France: Public service and processing of personal data

monitor-1307227_1920

The French Lemaire Act was promulgated in France on October 7, 2016. It aims at liberating innovation and creating a framework of trust that guarantees the rights of users and protects their personal data. One of its objectives is to ensure a public service of data in France. This public service has already entered into force and is constantly improving. This notion of public service of data comes in the period where one speaks of data as the black gold of the 21st century. It will allow a legal framework to be established.

I. The availability of data

Now it is a public service like any other. It has a physical existence, a definition and is found on data.gouv.fr/en/reference.
This service comprises 4 dimensions namely:
– Data producers (administrations);
– Data broadcasters
– Data users (private and public persons/actors who will reuse the data); and
– The Etalab mission that drives the establishment of this public service.

Currently, 9 databases are included in the public service. They are now published and accessible to all and are the followings:
– BAN: National Address Base;
– Sirene Base of businesses and their establishments;
– COG: Official Geographical Code;
– PCI: Computerized Cadastral Plan;
– RPG: Graphical parcel registry;
– Repository of the administrative organization of the State;
– RGE: Large-Scale Repository;
– RNA: National Directory of Associations; and
– ROME: Operational Directory of Trades and Jobs.

Some have objected to the fact that this data was already available before the creation of this public service. On the other hand, the publication was sparse and unknown. Thanks to the creation of a public service dedicated to data, the French mission, Etalab, hopes to ensure the sustainability of this data, its economic security and the security of the investments of the data producers. In addition, this public service should guarantee stability and visibility of these databases.
As a lawyer one can only notice the absence of the legal data. This question was debated when the law was passed. It had been concluded that this data was not yet ready for publication, implying that it will be published one day and that a legal basis is not excluded.

II. The public service of data and intellectual property rights

Before, the law of July 17, 1978 on the freedom of access to administrative documents and the re-use of public information was the primary base for this public data which was based on two pillars:
– Access to administrative documents; and
– The use of the information contained therein.

Now, the French Lemaire Act adds the principle of re-use of this data which results from the access to this data. Without access to the data no reuse is possible. In contrast to access, use and re-use of the data, there are intellectual property rights. Indeed, who says openness of data means freedom. On the contrary, an intellectual property right implies exploitation monopoly and restricted access. It would appear that the public service of data and intellectual property rights are too different to be reconciled.
This opposition goes even further with the French Lemaire Act which imposes a publication of the data. Until now, the data was available at the request of the citizens. Now the logic is reversed since the administration is directly obliged to publish the data.
It is in this context that intellectual property rights arise. In fact, when the data was available on individual request, the risk of a violation of a right was less important. On the contrary, the risk of reproduction and representation is much more significant when the data is spontaneously published and accessible to all.

The law still provided a limit. Article 11 of the French Lemaire Act provides: “Subject to intellectual property rights held by third parties, administration rights […] cannot impede the re-use of the content of the databases that these administrations publish.” Thus, the re-use of the data found on the databases, which are under the control of the public service, is not absolute.
Considering intellectual property rights, the doctrine is unanimous meaning that only copyrights are likely to be heard in the reservation formulated, which therefore does not include trademarks or patents.

It is then a question of establishing which copyright owners can avail themselves of this reservation. In the event that the administration could object to re-use on the basis of its own intellectual property rights, the right of re-use would be obsolete and irrelevant. Logically, it appears from the study of case law that it is the rights of third parties to the administration.
In the same logic, the French law states that administrations cannot avail themselves of their database producer rights in order to impede the re-use of the data contained in these databases.

III. Conflict between the public service and the protection of personal data

When we talk about Open data, we refer to the opening of the data. There therefore exists a natural opposition between the open data and the protection of personal data. In order to reconcile the two, the French law for the digital economy makes a distinction between privacy and personal data.

– Privacy: the primary position of the legislator is to promote open data but always in the respect of privacy. As a matter of principle, a document affecting privacy cannot be communicable at all.
– Personal data: there is no principle of prohibition and communication. The legislator proceeds otherwise. He says that it is possible to publish documents that include personal data and lists them. A decree is expected to list all documents that may be published without the need for treatment before publication.

Today, there is a harmonization between the right to communicate a document to a person and the right to publish it. Once a document is communicable, it can be published.

In conclusion, the debate between the publication of data and the protection of personal data is still current in France. It is important to realize that there exist restrictions on the publication of personal data, but also on data infringing an intellectual property right. Endowed with a New Technologies department, Dreyfus & associés can assist you on intellectual property law issues, as well as personal and new Information and Communication Technologies.

Why social media username are an unprotected breed of IP?

Dreyfus - ARTICLE 174Trademarks have been made fragile with the onset and subsequent rise of social media. The main risk is the damage to one’s name and brand reputation. The information spreads at such a speed the consequences are almost irreversible. A trademark owner should remain alert and vigilant on the internet and in particular on social media. With the rise of social media came usernames. A username is an identifier, unique to a social media platform, allowing users to access a page or an account. The danger is that username are based on a ‘first come, first serve’ scheme, meaning any person can register a username using an existing trademark if the owner has not done it yet. It is common to see username infringing on an IP right on social media. Currently, victims of username squatting are left without any specific tool to defend themselves.

  1. The social media platform policy

One of the main difficulty is that usernames are subject to social media platform policy. Indeed, usernames belong to the social media platform that delivered it to the user. Social media platforms are in fact the username holders. Each platform deals with username squatting as it wishes. For example Twitter states in its policy that username squatting is prohibited. To the contrary, Facebook states in its policy that usernames are subject to the first-come, first-served principle. A harmonized, unified regulation at an international level would be welcome.

  1. The Communications Decency Act in the US

Another issue is that social media platform are often based in the US. There, the Communications Decency Act, §230 states that providers of a computer-based interactive service cannot be held liable for the content posted by users of such services. Thanks to this ground, social media platform can choose to free a username that would infringe on an IP right, or refuse to do it.

However, if the sole purpose is to escape legal provisions protecting intellectual property rights, the disposition cannot be invoked. Indeed, if the social media platform has received notification of rights and the situation is patently unlawful, there is an obligation to act. Otherwise, the platform will be held liable.

  1. Recent evolutions in the US

A decision dated January 18, 2017 created the possibility of relying on private property rights for usernames and domain names (Salonclick LLC v. Superego Management LLC et al, No. 1:2016cv02555). In this instance, the plaintiff claimed violation by his former employee of his private property rights. He was promoting his products on the internet and on Facebook. The plaintiff hired the defendant to assist him in promoting his products. However, further to a dispute between the parties, the defendant used her access codes to the social media platforms to promote her own company and redirect internet users to her own accounts.

The Court held a decision in favour of the plaintiff on the grounds of ‘conversion’ and ‘replevin’. The first one implies deprivation of property rights of an owner without his/her consent, or theft of private property. The second one is the right to bring a lawsuit for recovery of goods improperly taken by another. Further to this case, US case law might evolve in this direction.

In conclusion, we advise to monitor social media. Dreyfus uses a dedicated platform called Dreyfus IPweb. It allows us to offer our internet watch services to trademark holders and monitor their trademarks online. After a username has been detected as infringing an IP right, we analyse the use. If the products and/or services associated to the username are identical or similar to the ones of our clients, we can put an alert and define an appropriate strategy.

The masked licensee or the enforceability of the license of a non-enrolled European Union trademark

The masked licensee or the enforceability of the license of a non-enrolled European Union trademarkOn February 4, 2016, the Court of Justice of the European Union (CJEU) had the opportunity to specify the scope of the first sentence of article 23 § 1, first sentence, of the Community Regulation (CE) n°207/2009 on the European Union trademark.

Despite a detailed reasoning resulting from a teleological reading of that regulation, we can question ourselves about the clarity and the merits of that decision.

1/ General context of the decision

As a reminder, the brand license agreement allows the owner of a trademark to grant to another person (the licensee) rights to that trademark, exclusively or not (https://www.legifrance.gouv.fr/affichCodeArticle.do?cidTexte=LEGITEXT000006069414&idArticle=LEGIARTI000006279716). The licensee thus becomes the owner of rights on the said trademark and may, under certain conditions, act on the basis of trademark infringement.

In this respect, formality conditions regarding these licenses depend on the applicable national law and differ from one State to another. For example, in German law, the license agreement is valid as of its signature and does not need to be registered with the German registry to produce its effects on third parties. On the contrary, French legislation provides  that “any transmission or modification of the rights attached to a registered trademark must be registered at the National registry of trademarks in order to be enforceable against third parties » (article L.714-7 of the French intellectual property Code).

What about the European Union trademarks? Inevitably, and despite a very clear European legislation on the subject, these national divergences have led to a lack of harmonization on the European Union territory and uncertainty regarding the enforceability or non-enforceability of the European Union trademark licences not registered in the concerned registry. It’s in seeking to clarify this point and to put an end to these questions that the ECJ has interpreted Article 23 § 1, first sentence, of Community Regulation (CE) n°207/2009 on third-party enforceability (CJEU, 4 February 2016, C-163/15, Youssef Hassan against Breiding Vertriebsgesellschaft mbH).

2/ A decision favorable to the licensor and the negligent licensee

In the present case, the Breiding company was granted a European Union trademark license, in particular authorizing it to act under infringement. The latter exercised this right against Mr. Youssef Hassan, reproaching him for marketing bedding articles in violation of his trademark right. The defendant, convicted at first instance in Germany, appealed against this decision based on the aforementioned article. He pointed out that there was no registration of the license granted in the trademark registry of the European Union and, therefore, argued that the licensee’s rights were unenforceable.

The Düsseldorf Court therefore stayed the proceedings and referred the following question to the ECJ for a preliminary ruling: can the licensee of a European Union trademark act as a counterfeit of the said trademark as soon as the license is not enrolled in the registry of European Union trademarks?

According to article 23 § 1, first sentence, of the said regulation, it appears very clearly that a trademark license is only binding on third parties if it has been registered in the registry of trademarks.

However, reading back the article point by point, the ECJ interprets this provision in the light of its context and the objectives pursued by the Regulation. Thus, it explains that the non-enforceability to third parties of legal acts (and in particular licenses) which have not been enrolled in the concerned registry, is intended to protect the person who has, or is likely to have, rights on a community trademark as an object of property and not the counterfeiting third party. In other words, the Court interprets here the article of the regulation by assigning it two different purposes according to the third-party and the situation concerned in the present case.

Consequently, the Court considers that the licensee of the European Union trademark may act on infringement even though that license has not been enrolled in the registry of trademarks.

3/ Observations

Certainly, this solution is consistent in the sight of the objective pursued by the regulation, which is, inter alia, to fight against counterfeiting. However, we cannot hold ourselves from regretting this distributive reading made by the CJEU, which is moving away from the letter of the article – yet very clear – and provides a somewhat flawed and unfounded interpretation.

In any event, this decision allows us to recall that the registration of the trademark license – whether national or European – remains useful and essential for the purposes of enforceability. Although the position of the Court is settled and that it was equally applied to the European Union’s designs and model (CJUE, 22 juin 2016, C-419/15, Thomas Philipps GmbH & Co. KG contre Grüne Welle Vertriebs GmbH), there is no guarantee that national courts will systematically follow that interpretation.

In conclusion, it is therefore advisable to remain cautious and to record with the trademark registry the relevant licensing contracts, otherwise there is a risk of being unenforceable to third parties. It is possible to enter only a confirmatory act of license in order not to reveal to third parties certain confidential elements of the license.