Rightholders are entitled to damages when their photographs are used by third parties who have not been granted the necessary rights of use. Under German copyright law, damages are calculated according to the so-called license analogy method. This method assumes a fictitious license agreement upon reasonable conditions between the rightholder and the infringer. The rightholder then receives monetary compensation amounting to the royalties the parties would have reasonably agreed on. Continue reading
When drafting and negotiating technology agreements of almost any sort between German companies and US or UK companies (or companies from other common law based countries), particularly on software, one of the various Groundhog moments that one experiences is the never-ending discussion on everything that is “warranty”. Continue reading
On 26th January 2016, the conference of the German data protection authorities and German Association of the Automotive Industry (VDA) agreed on a joint statement (PDF, in German) concerning aspects of data protection relating to the usage of smart cars.
According to the parties, smart cars and the proceeding digitalization in cars create advantages (safety and comfort) but also risks for the personal rights of individuals. The German authorities and car manufacturers agreed inter alia on the following aspects:
1. Personal data: During the use of modern cars, data is created permanently. Particularly by using additional information, this data created by smartcars can be attributed to the car owner or to the driver and be considered “personal data” in the sense of European data protection law. Data created during the usage of a vehicle is at least considered “personal data” within the meaning of the Federal Data Protection Act (Act), if it is linked to the vehicle identification number or the license plate. Continue reading
The Higher District Court in Munich (the “OLG”, 29 U 2593/15) revisited the evergreen topic “filesharing”. It ruled that, in case of an alleged copyright infringement, the owner of an internet connection has to present all known facts with regard to the infringer, even if such infringer is a family member. If the owner of the internet connection does not do so, he will be liable himself. Continue reading
In February 2015, the German data protection authorities adopted a resolution with the title “Tracking of user behavior on the Internet” (German).
In this resolution, the authorities urge the German government to finally transpose the standards of European directive 2002/58/EC (so called ePrivacy Directive). The authorities are of the opinion that the current German data protection law (especially the German Telemedia Act (Telemediengesetz)) does not correctly implement Art. 5 para 3 of directive 2002/58/EC (in the revised version of directive 2009/136/EC). According to Art. 5 para 3 of the ePrivacy Directive, European “Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing”. Continue reading
By judgment of 22 January 2015 (C-441/13), the European Court of Justice (ECJ) decided on the interpretation of Art. 5 para 3 of Regulation 44/2001 (Brussels I) on international jurisdiction of courts in a copyright infringement case. According to the ECJ, in case of an alleged infringement of copyrights and rights related to copyright by placing of protected photographs online on a website, the court is competent in the district where this website is accessible in its territorial jurisdiction. But this national court has jurisdiction only to rule on the damage caused in the European Member State within which the court is situated.
The German Federal Court of Justice (“BGH”, Videospielkonsolen II) has stated that technical safeguard measures for video games fall under the scope of section 95a (3) nr. 3 of the German Copyright Act (“UrhG”), if such measures (in the case decided: Nintendo DS cards for Nintendo DS games consoles) are specifically designed to prevent illegal copies of the games which are played on the consoles.
On 21 August 2014, the District Court of Berlin ruled (27 O 293/14, German) that the subsidiary of Google in Germany, Google Germany GmbH, is not responsible for the fulfillment of requests of natural persons under the so called ‘right to be forgotten’, created by the European Court of Justice (ECJ) in its much-noticed judgment in May 2014 (C-131/12). The Berlin court held that only the American company, Google Inc., can be regarded as the ‘data controller’ in the sense of European data protection law because only Google Inc. is the operator of the search engine. As a consequence, legal actions must be brought against Google Inc., not the subsidiary in Hamburg. Natural persons who want a link to third party websites to be removed from the search result list following a search made on the basis of a person’s name would therefore have to sue Google Inc. and not the European subsidiary.
In a very recent ruling of 31 October 2014, the Higher Regional Court of Cologne (“OLG”) has further defined the scope of “commercial use” within the meaning of the Creative Commons Licenses de.creativecommons.org. According to the OLG (Az. 6 U 60/14), the use of a picture licensed under the CC-BY-NC 2.0-License to illustrate an article on a radio station’s website is “non-commercial” use within the meaning of the CC-License, even if users pay for the website by paying radio license fees. The OLG further discusses the question, when cutting a picture into shape can be considered as “adaptation” within the meaning of the license.
This past summer, a decision of the Stuttgart Regional Court became known by the name #XINGGATE. In its decision (LG Stuttgart, decision of June 27, 2014 – file number: 11 O 51/14), the court held XING profiles to be independent telemedia, to which § 5 Telemediengesetz, the German Law on Telemedia (TMG) applies, meaning that personal XING profiles have be equipped with a masthead under German law.
If private persons use social networking services (e.g. Facebook, Twitter, GooglePlus) in the Internet these days, hardly anyone might think about legal obligations for these users under the current data protection regime. Why should natural, private persons be considered “data controllers” in the sense of Art. 2 (d) of the European data protection directive (95/46/EC), if they share photos or write comments? They are only acting in a private and personal capacity. Well, this view might be true from a factual perspective. But with regard to European data protection law, already in a 2009 opinion (PDF), the Article 29 Working Party (an independent European advisory body on data protection, formed by representatives of European data protection authorities) held that “a high number of contacts could be an indication that the household exception does not apply and therefore that the user would be considered a data controller”. Conclusion: if you share a photo, name etc. with many people on Facebook, you might be a data controller in the eyes of data protection authorities and would therefore have to proof the lawfulness of the respective data processing operation. Continue reading
The ‘Internet of Things’ is one of the current buzzwords in the international data protection sphere. In the future, more and more home appliances will have a connection to the Internet and will serve as sensors in our homes, facilitating our life as one may for example turn on the heating via an app while driving home at night from the office.
Not only will we see more and more smart devices in our homes, but also car manufacturers are increasing their efforts for future solutions of the next generation of smart cars. At this year’s CeBit in Hannover, privacy issues surrounding the smart car were one of the top themes. “I clearly say yes to Big Data, yes to greater security and convenience, but no to paternalism and Big Brother”, said Martin Winterkorn, Chairman of the Volkswagen Group, at the opening ceremony.
Under German copyright law, injunctive reliefs are subject to the condition of danger of repetition. Such danger is assumed once a copyright infringement occurred, but it is eliminated, if the infringer signs a declaration of discontinuance with a penalty clause (in German “strafbewehrte Unterlassungerklärung”) within the set deadline. The Higher Regional Court of Hamburg (OLG Hamburg, decision of October 16, 2014 – file number: 5 U 39/13) now held that such declaration of discontinuance is insufficient, if it includes a so-called potestative clause, i.e. the declaration is subject to the claimant proving his authorship.
And if so; May they be recorded? – The German Federal Court of Justice (BGH) in its decision dated October 28, 2014, court ref. VI ZR 135/13 referred to the to the European Court of Justice (ECJ) for a preliminary ruling regarding the interpretation of the EU Data Protection Directive concerning the definition of the term “personal data” therein and recording of dynamic IP-addresses. Continue reading
The European Court of Justice (ECJ) has stated that framing of content (such as embedding Youtube videos or other content on blogs and other websites via link) does not violate the copyright of the author of the respective content. In particular, such framing is not considered a “making available to the public” according to the European directive on copyright in the Information Society (2001/29/EC) and section 19a of the German Copyright Act (“UrhG”). However, it can be derived from the court ruling that this applies only if the reproduction is not meant for a new audience and does not use a different reproduction technique.
Under German data protection law, as well as under the European data protection directive (95/46/EC), there exist no specific provisions that would govern the processing of personal data in home office scenarios. Only few German data protection authorities published recommendations on how or which kind of technical or organizational measures should be implemented, if a company wants to grant its employees the benefit of working at home. The few existing recommendations remain mainly vague and don’t name specific measures which must be taken.
The Higher Regional Court of Cologne (OLG Köln) held in its decision (court ref. 6 U 205/13) dated September 5, 2014 that the title of a mobile app can enjoy protection against similar titles for similar services. However, the claimant who is the operator of a German weather information website that runs under the domain <wetter.de> and an app with identical content also titled <wetter.de> cannot prohibit the use of the title <wetter DE> or <wetter-de> for a similar weather app by the defendant. Continue reading
Commercial WLAN operators will soon be certain about when and in how far they are liable for violations of third party rights by their users. The District Court in Munich (7 O 14719/12) has stayed the proceedings in a pending litigation and has submitted questions to the European Court of Justice (ECJ).
Inter alia, the court asks the liability privilege regulated in the European e-commerce directive and the German Teleservices Act (“Telemediengesetz” – TMG) is to be interpreted in a way that claims for injunctive relief, damage claims, and claims for the reimbursement of costs for warnings and court proceedings are excluded against the WLAN-operator in general or at least with regard to the first violation of third party rights. According to the respective provisions in the directive and the TMG; access providers are not responsible for the information submitted through their services.
The fundamental right to the protection of personal data as enshrined in Art. 8 (1) of the Charter of Fundamental Rights of the European Union (PDF) as well as the right to informational self-determination, derived from Art. 2 (1) and 1(1) of the German Constitution are not exclusive right of adults. Also children’s personal data are protected by these fundamental rights and consequently by the European Data Protection Directive (Directive 95/46/EC) or the respective national laws.
But if it comes to the practical compliance for companies, for example if you want to develop an app for children, European data protection laws currently will leave providers alone with an answer to the question, when a consent by minors might serve as the legal basis for the processing of their data. Continue reading