Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal Liability & Data Protection Paul Van den Bulck Attorney-at-law at the Paris and Brussels Bars Partner Ulys Law Firm Lecturer at University Paris.

Published byStephany Lester Modified over 9 years ago

Similar presentations

Presentation on theme: "Legal Liability & Data Protection Paul Van den Bulck Attorney-at-law at the Paris and Brussels Bars Partner Ulys Law Firm Lecturer at University Paris."— Presentation transcript:

1 Legal Liability & Data Protection Paul Van den Bulck Attorney-at-law at the Paris and Brussels Bars Partner Ulys Law Firm Lecturer at University Paris II Panthéon-Assas (France) Lecturer at the University R. Schuman (Strasbourg) Brussels 21 September 2007 WWW.ULYS.NET paul.vandenbulck@ulys.net

2  Review on the basis of the European legislation  Diversity of geographic seats of the different Euro Info Centers  Diversity of different national legislations implementing different European rules (some of them are sometimes more restrictive when Directives allow it) Preliminary remarks I LEGAL LIABILITY

3 3 aspects : I. Find the information II. Extract the information III. Deliver the information Legal and information watch

4  analogue (“paper”)  electronic (internet,..)  verbal sources (political speeches, declarations, public lectures,, …) I. Finding of the information - Various medium : - No specific legal problem linked to the medium

5 II. Extraction of the information - Protection of the information by the copyright framework - Protection by the database legal framework

6 A. Protection by the copyright 2 main types of rights: - Economic rights: reproduction, communication and distribution - Moral rights: mainly the right of respect of the integrity of the work and the right for the author to have his/her name indicated on the work.

7 Various exceptions to the economic rights - Vary from a Member State to another - Main exceptions included in the Directive on Information society and interesting the Euro Info Centers  Reproductions on paper or any similar medium  Quotation (+ author’s name)  Political speeches as well as extracts of public lectures or similar work (+ author’s name)

8 B. Protection by the database legal framework (directive 96/9/EC) Definition database : (1) a collection of independent works, data or other materials arranged (2) in a systematic or methodical way (3) and individually accessible by electronic or other means. Some websites enter in the scope of such definition.

9 Legal system : - Protection of the presentation of the database :  “Sui generis” right in favor of the “maker”: the right of the maker of a database to prevent extraction and or re-utilization of the whole or of a substantial part of the contents of the database  Condition of this right: the maker must show that there has been a substantial investment in either the obtaining, verification or presentation of the contents Copyright in favor of the author if : by reason of the selection or arrangement of its contents,constitutes the author’s own intellectual creation - Protection of the database itself : - Protection of one or several data by copyright : data = work of author

10 Right of the maker : prevent …  Extraction: transfer to another medium  Re-utilization: making available to the public (distribution of copies, renting, transmission on-line, etc…)

11 Focus : what about GOOGLE ? As a way to find information: no specific legal problem. The use of a search engine is at the present time not forbidden As a way to extract information:  copyright protection for GOOGLE results data check exceptions  copyright protection for the presentation of GOOGLE results but no sui generis protection for the maker of the database  British horseracing case law ECJ 2004  exclusion from data created at the same time as its processing

12 III. Delivery of the Information 3 aspects :  Nature of the information  Means of delivery  Others Liabilities than those linked to copyright “sensu lato”

13 A. Nature of the information - Raw information (as find) - Processed information

14 1. Raw information - Duty to respect the author’s right (copyright), except if possibility to invoke an exception:  Duty to obtain the consent of the author for the delivery;  Usually payment of a compensation for a license to use;  Mentioning of his name. - Duty to respect the protection given to the author and maker of the database:  Prior and possible copyright on the data themselves (photo, music, text…);  Possible copyright on the presentation of the database  “Sui generis” right of the maker of the database: Duty to obtain the authorization for the extraction or re-utilization of the data

15 2. Processed information  The processed information may be eligible to copyright protection  The processed information may be eligible to database protection

16 B. Means of delivery - Delivery via website - Delivery by e-mail

17 1. Delivery via website - Raw information:  Duty to respect the copyright and database legal framework  Copyright: publication on a website of a protected work is a reproduction and communication  Database: publication on a website of a protected work is an extraction and a re-utilization

18 - Processed Information :  eligible to protection by copyright  eligible to protection by database  Utility to mention the protection :  © ©  “ the database ………….. is protected by the database regulations. It is strictly forbidden, without the consent of the maker, to extract and/or re-utilize the whole or a substantial part of the content of this database”  Utility to use specific tools: PDF, technological measures (Directive on information society : access control/protection process : encryption, scrambling, copy control mechanism, etc…)”

19 2. Delivery by e-mail - Raw information :  Duty to respect the copyright and database legal framework  Copyright: delivery via e-mail of a protected work is a reproduction and communication  Database: delivery in a e-mail of whole or part of a protected work is an extraction and a re-utilization

20 - Processed Information :  Eligible to protection by copyright  Eligible to protection by database, but in practice the e-mail in itself will not be a database, maybe the attachment  Utility to mention the protection (Theory/practice? / carefulness) :

21 C. Others Liabilities than those linked to copyright “sensu lato” Others liabilities linked to the delivery of information  via a website Others liabilities linked to the delivery of information  via e-mails

22 1. Others liabilities linked to the delivery of information via a website May vary from a Member State to another :  Erroneous information: contractual or extra-contractual liability (utility of disclaimers concerning the accuracy of the information)  Press offence (Belgium)  Answer right (Belgium)  etc…

23 2. Others liabilities linked to the delivery of information via e-mails May vary from a Member State to another :  Erroneous information: contractual or extra-contractual liability (utility of disclaimers concerning the accuracy of the information)  EC Regulations concerning the processing of personal data and protection of privacy  EC Regulations concerning SPAM

24 Focus : what about SPAM ? 2 Directives to combine :  Directive 2000/31/EC on electronic commerce  Directive 2002/58/EC on privacy and electronic communications

25 Directive 2000/31/EC on electronic commerce  Concept of commercial communication : « any form of communication designed to promote, directly or inderectly, the goods, services or image of a company, organisation or person pursuing a commercial, industrial or craft activity » (2 exceptions)  Legal regime Article 6 : information to be provided Article 7 : unsolicited commercial communication ­ SPAM must be clearly identified as such ­ Opt-out regime

26 Directive 2002/58/EC on privacy and electronic communication  Concept of communication : « any information exchanged or conveyed between a finite number of parties by means of a publicly available electronic communications service »  Unsolicited communications (article 13) Opt-in regime : prior consent (direct marketing) Exception : opt-out if (i) existing commercial relationship, (ii) same natural or legal person, (iii) similar products or services and (iv) consumer is given the opportunity to refuse reception

27 IV. Example: Wales Euro Info Center

28

29

30

31 V. Recommendations - Do not forget that the 3 steps of information watch have legal consequences:  Find  Extract  Deliver  Check the rights upstream  Mention the rights downstream and use protection devices  Do not forget all other possible liabilities (accuracy, processing of personal data, press offences, etc…)  Use legal notice

32

33 II DATA PROTECTION European Framework Data Protection –General: Directive 95/46 on protection of personal data –Particular: communication: Directive 2002/58 on privacy and electronic communications

34 General & sector specific regulations General: 95/46 Protection of personal data General data protection principles Scope? Online and offline Public & private networks Specific 2002/58 Privacy & electronic communications Specific obligations (e.g., cookies, spam) Scope? Communication service Public networks

35 1. General Protection: Directive 95/46 Scope: 9 Principles of Data protection Sensitive data Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life. Case Studies Privacy Policy Collection of information Delivery of information

36 Scope: Processing of personal data personal data: –Information concerning a data subject –identifiable natural person Direct or indirect Controller (EIC) or third party Legal entity: SME? IP address? 007@hotmail.com? Processing: any operation performed upon personal data In the EU? Quid question on Egypt?

37

38 Data Protection Principles Data must be: fairly and lawfully processed; processed for specified, detailed and legitimate purposes; adequate, relevant and not excessive; accurate; not kept longer than necessary; processed in accordance with the data subject's rights; Secure and remain confidential; not transferred to countries without adequate protection (outside EU); Processing activities « must » be notified to the supervisory authority.

39 Case study 1: Privacy Policy Legally required? Contents –The name and address of the controller and processor (contract) –Purposes of the processing activity –The kind of data processed: « sensitive data » –The means to collect and process data (cf. cookies) –Inform the data subject on his/her rights and the way he/she can exercise them –The technical and organizational measures adopted to ensure the secure and confidential character –Reference to general information on data protection legislation, e.g., FAQ, or the contact details privacy officer (privacy@euro- info.org.uk)

40

41 Case Study 2: collection of information Processing « shall mean any operation … whether or not by automatic means, such as collection, recording, organization, storage, disclosure by transmission, dissemination or otherwise making available, etc. » Means of collection: –Data subject is aware,e.g., webform –Data subject is not aware, e.g., spy ware

42

43 Case Study 3: disclosure of personal data Broad an open notion of « processing » includes « disclosure by transmission, dissemination or otherwise making available » Must be careful if you disclose personal information in a newsletter or on your website, e.g., personal contact details Lindqvist case (Sweden –European Court of Justice (2003))

44

45

46 2. Sector Specific regulation Directive 2002/58/EC on privacy and electronic communication One of the Directives of the new « Telecom Package » Update of Directive 97/66 on privacy and telecommunications Overview: –scope –contents –Articulation with general framework

47 Sector Specific regulation Scope: « This Directive shall apply to the processing of personal data in connection with the provision of publicly available electronic communications services in public communications networks in the Community. » –Public networks: no private or corporate networks –« Individual » communication: no broadcasting Includes: protection of the legitimate interests of subscribers who are legal persons (SME). Scope is not always very clear & distinction sometimes too academic.

48 Sector specific regulation Contents: clarification of some principles –Cookies, spy ware –Security and confidentiality –Traffic & location data –Directories of subscribers, e.g., yellow pages –SPAM

49 Sector Specific regulation  Pragmatic Approach and articulation:  Directive 95/46 applies to all networks  Obligations imposed by Directive 2002/58/EC, “covered” by Directive 95/46/EC  Example: traffic data: 2002/58 (art 6) Traffic data relating to subscribers… must be erased or made anonymous when it is no longer needed for the purpose of the transmission of a communication 95/46 (art 6 (e)) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed.

50 CASE STUDY Paul Van den Bulck Attorney-at-law at the Paris and Brussels Bars Partner Ulys Law Firm Lecturer at the University R. Schuman (Strasbourg) Lecturer at University Paris II Panthéon-Assas (France) Brussels 21 September 2007 WWW.ULYS.NET paul.vandenbulck@ulys.net

51 First Case You are the manager of an EIC and to facilitate the navigation on your site, you consider to install cookies on the PC of the visitors. This way, you can display your site in the official language of their place of establishment (SME) or residence (German, Dutch, French, …). Which precautions do you have to take?

52 Second Case You are responsible of an EIC. You want to deliver on your website information about business opportunities in your region. However, you do not want to lose too much time in finding all theses data. Therefore, you ask a subcontractor to do the task for you. You ask him a finished product to be transferred on you website. What should be done with this subcontractor in order to minimize your liability and/or maximize your rights?

53 Third Case You are responsible of an EIC. You want to deliver on your website information about business opportunities in your region. Right now, you have no website, but you have a very good employee who is ready to help to build the website and search the information you need on business opportunities in the region. All the tasks in order to deliver the information will be done “in house”. What should be done in order to minimize your liability and/or maximie your rights?

54 Fourth Case You want to send by emails advertising to the SME’s of your region describing the services you offer. Which precautions do you have to take?

55 & WWW.ULYS.NET paul.vandenbulck@ulys.net Q UESTIONS c OMMENTS

Download ppt "Legal Liability & Data Protection Paul Van den Bulck Attorney-at-law at the Paris and Brussels Bars Partner Ulys Law Firm Lecturer at University Paris."

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
ULYS Avocat – Advocaten – Law firm ON LINE CONTRACTS Introduction to the European regulatory framework by THIBAULT VERBIEST

ULYS Avocat – Advocaten – Law firm ON LINE CONTRACTS Introduction to the European regulatory framework by THIBAULT VERBIEST
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
CHAPTER 4 E-ENVIRONMENT

CHAPTER 4 E-ENVIRONMENT
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Legal issues linked to online recruitment Thibault Verbiest Attorney-at-law at the Brussels Bar and at the Paris Bar

Legal issues linked to online recruitment Thibault Verbiest Attorney-at-law at the Brussels Bar and at the Paris Bar
Information Systems Unit 3 – Outcome 3 Legal Obligations of Programmers Student Lecture.

Information Systems Unit 3 – Outcome 3 Legal Obligations of Programmers Student Lecture.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Legality of Online Recruitment Online Recruitment Conference 20 th June 2006, Westminster London Paul Van den Bulck Lecturer, University Paris XII Lecturer,

Legality of Online Recruitment Online Recruitment Conference 20 th June 2006, Westminster London Paul Van den Bulck Lecturer, University Paris XII Lecturer,
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Standards and Guidelines for Web Page Publishing December 9, 2009.

Standards and Guidelines for Web Page Publishing December 9, 2009.

Similar presentations

Ads by Google