Wednesday, 14 November 2012

France: Radioblog condemned to damages for over €1 million

The French Supreme Court (“Cour de Cassation”) has upheld, in a ruling of 25 September 2012, a judgment of the Court of Appeal of Paris condemning Radioblog and its managing directors to the payment of damages amounting to over €1 million, in addition to a suspended prison sentence of nine months and a €10,000 fine.
The case is interesting for two reasons: the gigantic amount of damages and the application, for the first time, of new provisions of the French Intellectual Property Code condemning the provision of software applications intended to be used for infringing copyright.
The facts are the following: the website Radioblog provided a software called ‘RadioBlogClub’ to Internet users that enabled them to create a music player on an Internet page and to broadcast musical files in the form of playlists accessible to anyone (via streaming). This system did not however allow the Internet users to download the musical files. Moreover, the device enabled the Internet users to research music by title or by artist from a database available on the website

Software manifestly intended to communicate unauthorised works to the public
The Court of Appeal of Paris, in its decision dated 22 March 2011, condemned Radioblog and its managing directors, not only (very classically) for communicating protected recordings to the public in violation of Article L. 335-4 of the Intellectual Property Code, but also on the grounds of Article L. 335-2-1 of the same code, which punishes anyone who “publishes, makes available or communicates to the public, knowingly and in any form whatsoever, software manifestly intended to communicate unauthorised works or protected objects to the public” with up to 3 years imprisonment and a fine of up to €300,000.
The Supreme Court upholds the ruling of the Court of Appeal Paris, which had considered that these provisions were applicable in this case, since the website offered to Internet users the possibility of listening to recordings, most of which were protected by intellectual property” and since “the accused, who are professionals in a very specialised field, could not ignore the obligation to ensure compliance with the rights of the right owners, before allowing the public to broadcast the works”.

Punitive damages
The ruling of the French Supreme Court is also very interesting in that it upholds the judgement of the Court of Appeal, which awarded over €1 million in damages to the two unions representing French record producers, which took action against Radioblog (SCPPand SPPF). This amount of damages is based on the amount of profits that were made by the websites through publicity. The Court of Appeal based its decision on paragraph 1 of Article L. 331-1-3 of the Intellectual Property Code which provides that “To award damages, the court takes into account the negative economic consequences, including lost profits suffered by the injured party, the profits made by the infringer and the moral prejudice caused to the holder of these rights because of the infringement”.
The Cour de Cassation upheld the Court of Appeal’s judgment, ruling that the assessment of damages is left to the discretion of the lower courts. This is however questionable. Even though the Supreme Court is not the judge of the facts, the way in which the Court of Appeal of Paris assessed the prejudice of the plaintiffs should be considered as breaching the law, since the French judges are not supposed to indemnify beyond the actual prejudice. Indeed, the Court of Appeal did not define the prejudice actually suffered by the plaintiffs. The two French above-mentioned unions certainly do not represent the entire musical production, as well as the authors, publishers, performing artists, etc. In a way, the Court of Appeal of Paris applied serious punitive damages (see Axel Saint Martin, Radioblog – Peine privée pour contrefaçon, RLDI 2009, 53), and the Supreme Court approved the Court of Appeal in the negative, by simply ruling that it is not the judge of the facts.

Saturday, 10 November 2012

Football Dataco II: ‘Re-utilisation’ must be interpreted broadly

European Court of Justice, 18 October 2012, Football Dataco and others v. Sportradar, C-173/11

On 18 October 2012, the European Court of Justice (ECJ) rendered its judgment in Football Dataco II (C-173/11), in which it ruled that data is re-utilised in a Member State, the meaning of Article 7 of the Directive 96/9, if there is evidence that the alleged infringer intended to target members of the public in that territory.
The Court of Appeal of England and Wales made a reference for a preliminary ruling concerning the interpretation of Article 7 of the Directive 96/9/EC on the legal protection of databases, in the proceedings opposing Football Dataco Ltd, Scottish Football League and PA Sport UK Ltd (hereafter ‘Football Dataco’) and Sportradar (Sportradar GmbH and Sportradar AG).
Football Dataco organises football competitions in England and Scotland, and manages the creation and exploitation of the data and intellectual property relating to these competitions. Football Dataco claims to have, under UK law, a sui generis right in its database, which is a compilation of data about football matches in progress (goals, yellow and red cards, etc.).
Sportradar provides results and statistics relating to English league matches live on the Internet. It enters into agreements with betting companies that provide betting services aimed at the UK market. The websites of these betting companies contain a link to Sportrador’s website (, which allows the internet users to access the data.
Football Dataco brought a case against Sportrador before the High Court of Justice of England and Wales, on the grounds of the infringement of its sui generis right, arguing that the defendants had copied data from its database in order to compile data for its own services. Sportrador challenged the High Court’s jurisdiction, which nevertheless declared that it had jurisdiction in a judgment dated 17 November 2010.
The parties both appealed the decision in the Court of Appeal of England and Wales, which decided to refer the following question to the ECJ:
Where a party uploads data from a database protected by the sui generis right under Directive 96/9/EC … onto that party’s web server located in Member State A and in response to requests from a user in another Member State B the web server sends such data to the user’s computer so that the data is stored in the memory of that computer and displayed on its screen:
is the act of sending the data an act of “extraction” or “re-utilisation” by that party?
does any act of extraction and/or re-utilisation by that party occur
in A only,
in B only; or
in both A and B?

Re-utilisation’ must be interpreted broadly
Article 7(1) of the Directive provides that the sui generis right is the right for the maker of a database “to prevent extraction and/or re-utilisation of the whole or a substantive part” of the contents of that database. And Article 7(2)(b) provides that ‘re-utilisation’ means “any form of making available to the public all or a substantial part of the contents of a database by the distribution of copies, renting, by online or other forms of transmission”.
In its judgement, ECJ refers to The British Horseracing Board and Others (case C-203/02) to state that the concept of ‘re-utilisation’ must “be understood broadly, as extending to any act, not authorised by the maker of the database protected by the sui generis right, of distribution to the public of the whole or a part of the contents of the database”. The Court observes that the nature and form of the process are of no relevance in this respect.
The ECJ then rules that ‘re-utilisation’ must “be interpreted as meaning that the sending by one person, by means of a web server located in Member State A, of data previously uploaded by that person from a database protected by the sui generis right under that directive to the computer of another person located in Member State B, at that person’s request, for the purpose of storage in that computer’s memory and display on its screen, constitutes an act of ‘re-utilisation’ of the data by the person sending it.”
In our case, the betting companies entered into agreements with Sportradar to have access to its web server, and in turn they made that server accessible to their own customers. This is an act of distribution under Article 7 of the Directive.

Location of the re-utilisation: ECJ refuses ‘infringement forum shopping’
Sportradar argued that an act of re-utilisation within the meaning of Article 7 of Directive 96/9 must be regarded as located exclusively in the territory of the Member State in which the web server from which the data is sent is located (the ‘emission theory’). Thus, Sportradar considers that the English courts do not have jurisdiction. The ECJ explains that if it were to follow such an interpretation, it would mean that an operator who proceeds to re-utilise online the data of a database, targeting the public of a Member State, would escape the application of the national law of that State because its server is located outside the territory of the State in question. And infringers could even escape the application of the European sui generis right by simply locating their servers outside of the EU!
On the other hand, the Advocate General, in his opinion delivered on 21 June 2012, interpreted broadly Article 7(2)(b) of Directive 96/9 and concluded that the act of re-utilisation occurs “as a result of a sequence of actions in a number of Member States and must be regarded as having taken place in each and everyone of them”.
The ECJ does not go as far as the Advocate General, and observes that given the ubiquitous nature of the content of a website, the mere fact that the website is accessible in a national territory is not sufficient to consider that the operator of that site is performing an act of re-utilisation caught by the national law. If not, it would be possible to conclude that there is an act of re-utilisation in any Member State where an internet user can technically access the website containing the data, that is to say virtually any Member State.
The ECJ refers to the case law it developed in trade mark law (case C-324/09 L’Oréal and Others, para. 64, but also joined cases C-585/08 and C-144/09 Pammer and Hotel Alpenhof, para. 69) to rule that the localisation of an act of re-utilisation depends on there being evidence that the act of re-utilisation discloses an intention to target persons in that territory. The ECJ adds that such intention must be assessed by the national courts.
The ECJ gives a few examples of the type of evidence of such intention to target members of the public of a Member State:
- The fact that Sportradar entered into agreements with companies that offered betting services to UK clients. The fact that the agreements take into consideration the amount business in the UK to fix the remuneration would constitute additional evidence of Sportradar’s knowledge of the destination of the data.
- The fact that the data was accessible in English to UK Internet users (who were clients of the companies in question), whereas English is not commonly used in the Member States from which Sportradar pursues its activities.
By applying its trade mark case law relating to jurisdiction, the ECJ refuses two types ‘infringement forum shopping’:
- The companies that re-utilise data protected in a EU Member State by a sui generis right, without authorisation, cannot rely on the emission theory and locate the servers in another Member State or (even worse) outside of the EU, in order to escape infringement proceedings in that State.
- The makers of databases cannot rely on the mere accessibility of a website re-utilising data protected by a sui generis right to bring an infringement case before the courts of any State where the website can be accessed, without there being evidence that the alleged infringer targeted the public of that State.

Read the ruling: C-173/11

YS Avocats, Law Firm

Monday, 2 July 2012

The European Patent Court Will Be Based In Paris

The European Council has decided to base the Unified Patent Court's Central Division of the Court of First Instance in Paris.

The purpose of the European Patent Court is to establish less-expensive, simpler and more efficient patent protection for businesses in the EU.

There will be two specialised sections: one in London and the other in Munich.

The Unified Patent Court will have exclusive jurisdiction for proceedings relating to the validity of a European unitary patent or to infringements thereof thus eliminating the risk of multiple patent lawsuits in different member states concerning the same patent. This will also eliminate the risk of having different rulings from different member states for the same patent.

The European Patent Court is part of the future unitary patent system in the EU, together with a regulation on the unitary patent itself and a regulation on translation arrangements. This unitary patent “package” should be adopted early in 2014.
Read the European Council’s presentation: European Council's presentation

Friday, 29 June 2012

Cloud Computing: The French Data Protection Authority Publishes Its Recommendations

In 2011, the French data protection authority, the CNIL, launched a public consultation on cloud computing.

Using these contributions, on 25 June 2012, the CNIL published recommendations for French companies that want to use cloud services.

As the CNIL explains, many cloud-computing services are available on the market:  infrastructure hosting (IaaS – Infrastructure as a Service), supplying of development platforms (PaaS - Platform as a Service) or online software (SaaS – Software as a Service). These services are proposed in public clouds (service shared between many clients), private clouds (cloud dedicated to one client) or hybrid clouds (combination of both models, public and private).

In order to comply with personal data protection law, businesses have to deal with matters such as security, applicable law, transfers of personal data, guarantees given by the service providers, etc.

As the CNIL points out, the service providers usually have standardised contracts and it is difficult for businesses, especially for small and medium-size companies, to negotiate clauses relating to security, liability, etc.

In the recommendations, the CNIL gives clear explanations in order to help businesses comply with the French personal data law, and provides ready-made clauses to cover most types of situations, which can be inserted in the contracts entered into with the service and hosting providers.

Read the CNIL's presentation (in English): The CNIL's presentation

Read the CNIL's recommendations (in French): The CNIL's recommendations

Friday, 22 June 2012

French e-Commerce Is Growing Fast

French e-commerce is continuing its rapid growth, says the Federation of e-commerce and distance selling (Fevad), in a report published on 10 May 2012 on the sales through Internet during the first quarter of 2012 (Report).

Internet sales continued to grow during the first quarter of 2012, as they did during 2011: 24% during one year.

In total, the amount of sales on the Internet in France is valued at €11 billion during this period, and transactions have grown by 30% on the same period.

The number of commercial websites has also increased by 22% during the first quarter, with 104,100 sites (18,800 more than last year).

Read the report: Fevad Report

Tuesday, 12 June 2012

eBay: The French Courts Do Not Have Jurisdiction If a Website Is Not In French

Court of Appeal of Paris, 22 May 2012, Würburg Holding / eBay, 

Following a ruling of 20 September 2011 of the French Supreme Court annulling a previous judgement, the Court of Appeal of Paris had to decide whether the French courts have jurisdiction for trademark infringement cases when a website is not in French.

In its judgement, the Supreme Court had ruled that the fact that a website can be accessed from France is not sufficient to consider that the French Courts have jurisdiction in a case of trademark infringement, the case in question concerning the trademark "Marithé et François Girbaud". One of the criteria is the place where the prejudice is suffered, but it is necessary to verify whether the adverts are actually aimed at the French public.

The Court of Appeal of Paris, in its judgement of 22 May 2012 ruled that the adverts on the site are not aimed at the French public, and that the French courts therefore do not have jurisdiction, since:

- access to the website was through Google, because the site that is proposed to the French public is;
- the adverts were in English, as was the procedure for ordering the products.

Read the judgement: Judgement of 22 May 2012

Monday, 11 June 2012

The Obligation to Notify the Breach of Personal Data

Article 34 prime of the 1978 French Act on personal data protection implements the obligation to notify the breach of personal data provided by the directive 2002/58/EC ("Telecom pack"). The Decree 2012-436 of 30 March 2012 specifies the application measures.

In a note dated 28 May 2012, the French data protection authority CNIL explains how this new obligation is to be understood and applied (CNIL's note).

The service providers concerned by this obligation are the providers of electronic communication services to the public, which have to be declared to the French Telecommunications and Post Regulator ARCEP (article L33-1 paragraph 1 of the French Postal and Electronic Communications Code).

A breach of personal data has to be notified when personal data is destroyed, lost, altered, disclosed or accessed without authorisation. Such a breach can be either accidental or unlawful.

The CNIL gives a few examples of what would constitute a breach of personal data:
- intrusion into the customer database of an Internet service or access provider (ISP),
- intrusion into the online shop of a mobile operator, resulting in the disclosure of the credit card numbers of clients who ordered a new phone as part of their subscription,
- a confidential e-mail sent to the client of an ISP, and forwarded to other persons by mistake.

The following breaches would not constitute a breach under article 34 prime of the 1978 Act:
- a breach that does not concern the personal data processed by the ISP such as a virus attacking the PCs of the ISP clients in order to collect personal data,
- a breach that does not concern the provision of electronic communication services, such as a breach of the ISP's human resources data.

In the event of a breach of personal data, the CNIL has to be notified systematically forthwith. The notification has to (1) describe the nature and consequences of the breach, (2) the measures that have been taken in order to remedy the breach, (3) the persons that can be contacted in order to obtain additional information, and (4), if possible, an estimation of the number of people likely to be concerned by the breach.

Whenever the violation is likely to breach personal data security or the privacy of a subscriber, the ISP also has to notify the party affected. Such notification will however not be necessary if the CNIL considers that the service provider has implemented appropriate protection measures to ensure that the personal data is undecipherable by unauthorised individuals.

In case of violation, the service provider will have to draw up and keep an inventory that will contain, in particular: what has happened, the consequences of what has happened, and the measures implemented in order to remedy the breaches.

Read the CNIL's note: CNIL's note

Thursday, 31 May 2012

Google's New Privacy Policy: the CNIL Sends Google an Additional Questionnaire

The French data protection authority, the CNIL (Commission Nationale de l'Informatique et des Libertés), was invited by the Article 29 Working Party (which brings together all the data protection authorities of the European Union) to take the lead in the analysis of Google's new privacy policy, which took effect on 1 March 2012.

On 16 March 2012, the CNIL sent Google a detailed questionnaire on its new confidentiality rules (questionnaire). See our post: The French Data Protection Authority Questions Google On Its Privacy Policy.

On 5 and 20 April 2012 Google answered the first questions.

The CNIL considered that Google's answers are often unclear and/or incomplete, and therefore sent an additional questionnaire on 22 May 2012; Google's reply is expected for 8 June 2012.

The CNIL wants clear explanations regarding:
- the processing of personal data (links between the collected data, the purpose and the recipients);
- the maximum retention period of the data;
- the combination of data services (purpose and breadth of the combinations),
- the actual effects of Google's opt-out mechanisms and the validity as a means to exercise the right to oppose;
- the way in which the ePrivacy Directive is applied for "passive users" of Google's services (advertising, analytics, +1 button) when they visit third-party sites.

After receiving Google's answers, the CNIL will then present its report to the Article 29 Working Party, which will state its position and send to Google, before mid-July, its recommendations as to the improvements that should be made in order to comply with the European data protection rules.

Read the additional questionnaire sent to Google: Additional questionnaire

Sunday, 20 May 2012

European Court of Justice: the Functionality of a Computer Program and the Programming Language Are Not Protected by Copyright

European Court of Justice, 2 May 2012, Case C406/10

SAS Institute Inc. developed the SAS System: an integrated set of programs which enables users to carry out data processing and analysis tasks such as statistics.

SAS Institute Inc. brought a copyright infringement case against World Programming LTD (WPL), which had lawfully acquired a licence for the SAS System in order to study and observe the SAS System and create alternative software capable of executing application programs with globally the same functionalities. However, WPL did not have access to the source code of the SAS System, nor was WPL allowed to copy it.

The European Court of Justice ruled that "Article 5(3) of Directive 91/250 must be interpreted as meaning that a person who has obtained a copy of a computer program under a licence is entitled, without the authorisation of the owner of the copyright, to observe, study or test the functioning of that program so as to determine the ideas and principles which underlie any element of the program, in the case where that person carries out acts covered by that licence and acts of loading and running necessary for the use of the computer program, and on condition that that person does not infringe the exclusive rights of the owner of the copyright in that program".

Sunday, 13 May 2012

“Google Suggest": Google Condemned for Its Keyword Suggestion System

High Court of First Instance of Paris, Chamber 17, 15 February 2012, Kriss Laure c. Google Inc. and Larry P.,

Since 2009, Google has been condemned several times by the French Courts in defamation and insult cases relating to its “Google Suggest" system. For instance, in a decision of 14 December 2011, the Court of Appeal of Paris condemned Google Inc and its director of publication for an insult that was generated by Google’s keyword suggestion system. The court considered that associating the term “crook" and the corporate name of a company is public abuse on the part of Google.

In the present case, the High Court of First Instance of Paris ("Tribunal de grande instance de Paris"), in a judgment dated 15 February 2012, decided that Google’s keyword suggestion system caused public abuse by associating the term “sect" with the name of an association.

If associating the term “sect" with the name of an organisation or a person incontrovertibly constitutes public abuse, it is questionable whether Google has actually committed a criminal act in this case, since its keyword suggestion system simply reflects what the users enter into the search engine, i.e. the name of the organisation with the term “sect".

Friday, 11 May 2012

The French Supreme Court Rules That eBay is Not a Hosting Provider

French Supreme Court, 3 May 2012
eBay Inc., eBay International / LVMH, Parfums Christian Dior

The Commercial Chamber of the French Supreme Court (“Cour de Cassation"), in three decisions rendered on the same day, ruled that “the eBay companies did not carry out a mere hosting activity but played, irrespective of any option taken by the sellers, an active role that gave them the knowledge of or control over the data that they stock, which does not allow them to benefit from the limitation of liability system provided by section 6.1.2 of the 21 June 2004 Act and section 14 § 1 of the 2000/31 directive".

Indeed, the Supreme Court considers that eBay has an active role in its online marketplace, since it uses optimisation means for the transactions that it puts at the disposal of the sellers, sends unsolicited messages to the buyers to invite them to buy, and sends invitations to the unsuccessful bidders for them to participate in other offers.

EBay is therefore likely to be held liable for the infringements that take place on its Internet site because of its active role which gives it the knowledge of and control over the unlawful selling offers that it stocks.

Read the decision:

Sunday, 22 April 2012

The French Data Protection Authority Questions Google On Its Privacy Policy

The French data protection authority, the CNIL (Commission Nationale de l'Informatique et des Libertés), was invited by the Article 29 Working Party (which brings together all the data protection authorities of the European Union) to take the lead in the analysis of Google's new privacy policy, that took effect on 1 March 2012.

On 16 March 2012, the CNIL sent Google a detailed questionnaire on its new confidentiality rules.

In its questionnaire, the CNIL asks Google 69 questions that are meant to clarify the implications the new confidentiality rules will have on the users of Google, whether these users have accounts, or are not authenticated or are simply passive users of Google services on other sites (publicity, measurement of audiences, etc).

Google's answers are supposed to help the European data protection authorities assess the compliance of Google’s services with European law.

The CNIL asked Google to reply to the questionnaire by 5 April 2012.

On 5 April 2012, Google answered the first 24 questions of the 69 questions asked, indicating to the press that it has negotiated a delay for the rest of its answer with the CNIL.

Read the questionnaire:

Facebook's Jurisdictional Clause is Null: the French Courts Have Jurisdiction

Court of Appeal of Pau, 23 March 2012,

A French user, who considered that Facebook had wrongly closed its Facebook account, brought a case against Facebook before the Civil Court of Bayonne for small cases ("Juridiction de Proximité"), claiming €1500 in damages.

Facebook Inc argued that its general terms and conditions provide that the courts of California entertain exclusive jurisdiction, and that the French courts therefore do not have jurisdiction.

In a judgement of 18 October 2011, the Civil Court of Bayonne ruled that indeed, following Facebook's argument, it did not have jurisdiction. The French Facebook user appealed against this judgement (at this stage only on the issue relating to the jurisdiction).

The Court of Appeal of Pau reversed the judgement and ruled that the French courts have jurisdiction, on the grounds of section 48 of the French Code of civil procedure which provides that:

“Any clause that departs, directly or indirectly, from the rules of territorial jurisdiction will be deemed non-existent unless it has been agreed between parties to a contract entered into as merchants and the same has been provided for in an explicit manner in the undertakings of the party against whom it will be enforced“.

A jurisdictional clause must therefore satisfy two cumulative conditions:

- the parties have to be merchants (and therefore not consumers),

- the clause must be presented in a very explicit manner, i.e. not written in small print and lost in a long contract.

In the present case, the Court of Appeal did not refer to the fact that the Facebook user was not a merchant, but insisted on the fact that the clause was written in English, in very small print, and that the user merely clicks to accept very long and involved terms and conditions.

Facebook has since translated its terms and conditions into French. Nevertheless, it is not certain that the jurisdictional clause is presented to the users in a sufficiently “explicit manner”.

Moreover, since the users of Facebook are mostly consumers, it does not seem that the jurisdictional clause, which gives exclusive jurisdiction to the Californian courts, will necessarily be valid. Nevertheless, not all Facebook users can be considered as consumers under French law, as many firms now use Facebook for corporate communications.

Read the case: