Patrick Breyer v Federal Republic of Germany: Dynamic IP addresses = Personal Data? And Is German Data Protection Law too Restrictive?

Today, Attorney General Campos Sánchez-Bordona has delivered his Opinion in the Patrick Breyer v Federal Republic of Germany case before the ECJ (C-582/14; you can find the Opinion here in just about any language except English)).

We recall: The Bundesgerichshof (the highest court in Germany for all civil and criminal matters) submitted to the ECJ the following two questions:

“Must Article 2(a) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data 1  — the Data Protection Directive — be interpreted as meaning that an Internet Protocol address (IP address) which a service provider stores when his website is accessed already constitutes personal data for the service provider if a third party (an access provider) has the additional knowledge required in order to identify the data subject?”

“Does Article 7(f) of the Data Protection Directive preclude a provision in national law under which a service provider may collect and use a user’s personal data without his consent only to the extent necessary in order to facilitate, and charge for, the specific use of the telemedium by the user concerned, and under which the purpose of ensuring the general operability of the telemedium cannot justify use of the data beyond the end of the particular use of the telemedium?”

Continue reading

“Hyperlink does Not Constitute a Copyright Infringement”

Article 3 (1) of Directive 2001/29/EC on the “harmonisation of certain aspects of copyright and related rights in the information society” legally communicating copyrighted works to the public depends on the copyright holders authorization.

Continue reading

District Court of Berlin: Google Germany not responsible for ‘right to be forgotten’-requests

On 21 August 2014, the District Court of Berlin ruled (27 O 293/14, German) that the subsidiary of Google in Germany, Google Germany GmbH, is not responsible for the fulfillment of requests of natural persons under the so called ‘right to be forgotten’, created by the European Court of Justice (ECJ) in its much-noticed judgment in May 2014 (C-131/12). The Berlin court held that only the American company, Google Inc., can be regarded as the ‘data controller’ in the sense of European data protection law because only Google Inc. is the operator of the search engine. As a consequence, legal actions must be brought against Google Inc., not the subsidiary in Hamburg. Natural persons who want a link to third party websites to be removed from the search result list following a search made on the basis of a person’s name would therefore have to sue Google Inc. and not the European subsidiary.
Continue reading

Are Dynamic IP-Addresses “Personal Data” As Defined By the EU Data Protection Directive?

And if so; May they be recorded? – The German Federal Court of Justice (BGH) in its decision dated October 28, 2014, court ref. VI ZR 135/13 referred to the to the European Court of Justice (ECJ) for a preliminary ruling regarding the interpretation of the EU Data Protection Directive concerning the definition of the term “personal data” therein and recording of dynamic IP-addresses. Continue reading

E-Commerce Law Reports with our article on Oracle v. UsedSoft

As a blogger you are always happy to receive feedback from your readers. So I was really pleased when shortly after posting my recent comments about the CJEU’s UsedSoft decision, the E-Commerce Law Reports approached me to ask whether I could write a more detailed article about the case for their August 2012 issue. Recently published, this issue also contains a number of other fascinating contributions by colleagues from around the world on a variety of important topics such as the online collection of consumer data, search engines’ liability for misleading search results, the cloning of games, advertising on Twitter, etc. Check it out: http://www.e-comlaw.com/e-commerce-law-reports/

The ECJ surprises in Oracle v. UsedSoft

Yesterday, the European Court of Justice handed down its ruling in Oracle v. UsedSoft. The court followed largely the Advocate General’s trail (we reported), but at some – crucial – point, it took a different, rather surprising direction which will have considerable impact on the marketing of software (and maybe other copyright-protected works, too). Continue reading

Art. 82 of the (Draft) General Data Protection Regulation

The (Draft) General Data Protection Regulation being a Regulation it not only aims at fully harmonizing the field of law it covers (as some Directives do) but would achieve that goal by simply being the (only) directly applicable law as far as its reach goes. Plus the Commission’s “empowerment to adopt delegated acts”, of course, which is a rather intriguing idea from a democracy point of view. But that’s another story.

One of the very few areas where the member states are given a certain amount of legislative leeway is set forth in Art. 82 of the Draft Regulation. Continue reading

Can APIs Be Copyrighted?

There is a lot of noise (for example, here, here, here, here, and here) out there about this week’s verdict in Oracle v. Google, especially about the following question: Are interfaces protected by copyright? I stumbled across quite a few places (see here, here, and here) where experts pointed to the ECJ’s SAS Institute v. World Programming ruling while discussing this question. According to them, the ECJ clearly stated last week that interfaces enjoy no copyright protection. Is this really what the ECJ said? Continue reading

Direct Effect of the “Cookie Directive” in Germany?

It has been reported that today Mr. Peter Schaar, head of the Federal Commissioner for Data Protection and Freedom of Information, announced at the Data Protection Congress 2012 that is currently held in Berlin that the EU “Cookie Directive” – which has not yet been implemented into German law – has EU law’s “direct effect” (also known as “immediate applicability”), making Art 5 (3) of the Directive directly applicable and effective under German law. He (as reported) added that therefore Art. 5 (3) of the Directive can be applied and enforced by the German data protection authorities in their day to day business. Ooops! Continue reading

Schleswig-Holstein Issues First Online Gambling Licenses

We got news on Friday that Schleswig-Holstein (one of sixteen states of Germany) had just issued its first three online gambling licenses (for sports betting). Forty other applications, partly for online sports betting, but also for online poker and Bovegas casino games, are said to be in the pipeline. So far so good and not overly interesting, but look into the details and the matter becomes more intriguing. Continue reading

More on exhaustion

Just after finishing our recent post on the exhaustion doctrine (ECJ “Usedsoft”), I came across two other news reports touching upon the same issues. The first concerned an ongoing dispute between Microsoft and a German used license trading company . The second pointed to an (unintentionally comical) decision of the Higher Regional Court of Stuttgart (Oberlandesgericht Stuttgart). Continue reading

ECJ Advocate General on Used Software and Used Licenses

Is it legal to sell so-called “used software” when this software has been obtained via download? And what about “used licenses”? These questions have been a hot topic for quite some time now for IT businesses and lawyers – and finally they have been brought to the attention of the European Court of Justice. This week, the Advocate General of the European Court of Justice (ECJ), Mr. Yves Bot, published an opinion dealing with some of the intricate problems of the exhaustion (or “first sale”) doctrine. Continue reading

Search Engine Liability

Now that the Google and its fellow search engines are possibly heading for a new form of liability in the UK, what’s life like for search engine providers in Germany? Well, as usual, it’s complicated.

The question of Google’s responsibility for what one may find when searching for a particular set of terms has been dealt with by a variety of court decisions on appeal court level (our “Oberlandesgerichte”) and even once by the German Supreme Court (Bundesgerichtshof). Interestingly, though, the problem that one would think is the most common problem that people have with the search engine phenomenon has not really been dealt with by the courts. We know that Google is generally allowed to display thumbnails of copyrighted images on its image search site. We have been informed that Google is not liable for the “snippets” that appear as a result of one’s search. But we don’t know what Google is required to do (if anything) when being informed of a clear violation of someone’s, say, protected private sphere committed on the internet and spread through tools like Google’s search engine. Continue reading