Technology Newsletter Issue 1/2016

Print pdf

Content of the newsletter:

EU Trademark Reform Accepted – Time for Trademark Holders to Take Action

New EU–U.S. Data Transfer Arrangement Agreed: EU–U.S. Privacy Shield

The European Court of Human Rights: Monitoring of Employees’ Communications Allowed

The Supreme Administrative Court Annuls Market Court Rulings on IR Trademark Registrations

New Swedish Patent and Market Court in September 2016

The .fi Domains to Be Released for Everyone to Register

Proposed Regulation of Web Aggregation Services in Russia

New Directive on Cybersecurity Approved in the EU

The Finnish Supreme Administrative Court: Trademarks Subject to Gift Taxation

Unified Patent Court – Preparatory Committee’s Decision on Fees

EU Trademark Reform Accepted – Time for Trademark Holders to Take Action

By Janne Joukas

The EU Parliament has adopted the EU trademark reform package consisting of the new Trademark Directive (EU) 2015/2436 (“Directive”) and the new EU Trademark Regulation (EU) 2015/2424 (“Regulation”). The Directive entered into force on 12 January 2016, and the Member States are given three years to implement it into their national laws. The Regulation will enter into force on 23 March 2016.

As reported in our Technology Newsletter 3/2015, the key changes include the following:

• The requirement of graphic representation is replaced with a requirement of clear and precise representation;

• Registration procedures will be harmonised across the EU;

• Trademarks listing certain class headings will be interpreted as including only the goods and/or services covered by the literal meaning of the listed goods or services;

• The fee structure will be renewed;

• Stronger protection against counterfeits entering the EU will be introduced;

• The Community Trademarks will be renamed as European Union Trademarks and the Office for Harmonization in the Internal Market will be renamed as the European Union Intellectual Property Office.

Current Community Trademark holders may have to take immediate actions as the reform will have a retroactive effect with respect to the interpretation of class headings on all Community Trademarks applied for before 22 June 2012 which are registered in respect of the entire heading of a Nice class. The Community Trademark holders will be given a six-month transition period enabling the Community Trademark holders to declare that their intention on the date of filing had been to seek protection in respect of goods or services beyond those covered by the literal meaning of the heading of that class, provided that the goods or services so designated are included in the alphabetical list for that class in the edition of the Nice Classification in force at the date of filing. The declaration shall be filed at the European Union Intellectual Property Office by 24 September 2016. It is recommended that the Community Trademark holders review their portfolios and take immediate actions to update any relevant registrations as needed. Otherwise, the scope of the registrations will be extended only to goods or services clearly covered by the literal meaning of the indications included in the heading of the relevant class.

New EU–U.S. Data Transfer Arrangement Agreed: EU–U.S. Privacy Shield

By Erkko Korhonen

After weeks of hectic negotiations between EU and U.S. officials following the invalidation of the former Safe Harbor by the Court of Justice of European Union (“CJEU”) in the Schrems Case (please see our Legal Updates for further information on the background), the European Commission announced on 2 February 2016 that it has reached a new agreement on transatlantic data flows with its U.S. counterpart. The new pact is called the EU–U.S. Privacy Shield. On 29 February 2016, the U.S. Department of Commerce and the European Commission disclosed the details of the EU-U.S. Privacy Shield agreement, which may be summarised as follows:

• Strong obligations on companies handling Europeans’ personal data and robust enforcement: U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The publication of such commitments will be monitored by the U.S. Department of Commerce, which makes them enforceable under U.S. law by the U.S. Federal Trade Commission. Participating companies who do not comply with the requirements may be sanctioned and/or excluded from the list of participants.

• Clear safeguards and transparency obligations on U.S. government access: The U.S. will give the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards, and oversight mechanisms, and such exceptions must be used only to the extent necessary and proportionate. The U.S. has agreed not to conduct indiscriminate or mass surveillance on the personal data transferred to the U.S. under the new arrangement. In order to regularly monitor the functioning of the Privacy Shield and the commitments of the U.S., there will be an annual joint review, which will also include the issue of national security access. The European Commission and the U.S. Department of Commerce will conduct the review and invite national intelligence experts from the U.S. and European Data Protection Authorities to it.

• Effective protection of EU citizens' rights with several redress possibilities: Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities: i) individuals may bring a complaint directly to a Privacy Shield participant and the participant must respond to the individual within 45 days, ii) European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission, iii) EU individuals are able to pursue legal remedies through private causes of action in U.S. state courts, including private causes of action for misrepresentation and similar types of claims, and iv) a new Ombudsman will be created in the U.S. under the U.S. Department of State for complaints on possible access by national intelligence authorities.

The EU Commission also adopted a draft decision on adequacy (as required by the Data Protection Directive), in which the EU Commission concluded that the United States will be considered to ensure an adequate level of protection for personal data transferred from the European Union to organisations in the United States that are self-certified under the EU-U.S. Privacy Shield. Such self-certified organisations will be included in the so-called Privacy Shield List, which will be maintained and made publicly available by the U.S. Department of Commerce.

On 29 February 2016, the Article 29 Working Party (“WP29”) provided its statement on the new arrangement. The WP29 will now assess these documents in order to give its opinion on the level of protection afforded by the EU-U.S. Privacy Shield. After that, the WP29 will consider whether other transfer mechanisms, such as Standard Contractual Clauses and Binding Corporate Rules, can still be used for personal data transfers to the U.S. However, in the meantime, Standard Contractual Clauses and Binding Corporate Rules continue to be valid data transfer mechanisms.

Further information on the facts can be found in the Commission’s press release and on the Department of Commerce’s website.

The European Court of Human Rights: Monitoring of Employees’ Communications Allowed

By Erkko Korhonen and Marta Monteiro

In its recent judgment, the European Court of Human Rights (“ECHR”) concluded that the monitoring of private communications sent through an employee’s messaging account is permitted and justified under certain circumstances. The background of the case is that Mr Bărbulescu, a Romanian national who was employed by a private company in Bucharest, was asked by his employer to set up a Yahoo Messenger account for business purposes. The employer had a strict IT policy, which clearly forbade the use of the company’s computers and other IT systems for personal usage, and the employer monitored Mr Bărbulescu’s usage of the Yahoo account. The employer discovered that Mr Bărbulescu had been using the account for personal communications with his family members during working time and subsequently dismissed him for breaching the company’s IT policy. Mr Bărbulescu challenged his dismissal under Romanian labour law and also claimed that the employer had breached his right to private life under Article 8 of the European Convention on Human Rights.

The ECHR considered that Article 8 was engaged on the basis that Mr Bărbulescu’s privacy and correspondence had clearly been affected by the employer’s monitoring of the Yahoo Messenger account. However, the ECHR noted that the employer had initially accessed Mr Bărbulescu’s account on the understanding that it only contained professional communications, as required by the employer’s policy. The ECHR found that, where a fair balance is struck between an employee’s rights and the employer’s business interests, “it is not unreasonable for an employer to want to verify that the employees are completing their professional tasks during working hours”. Furthermore, the employer’s monitoring in this instance was “limited in scope and proportionate”.

The ECHR’s decision in Bărbulescu v. Romania differs significantly from the earlier ECHR decisions in cases Halford v. UK (20605/92) and Copland v. UK (62617/00), in which employees successfully claimed that their respective employers had infringed their Article 8 rights by monitoring communications made using company IT systems. However, there was one clear difference in the facts: in said two cases, the employer had permitted the use of the IT systems for personal use as well. Thus, this case serves as a useful reminder to employers about putting in place clear and effective policies covering the acceptable use of IT, internet, and social media.

Although the decision was favourable to the employer, it cannot be regarded as giving employers the green light to conduct monitoring of their employees’ communications at the workplace. Furthermore, it does not override the existing national legislation governing the subject matter. In Finland, the Information Society Code (917/2014) places strict limitations on employers’ rights to monitor their employees’ private communications. In addition, any technical monitoring of employees in the workplace as well as the implementation of policies on the use of email and other communication tools are subject to a co-operation procedure laid down in the Finnish Act on Co-operation within Undertakings (334/2007, “ACU”), provided that the employer normally employs at least 30 employees.

In Finland, any work equipment provided by the employer to an employee (such as computers and IT systems) is company-owned equipment. Since the work equipment belongs to the company, the employer may limit the use of any such equipment to work purposes only. The above-mentioned duty to conduct a co-operation negotiations aims at creating clearly defined rules for the use of such equipment at the workplace, regardless of whether the personal usage of the work equipment is allowed or not.

Employers normally employing at least 30 employees must handle, in co-operation with the employee representative(s) of all affected employee groups, any matters related to (i) the collection of personal data during the employment relationship as well as to (ii) the purpose, introduction, and methods of technical surveillance directed at the personnel. Technical surveillance directed at the personnel includes, for example, camera surveillance directed at the personnel, access control (e.g. electronic key or clock card systems), as well as the use of any information gathered from the personnel’s use of IT systems, internet, and social media. After the co-operation negotiations have been completed, the employees must also be informed about the introduction of any means of technical surveillance at the workplace. Despite the ACU not being applicable to such policies and practices with regard to employers who normally employ less than 30 employees, such employers are nevertheless also required to inform the employees or their representatives about the introduction of any above-described matters and to provide the employees or their representatives with an opportunity to be heard before making a final decision on the subject.

The Supreme Administrative Court Annuls Market Court Rulings on IR Trademark Registrations

By Janne Joukas

The Supreme Administrative Court (“SAC”) has issued a yearbook ruling (KHO 2016:1) and three other similar non-yearbook rulings annulling the Market Court decisions in cases MAO:79/15–MAO:82/15 reported in our Technology Newsletter 2/2015. The Market Court decisions related to an obligation to appoint a representative in relation to international trademark registrations designating Finland (“IR Registration”). The SAC found that the Market Court decisions were based on manifestly erroneous application of the law, which had an essential effect on the decisions, and violated the rights of the IR Registration holders. The SAC also found that the Market Court decisions were against the public interest.

The cases addressed whether a holder of an IR Registration not domiciled in Finland must appoint a representative, resident in the European Economic Area, to represent the IR Registration holder in all matters concerning the IR Registration. The Market Court had ruled that the holder of an IR Registration shall have, as such, an obligation to appoint such representative, and if no representative is appointed, the IR Registration shall no longer be valid in Finland. The Market Court ruling was contrary to the Finnish Patent and Registration Office’s (the “FPRO”) then-current interpretation of the law, according to which a representative for an already valid IR Registration was only required if the holder wished to give a statement to the FPRO, for example in opposition proceedings. The FPRO did not appeal the Market Court decision, which hence became final, but FPRO subsequently applied for the annulment of the Market Court decisions from the SAC.

The SAC found that after an IR Registration has become valid in Finland, the Finnish Trademark Act does not set an obligation for an IR Registration holder to appoint a representative, except if the holder wishes to give a statement to the FPRO, for example in opposition proceedings. Furthermore, whether the IR Registration holder gives a statement in such opposition proceedings or appoints a representative may not be considered a requirement for the continued validity of the IR Registration in Finland.

The SAC ruling is rather noteworthy, as the annulment of an already final decision is possible only under certain exceptional circumstances referred to in the law. Such circumstances include procedural errors having a relevant effect on the decision, manifestly erroneous application of the law, an error having an essential effect on the decision, or new evidence which appears subsequent to the decision and has a relevant effect thereon. Moreover, even in such circumstances, the decision shall not be annulled unless it violates the right of an individual or unless it is deemed that it is in the public interest that the decision be annulled. In the present case, the SAC annulled the Market Court rulings and returned the matters back to the Market Court.

New Swedish Patent and Market Court in September 2016

By Elisabeth Vestin

Last year, the Swedish Government proposed that two new courts specialising in intellectual property, competition, and marketing cases shall be established, as was mentioned in our Technology Newsletter 3/2015.

On 2 March 2016, the Parliament decided to adopt the proposal and, consequently, the Patent and Market Court (Patent- och marknadsdomstolen) and the Patent and Market Court of Appeal (Patent- och marknadsöverdomstolen) will become operational on 1 September 2016. The Market Court and Court of Patent Appeals will cease to exist and the new courts will be a part of the Stockholm District Court and Svea Court of Appeal. The main aim of the new courts is to improve the judicial expertise in IP matters and enable more predictability and high-quality decisions.

Further information can be found here (in Swedish).

The .fi Domains to Be Released for Everyone to Register

By Emilia Uusitalo

As of 5 September 2016, new legislation regarding .fi domain names will enter into force when the currently applied Domain Name Act (228/2003, as amended) will be replaced by Chapter 21 (Domain Names) of the Information Society Code (917/2014). From the viewpoint of a domain name registrant, the most important new rules in the Information Society Code are the following:

• A company or an individual registering a domain name need not be registered or domiciled in Finland anymore, but any entity may register a .fi domain name regardless of its domicile.

• All the domain name registrations shall be made via a domain name registrar (in Finnish: verkkotunnusvälittäjä). This means, in practice, that a domain name holder may not register or renew their domain name directly on the webpage of the Finnish Communications Regulatory Authority (Ficora) anymore but instead will be required to use the services of a domain name registrar for managing their domain names.

• As a main principle, the domain name shall be registered in the domain name holder’s name.

Proposed Regulation of Web Aggregation Services in Russia

By Pavel Falileev

New amendments to a number of Russian laws have been proposed recently in the State Duma, which are aimed at the regulation of web aggregation services, specifically news and shopping sites.

While it is still unclear which implications the amendments will bring, they have been criticised by the Ministry of Communications and Mass Media and the Ministry of Economic Development. We assume the State Duma will pass the amendments, but with a number of changes because in their current state, the laws would be impossible to implement without harming the business of many news aggregation and comparison-shopping engine sites. Yandex News has already stated that if the State Duma adopts the amendments in their current form, it will discontinue its news aggregation service.

A news aggregator is a web application, mobile application, or software that aggregates web content from different news sources. Some popular examples are, Google News, Mail.ru, and Yandex News.

A comparison-shopping engine gathers multiple retailers’ product and pricing information on one web page with links to each individual retailer’s website. Some of the most popular sites include, Google Shopping, PriceGrabber, Shopzilla, and in Russia, Yandex Market.

The amendments concerning news aggregation sites have just been introduced to the State Duma and under the proposed amendments, the Russian government will consider news aggregation sites with over one million unique page views per day, mass media. This would require verification of the accuracy and reliability of information on the respective site. There will also be strict fines for those sites sharing misleading, inaccurate, or distorted information. Fines of up to 400,000 rubles for individuals or up to 5,000,000 rubles for legal entities may be assessed if news, deemed inaccurate by state authorities is not deleted upon request. Further, foreign investment in such sites cannot exceed 20%.

The amendments concerning comparison-shopping engines have already passed two hearings in the State Duma and if adopted would come into force on 1 January 2017. The sites would then be responsible for inaccurate or unreliable information on products or sellers included in their search results. The amendments would give consumers the right to claim damages originating from the inaccuracies on the comparison-shopping engine’s site.

We will continue to follow the amendments as changes occur through our participation in a number of technology related business discussions and we would like to stress that we do not believe that these amendments will be adopted in their current form. If you would like more information, please contact Associate Pavel Falileev.

New Directive on Cybersecurity Approved in the EU

By Erkko Korhonen

The new directive on network and information security (“NIS Directive“) was approved by EU Member States on 18 December 2015.

The NIS Directive imposes obligations on Member States to establish Computer Security Incident Response Teams as well as competent national authorities with adequate technical, financial, and human resources to co-ordinate with law enforcement authorities, data protection authorities, and the operators covered by the Directive. In addition, the NIS Directive sets out a rule requiring providers of certain services that are “essential for the maintenance of critical and societal or economical activities” to take appropriate security measures and report cyber security incidents. Such service providers are divided into two categories, i) operators of essential services and ii) providers of key digital services.

Operators of Essential Services

Businesses with an important role for the society and the economy, referred to in the Directive as “operators of essential services”, will have to take appropriate security measures and notify serious incidents to the relevant national authority. Such requirements apply to operators in the following sectors:

• Energy

• Transport

• Banking: credit institutions

• Financial market infrastructures: trading venues, central counterparties

• Healthcare providers

• Drinking water supply and distribution

• Digital infrastructure: internet exchange points (which enable interconnection between the internet's individual networks), domain name system service providers, top-level domain name registries.

Each EU Member State is obliged to maintain a list of such operators in its territory or to otherwise have “objective quantifiable criteria” to determine which providers fall under its jurisdiction. The NIS Directive requires the operator of an essential service to have in place appropriate and proportionate technical and organisational measures to manage the risks posed to the security of networks and information systems that they use in their operations. While the NIS directive does not specifically define what such measures are, it does require security systems to be “state of the art”.

Operators of essential services will also be required to notify competent authorities “without undue delay” after experiencing a security incident that has a significant impact on the provision and continuity of the operator’s service. Significance will be determined on the basis of (a) the number of users affected by the disruption of the essential service; (b) the duration of the incident; and (c) the geographical spread with regard to the area affected by the incident.

Digital Service Providers

The NIS Directive also applies to certain providers of digital services (“DSP”), such as providers of online marketplaces, search engines, and cloud computing services. However, small or micro-enterprises with fewer than 50 employees and an annual balance sheet less than EUR 10 million will not be within the scope of the Directive.

Each DSP will only fall under the jurisdiction of the single Member State in which it has its “main establishment” in the EU. In addition, the DSPs will be required to take appropriate “state-of-the-art” security measures and to notify incidents to the competent authority.

Next Steps

The NIS Directive still needs to be formally approved by the European Parliament and the Council, which is expected to take place this spring. After the approval, the EU Member States will have 21 months to implement the provisions into national law and identify the essential services that will be subject to the new rules.

The Finnish Supreme Administrative Court: Trademarks Subject to Gift Taxation

By Emilia Uusitalo

In its recent decision (KHO 2016:5), the Finnish Supreme Administrative Court ruled that trademarks which are transferred as a donation shall be subject to gift taxation.

In said case, “A” wanted to transfer his shares of a company and the trademarks connected to the company’s business to his son “B”. The Tax Administration first concluded that trademarks were not subject to separate gift taxation, but the Administrative Court of Helsinki was of another opinion.

According to the Administrative Court, certain earlier Supreme Administrative Court rulings regarding the exemption of the gift taxation of copyrights are not applicable to trademarks. Furthermore, in this case the trademarks had material significance for the continuation of the company’s business in its current form, and hence, commercial value.

The Supreme Administrative Court confirmed the Administrative Court’s view on the matter. Moreover, according to the Supreme Administrative Court, the Act on Inheritance and Gift Tax does not set forth that the legislation would not apply to intellectual property rights. Furthermore, the reasons relating solely to the hardship of valuating certain property were not sufficient for the property to be exempted from taxation. Therefore, the Supreme Administrative Court ruled that a trademark is considered property for which gift tax shall be paid in accordance with the Act on Inheritance and Gift Tax.

Unified Patent Court – Preparatory Committee’s Decision on Fees

By Panu Siitonen

The Preparatory Committee has announced its decision on fees following a meeting held on 24–25 February 2016, at which meeting the Rules on Court fees were agreed upon. The Preparatory Committee decided to remove the fees for opting a European patent out of the Unified Patent Court and for withdrawing an opt-out as, according to the Explanatory Note of the Preparatory Committee, the administrative burden of the opt-out process rests almost entirely with the applicant, i.e. the patentee.

The fees for all procedures and actions were set and, as an example, the fee model for the court fees of an infringement action in the Court of First Instance will consist of a fixed fee of EUR 11,000 + a value based fee, which will be determined on the basis of the value of action. The additional value-based fee may vary remarkably, as the scale is very large. In case the value of action does not exceed EUR 500,000, there will be no additional value-based fee. However, in case the value of action exceeds EUR 50,000,000, the additional value-based fee will be EUR 325,000.

In addition, the Preparatory Committee also decided on a scale of ceilings for recoverable costs. In case the value of the proceedings does not exceed EUR 250,000, the ceiling for recoverable costs is set to be up to EUR 38,000. In case the value of the proceedings exceeds EUR 50,000,000, the ceiling for recoverable costs is set to be up to EUR 2,000,000. The ceiling at the lower end is likely to cause concern, especially in complex cases. The Preparatory Committee has tried to take this aspect into consideration by deciding that in limited situations (such as in particularly complex cases) the Court may, upon request by one party, raise the ceiling by up to 50% of the applicable level in the fee scale corresponding to a value of the proceeding up to EUR 1,000,000. Thus, unfortunately, it seems that in smaller cases, it will be quite difficult for the winning party to recover all legal fees from the losing party, and it is rather likely that the winning party must bear a remarkable part of the legal fees.

Disclaimer: Hannes Snellman Technology Newsletter is intended for information purposes only. It should not be relied upon as legal advice nor should it be used as a basis for any action or final decision without specifically verifying the applicability and relevant issues on their merits in each individual case.

Hannes Snellman Attorneys Ltd