Monday 24 October 2016

Dynamic IP Address Can Be Personal Data

ECJ C-582 / 14


The European Court of Justice had to look again at the legal question whether IP addresses are personal data under European data protection laws. This time it was not the internet service provider of a user holding its IP address but a social media provider which would allocate dynamic IP addresses to visitors of its website. The dynamic IP address alone would not enable the social media provider to determine the identity of the user. It would require in addition the personal data stored by the visitor's internet service provider. 

The Court found the fact that the online service provider itself did not hold all necessary information for the identification of the data subject not enough to negate the assumption of the dynamic IP address being personal data because the law would expressly include also the indirect determination of a data subject's identity. However, it found decisive whether the possibility to combine a dynamic IP address with the additional data held by the internet service provider constitutes a means likely reasonably to be used to identify the data subject. This would not be the case if for example the identification of the data subject was prohibited by law or practically impossible on account of the fact that it requires disproportional effort.

Monday 17 October 2016

Exhaustion Principle Only For Original Copy (CD)

EuGH C - 166 / 15


The first buyer of a copy of a software with the license to unrestricted use can resell the used copy (CD 1) and the license to a second buyer. If the original physical copy of software (CD 1) is damaged, destroyed or lost then the first buyer may resell his back up copy (CD 2) of the software to the second buyer only with the consent of the copyright holder. The principle of exhaustion only applies to the original copy (CD).

Monday 26 September 2016

Provider Of Free Public WiFi Not Liable for IP Infringements By Users

EuGH C-484 / 14


The European Court of Justice has found that the provider of a WiFi network, which he provides to the public without charge, cannot be held liable for IP infringements committed by users. He may be ordered though to protect the network by a password to prevent IP infringements. 

Hard - and Software Bundle Not Unfair Practice

EuGH C-310 / 15


The European Court of Justice decided that the sale of computer with pre-installed software is not an unfair business practice. The promotion of computer and software bundles meets the expectation of a considerable part of consumers and is therefore not a professional negligence. In such cases consumer also do not expect a separate display of prices which is why the lack of separate display of prices can not be deemed misleading consumers.

Linking Can Be Illegal Display of Protected Work

EuGH C-160 / 15


The European Court of Justice decided that creating a link to works displayed on another website is in itself illegal public display of the works, if the link creator knew that the display on the other website violated IP rights but he still created the link to generate profit.

Thursday 1 September 2016

EU - US Privacy Shield Is Live

After the EU and the US agreed on the successor agreement to Safe Harbour, called the
EU - US Privacy Shield, US companies may as of August 1, 2016, self certify under the programme as a means of complying with EU data protection laws when transferring EU
personal data from the EU to the US.

EU Commission Finds Apple Tax Benefits in Ireland Illegal


On 30th of August the European Commission issued a statement about its decision that Ireland granted undue tax benefits of up to €13 billion to Apple. This is illegal under EU state aid rules, because it allowed Apple to pay substantially less tax than other businesses. Ireland must now recover the illegal aid from Apple. There are no fines under EU State aid rules and recovery does not penalise the company in question. It simply restores equal treatment with other companies.

Wednesday 15 June 2016

EU Code of Conduct Against Illegal Online Hate Speech

EU-Commission, PM IP/16/1937 of 31/5/2016



The EU Commission together with Facebook, Twitter, Microsoft and YouTube have published a Code of Conduct which contains a number of obligations to tackle illegal online hate speech in Europe. By signing this Code the aforementioned IT companies commit to a sustainable internal hate-speech policy which shall lead to a review and deletion of illegal online hate speeches within 24 hours as well as the closing down of illegally used accesses to those communication platforms.







Tuesday 14 June 2016

Companies Fined For Not Replacing Safe Harbor

Hamburg Data Protection Agency


After the European Court of Justice (ECJ) ruled that the Safe Harbor program is invalid, the European DPAs granted companies a transitory period until February to migrate from the Safe Harbor to other legal tools for their international data transfers, in particular by implementing Binding Corporate Rules (BCRs) or the Model Contractual Clauses.
The Hamburg Data Protection Agency (DPA), which effectively takes the lead in the German DPAs' response to Safe Harbour and the Privacy Shield, recently investigated 35 companies. It found significant shortcomings in that respect and has started to fine those for not having appropriate replacements for the Safe Harbor in place after the expiration of the permitted grace period.

Tuesday 1 March 2016

EU Commission Publishes Legal Text Of EU-U.S. Privacy Shield

The European Commission made public a draft "adequacy decision" of the Commission as well as the texts that will constitute the EU-U.S. Privacy Shield after the Safe-Harbour treaty was found invalid by the European Court of Justice. This includes the Privacy Shield Principles companies have to abide by, as well as written commitments by the U.S. Government (to be published in the U.S. Federal Register) on the enforcement of the arrangement, including assurance on the safeguards and limitations concerning access to data by public authorities.

In a next step a committee composed of representatives of the Member States will be consulted and the EU Data Protection Authorities (Article 29 Working Party) will give their opinion, before a final decision by the College. In the meantime, the U.S. side will make the necessary preparations to put in place the new framework, monitoring mechanisms and the new Ombudsperson mechanism.