences: Continue reading

Art. 82 of the (Draft) General Data Protection Regulation

The (Draft) General Data Protection Regulation being a Regulation it not only aims at fully harmonizing the field of law it covers (as some Directives do) but would achieve that goal by simply being the (only) directly applicable law as far as its reach goes. Plus the Commission’s “empowerment to adopt delegated acts”, of course, which is a rather intriguing idea from a democracy point of view. But that’s another story.

One of the very few areas where the member states are given a certain amount of legislative leeway is set forth in Art. 82 of the Draft Regulation. Continue reading

ACTA really ad acta soon?

Last week, at the re:publica conference an illustrious crowd gathered for the sixth time and this time in Kreuzbergs’s Postbahnhof for Germanys biggest conference on blogs, social media and the digital society. Part of the crowd was Neelie Kroes, one of the Vice Presidents of the European Commission and Europan Commissioner for Digital Agenda. In her nicely titled speech about „Freedom online“ she dared to mention that “we are now likely to be in a world without SOPA” – the US’s proposed Stop Online Piracy Act – “and ACTA.” Are we really? Continue reading

Can APIs Be Copyrighted?

There is a lot of noise (for example, here, here, here, here, and here) out there about this week’s verdict in Oracle v. Google, especially about the following question: Are interfaces protected by copyright? I stumbled across quite a few places (see here, here, and here) where experts pointed to the ECJ’s SAS Institute v. World Programming ruling while discussing this question. According to them, the ECJ clearly stated last week that interfaces enjoy no copyright protection. Is this really what the ECJ said? Continue reading

Direct Effect of the “Cookie Directive” in Germany?

It has been reported that today Mr. Peter Schaar, head of the Federal Commissioner for Data Protection and Freedom of Information, announced at the Data Protection Congress 2012 that is currently held in Berlin that the EU “Cookie Directive” – which has not yet been implemented into German law – has EU law’s “direct effect” (also known as “immediate applicability”), making Art 5 (3) of the Directive directly applicable and effective under German law. He (as reported) added that therefore Art. 5 (3) of the Directive can be applied and enforced by the German data protection authorities in their day to day business. Ooops! Continue reading

Schleswig-Holstein Issues First Online Gambling Licenses

We got news on Friday that Schleswig-Holstein (one of sixteen states of Germany) had just issued its first three online gambling licenses (for sports betting). Forty other applications, partly for online sports betting, but also for online poker and Bovegas casino games, are said to be in the pipeline. So far so good and not overly interesting, but look into the details and the matter becomes more intriguing. Continue reading

Analytics Cookies to Be Exempt from Consent Requirement in France

As reported by DataGuidance, the UK Information Commissioner the enforcement of the “cookie law” will be “pragmatic and realistic” in the UK. “Pragmatic” and realistic”: Sounds good doesn’t it? Doesn’t sound very German, though, does it? As explained here, the cookie situation in Germany is still unresolved, largely due to the (my take on the matter) inability to come up with a draft for transforming the Directive’s into German law that provides for a workable solution the problem. It seems that at least the current government feels uncomfortable to pass a law the wording of which would effectively rule out a good portion of how websites work today.

Even more interestingly, in the same DataGuidance post they report that the French Data Protection Authority (CNIL) will exempt analytics cookies from the new requirement of prior consent. Continue reading

SAS v WPL: No Copyright Protection for Programming Languages

Hooray: On 2 May the ECJ ruled that “neither the functionality of a computer program nor the programming language and the format of data files used in a computer program in order to exploit certain of its functions constitute a form of expression of that program and, as such, are not protected by copyright in computer programs.” Continue reading

On Facebook Fan Pages

As you may have heard, as per the self-appointedly competent data protection authorities in Germany you may not set up and maintain a Facebook fan page, nor may you embed Facebook plugins into to your web pages (it’s true, read here, here, here, and here). If you do, you’re acting in violation of German data protection law. Continue reading

More on exhaustion

Just after finishing our recent post on the exhaustion doctrine (ECJ “Usedsoft”), I came across two other news reports touching upon the same issues. The first concerned an ongoing dispute between Microsoft and a German used license trading company . The second pointed to an (unintentionally comical) decision of the Higher Regional Court of Stuttgart (Oberlandesgericht Stuttgart). Continue reading

The “Sopot Memorandum”: Recommendations on Cloud Computing

The International Working Group on Data Protection in Telecommunications, a working group of the International Conference of Data Protection and Privacy Commissioners (no entry in the Wikipedia. Should that make us think?), established and still run by the head of the data protection authority of the federal state of Berlin, has published a working paper with recommendations regarding the use of cloud computing services by companies and public authorities. They’ve called it the “Sopot Memorandum“. Conference pros never fail to pick one of the nicer and more interesting spots to meet, do they?

Starting from the usual analysis (cloud computing is risky with respect to privacy, data protection “and other legal issues”, you know the deal), the Working Group, essentially, recommends: Continue reading