Dreyfus

Three years after the launch of the new gTLDs in June 2012, ICANN finally seems ready to launch the second round of new gTLDs.

The GNSO (Generic Names Supporting Organization) has caused a stir in the movement due to its latest resolution dating back to a few days.

The GNSO is an organization under the wing of ICANN comprising stakeholder groups from different sectors, particularly, representatives of domain name registrars and registries, business entities, stakeholders in the field of intellectual property, representatives of Internet service providers and non-profit organizations.

These representatives meet as a Council, according to a pre-established schedule, to develop, make recommendations and amend the procedural rules relative to gTLDs.

These recommendations on the ICANN policy concerning new gTLDs are the product, at least in part, of the resolutions of the GNSO and are often crucial in organizing the system of top-level domain names, in particular, for the upcoming launches of new gTLDs.

In its latest recommendations, the GNSO planned, amongst other matters, to prepare a report on the problems encountered after the first launch in 2012, thus paving the way for reshaping the policy relating to the new gTLDs, which was initially implemented in 2007.

While the upcoming launch was not expected before 2018, some already envisaged the announcement of a premature second round in view of the initiative taken by the GNSO.

However, there is nothing alarming in this case since as four years had elapsed between the adoption of ICANN’s policy in 2007 and the first launch of the new extensions.

The GNSO merely advocates the drafting of a report which may lead to amendments and adjustments to the procedures applied previously to gTLDs.

This report would identify both the difficulties encountered in the implementation of the ICANN policy relating to the new gTLDs and the new proposals conveyed, in particular, by the New gTLD Subsequent Procedures Discussion Group (DG), created specifically by the GNSO with the aim to reflect on this issue, so as to prepare the upcoming launch of new gTLDs in the best manner possible.

This project is to be followed in order to better anticipate the second round which is materializing gradually.

The recent French Law enabling the government to streamline relations between public administration and the public (loi n° 2013-1005 du 12 novembre 2013, habilitant le gouvernement à simplifier les relations entre l’administration et les citoyens) amended article 21 of the Law on the rights of the public in its relations with public administration (loi n° 2000-321 du 12 avril 2000 relative aux droit des citoyens dans leurs relations avec l’administration), to the effect that the lack of reply of any government agency amounts to acceptance of the request made to such agency. However, the 2013 Law authorized the government to provide for exceptions to this principle. The Decree (décret n° 2014-1280) of 23 October 2014 thus provided that for certain decisions regarding industrial property titles (in particular applications for trademark registration and renewal as well as oppositions) the lack of reply of the administration is tantamount to rejection. This Decree raised some uncertainties as to its enforcement and compliance with the provisions of the Code de la propriété intellectuelle (CPI). Fortunately, a Decree (décret n° 2015-511du 7 mai 2015), modifying the CPI, has addressed these uncertainties.

Regarding the registration of trademarks, the new articles R. 712-24-1 and R.* 712-23-2 of the CPI provides that trademark registration requests result in an implied decision of rejection at the end of a 6 months’ period starting from the request, which may be interrupted in the case of an opposition or notification of irregularity. Until now, the National Institute of Intellectual property (INPI) had to decide upon substantive objections within 4 months (R 712-11 CPI), which remains unchanged. But the INPI is now also subject to a deadline for the establishment a formal objection.

It would appear that receipt of the certificate is required to validate the application. As for the INPI’s implied decisions of rejection, they do not need to be substantiated. In order to know the reasons why the request was rejected, applicants will have to refer the matter to a judge who will order INPI to render a decision. However, this should not happen since INPI will normally manifest itself before the 6 months’ deadline to formulate objections. These objections will interrupt the 6 months’ period at the end of which the INPI’s silence would imply rejection. It is deeply unfortunate that said reform has brought no modifications regarding the rest of the procedure. In fact, the INPI is not subject to any deadline when deciding about the response to the applicant’s objection. Yet the INPI’s response times often exceed 2 years.

Regarding trademark renewal requests, the Decree inserts, after article R. 712-23 CPI, articles R. 712-23-1 and R.* 712-23-2 which provide that trademark renewal requests lead to implied decisions of rejection at the end of a 6 months’ period starting from the renewal request which can be interrupted in the case of a notification of irregularity, in the same way as for trademark applications.

As a result of these new provisions, the strategy regarding the applications and renewals of trademarks should be modified and the receipt of application and renewal certificates should be systematically checked before the 6 months’ deadline. The Decree of 7 May 2015 entered into force on 9 May 2015 and is applicable to prior requests that have not been subject to any express decision yet. Great carefulness is thus recommended regarding these requests. Whilst this reform helps accelerating procedures, its disadvantage is that it increases the amount of time required to properly manage each trademark.

Similarly, it is now provided that in the absence of an express decision within 6 months, the design registration or renewal applications are deemed to be rejected.

As regards patent,, to ensure consistency between legislations, this Decree abolishes the 4 months period after which the silence of the INPI amounts to rejection of the patent application. Indeed, the CPI provides for the publication of applications 18 months after filing, which is incompatible with an implied decision of rejection within 4 months of the request. However, the silence of INPI kept during 12 months continues to equals rejection in respect of waiver or limitation requests.

Appropriate strategies now have to be adopted in line with this clarified legal framework.

Cambodia became the 95th member of the Madrid System on March 5, 2015, following the deposit of its instrument of accession to the Madrid Protocol.

The Madrid Protocol concerning the International Registration of Marks was signed to facilitate access to some countries where the trademark registration procedure did not tally with the previous Madrid System for the International Registration of Marks (European Union, United States).

The international trademark system allows trademark owners to protect their products in a very wide range of countries by filing a single application.

Henceforth, trademark protection in Cambodia can be achieved directly through the international mark system in an easier and cheaper procedure.

As you know, “BYOD” is an acronym for “Bring Your Own Device”. More specifically, it is an emerging practice in companies whereby employees use personal computing devices for business purposes, including personal computers, tablets and smartphones. These devices may therefore be used in order to access professional information or applications such as client databases and e-mails.

This recent phenomenon originated from the United States and has started expanding in France. Although most companies are still reluctant, France is however one of the European countries which is most focused on BYOD.

Companies have good reasons to be concerned. The use by an employee of his personal computer to have access to the company’s information system may in fact present alarming risks of security. The employee’s personal device may not feature any protection and its use may result in virus infecting the company’s information system. In addition, the risks of disclosure of confidential data are significant.

As the employer is solely responsible for his information system, he only, can decide whether to prohibit or on the contrary, to organise and control BYOD. The employee can never impose the use of his personal devices to perform his professional duties.

The practice must be organised as soon as the employer decides to admit it, which requires at least minimal controls on employees’ personal devices. However, this control should not disproportionately infringe the employee’s privacy.

This is why the French Commission Nationale de l’Informatique et des Libertés (CNIL) issued on February 19, 2015, guidelines on the best practices for the use of BYOD, in order to reconcile the security of corporate data with the protection of employees’ privacy.

Firstly, the CNIL reminds that the use of personal computing equipment of employees for professional duties should not be their only way to access the information system of the company. Employer are required to provide employees with all the means necessary to perform their professional duties and this use should therefore be an alternative only. It consists more of an extra that makes things easier for the employee.

The CNIL then reminds that the employer is also responsible for the security of personal data, including when it is stored on personal devices which the employer granted leave to use. Therefore, the employer is required to safeguard against security risks by identifying the risks in the first place, then by determining the necessary measures to be implemented in a security policy and by raising employees’ awareness regarding the risks.

Finally and foremost, in order to protect the employee’s privacy, the employer cannot just take any measure. It cannot access private data of the employee which are stored on the device.

The CNIL specifies that the standard declaration on the management of employees or the appointment of a Data Protection Officer (“Correspondant informatique et liberté”) is enough to implement BYOD and that there is no need for a special declaration.

Finally, employer opting for BYOD must ensure, by means of proportionate measures, the correct balance between the security of its information system and the protection of his employees’ privacy.

Statistics available on the site <ntldstats.com> reveal a considerable number of domain name registrations in the new extensions: four millions in less than twelve months! As to date, there are over 4, 550,000 domain names registered in new gTLDs such as <.xyz>, <.club>, <.berlin> or <.wang>.

The new extension <.xyz> is the favourite one for applicants with more than 810,000 registered domain names.

Another extension that was recently launched, named <.网址> (.xn--ses554g) i.e. « internet address » in English, has quickly become popular with currently more than 350, 000 registrations.

The top 10 of new extensions also include <.berlin> and <.nyc>.

To be followed…

Social networks are essentially governed by their own legal provisions enacted in their Terms of Use (TU). The TUs of social networks are strongly criticized and especially those of Facebook. They are often subject to unilateral changes and many of their terms seem unfair. Last December, the Unfair Terms Commission addressed the topic in its recommendation Nr 2014-02 of December 3, 2014 on contracts offered by social network service providers.

This commission, which reports to the Minister for Consumer Affairs, issues recommendations for the removal or modification of terms that are intended to or whose effect is to create a significant imbalance between the rights and obligations of the parties to the contract, at the expense of the non-professional or consumer party. These recommendations are increasingly used by the lower courts in disputes between consumers and professionals. In fact, some of the recommendations in relation to mobile phones contracts were adopted by the courts to find such contracts unfair. With regards to social networks, the Commission issued about forty recommendations, most of which concern the protection of privacy and personal data. The Commission recommends the removal from the proposed contracts of social network service providers of terms which intend to or whose effect is to:

• With regards to the legibility of the contract: “to provide consumers or non-professional with contracts drafted in a language other than of the target population” or “to include too many cross-references among the various contracts offered to the consumer or the non-professional.”

• With regards to the formation of the contract: “not to provide for the express consent of the legal representatives of dependent minors for the processing of personal data” or “to claim that the use of social networking services is free of charge.”

• With regards to personal data: “to provide for an implied consent to the processing of personal data of consumers or non-professionals by the professional in violation of law Nr 78-17 of January 6, 1978 on information technology, data and freedoms” or “to provide for the transfer of personal data abroad without specifying the States of their destination and without requiring the express consent of the consumer or the non-professional when it is legally required, or by inferring this consent from adherence to the general terms of use of the service.”

• With regards to intellectual property rights: “to confer a right of use to the service provider on the contents generated by the consumer or the non-professional when these are protected by copyright, without providing clear precisions as to the relevant contents, conferred rights and authorised uses” or “to confer a free right of use to the professional on the content generated by consumer user or non-professional user, without making a clear and apparent mention of it.”

• With regards to the modification of TU: “to grant the professional the right unilaterally to modify the website or the terms of use in cases other than those provided for at article 132-2-1, IV and V of the Consumer Code.”

Among these non-exhaustive suggestions, we may also mention one which is concerned with the removal of the disclaimers. In this regard, the clause granting jurisdiction to the tribunals of Santa Clara county in California in the general terms of Facebook has been declared as unfair in an order by the court of first instance of Paris issued on March 5, 2015. As the clause is deemed null and void, the French Court can retain jurisdiction over the dispute opposing the social network to an Internet user whose account was deactivated following an online posting of Courbet’s painting “L’origine du monde.” Courts may thus rely on these recommendations in similar disputes, as was the case for mobile phones contracts. Right holders can only benefit from these provisions and this ruling which provide for a better defence of their rights in France.

On April 1, 2015, the Trademark Act 2014 has been amended to broaden the scope of trademark protection in Japan to encompass the following:

– Trademarks consisting of sounds, colors, holograms, motion and position;

– Regional collective trademarks.

However, the registration of olfactory and taste marks remains unfeasible in Japan.

As concerns sound marks, registration was already acknowledged by the former Japanese law for simple or musical sounds. Henceforth, the protection will be extended to very brief sound clips, provided that the marks are represented by a sound spectrogram or a musical score. On the other hand, music titles or composers names cannot be protected as trademarks.

The Japanese Patent Office also makes it clear that to register one or more colors as a trademark, the application must include a drawing or a picture indicative of the color or colors. However, the application for such a trademark will not be accepted if letters or numbers can be identified on the drawing or the photo.

This type of new trademarks is problematic with regards to the function of the trademark: it may be difficult for consumers to recognize them as indicators of the origin of the products or services. In this respect, the issue at stake is the manner in which the Office will assess the distinctiveness of these trademarks. Trademark applications based on a single color, the color which enhances the design of the product or a natural sound will likely be examined carefully by the Japanese Trademark Office.

The new trademark system provides an opportunity for rights holders to rethink their strategies.

To be followed…

Since April 15, a priority registration period has been set for trademark owners to register their trademarks under the new gTLD “.FROGANS”.

OP3FT, a non-profit organization, launched a new type of site on the Internet under the Frogans technology, called Frogans sites.

These sites are based on a new software layer designed as an easy-to-use platform for publishing content.

Access to these websites will be given through Frogans addresses, which are easy to remember and comparable to domain names.

These addresses are composed of the Network Name and the Site Name, separated by an asterisk (*), in the following format: NetworkName*SiteName.

Each Frogans address belongs to a Frogans network, which can be of three types:

• Dedicated Frogans Networks: to be used on the Internet under a customizable network name;
• Public Frogans Networks: to be used on the Internet under the network name “frogans”;
• Internal Frogans Networks: to be used in an intranet under the network name “intranet”.

For example, a Frogans address could be: Intranet*Dreyfus.

Frogans sites can be read in a dedicated browser called Frogans Player. Their shape is not primarily defined and they are small enough to be loaded even with low data connection or on low capacity devices.

This feature will be cost-effective for both consumers and website developers as the Frogans site will be available in one single version for every platform or device and even for the low-end ones.

Frogans sites are also multilingual, as the addresses may contain international characters they can be written in more than 170 languages, either from right to left or otherwise. This feature was important for the developers in particular in view of opening the Frogans technology to the Asian market.

The aim of Frogans technology is to make Internet sites easier to use and elaborate for the average consumer and developer-to-be, and to allow them to express their creativity. These new sites will also allow their owners to have full control of their content thanks to its unique display and therefore provide them with more security.

Since April 15, 2015, the priority registration period for registering Frogans addresses has been opened to trademark holders for a period of two months, closing June 15, 2015.

The allocation of the addresses is based on a “first come first served” principle, and initial registration periods can go from 1 to 10 year/s.

To be accepted into the process, the trademarks must be either registered with (i) a national office, such as the NIIP for France or USPTO for the United States, (ii) a regional office, such as OHIM or OAPI or (iii) the international office of WIPO, or be unregistered, provided that they are either validated by a Court decision or protected by a statute or a treaty.

The following types of trademarks are not eligible for Frogans addresses:

• Figurative or sounds trademarks;
• Unregistered trademarks;
• Trademarks registered with local or federated state offices;
• Cancelled, opposed, invalidated, corrected trademarks;
• Trademarks still in process of registration.

The availability of Frogans addresses can be checked through the WhoIs database, which provides information on the FCR account administrator or trademark holders dedicated to a Frogans network. This system therefore blocks access to reserved terms.

A list of all the Frogans addresses can also be downloaded for further research.

During this priority period, a specific UDRP procedure (UDRP-F) in relation to the use of legal recourses against cyber-squatters is made available to trademark owners.

With this system, it can be asked to check the legitimate ownership of a trademark that is used in a Frogans address and that can infringe owners’ rights.

It is also possible to generate a report of abuse that can lead to the cancellation of the Dedicated Frogans Network if the said party succeeds in showing evidence of trademark ownership.

The priority period for trademark owners will end on June 15^th 2015 after which there will be a registration phase dedicated to entrepreneurs for a new period of two months, before Frogans technology is open to the general public by the end of 2015.

Dreyfus can assist you in registering a Frogans address during this priority period, and will consider the best strategy to promote and protect your trademarks in this new gTLD.

The Governmental Advisory Committee (GAC), which represents States at ICANN, plays an advisory role on issues of public policy and the interaction between ICANN policies and the norms of national or international law. At the end of each ICANN meeting, the GAC releases a Communiqué which summarises the latest developments and requests. The last GAC Communiqué was issued on 11 February 2015.

The first series of recommendations concerns mainly safeguards advice applicable to new gTLDs. These protection measures cover two categories of extensions which were established in the Beijing Communiqué.

Category 1 of sensitive extensions raises concerns with regard to the protection of consumers and regulated markets. In its Communiqué of ICANN 51, the GAC has considered that the Registries should verify the IDs of applicants. In the latest Communiqué, it recommends that the NGPC (New gTLD Program Committee) publicly acknowledges the good practices of those Registries which voluntarily checked the identity of applicants. ICANN should propose this initiative to all Registries, in order for the users to have more faith in e-commerce.

The GAC also advises the implementation of an interim mechanism to address security issues. The PICDRP (Public Interest Commitment Dispute Resolution Process) is a resolution procedure for registries in violation of Public Interest Commitments made in their contract with ICANN. The GAC is of the view that the PICDRP should also be modified in order to solve urgent disputes more quickly.

The Category 2 comprises generic extensions which are however intended for restricted use.

It concerns extensions such as <.tires> or <.hotel>. In the Beijing Communiqué of 2013, the GAC identified the generic extensions for which exclusive access should be justified only by a public interest, including <.baby >.

Notwithstanding these recommendations, Johnson & Johnson maintained its application and responded to GAC so as explain how restricted access to <.baby > was in the public interest. According to Johnson & Johnson, a naming space managed by the company and its partners serve the public interest as consumers will no longer be misled by cybercriminals.

In spite of an obvious lack of legitimacy, Johnson & Johnson obtains the right to use the TLD <baby> in a restrictive way. Whilst it is not conceivable to obtain a trademark on the word “baby” to refer to products and services aiming at children, the generic extension <baby> is henceforth managed exclusively by a company with direct interest in the industry.

The GAC considers that it should collaborate with ICANN on the procedure for opening country and territory names included in second level domain names. The Registries operators must reserve these names and may propose:

• Either the opening of some country names to the public further to an agreement with the relevant Government,
• Or they may propose a list of names for approval to the GAC and ICANN.

Therefore, the GAC Members will have the opportunity to give their consent.

To be followed…

Ever since the alarming proliferation of cybercrime, which equates to an estimated annual cost of more than $ 400 billion, and the recent spate of hacking cases around the world, cyber security has clearly evolved into a global issue. The European Union has therefore taken up the matter in 2013 with a view to proposing a directive to increase the level of cyber security in the Member States and to establish a comprehensive strategy in this regard. The Network and Information Security Directive (NIS) was approved on 13 March 2014 at the European Parliament, and is being discussed at the European Council. This draft directive focuses on entities with the highest risk, namely critical infrastructure operators, where an incident can have far-reaching consequences for public health, the economy and security. However, given the importance of digital industries in our societies, some Member States would be in favor of extending the scope of the Directive to the digital sector to ensure the stability of the European economy.

The aim of this draft directive, which is established on the principles of security of States and economic stability, is to reduce cybercrime. In fact, the Directive aims to establish cooperation between national authorities as regards potential threats to several Member States. Furthermore, the NIS contains a non-exhaustive list of critical infrastructure operators, including operators in the energy, banking, health, transport and financial services sectors. These critical infrastructure operators are subject to a series of security requirements such as incident reports. In France, the ANSSI already deals with the compliance of similar security obligations incumbent upon large banks and telecom operators, but not on private digital stakeholders yet.

The security requirements for critical infrastructure operators could apply to other stakeholders in the private digital industry. Specifically, it should be companies which often have the status of hosting providers, such as Google, Amazon, Microsoft, OVH, Dailymotion, which should be covered. However, during the debates, SMEs have not been formally rejected. In addition, only the most important services would be concerned, that is, those which decision would have a major economic impact. For example, whilst the Amazon cloud service would be concerned, its e-commerce site would not be. This is the subject of a heated debate, and for now, the Member States remain divided as to whether to include or not some digital industry players such as cloud providers, in this European legislation.

While the concerned companies consider these measures as being disproportionate, several Member States seem to favor the extension of said security obligations to private digital industry stakeholders. For example, the French Prime Minister, Manuel Valls and his German counterpart, Chancellor Angela Merkel, are agreeable to the extension. But all member States do not concur on this issue, and even less the affected companies. The latter consider that security obligations, if they must be complied with, could constitute a significant financial burden. In France, the French Association of Internet software and solutions vendors (AFDEL) urged not to extend the field of critical infrastructure operators provided for in the Directive, to “companies of the Information Society”. While supporting the project and its objective of strengthening cyber security in Europe, it asserts that this extension could damage the competitiveness of enterprises. Thus, for AFDEL, the qualification [of] “critical infrastructure” for all digital business is not justified and it would be disproportionate to impose additional administrative obligations.

Currently, the Directive has not yet reached the European Council for a first reading. Forthcoming developments are to be followed minutely and will involve all Internet stakeholders.