SEASON GREETINGS

Wishing you and your families 

a Merry Christmas & a successful year 2015

EU Data Protection Authorities Issue Guidelines On Right To Be Forgotten

The European data protection authorities assembled in the so called Article 29 Working Party (WP 29) have issued guidelines on the implementation of the ruling of the European Court of Justice on the right to be forgotten in internet search engines, the Google Spain decision. 

WP 29 interpret the judgement that the EU data protection law applies to all search engines which effectively process data themselves or through subsidiaries on EU territory with the aim to make profit. The right to request de-listing exists regardless of the relevant domain being of EU or other origin. The search result has to be deleted but not the source of the information e.g. held on the search engine's servers.

The WP 29 then also lists 13 common criteria for the handling of complaints by the European data protection authorities.

Disproportional Prices at Internet Auction Ethical

German Federal Court  BGH VIII ZR 42 / 14

The Federal German Court had to decide whether a price achieved in an Ebay auction was unethical because it differed disproportional from the market value of the auctioned product. The highest bid in the binding auction for the item in question, a car with a starting price of 1 Euro, was 555,55 Euro. The seller therefore decided to end the auction and sell the car instead outside the auction for 4200 Euro to a third person. The buyer in the auction filed with the courts his damage claim for breach of sales contract in the amount of 5249 Euro, equal to the market value of the car.

The Federal Court held that a binding and enforceable sales contract had been undertaken between auction seller and buyer. Particularly it did not find the agreement unethical because of a disproportional auction price. It argued that it is rather the motivation of both participants to an internet auction to achieve a price disproportional to the market value, whether above or below it. 

Online Framing and Copyright

European Court of Justice C - 348 / 13

The European Court of Justice had to decide a question put to them by the German Federal Court whether the embedding, within one's own website, of another person's work made available to the public on a third-party website, constitutes communication to the public within the meaning of Article 3(1) of Directive 2001/29/EC even where that other person's work is not thereby communicated to a new public and the communication of the work does not use a specific technical means which differs from that of the original communication. In short, does "Framing" constitute an infringement of copyright.

The Court referred to his previous decisions regarding online hyper links and found that linking does not constitute a "making available to the public" irrespective of which linking technique is used as long as the link leads to a website that is available to the public as a whole. 

Public Procurement and Cyber Essentials Security Requirements

The British government has issued a procurement policy note that suppliers are required to comply with Cyber Essentials security requirements when bidding for central government contracts that involve:

- handling personal information of citizens or government employees such as addresses and bank details or payroll and expenses information,

- supplying informations and communications technology systems and services designed to store or process data at the official level of the Government Protective Marking scheme 

Cyber Essentials is a certification scheme launched by the Department for Business, Innovation & Skills and designed to protect against the most prevalent internet threats.

Injunction Against Online Intermediary of IP Infringement

Cartier and others v BSkyB and others [2014] EWHC 3354 (Ch)

The High Court had to try a case where the holders of trade mark rights sought court orders against internet service providers hosting websites which advertised and promoted counterfeit goods that infringe those trade mark rights. 

Whereas for infringement of copyrights English law expressly authorises the court to grant orders against the non-infringing intermediary it was contentious whether the same applied to infringement of other intellectual property rights.
The issue arose because the legislator did not pass according law in the process of implementing the EU Information Society Directive, in particular its Article 11 as it was thought to be already and sufficiently provided for by English law under section 37 of the Supreme Court Act 1981.
The court therefore found that due to the governments legislative motives and Britain's obligation to implement EU law section 37 of the Supreme Court Act should be interpreted to authorise the court to grant blocking orders against the internet service providers being intermediates to trade mark infringements.

Administrative Order Against Google For Illegal Data Collection

In Germany the Hamburg Commissioner of Data Protection and Freedom of Information issued an administrative order against Google Inc. to remedy violations against Telemedia and Data protection law by collecting and combining user data outside the legal framework.

The Commissioner argues that currently it is possible for Google to create a meaningful and almost comprehensive personal record of users by combining the collected data of different single services being used, e.g.
• to compile detailed travel profiles by evaluating location data,
• to detect specific interests and preferences by evaluating search engine use, 
• to assess the user’s social and financial status, their whereabouts and many other of their
  habits by analysing the collected data and
• to infer information such as friend relationships, sexual orientation and relationship status.

Google is ordered to take the necessary technical and organisational measures to guarantee that their users can decide if and to what extent their data is used for profiling. This step has been aligned with various other EU countries which take similar measures against Google Inc. under their local law.

UN Resolution on Promotion and Protection of Human Rights on the Internet

UN Human Rights Council - Resolution A/HRC/26/L.24

The Human Rights Council of the United Nations has passed a resolution on the promotion, protection and enjoyment of human rights on the internet. In particular it 

- Affirms same rights for people online as offline, especially freedom of expression
- Recognises the global and open nature of the Internet as driving force for progress
- Calls upon all States to promote and facilitate access to the Internet
- Affirms quality education by promotion of digital literacy and information on the Internet
- Calls upon all States to address security concerns on the Internet to ensure protection of human rights
- Calls upon all States to formulate and adopt public policies that affirm global, open and interoperable nature of the Internet

Libraries and Digital Copyright

ECJ     C - 117/13

The Europan Court of Justice had to decide whether a University library was entitled to make a book available in digital form on terminals especially set up for reading and allow the reader to make print outs as well as store the book file on a USB stick.

The Court held that it was in line with the EU Directive on copyright in the information society (2001/29/EC) to allow a library to make books available to its readers in digital form for education and research purposes. Libraries could not fulfil their purpose in a digital society without such right.

Letting readers print out a book or store the book file on an USB stick on the other hand is seen as not necessary for the libraries to perform their role in education and science. It would therefore only be allowed to grant to readers such rights to copy a book if it remunerates the copyright holder of the book accordingly.

Adidas and Online Distribution

The German Anti-Trust Office (Bundeskartellamt) had to decide on Adidas' wide ban on distribution via online market places. The sporting goods manufacturer's distribution terms did not allow retailers to sell its products via online platforms of Ebay, Amazon, Rakuten, Yatego and others. 
Confirming its position taken in previous cases of Amazon and Ebay it held that while a selective distribution system was in principle legal it would nevertheless violate German competition law to effectively ban the distribution via a particular form of market place. Following the Offices's complaint Adidas has amended its distribution terms accordingly.

UK IPO and Fake IPO Offices

The UK Intellectual Property Office (IPO) has successfully taken legal actions against organisations that pretend to be IPO issuing official looking renewal notices to holders of UK registered patents and trademarks for fees greatly in excess of the official renewal fees. Such fake organisations are in particular the "Patent and Trademark Office" and the "Patent and Trade Mark Organisation". The defendants admitted and settled the cases.

Parody and Copyright

ECJ EC-201/13

The European Court of Justice had to decide when the use of someone else's work is a parody and therefore exempted from the work's copyright protection. Such parody would not constitute an infringement of intellectual property rights.

The Court held that the concept of parody is an autonomous concept of EU law and must be interpreted uniformly within the EU. A parody must a) evoke existing work whilst being noticeably different from it and b) constitute an expression of humour or mockery.

The exemption of the parody from copyright protection would not apply to parody containing a discriminatory message. In that case the rights holder in the original work would have in principle a legitimate interest in ensuring that the work is not associated with such a message.

Data Protection and Journalism

The Information Commissioner's Office (ICO) has published a guide for the media explaining how the Data Protection Act applies to journalism. It advises on good practice and clarifies the role of the ICO helping those working in the media understand and comply with existing law in that area. 

Video Games Cultural Test Regulation

The Cultural Test Regulations for video games came into force introducing a “cultural test” for video games, with points being awarded on the basis of setting, content, language, the British cultural aspects of the game, where certain work on the game is carried out and the residence or nationality of the creators of the video game. 

The purpose of the test is to allow the game’s development company to apply for their work to be certified as a British video game which is a condition of eligibility for video games tax relief. 

Paddy Power Reports Personnel Data Loss

Paddy Power, the Irish bookmaker with betting shops in Ireland and the UK, recently informed  649,055 customers of a data breach which occurred in 2010. 

Included within the datasets stolen from Paddy Power in 2010 were personnel data such as each individual customer's name, email address, residential address, phone number, date of birth and security prompted question and answer data.  Following a report to Paddy Power that a Canadian resident was in possession of the stolen data, Paddy Power launched an investigation aided by the Ontario Provincial Police. With the aid of asset seizure warrants, Paddy Power was able to secure the removal of its customers personal data from the hacker's computers.

Under UK Data Protection Law, unlike in some other EU countries, the data controller is not obliged to report the loss of personnel data held. Nevertheless the Information Commissioner's Office believes serious breaches of data security should be brought to the attention of the office. It has therefore published a guidance on notifications of data security breaches.

Social Media Guide of Financial Conduct Authority

The Financial Conduct Authority (FCA) has recently published a guidance "Social media and customer communications" which sets out the FCA's supervisory approach to financial promotions in social media, including its character-limited forms.

The authority's views are based on the FCA existing rules and, more broadly, the requirement under Principle 7 of the FCA's Principles for Businesses that firms must communicate with customers in a way that is clear, fair and not misleading.

New Proposed EU Guidelines for Cloud Computing Contracts

New guidelines to help business users save money and get the most out of cloud computing services have been presented to the European Commission by the Cloud Select Industry Group as part of the Commission’s European Cloud Strategy to increase trust in these services. Contributors to the guidelines include ATOS, Cloud Security Alliance, ENISA, IBM, Microsoft and SAP, Telecom Italia.

Goal is to develop standardised blocks for Service Level Agreements (SLAs) terminology and metrics. Relevant items include the availability and reliability of the cloud service, the quality of support services they will receive from their cloud provider, security levels, how to better manage the data they keep in the cloud.

Value of Illegally Shared Music File

OLG Frankfurt a.M. 11U 115/13

The Regional Court of Appeal in Frankfurt had to decide on the value of a damage claim for illegal file sharing on the internet. The file was a music song in the charts which was illegally offered for download to an unlimited number of people on the internet. As there are no tariffs for files illegally shared the court mainly considered what tariff the infringer would have had to pay to the rights holder for a legal file sharing online of such a music song. It held that the amount of 200 Euros was market standard for retrieving a licence to share a music file on the internet.

New UK Cyber Essentials Scheme

On June 5th, the UK government launched a new industry-backed scheme which helps organisations to protect themselves against cyber attacks. If certification is obtained organisations gain a new Cyber Essentials badge which should assist them in demonstrating to third parties that they have taken the prescribed steps and are managing their exposure to cyber risks.

The UK government requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against Cyber Essentials scheme from October 2014. 

Internet Surfing and Copyright

European Court of Justice C-360/13

The European Court of Justice decided that the copies of internet sites created on the screen and in the cache of an end-user's computer, when the latter surfs the internet, are transient and an integral part of a technical process within the scope of Article 5 section 1 of EU directive 2001/29/EC.  The creation of those copies therefore does not require the consent of the owner of the copyright in those websites.

EGC confirms 1.06bn Euro fine against Intel

European General Court T-286/09

The European General Court has confirmed the fine of 1.06bn Euro issued by the European Commission against Intel.

The court found that the American chip manufacturer Intel held a market share above 70% for computer chips. It would grant discounts to computer manufacturers Dell, Lenovo, HP and NEC on condition to buy almost all x86 processors from Intel. It also made payments to the retailer Media-Saturn on condition it would only sell computers that ran on Intel's x86 chips. Further Intel made payments to the manufacturers HP, Acer and Lenovo for them to market computers with AMD chips later, limited or not at all. 

The judges held that with its dominant market share the granting of exclusive discounts by Intel to particular manufacturers was in itself a behaviour likely to restrict competition. A further proof by the European Commission of its actual damaging impact on the competition was therefore not required. The payments to the retailer and manufacturers for exclusivity are a similar restriction of competition only later in the sales chain.  

Right To Forget and Search Engine (ECJ Google Spain Decision)

European Court of Justice C-131/12

In a ruling which is already being commented as a landmark decision the European Court of Justice held that the search engine provider Google Spain has to delete certain links from its search result index if those links lead to information provided by third parties that is personal data the processing of which by the search engine at this point in time is not any more covered by the legal requirements of processing such personal data. Google search index still provided a link to newspaper reports from 16 years ago about the auctioning of property of an individual who was in debt. The debt was paid off.

According to data protection law the data controller, here the search engine provider, has to ensure that personal data are processed fairly and lawfully, collected for specified, explicit and legitimate purposes, not further processed in a way incompatible with those purposes, adequate, relevant and not excessive in relation to the purpose for which they are collected or processed, accurate, kept up to date, kept in form which permits the identification of data subjects for no longer than is necessary for the purposes for which the data were collected or processed. The controller must take every reasonable step to ensure that data which do not meet those requirements are erased or rectified.

The decision supports the individual's so called "right to forget" in the digital world. It also holds non EU companies, particularly US companies, liable under EU data protection law if they do business directly or through their entities in Europe.

Consumer Rights Directive Effective 13/06/14

The EU consumer rights directive EC 2011/83 dated 20.10.2011 becomes directly applicable national law from the 13th of June onwards. EU countries that implemented the directive by local acts must apply those laws by that date.In the UK the "Consumer Contracts Regulations 2013" comes into force. In Germany the "Gesetz zur Umsetzung der Verbraucherrechterichtlinie" dated 27/09/13 transposes the EU directive into German law.
The directive addresses business conducted between a trader and a consumer (b2c).
Most importantly the directive aims to eliminate hidden charges and costs on the internet, increase price transparency, ban pre-ticked boxes on websites, grant consumer 14 days to change his mind on a purchase, give better refund rights, introduce an EU wide model withdrawal form, eliminate surcharges for the use of credit cards and hotlines, provide clearer information on who pays for returning goods, provide better consumer protections in relation to digital products, set common rules for businesses to make it easier for them to trade all over Europe.

Jurisdiction and Transnational Copyright Infringement

ECJ  C-387/12

The European Court of Justice looked again at the issue of transnational copyright infringement. In the case of a photographer suing a French company for transferring the economic rights to a photo he took to another company in France which had a German entity. 
The Court found that apart from the general jurisdiction of the place of harmful event, jurisdiction could also be established at the place where the damage occurred. Although that jurisdiction would be limited to determining the damage incurred in that country. Therefore the photographer could sue the French company for the damages he incurred by the German entity of the second French company exploiting his photographic work in Germany.

Screen Scraping and Restriction of Competition

BGH I ZR 224/12

The German Federal Court tried a case in which one travel website's software would take concrete flight and pricing information from the websites of various airlines and offer those flights for purchase including an additional service fee to the internet user on the travel website. This practice is also called Screen Scraping. One airline claimed that such practice would violate its competition rights because it wanted to sell only directly to travellers and therefore had inserted in its website terms and conditions the prohibition of Screen Scraping.

The Court held that the screen scraping in this case did not circumvent technical measures put in place by the airline's website but merely violated its website terms and conditions which it did not find sufficient to constitute a violation of competition law. The intention and practice of the travel website to provide to travellers an overview of the available flights and prices of various airlines would also support competition and not restrict it. The airlines interest of selling only directly to travellers would not prevail over the travel websites interest under competition law.

EU Data Retention Directive Invalid

European Court of Justice C-293/12

The European Court of Justice has found the EU directive on data retention invalid. The directive obliges providers of electronic communications services, such as the mobile operators, to retain certain user data, including the schedule of a phone call or the called number.The Court held that by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.

No Common Law Lien On Electronic Database

Your Response Ltd. v Datateam Business Media Ltd. [2014] EWCA Civ 281

The Court of Appeal found that a common law lien could not be exercised over intangible objects such as an electronic database because the protection accorded to the makers of databases by certain other enactments (such as the Copyright and Rights in Databases Regulations 1997) reflected that databases do not represent tangible property of a kind that is capable of forming the subject matter of claims concerning an interference with possession.

Google Inc. In English Court for UK Data Protection Violation

Vidal-Hall & Ors v. Google Inc. [2014] EWHC 13 (QB)

Google's Safari browser was again the subject of claims of data protection violation. One major new development in this case was that the British claimants took the US mother company Google Inc. and not its UK entity to court in England. The High Court granted permission to sue Google Inc. in the UK arguing that the alleged violation of UK data protection law is tort in the UK and therefore the English High Court the correct forum for the claim. It also held that tracking the internet use of the claimants in anonymous but categorised form according to content like interests and then providing them with according advertisements meant processing personal data without claimants consent. Google Inc. has filed an appeal against the decision.   

German Information Commissioners On CCTV

The German Information Commissioners issued guidelines on the use of CCTV by private companies comprising general explanations of the legal framework, examples and a check list of questions. (Link)

Individual's Name And Personal Data Protection

Efifiom Edem v. Information Comissioner and Financial Services Authority [2014] EWCA Civ 92 (7 February 2014)

The Court of Appeal had to try a case in which an applicant made a request under the Freedom of Information Act 2000 to obtain details of a complaint he had made to the FSA about the way the FSA had regulated Egg plc, an internet bank. As part of this request the applicant sought the disclosure of the names of three junior staff involved with the matter but which had been redacted from emails supplied to him by the FSA on the basis that the names were personal data and could not therefore be disclosed under the FOIA. 
The Court of Appeal now ruled that a person’s name constitutes personal data for the purposes of the Data Protection Act 1998 unless the name is so common that without further information, such as its use in a work context, a person would remain unidentifiable despite its disclosure.

ICO Publishes Privacy Impact Assessment Code

The UK Information Commissioner’s Office (ICO) has published its updated privacy impact assessments ("PIA") code of practice to help organisations respect people’s privacy when changing the way they handle people’s information.The code explains the privacy issues that organisations should consider when planning projects that use personal information, including the need to consult with stakeholders, identify privacy risks and address these risks in the final project plan. (Link)

Facebook Buys WhatsApp

Facebook Inc has agreed to acquire WhatsApp Inc from Sequoia Capital for a total consideration of $11.64 billion. That is 13 times Facebooks 2013 net income. WhatsApp has 450 million users with 70% active daily, which is 60% the size of Facebook's daily user community of 550 million. The acquisition reflects Facebook's attempt to stay at the top in a changing market. Trends away from using laptops and instead to mobile devices have challenged the Facebook platform. Facebook has responded by building up its own platform apps for photos and messaging but so far did not manage to beat WhatsApp. Therefore it simply buys its competitor now.

Amazon Violates Trademarks In Search Engine Results

Cosmetic Warriors Ltd and Lush Ltd v Amazon.co.uk Ltd [2014] EWHC 181 (Ch)

The High Court tried a case in which the online trader Amazon used Google's  Adword service and its own site's search engine in connection with a third party's trademark. When that trademark was typed in the Google search engine, the user would be presented with a sponsored product ad including the trademark word and a link to the Amazon website, although the product was not sold by Amazon. When that trademark was typed in the search engine on Amazon's website, the user would receive the trademark word auto completed, repeated with product words and linked to competing products. The Court held that in both instances the average consumer could not, without difficulty, ascertain that the goods to which it was directed did not originate with the trademark holder. Therefore Amazon infringed third party's trademark rights.

Unsolicited Recommendation Emails

BGH I ZR 208/12

The German Federal Court heard a case in which the product vendor would ask a user on his commercial website to fill in his and a third party's email addresses in order to have an email sent by the vendor to the third party advertising the products. The Court found that the third party would receive the advertising email without its consent. Despite the fact that the user would start the process by filling in third party's email address, it was the vendor's intention to send an advertising email in his own name. Therefore such recommendation activity created an unsolicited email by the vendor and violated German competition law.

Legal Hyperlinks

European Court of Justice C - 466/12

The European Court of Justice tried the case of a website containing a link to third party's protected work which was displayed on another website. The third party claimed that the link infringed its copyright by illegally giving access to the work on the other website. The Court rejected the claim because the work was unlimitedly publicly displayed with the right holder's consent on the other website. The link on the first website therefore would not grant access to more or different viewers than what the right holder had already consented to. 

ICO Privacy Guidelines For App Developers

The UK Information Commissioner's Office released new privacy guidelines for app developers stressing privacy by design and types of notices and design features required to make apps comply with data protection law.(link)

Computer Manufacturers And Collecting Societies In Germany Settle

The German computer manufacturing industry and the collecting societies representing the interests of authors and other copyright owners in Germany agreed upon copyright levies for desktop computers, notebooks, netbooks and workstations for the period of 01/01/2011 to 31/12/2016. Tablet PCs are not part of the settlement.(link)

Viewing Video Stream Online Is No Illegal Copying

LG Cologne 209 O 188/13

The District Court of Cologne decided that viewing of a video stream online does not constitute an infringement of copyright, unlike the downloading of a video from the internet, because the viewer does not generate a copy of the video.

Bypassing Video Game Console Protections Can Be Legal

ECJ-355/12

The European Court of Justice had to decide a case in which a company sold software to bypass the protection mechanism in Nintendo game consoles. That mechanism allows only legal versions of Nintendo games to be played on the consoles. The Court found that only those prevention mechanisms are protected by law which intend to stop use of illegal copies of works protected by copyright. Mechanisms intending to prevent play of third party, e.g. competitor's games, are not protected by law. Consequently the software sold to bypass Nintendo's prevention mechanism was in so far not illegal. It was the task of the national court before which the case is tried to determine whether Nintendo could use a mechanism that would only prevent playing of illegal copies. If that was technically possible then the bypassing software of the defendant was not illegal.

Privacy And Data Protection Claims Against Google Inc. To Be Tried By English Courts

Vidal-Hall & Ors v Google Inc. [2014] EWHC 13 (QB)

The English High Court had to decide whether claims by British residents for breach of privacy and data protection against the US company Google Inc., not their UK entity, could be tried before an English Court.The claims concern Google Inc.'s collection of information from the devices the claimants used to access the internet and use of that information to generate advertisements targeted at them.
It found that it would be very burdensome for the claimants to bring proceedings in the US. There were serious issues to be tried and the claimants had clearly established that England was the appropriate jurisdiction. The issues of law raised by Google Inc. were complicated ones and in a developing area of law. It was better for all parties that the issues of English law be resolved by an English Court, with the usual right of appeal, whcih would not be available if the issues were resolved by an American court deciding English law as a question of fact. The Court also held that "damage" in section 13 of the Data Protection Act did not have to be financial loss but would include non-pecuniary damage. 
.

Intentionally Misspelled Domain Violates Competition Law

BGH I ZR 164/12

The German Federal Court had to decide a case in which a company used a domain name for its website promoting health insurances, which was almost identical to another companies domain name for a general weather forecast website except of an intentional misspelling, in order to lead users who accidentally typed the domain name wrongly for the weather forecast site to the health insurance promoting site. For every user landing on the latter site the company would receive a fee. The Court held that such business conduct by the "misspelling" company is a violation of competition law affecting the pursuit of business by the company providing the weather forecast website, if the first company does not immediately inform the user who landed on its website that it is not the weather forecast site.

Website Blocking Orders Against UK ISPs

[2013] EWHC 3479 (Ch)

The High Court issued website blocking orders under section 97A of the Copyright, Designs and Patents Act against the main UK internet service providers such as Sky, BT, TalkTalk, Virgin and others for infringement of copyrights held by major film studios. The relevant websites like TubePlus infringe copyrights by providing access to streams of films hosted by third party websites. The internet service providers host those relevant websites like TubePlus knowing this hosting service is actually used by the websites to infringe copyrights.

Guidance for German State Information Officers on Codes of Conduct

In Germany the group of State Information Officers ("so called Duesseldorfer Kreis") has drafted a guidance, now published by the Bavarian Information Office, on how to assess and approve Codes of Conducts submitted to them by industry groups or other professional associations under section 38a of the Federal German Data Protection Act. (link)

Changes to German Design Act

The German legislator has made changes to the Design Act. Arguably the most significant change is moving the invalidity proceedings away from the general courts to the Patent and Trademark Office in order to reduce time and costs associated with the proceedings. It should make the invalidity proceedings more affordable for small and medium sized companies as well as more comparable to similar proceedings elsewhere in the EU.

Illegal File Sharing and Family Ties

BGH I ZR 169/12

The German Federal Court had to decide on the liability of the holder of a private internet access point for the misuse of such access point by a third party for illegal file sharing online. In this particular case the holder was the father of a family and the third party was his full aged son who still lived with his parents. The court found that because of the family ties and the fact that the relevant persons lived under one roof the father could rely on his son not misusing his internet access and he was not required to monitor his son's online activities or take any other significant measures to prevent a misuse by him. The father was therefore found not liable for the illegal file sharing activities by his son.  

When Data is Personnel

[20113] EWHC 2575 (Admin)

The High Court had to decide whether data contained in a statement given by a third party to an authority was personal data and a disclosure of that information to the applicant would therefore require third party's consent. The court held that the following criteria must be affirmed to determine data is personnel:

a) Data is being processed, recorded or forms part of an accessible record
b) Living individual can be identified from the data
c) Data relates to individual
     - biographical information, identity and characteristics
     - impact on individual's rights and interests
     - individual identifiable and central theme

Copyright and Linking Third Party Content

BGH I ZR 39 / 12

The German Federal Court had to decide a case of possible copyright infringement where the host of a website provided users with links to protected third party content which they could download. That content was uploaded and hosted by him in a download centre without the consent of the relevant rights owner. The Federal Court found that the activity of the host was copyright relevant because it not only provided a link but also included uploading by himself in a download centre with his full knowledge of the content. It rejected the argument he could be seen as a neutral telecommunications/hosting service provider under EU directive 2000/31/EG and therefore be exempted from liability for copyright infringing content uploaded by third parties.