| Global network of attorneys specialized in emerging technology law
Barcelona Conference
September 28, 2012
#lexingbcn
First international network of lawyers focused
on information technology law
Data Protection 30’
Cloud Computing 30’
Social Media 30’
Cookies 30’
New Domain Names 15’
Q & A
General Presentation … 20’
| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa...
# Data Protection
# Cookies
# Social Media
# Cloud Computing
SDPA (‘99 & ’07 & ‘10) / AEPD
High and Stringent Enforcenment...
Data Controller
Data Processor
Data subjectData subject
Spanish Data Protection Law (SDPL)
rights obligations
Notification...
Legitimate interest
✓ Consent
✓ Contractual relations
✓ Requirements of the law
✓ Emergencies
✓ Public Interest
✓ Legitima...
Cloud Computing
Amazon
AWS
IBM
Microsoft
Salesforce
Google
Oracle
Arsys
Dropbox
Apple
Cloud definition
LACK OF
CONTROL
LACK OF
INFORMATION
Main risks
Public
Jun
Guidelines
June
2012 www.agpd.es
July
2012
No specific law regulating cloud computing but …
data protection law is app...
# User is the Data Controller
# CC Provider is the Data Processor
contract
Guidelines
Tools & Services that facilitate conversation
General View
SNS impact on all branches of law
๏ Privacy
๏ Intellectual Prop...
SNS Providers
Company as a User
Situation > 1st
April
Problems
#1 Audit
#2 Put in Place Policies & Programs
#3 Implement and review
✓ Conduct a comprehensive and thorough risk assessmen...
GENERAL PRESENTATION #END
| Spain | Marc Gallardo | marc.gallardo@alliantabogados.com
Page 23
THANK YOU
| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa...
Eu GENERAL DATA PROTECTION REGULATION - FRANCE
| France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu
Page 25
What are ...
Eu GENERAL DATA PROTECTION REGULATION - FRANCE
| France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu
Page 26
1. Streng...
Eu GENERAL DATA PROTECTION REGULATION - FRANCE
| France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu
Page 27
1. Streng...
Eu GENERAL DATA PROTECTION REGULATION - FRANCE
| France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu
Page 28
2. Simpli...
Eu GENERAL DATA PROTECTION REGULATION - FRANCE
| France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu
Page 29
3. Extend...
Eu GENERAL DATA PROTECTION REGULATION - FRANCE
| France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu
Page 30
3. Extend...
Eu GENERAL DATA PROTECTION REGULATION - FRANCE
| France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu
Page 31
Eu GENERAL DATA PROTECTION REGULATION - FRANCE
| France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu
Page 32
€1,000,00...
| France | Me Alain Bensoussan | alain-bensoussan@lexing.eu
ALAIN BENSOUSSAN AVOCATS
29 rue du colonel Pierre Avia Paris 1...
| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 35
– Background
– Overview of US data protection la...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 36
– No national data protection law; but dozens of...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 37
– No “national data protection agency”
• Numerou...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 38
– Significant penalties in case of violation
• F...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 39
– Federal Trade Commission (FTC):
• Top regulato...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 40
FTC Enforcement Actions
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 41
– White House Consumer Bill of Rights (Feb. 2012...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 42
– FTC v. Google (August 2012)
• $22.5 million fi...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 43
– Mobile
• Mobile apps, mobile payments, mobile ...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 44
Françoise Gilbert
IT Law Group
Palo Alto, Califo...
| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa...
CLOUD COMPUTING
NATIONAL INSTITUTE OF STANDARD AND TECNOLOGY:
A MODEL FOR ENABLING CONVENIENT, ON-DEMAND NETWORK ACCESS
TO...
CLOUD COMPUTING
PRIVATE CLOUDS
OFFERS SERVICES TO ONE
CUSTOMER ONLY MORE SIMILAR
TO DATA CENTERS
PUBLIC CLOUDS
AN INFRASTR...
CLOUD COMPUTING
CLOUD COMPUTING
MAIN ISSUES
SECURITY
CONTRACTUAL
ISSUES
PRIVACY
ISSUES
CLOUD COMPUTING
CONTRACTUAL ISSUES: MANY ARE THE SAME
AS PER OUTSOURCING CONTRACT
SERVICE LEVELS AND RELATED
MEASUREMENTS
...
CLOUD COMPUTING
SPECIFIC CLOUD COMPUTING
CONTRACTUAL ISSUES
LICENSE vs SERVICE IF THERE IS NO LICENSE, TERMINATION OR
TRAN...
CLOUD COMPUTING
SPECIFIC CLOUD COMPUTING
CONTRACTUAL ISSUES
INTELLECTUAL PROPERTY MAKE SURE CRITICAL I.P. IS PROTECTED
OPE...
CLOUD COMPUTING
DATA PRIVACY ISSUES
WHERE ARE THE DATA? KNOWING THE LOCATION OF DATA IS
ESSENTIAL UNDER UE PRIVACY LAWS
CA...
CLOUD COMPUTING
LEGAL ISSUES
LIABILITY OF CLOUD PROVIDER FOR
ILLEGAL CONTENT ?
NO LIABILITY IF THE PROVIDER HAS NO
KNOWLED...
CLOUD COMPUTING
LEGAL ISSUES
INTRODUCTION OF HARMFUL CODE
(VIRUSES AND OTHER MALICIOUS
CODE)
NEED TO RELY ON THE PROVIDER ...
CLOUD COMPUTING
LEGAL ISSUES
ISSUES PARTICULAR TO REGULATED
INDUSTRIES
RULES THAT LIMIT THEIR ABILITY TO
OFFSHORE THEIR OP...
CLOUD COMPUTING
CONCLUSIONS AND RECOMMENDATIONS
CLEARLY IDENTIFY THE DATA AND THE
PROCESSING THAT WILL BE
ENTRUSTED TO THE...
CLOUD COMPUTING
CONCLUSIONS AND RECOMMENDATIONS
Choose a cloud provider with
sufficient service and privacy level
guarante...
Social Media 30’
Cookies 30’
New Domain Names 15’
Q & A
| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 60
1. How to manage issues on Social Networks
A. Fi...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 61
• Social networks are not an apart world.
• Almo...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 62
A. Soft Law
How to react ?
1. How to manage issu...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 63
Internet is a particular area where :
Old fashio...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 64
Beware of the Barbara Streisand’s effect
1.A How...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 65
Lawyers need to be careful when using
letters of...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 66
• Be quick but do not rush
• Be ready to communi...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 67
• First, the abuse must be defined
• Break of te...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 68
• Linkedin
http://www.linkedin.com/static?key=co...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 69
• Google +
http://support.google.com/plus/bin/an...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 70
If :
•Social network does not comply with your
r...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 71
• Easy if his real name is disclosed
• May be re...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 72
And is in a place where you can reach him…
Then...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 73
Often, the first idea when faced with a
problem ...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 74
Or you can’t reach him
Lodge a Criminal complai...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 75
Introduced by Directive 2000/31/EC on electronic...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 76
This right is crucial to our societies, but not
...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 77
 You need to prove that, once the provider has
...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 78
It may be hard and expensive to achieve a result...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 79
• Identify the pretext used to justify the
remov...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 80
• A new profession related to the advent of
soci...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 81
• Little or no education to become a community
m...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 82
• In most cases, application of labor law (if
th...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 83
• Who owns the contents produced by the
Communit...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 84
• Who got the ownership and access codes
to the ...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 85
• Social networks are powerful tools for
communi...
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 86
Join us on
Conclusions
| Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu
Page 87
• Picture of Barbara Streisand : By Allan warren...
| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa...
CookiesCookies
web beaconsweb beacons
supercookies
device datadevice data
zombie
cookies
OnlineOnline
BehaviouralBehaviour...
Cookies
• File created by browser and
saved on a user’s computer
by website
• The cookie uniquely
identifies, or “records”...
PurposesPurposes
Measuring web site usage to
• Improve functionality of the site;
• Fraud prevention; and
• Online behavio...
Information collectedInformation collected
• IP address;
• pages visited;
• length of time spent on each page;
• advertise...
CLOUD COMPUTING
Europe
Canada
Page 93
Europe
Obligation to provide explanation of the type
and function of cookies and obtain a user's
explicit consent before i...
Canada
Based on relaxed “opt-out” framework.
Anti-spam law (CASL)
An Act to promote the efficiency and adaptability of the...
Anti-spam law (CASL)
Expressly allows cookies to be installed on a
user's computer ….provided the user's
behaviour suggest...
General prohibitionGeneral prohibition
Installation of computer program
8. (1) A person must not, in the course of a comme...
“computer program” means data
representing instructions or statements that,
when executed in a computer system, causes
the...
Cookie ExceptionCookie Exception
• 10 (…) (8) A person is considered to expressly consent to the installation of
a compute...
Withdrawal of consentWithdrawal of consent
Policy Position on Online Behavioural Advertising
Application of PIPEDA to the collection/use of
data about individuals’ w...
OPC will generally consider information
collected for OBA to be PI, considering that:
the purpose is creating profiles to...
The conditions under which opt-out consent to OBA can be considered acceptable are:
• Individuals are made aware of the pu...
JurisdictionJurisdiction
Canadian businesses, to the extent they
process and use data about individuals in the
European Un...
| Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 107
• Essentials of Cooki...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 108
What is a cookie?
• A...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 109
Legal Framework
• EU ...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 110
Legal Framework
• Bot...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 111
Legal Framework
• The...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 112
EU & UK Independent A...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 113
Key issues
• Cookie a...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 114
Key issues
• Ensure i...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 115
Key issues
• Cookies ...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 116
Enforcement & Penalti...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 117
Compliance
• The pers...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 118
Compliance
• Provider...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 119
Conclusion
• Data pro...
COOKIES - EU & UK LAW
PERSPECTIVE
| United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com
Page 120
Daniel PREISKEL
dprei...
| Germany | Belgium | Canada | Spain | USA | France | Israel
| Italy | Morocco | Mexico | Norway | Switzerland
Trademark R...
| Germany | Belgium | Canada | Spain | USA | France | Israel
| Italy | Morocco | Mexico | Norway | Switzerland
New GTLD´s
...
| Germany | Belgium | Canada | Spain | USA | France | Israel
| Italy | Morocco | Mexico | Norway | Switzerland
- Legal Rig...
| Germany | Belgium | Canada | Spain | USA | France | Israel
| Italy | Morocco | Mexico | Norway | Switzerland
WIPO Arbitr...
| Germany | Belgium | Canada | Spain | USA | France | Israel
| Italy | Morocco | Mexico | Norway | Switzerland
ICANN offer...
| Germany | Belgium | Canada | Spain | USA | France | Israel
| Italy | Morocco | Mexico | Norway | Switzerland
Trademark p...
| Germany | Belgium | Canada | Spain | USA | France | Israel
| Italy | Morocco | Mexico | Norway | Switzerland
Enrique Och...
| Germany | Belgium | Canada | Spain | USA | France | Israel
| Italy | Morocco | Mexico | Norway | Switzerland
| Global network of attorneys specialized in emerging technology law
Germany
Buse Heberer Fromm Rechtsanwälte
Bernd Reinmü...
Lexing Barcelona Conference
Lexing Barcelona Conference
Lexing Barcelona Conference
Lexing Barcelona Conference
Lexing Barcelona Conference
Upcoming SlideShare
Loading in...5
×

Lexing Barcelona Conference

1,265

Published on

Hot topics on IT and data protection laws

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,265
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • ----- Notas de la reunión (27/09/12 23:02) ----- Buenos días, Bienvenidos, Y gracias por asistir a este evento que Alliant Abogados organiza por primera vez junto a LEXING Y EN EL QUE VAMOS A EXPONER algunas de las cuestiones legales de + actualidad y relevancia La mayoría de los que estáis hoy aquí conocéis la existencia de lexing ... proyectos con un elemento internacional, en el que ha sido necesario recabar el asesoramiento en uno o varios paises diferentes En pocas palabras LEXING es una red de despachos de abogados creada hace poco más de 1 año bajo la iniciativa de Alain Bensousan que es a su vez el fundador y director del despacho en Paris ...
  • ----- Notas de la reunión (27/09/12 23:02) ----- Los elementos esenciales que definen a la red lexing son: su dimensión internacional conformada por la suma de despachos independientes que la integran actualmente su carácter integrado resultado de aplicar metodologias y procesos comunes de trabajo con el fin de prestaros un servicio global y homogéneo, sin perjuicio de que este trabajo en ocasiones sea distinto o específico para cada país afectado debido a las distintas normativas que existen en cada uno de ellos. Ya que, y hago un apunte, la plena armonización legislativa no existe a nivel global como sería deseable en un entorno sin fronteras físicas como internet, ni siquiera en el mercado europeo aunque se están dando pasos hay una mayor armonización. su alto grado de especialización
  • ----- Notas de la reunión (27/09/12 23:02) ----- cuestionario de valoración enlace para descargar desde la web de alliant abogados todas las presentaciones de hoy SO WE JUMP TO THE PROGRAM of today's event
  • ----- Notas de la reunión (27/09/12 23:02) ----- we have divided it 5 groups or topics 2 speakers per block on the central topics (except for social media) Just to give you an overview on the whole program after my presentation
  • ----- Notas de la reunión (27/09/12 23:23) ----- 2 main ideas: 1. how compliance with data protection is of the utmost importance for you businesses. in spain we have by far the most high and stringent enforcenment of the data protection linked to the most high penalties in all the european union. Can you imagine a worse situation? don't bet it. 2.
  • Once personal data has been properly anonymized, the legal restrictions that would have applied (including the restrictions on disclosing that data to third parties) will no longer apply. The Code recommends that organizations assess whether any other person could identify any individual from the anonymized information, either by itself or in combination with other available information
  • CC consists on IT services provided by a third party supplier over the Internet including server capacity and functionality, virtual serve
  • CC consists on IT services provided by a third party supplier over the internet including server capacity and functionality, virtual servers, applications, data and much more.
  • LACK OF CONTROL OVER THE PERSONAL DATA, that is, the inability to control the technical and organisational measures required to protect personal data and difficulties associated with data portability and interoperability. LACK OF INFORMATION OR TRANSPARENCY with regard to HOW, WHERE and BY WHOM the data is being processed or subprocessed. Both risks create serious problem to stay in line with the european data protection regulations
  • ----- Notas de la reunión (27/09/12 11:42) ----- Focus on 3 aspects: 1. user of the cloud is the data controller and the provider DP - contract 2. can't waive the application of spanish law or the authority of the SDPA in the contract 3. Fully comply with IDT rules. Principle is you need an authorisation DPA unless some requirements are met. 3a. the transfer is to a country with an adequate level of protection 3b. the transfer is made to a US company under safe harbour principles 3c. ----- Notas de la reunión (27/09/12 11:54) ----- if the transfer is made within EEA area then no IDT always need to have a contract with security safeguards.
  • Data controller determines the purposes and means of the processing & decides to move to the cloud and modality The law requires that a contract regulsting the relations between the controller and the processor be put in writting. Suprocessing rules: el client must authorise the services to be outsourced & have access to a list of subprocessors and the countries where they run their businness (i.e. by means of a website).
  • All obligations concerning user’ ----- Notas de la reunión (27/09/12 11:54) ----- they benefit from a safe harbour to the extent they are not obliged to monitor the information which they can transmit or store nor to actively seek facts or circumstances indicating ilegal activity. As a provider of an Sns you are not resposible if you are effectively awared of the infringenment and you do not remove or block the infringment material. By the way it the same principle that applies for cloud computing providers based in EU. In other words, there is no responsability without fault. No
  • Application (2) A person contravenes subsection (1) only if the computer system is located in Canada at the relevant time or if the person either is in Canada at the relevant time or is acting under the direction of a person who is in Canada at the time when they give the directions.
  • Lexing Barcelona Conference

    1. 1. | Global network of attorneys specialized in emerging technology law Barcelona Conference September 28, 2012 #lexingbcn
    2. 2. First international network of lawyers focused on information technology law
    3. 3. Data Protection 30’ Cloud Computing 30’ Social Media 30’ Cookies 30’ New Domain Names 15’ Q & A General Presentation … 20’
    4. 4. | Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA Privacy, Cloud, Social Media & Cookies Overview of Spanish Law Marc GALLARDO marc.gallardo@alliantabogados.com BARCELONA, FRIDAY, SEPTEMBER 28, 2012
    5. 5. # Data Protection # Cookies # Social Media # Cloud Computing SDPA (‘99 & ’07 & ‘10) / AEPD High and Stringent Enforcenment ! € 20.000.000 / 4000 proceedings Draft EU Regulation (January 2012) SDPA applies / AEPD – No specific regulations AEPD Guidelines (June 2012) / EU Guidelines (July 2012) SDPA applies / AEPD – No specific regulations No general Guidelines / EU Guidelines Eprivacy Rule in LSSI / AEPD No general Guidelines / EU Guidelines (June 2012)
    6. 6. Data Controller Data Processor Data subjectData subject Spanish Data Protection Law (SDPL) rights obligations Notification requeriments Information provision obligations Legal basis for processing data Confidentiality & Security Data Protection Principles contract Organic Law 1999 Regulation 2007
    7. 7. Legitimate interest ✓ Consent ✓ Contractual relations ✓ Requirements of the law ✓ Emergencies ✓ Public Interest ✓ Legitimate interest Ruling Feb. 2012 legitimate interest DC data subject rights DP principles Key Obligation: process personal data lawfully Consent: not always available or reliable criteria Legitimate interest criterion not properly incorporated The data should apeared in public sources ! Now void -> Consent: not always available or reliable criteria Legitimate interest criterion not properly incorporated The data should apeared in public sources ! Now void ->
    8. 8. Cloud Computing Amazon AWS IBM Microsoft Salesforce Google Oracle Arsys Dropbox Apple
    9. 9. Cloud definition
    10. 10. LACK OF CONTROL LACK OF INFORMATION Main risks Public
    11. 11. Jun Guidelines June 2012 www.agpd.es July 2012 No specific law regulating cloud computing but … data protection law is applicable No specific law regulating cloud computing but … data protection law is applicable
    12. 12. # User is the Data Controller # CC Provider is the Data Processor contract Guidelines
    13. 13. Tools & Services that facilitate conversation General View SNS impact on all branches of law ๏ Privacy ๏ Intellectual Property ๏ Marketing and Consumer Protection ๏ Contests and Promotions ๏ Employment ๏ Free speech ๏ Children protection ๏ E-reputation Internal: SM used within a company Hosted: Public SM controlled by a company Public: Public SM outside the control of a company
    14. 14. SNS Providers
    15. 15. Company as a User
    16. 16. Situation > 1st April
    17. 17. Problems
    18. 18. #1 Audit #2 Put in Place Policies & Programs #3 Implement and review ✓ Conduct a comprehensive and thorough risk assessment ✓ Identify risks ✓ Evaluate the risks ✓ Address the risks ✓ Implement + Review on a regular basis ✓ Train employees and monitor compliance ✓ Demonstrate it: a policy must be reflected in concrete practices ! Bottom line is …
    19. 19. GENERAL PRESENTATION #END | Spain | Marc Gallardo | marc.gallardo@alliantabogados.com Page 23 THANK YOU
    20. 20. | Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA Proposed EU General Data Protection Regulation of January 25, 2012: State of Play ALAIN BENSOUSSAN alain-bensoussan@lexing.eu BARCELONA, FRIDAY, SEPTEMBER 28, 2012
    21. 21. Eu GENERAL DATA PROTECTION REGULATION - FRANCE | France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu Page 25 What are the stakes? – harmonize the protection of personal data in the EU – ensure the effectiveness of such protection Issue – a stronger and more coherent data protection framework in the EU Situation – uncertain News – International mobilization and debate on personal data protection Introduction
    22. 22. Eu GENERAL DATA PROTECTION REGULATION - FRANCE | France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu Page 26 1. Strengthen the rights of individuals 2. Simplify processes for businesses 3. Extend liability 4. Impose stiffer sanctions Agenda
    23. 23. Eu GENERAL DATA PROTECTION REGULATION - FRANCE | France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu Page 27 1. Strengthen the rights of individuals
    24. 24. Eu GENERAL DATA PROTECTION REGULATION - FRANCE | France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu Page 28 2. Simplify processes for businesses
    25. 25. Eu GENERAL DATA PROTECTION REGULATION - FRANCE | France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu Page 29 3. Extend liability (1)
    26. 26. Eu GENERAL DATA PROTECTION REGULATION - FRANCE | France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu Page 30 3. Extend liability (2)
    27. 27. Eu GENERAL DATA PROTECTION REGULATION - FRANCE | France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu Page 31
    28. 28. Eu GENERAL DATA PROTECTION REGULATION - FRANCE | France| Me Alain BENSOUSSAN |alain-bensoussan@lexing.eu Page 32 €1,000,000 or 2% of annual worldwide turnover
    29. 29. | France | Me Alain Bensoussan | alain-bensoussan@lexing.eu ALAIN BENSOUSSAN AVOCATS 29 rue du colonel Pierre Avia Paris 15 FRANCE Tel. : 33 1 41 33 35 35 Fax : 33 1 41 33 35 36 paris@alain-bensoussan.com Alain Bensoussan D.L : 33 1 41 33 35 09 Mob. : 33 6 19 13 44 46 ab@alain-bensoussan.com Contact
    30. 30. | Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA Data Protection in the United States Recent Developments Françoise GILBERT Managing Director – IT Law Group Silicon Valley, California +1 650-804-1235 fgilbert@itlawgroup.com | www.globalprivacybook.com | francoisegilbert.com | @francoisegilbrt BARCELONA, FRIDAY, SEPTEMBER 28, 2012
    31. 31. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 35 – Background – Overview of US data protection laws – Role of the US federal and state agencies – Recent US Government initiatives – Recent enforcement actions – Hot issues Agenda
    32. 32. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 36 – No national data protection law; but dozens of Federal sectoral laws • 1890: “Right to Privacy” defines the concept • 1966: Freedom of Information Act (access to information held by government • 1968: Wiretap Act (interception of aural communications and disclosure of these communications in court) • 1970: Fair Credit Reporting Act (credit reporting agency disclosure of credit reports) • 1974: Privacy Act (disclosure of government records) • 1974: Family Educational Rights and Privacy Act (disclosure of school records) • 1978: Right to Financial Privacy Act (banking and financial transactions) • 1978: Foreign Intelligence Surveillance Act (electronic surveillance; foreign intelligence) • 1986: Computer Fraud & Abuse Act (to reduce hacking, use of viruses) • 1986: Electronic Communication Privacy Act (stored or in transit information) • 1996: Health Insurance Portability and Accountability Act (health information) • 1998: Children Online Privacy Protection Act (children information) • 1999: Financial Services Modernization Act (GLBA) (financial information) • 2003: CAN SPAM Act (commercial messages) – Hundreds of State sectoral laws (+ some states have constitutional rights) • Protect individuals residing in a specific state • Security breach disclosure laws • Security measure requirements • Protection of driver’s license information, medial records, etc. US Data Protection Laws
    33. 33. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 37 – No “national data protection agency” • Numerous federal agencies play role similar to that of the Data Protection Agencies in European Union – Federal Trade Commission – Department of Health & Human Services – Financial Services Agencies – Securities & Exchange Commission • Numerous state agencies, play similar role at the State Level – State Attorney General – Other State Agencies – Substantial cooperation between State and Federal Agencies Federal & State Agencies
    34. 34. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 38 – Significant penalties in case of violation • FCRA: up to $500,000 total penalty per violation – Actual penalties • Google (breach of FTC consent decree) $22.5million • ChoicePoint (breach of security) $15million • Massachusetts General Hospital (HIPPA) $4.3million • Sony $1million (COPPA) • Xanga $1million (COPPA) • CVS, Rite Aid pharmacies $1million (HIPAA + lack of security) • Spokeo $800,000 (FCRA) Significant Penalties
    35. 35. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 39 – Federal Trade Commission (FTC): • Top regulator in the US with respect to protection of personal information • Powers under FTC Act (§5), COPPA, FCRA, HIPAA – Numerous actions against companies for: • Failure to comply with privacy promises • Failure to provide adequate security measures for personal information • Unclear and deceptive terms, which concealed important disclosure regarding un-anticipated use of personal information • Failure to comply with requirements of Fair Credit Reporting Act • Failure to comply with COPPA requirements Federal Trade Commission
    36. 36. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 40 FTC Enforcement Actions
    37. 37. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 41 – White House Consumer Bill of Rights (Feb. 2012) • Restates Fair Information Practice Principles – Federal Trade Commission Report on Consumer Privacy (March 2012) • Privacy by Design, Privacy by Default, Online Behavioral Tracking and Advertising – Federal Trade Commission Report on Children and Mobile Apps (February 2012) • Guidelines on mobile apps for children – Federal Trade Commission Guidelines on Mobile Apps (August 2012) • General guidelines on the publication of mobile apps – Participation in APEC Cross Border Privacy Rules System Recent US Efforts on Privacy
    38. 38. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 42 – FTC v. Google (August 2012) • $22.5 million fine • Violation of pre-existing consent decree with FTC • FTC looked at promises made in Privacy Policy or about privacy measures, including in Google’s representations that it complied with the NAI Code of Conduct – FTC v. Facebook (August 2012) • Violation of representations made in Privacy Policy • Including representation that FB followed the Safe Harbor Principles • 20-year supervision by Federal Trade Commission Recent Enforcement Actions
    39. 39. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 43 – Mobile • Mobile apps, mobile payments, mobile privacy – BYOD • Bring your own device (to work) – Social Media • Potential employer access to social media account – Behavioral Marketing • Tracking devices, cookies, tags, zombie cookies – Big Data – Cloud Computing • Reform of Electronic Communications Privacy Act Other Hot Issues
    40. 40. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 44 Françoise Gilbert IT Law Group Palo Alto, California, USA Email: fgilbert@itlawgroup.com Phone: +1 650-804-1235 IT Law Group: itlawgroup.com Blog: francoisegilbert.com Book: globalprivacybook.com Twitter: @francoisegilbrt
    41. 41. | Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA CLOUD COMPUTING LEGAL ISSUES UP IN THE AIR Raffaele ZALLONE - Sébastien FANTI r.zallone@studiozallone.it - sebastien.fanti@sebastienfanti.ch BARCELONA, FRIDAY, SEPTEMBER 28, 2012
    42. 42. CLOUD COMPUTING NATIONAL INSTITUTE OF STANDARD AND TECNOLOGY: A MODEL FOR ENABLING CONVENIENT, ON-DEMAND NETWORK ACCESS TO SHARED POOL OF COMPUTING RESOURCE SOFTWARE AS A SERVICES SAAS OFFERS ACCESS TO A SERVICE (ES: MAIL, ACCOUNTING, SPREADSHEET) PLATFORM AS A SERVICES PAAS OFFERS ACCESS TO DEVELOPMENT TOOLS INFRASTRUCTURE AS A SERVICES IAASOFFERS HW+SW ON DEMAND (MEMORY, PROGRAMS, ETC) WHAT IS CLOUD COMPUTING THERE ARE 3 DIFFERENT SERVICES MODELS
    43. 43. CLOUD COMPUTING PRIVATE CLOUDS OFFERS SERVICES TO ONE CUSTOMER ONLY MORE SIMILAR TO DATA CENTERS PUBLIC CLOUDS AN INFRASTRUCTURE USED TO SERVE SEVERAL CUSTOMERS (ES: GMAIL) HYBRID CLOUDS SERVICE OFFERING WITH MIXTURE OF PRIVATE / PUBLIC CLOUD COMPUTING
    44. 44. CLOUD COMPUTING CLOUD COMPUTING MAIN ISSUES SECURITY CONTRACTUAL ISSUES PRIVACY ISSUES
    45. 45. CLOUD COMPUTING CONTRACTUAL ISSUES: MANY ARE THE SAME AS PER OUTSOURCING CONTRACT SERVICE LEVELS AND RELATED MEASUREMENTS WHAT TO MEASURE AND HOW CONSEQUENCES PENALTIES PROTECTION OF DATA (AVAILABILITY, RELIABILITY) DATA MUST ALWAYS BE AVAILABLE, IS SUPPLIER REL IABLE? SUB CONTRACTING: WHO AND FOR WHAT WIDE USE OF SUBCONTRACTING IS STD NEED TO HAVE AGREEMENT ON HOW TO MANAGE PROCESS AN CONTROLS CONTINUITY OF SERVICE BACK UPS? WARRANTIES? CHANGES OF PLATFORM / SW UPGRADES NEED TO IMPLEMENT CHANGE MANAGEMENT CONTROLS DURATION OF CONTRACT LONG TERM vs SHORT TERM: PRO’S AND CON’S TERMINATION OF CONTRACT AND TRANSITION TO NEW SUPPLIER NEED TO IMPLEMENT APPROPRIATE MANAGEMENT AND PROCESSES
    46. 46. CLOUD COMPUTING SPECIFIC CLOUD COMPUTING CONTRACTUAL ISSUES LICENSE vs SERVICE IF THERE IS NO LICENSE, TERMINATION OR TRANSITION TO NEW SUPPLIER MAY BE A REAL PROBLEM AUDITABILITY - AVAILABILITY MUST HAVE DATA ALWAYS AVAILABLE FOR AUDITS MUST BE POSSIBLE TO AUDIT SUPPLIER ITSELF LOCATION OF DATA PRIVACY AND LIABILITY ISSUE SUB CONTRACTORS RIGHT TO APPROVE AND AUDIT
    47. 47. CLOUD COMPUTING SPECIFIC CLOUD COMPUTING CONTRACTUAL ISSUES INTELLECTUAL PROPERTY MAKE SURE CRITICAL I.P. IS PROTECTED OPEN vs PROPRIETARY SWITCHING TO NEW SUPPLIER MAY BE A PROBLEM CHANGE MANAGEMENT SUPPLIER MAY DECIDE TO CHANGE SW, PLATFORM, SUBCONTRACTORS? HOW AND WITH WHAT RIGHTS/NOTICE STANDARD CONTRACTUAL TERMS NEED OF CONTROL / FLEXIBILITY / REGULATION OF SPECIFIC ISSUES DATA PRIVACY ISSUES ATTITUDE OF SUPPLIERS
    48. 48. CLOUD COMPUTING DATA PRIVACY ISSUES WHERE ARE THE DATA? KNOWING THE LOCATION OF DATA IS ESSENTIAL UNDER UE PRIVACY LAWS CAN SUPPLIER TRANSFER DATA? SAME AS ABOVE MANAGEMENT OF SUBCONTRACTORS MUST BE APPOINTED AS DATA PROCESSORS AND MUST BE AUDITABLE, BY CUSTOMER, BY PRIVACY AUTHORITY OR OTHER BODIES SECURITY MEASURES AUDITABILITY – LIABILITY ACCESS DATA ARE PERSONAL DATA WHERE ARE THEY, WHO CAN ACCESS THEM, HOW LONG ARE THEY STORED FOR OBLIGATION NOT TO USE DATA SUPPLIER AND SUBCONTRACTOR RETURN OR DESTRUCTION OF DATA SUPPLIER AND SUBCONTRACTORS
    49. 49. CLOUD COMPUTING LEGAL ISSUES LIABILITY OF CLOUD PROVIDER FOR ILLEGAL CONTENT ? NO LIABILITY IF THE PROVIDER HAS NO KNOWLEDGE OR AWARENESS OF ILLEGAL NATURE AND REMOVES OR BLOCKS ILLEGAL DATA WHEN IT DOES GAIN KNOWLEDGE OR BECOME AWARE OF ILLEGAL NATURE (NOTICE AND TAKEDOWN) JURISDICTIONAL ISSUES AND APPLICABLE LAW THE CHOICE OF THE COMPETENT COURT AND OF THE APPLICABLE LAW ARE FUNDAMENTAL; IF OUTSIDE OWN COUNTRY, ANY LITIGATION CAN BECOME PROHIBITIVELY EXPENSIVE DISPUTE RESOLUTION ARBITRATION MUST BE CONSIDERED AS ONE INTERESTING OPTION KEEPING CONFIDENTIALITY AND AVOIDING PROBLEMS LIKE CHOICE OF ANOTHER APPLICABLE LAW BY COURT
    50. 50. CLOUD COMPUTING LEGAL ISSUES INTRODUCTION OF HARMFUL CODE (VIRUSES AND OTHER MALICIOUS CODE) NEED TO RELY ON THE PROVIDER APPLYING SUFFICIENT PROTECTION AGAINST THESE DANGERS; NECESSITY OF IMPOSING OBLIGATIONS TO THE PROVIDER US PATRIOT ACT In certain circumstances, the US PATRIOT Act allows the US government to obtain data held anywhere in the world by US companies or companies with sufficient connections to the US. This would extend to data centres based in UE that are operated by US companies and data centres based in the US operated by non- US companies. IT PROPERTY OWNERSHIP NECESSARY TO ENSURE THAT THE AGREEMENT DOES NOT TRANSFER IP OWNERSHIP
    51. 51. CLOUD COMPUTING LEGAL ISSUES ISSUES PARTICULAR TO REGULATED INDUSTRIES RULES THAT LIMIT THEIR ABILITY TO OFFSHORE THEIR OPERATIONS; EX: BANKING OR INSURANCE COMPANIES; TEST THE WATERS WITH THEIR REGULATOR BEFORE PROCEEDING WITH CLOUD COMPUTING SERVICE SOLUTIONS SUBCONTRACTORS ALL THE RELEVANT OBLIGATIONS MUST THEREFORE APPLY ALSO TO THE SUB- PROCESSORS THROUGH CONTRACTS BETWEEN THE CLOUD PROVIDER AND SUBCONTRACTOR REFLECTING THE STIPULATIONS OF THE CONTRACT BETWEEN CLOUD CLIENT AND CLOUD PROVIDER SPECIAL PRECAUTIONS BY THE PUBLIC SECTOR EUROPEAN GOVERNMENTAL CLOUD AS A SUPRA NATIONAL VIRTUAL SPACE WHERE A CONSISTENT AND HARMONIZED SET OF RULES COULD BE APPLIED?
    52. 52. CLOUD COMPUTING CONCLUSIONS AND RECOMMENDATIONS CLEARLY IDENTIFY THE DATA AND THE PROCESSING THAT WILL BE ENTRUSTED TO THE CLOUD PROVIDER EX: HEALTH DATA, WHICH CAN ONLY BE STORED BY A CLOUD PROVIDER LICENSED BY THE FRENCH MINISTRY OF HEALTH UNDERTAKE A RISK ANALYSIS TO ENSURE THAT THE CUSTOMER IS GETTING THE RIGHT LEVEL OF SECURITY UPDATE THE RISK ANALYSIS REGULARLY REFER TO THE GUIDELINES OF ENISA (EUROPEAN NETWORK AND INFORMATION SECURITY AGENCY) WHEN CONDUCTING THE RISK BE SURE TO IDENTIFY THE RIGHT KIND OF OFFER THAT IS APPROPRIATE FOR A CLOUD CUSTOMER'S BUSINESS SAAS, PAAS, OR IAAS, PUBLIC, PRIVATE OR HYBRID CLOUD SOLUTIONS
    53. 53. CLOUD COMPUTING CONCLUSIONS AND RECOMMENDATIONS Choose a cloud provider with sufficient service and privacy level guarantees essential elements that should appear in the cloud contracts Rethink YOUR own IT security policy such as rules on authentication of users, and employees' use of mobile devices to access the employer's network… Ensure that the customer defines its own requirements on the technical and legal security aspects of the processing Localization of the data, reversibility and data portability
    54. 54. Social Media 30’ Cookies 30’ New Domain Names 15’ Q & A
    55. 55. | Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA Some issues on Social Networks Jean-François HENROTTE jfhenrotte@philippelaw.eu BARCELONA, SEPTEMBER 28, 2012
    56. 56. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 60 1. How to manage issues on Social Networks A. First, the easy way B. Then the hard way 2. How to react if your content is removed 3. Community management, a new business Some issues on Social Networks
    57. 57. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 61 • Social networks are not an apart world. • Almost all the annoyances of society can be found there, but some more often : • Defamation • Harassment • Copyright infrigement • Privacy breach • … Some issues on Social Networks
    58. 58. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 62 A. Soft Law How to react ? 1. How to manage issue on Social Networks B. Hard Law Use the tools provided by social networks themselves Use letter of formal notice, cease-and- desist order, lawsuit,…
    59. 59. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 63 Internet is a particular area where : Old fashioned legal tools are good, but… Nothing is forgotten Everything can be reproduced indefinitely from a single copy There is always someone on the lookout 1. A How to manage issue on Social Networks
    60. 60. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 64 Beware of the Barbara Streisand’s effect 1.A How to manage issue on Social Networks
    61. 61. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 65 Lawyers need to be careful when using letters of formal notice or lawsuits •There is a significant risk of bad publicity •There is a significant risk to attract much more attention due to a inadequate or bad reaction than to the first event in itself 1.A How to manage issue on Social Networks
    62. 62. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 66 • Be quick but do not rush • Be ready to communicate if things go wrong • Use the reporting tools implemented by social networks • It is fast • It tackles the problem at the roots • It prevent (partly) the spread of the problem • Main issue  Completely arbitrary Some guidelines 1.A How to manage issue on Social Networks
    63. 63. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 67 • First, the abuse must be defined • Break of terms and policies • Copyright (or other IP right) infrigement • Defamation • Privacy matter • Harassment • … • Then, follow the adequate procedure Tools to report abuse 1.A How to manage issue on Social Networks
    64. 64. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 68 • Linkedin http://www.linkedin.com/static?key=copyright_policy&trk=hb_ft_copy • Facebook http://en-gb.facebook.com/help/?page=178608028874393&ref=hcnav • FlickR http://www.flickr.com/abuse/ 1.A How to manage issue on Social Networks
    65. 65. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 69 • Google + http://support.google.com/plus/bin/answer.py?hl=en&answer=1253377 • YouTube http://www.youtube.com/t/copyright_notice?gl=BE • Google.com https://www.google.com/webmasters/tools/removals?pli=1 1.A How to manage issue on Social Networks
    66. 66. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 70 If : •Social network does not comply with your request, or not fast enough •You feel you need a stronger action  Unholster the usual lawyers When the easy way is not enough 1.B How to manage issue on Social Networks
    67. 67. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 71 • Easy if his real name is disclosed • May be really hard if he uses a nickname • In Belgium, it is almost impossible ∟ Due to recent case law, only the criminal judge have the power to compel providers to disclose the identity of a user (>< Spain) ∟ But, in Belgium, criminal justice is totally overtaken and doesn’t really care about or is not really efficient to handle these cases First issue : Identify the perpetrator 1.B How to manage issue on Social Networks
    68. 68. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 72 And is in a place where you can reach him… Then you can sue him using : ∟ Criminal law if defamation or harassment (Art. 443 and following of B. Criminal Code) ∟ Copyright law ∟ Civil law (Art. 1382 – 1383 of B. Civil Code) ∟ Commercial law The perpetrator is known 1.B How to manage issue on Social Networks
    69. 69. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 73 Often, the first idea when faced with a problem (such as defamation) on a social network is to use Criminal Law But (in Belgium at least): •You are not in control •Criminal procedure can be really slow •It may paralyse civil procedure A word about Criminal Law
    70. 70. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 74 Or you can’t reach him Lodge a Criminal complaint against X At the same time, act against the provider (social network company in this case) but : ∟ they may benefit from the exemption from liability ∟ they can oppose the argument of freedom of speech ∟ they can claim that they did not commit any fault The perpetrator is unknown 1.B How to manage issue on Social Networks
    71. 71. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 75 Introduced by Directive 2000/31/EC on electronic commerce You have to prove that: •they do not fit into the category of intermediary service providers (hoster in this case) as provided by the Directive •they had previous knowledge of the illegality or had not responded adequately when they were made ​​ aware of this illegality Injuction are still possible Exemption from civil liability 1.B How to manage issue on Social Networks
    72. 72. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 76 This right is crucial to our societies, but not absolute You have to prove that your case stays into one of these right's limitations Freedom of speech 1.B How to manage issue on Social Networks
    73. 73. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 77  You need to prove that, once the provider has been made aware of the illegality, he commits a fault if he doesn’t react quickly to remove or to disable access to the information The lack of fault 1.B How to manage issue on Social Networks
    74. 74. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 78 It may be hard and expensive to achieve a result (suppression of the content, not even talking of compensatory damages) with the hard way 1.B How to manage issue on Social Networks Intermediary conclusions Get yourself organised to control the places of discussion Use the soft way
    75. 75. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 79 • Identify the pretext used to justify the removal • Use the counter-notice pages and tools offered by social networks • Act at the same time against the person who lodged the complaint (when his identity is known) and try to obtain from him that he withdraws his complaint What if your content is removed 2. How to react if your content is removed
    76. 76. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 80 • A new profession related to the advent of social networks • This business consists in managing and maintaining a community of “fans” of a brand, a company, a people,… on social networks Community Management 3. Community management
    77. 77. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 81 • Little or no education to become a community manager • Often a poor understanding of the risks from the executives • Risks are even greater than with spokesman • Speed and spontaneity of responses​​ • Rapid dissemination to the community and beyond • Fans can focus on personality of the Community manager rather than on the brand Issues 3. Community management
    78. 78. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 82 • In most cases, application of labor law (if the manager is an employee) or standards liability rules • In Belgium, except for gross negligence, the employee will not be held responsible • Particular attention should be paid to contract ! Issues 3. Community management
    79. 79. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 83 • Who owns the contents produced by the Community Manager in case of break of contract ? • In Belgium, transfer of IP rights has to be formally provided in the contract (>< Spain) • Who owns the community’s members that he has attracted in case of break of contract ? Upon hiring, it must therefore be decided 3. Community management
    80. 80. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 84 • Who got the ownership and access codes to the account ? • When possible, it’s better that executive opens the account themselves and then gives (limited) admin rights to the community manager + Executive should keep moderating powers in case of emergency • It should be a good idea to write down in the contract the unique ID of the account Upon hiring, it must therefore be decided 3. Community management
    81. 81. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 85 • Social networks are powerful tools for communication, advertising and marketing • Social networks are now part of our everyday life and you should use them, with care, like every other tool Don’t Panic ! Conclusions
    82. 82. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 86 Join us on Conclusions
    83. 83. | Belgium | Me Jean-François HENROTTE | jfhenrotte@philippelaw.eu Page 87 • Picture of Barbara Streisand : By Allan warren (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons Credits
    84. 84. | Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA Regulating Cookies in Canada Jean-François De Rico Langlois Kronström Desjardins llp BARCELONA, FRIDAY, SEPTEMBER 28, 2012
    85. 85. CookiesCookies web beaconsweb beacons supercookies device datadevice data zombie cookies OnlineOnline BehaviouralBehavioural AdvertisingAdvertising
    86. 86. Cookies • File created by browser and saved on a user’s computer by website • The cookie uniquely identifies, or “records” user information/preference
    87. 87. PurposesPurposes Measuring web site usage to • Improve functionality of the site; • Fraud prevention; and • Online behavioral advertising;
    88. 88. Information collectedInformation collected • IP address; • pages visited; • length of time spent on each page; • advertisements viewed; • articles read; • purchases made; • search terms; • user preferences; • operating system; • geographical location.
    89. 89. CLOUD COMPUTING Europe Canada Page 93
    90. 90. Europe Obligation to provide explanation of the type and function of cookies and obtain a user's explicit consent before installing a cookie
    91. 91. Canada Based on relaxed “opt-out” framework. Anti-spam law (CASL) An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (S.C. 2010, c. 23)
    92. 92. Anti-spam law (CASL) Expressly allows cookies to be installed on a user's computer ….provided the user's behaviour suggests he or she would consent to the installation… (?)
    93. 93. General prohibitionGeneral prohibition Installation of computer program 8. (1) A person must not, in the course of a commercial activity, install or cause to be installed a computer program on any other person’s computer system or, having so installed or caused to be installed a computer program, cause an electronic message to be sent from that computer system, unless – (a) the person has obtained the express consent of the owner or an authorized user of the computer system and complies with subsection 11(5); or – (b) the person is acting in accordance with a court order.
    94. 94. “computer program” means data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function;
    95. 95. Cookie ExceptionCookie Exception • 10 (…) (8) A person is considered to expressly consent to the installation of a computer program if • (a) the program is – (i) a cookie, – (ii) HTML code, – (iii) Java Scripts, – (iv) an operating system, – (v) any other program that is executable only through the use of another computer program whose installation or use the person has previously expressly consented to, or – (vi) any other program specified in the regulations; and • (b) the person’s conduct is such that it is reasonable to believe that they consent to the program’s installation.
    96. 96. Withdrawal of consentWithdrawal of consent
    97. 97. Policy Position on Online Behavioural Advertising Application of PIPEDA to the collection/use of data about individuals’ web activities for the purposes of online behavioural advertising (OBA) only.
    98. 98. OPC will generally consider information collected for OBA to be PI, considering that: the purpose is creating profiles to serve targeted ads; means available for gathering and analyzing disparate bits of data and serious possibility of identifying individuals;
    99. 99. The conditions under which opt-out consent to OBA can be considered acceptable are: • Individuals are made aware of the purposes for the practice in a manner that is clear and understandable – the purposes must be made obvious and cannot be buried in a privacy policy, at or before the time of collection and provided with information about the various parties involved in OBA; • Individuals are able to easily opt-out of the practice - ideally at or before the time the information is collected; • The opt-out takes effect immediately and is persistent; • The information collected and used is limited, to the extent practicable, to non-sensitive information ; and • Information collected and used is destroyed as soon as possible or effectively de-identified
    100. 100. JurisdictionJurisdiction Canadian businesses, to the extent they process and use data about individuals in the European Union, through websites that offer goods and services to European viewers or use cookies to monitor European viewer behaviour, will need to comply with the more stringent directive.
    101. 101. | Argentina | Belgium | Canada | France | Germany | Israel | Italy | Luxembourg | Mexico | Morocco | Norway | South Africa | Spain | Switzerland | Tunisia | United Kingdom | USA COOKIES EU & UK LAW PERSPECTIVE Daniel PREISKEL Preiskel & Co LLP 5 Fleet Place London EC4 7RD United Kingdom dpreiskel@preiskel.com BARCELONA, 28 SEPTEMBER 2012
    102. 102. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 107 • Essentials of Cookies • Definition • EU & UK Legal Framework • EU & UK Independent Authorities • Key Issues • Enforcement & Penalties • Compliance Table of Contents
    103. 103. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 108 What is a cookie? • According to the Information Commissioner’s Office (ICO) - that is the independent authority in UK dealing with privacy and data protection - a cookie is “a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies are then sent back to originating website on each subsequent visit. Cookies are useful because they allow a website to recognise a user’s device” • There are several type of cookies depending on their specific features, for instance there are session cookies and persistent cookies Essentials of Cookies
    104. 104. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 109 Legal Framework • EU Directives: European Directive - 2002/58/EC - which is concerned with the protection of privacy in the electronic communications sector, which has been amended by Directive 2009/136/EC • UK Regulations: the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (SI 2011/1208) Essentials of Cookies
    105. 105. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 110 Legal Framework • Both the Directives and Regulations apply to cookies and similar technologies for storing information • The legal framework states that the use of cookies is only allowed if an end user has been provided with clear and comprehensive information about the purposes for which each cookie is stored and accessed on to his/her computer or mobile device and the user has given his or her informed consent Essentials of Cookies
    106. 106. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 111 Legal Framework • There is an exception to the requirement to provide information about cookies and obtain consent where the use of the cookie is: • for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or • where such storage or access is strictly necessary (i.e. essential) for the provision of an information society service requested by the subscriber or user. For instance it is likely to fall within the exception a cookie used to remember the goods a user wishes to buy when they proceed to the checkout or add goods to their shopping basket Essentials of Cookies
    107. 107. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 112 EU & UK Independent Authorities • European Data Privacy Supervisor is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies • Article 29 Working Party on the Protection of Individuals, that is an independent European advisory body on data protection and privacy set up under Article 29 of Directive 95/46/EC • The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals Essentials of Cookies
    108. 108. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 113 Key issues • Cookie audit: • Identify which type of cookies are used • Confirm the type of cookies and how intrusive they are • Confirm the purpose(s) of each cookie and whether each cookie would be necessary to perform the services requested • Identify what data each cookie holds, and confirm whether the cookie is linked to other data that the cookie owner holds about a user • Confirm the lifespan of each persistent cookie • Confirm whether the cookie is a first-party or third-party cookie • Double check that the company has an adequate privacy policy posted on its website with accurate and clear information about each type of cookie used by the company Essentials of Cookies
    109. 109. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 114 Key issues • Ensure information about cookies and mechanisms for making choices, are as easily accessible as possible for users of devices in which cookies are stored, so as to obtain valid and well informed consent by using: • Prominent links • Legal foot notes and privacy policy • News items and blog posts • A clickable image or icon Essentials of Cookies
    110. 110. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 115 Key issues • Cookies as “equipment” and applicable law • Use of technologies “similar” to cookies, for instance the apps to access the user’s location and/or personal information • Multi-jurisdictional issues in the interpretation, application and enforcement of the law • Continuing dialogue with authorities Essentials of Cookies
    111. 111. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 116 Enforcement & Penalties • In cases where organisations refuse or fail to comply voluntarily with the Regulations the ICO and the Courts have a range of options to available to them to take formal action where this is necessary • For instance the ICO may request: • Information Notice • Undertaking • Enforcement Notice • Monetary Penalty Notice Essentials of Cookies
    112. 112. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 117 Compliance • The person setting the cookie is primarily responsible for compliance with the requirements of the law • Where third party cookies are set through a website, both parties (the website owner and the person setting the cookie) will have the responsibility for ensuring users are clearly informed about cookies and for obtaining consent Essentials of Cookies
    113. 113. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 118 Compliance • Providers must obtain users' consent: • Before the cookie is set • Through an affirmative step • For instance, providers may use pop-Up windows, message bars, header bars or splash pages, browser settings, terms and conditions, setting-led consent and/or feature-led consent just to name a few Essentials of Cookies
    114. 114. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 119 Conclusion • Data protection is a complex area • Penalties & Reputational damage • Compliance is key Essentials of Cookies
    115. 115. COOKIES - EU & UK LAW PERSPECTIVE | United Kingdom| Daniel PREISKEL| dpreiskel@preiskel.com Page 120 Daniel PREISKEL dpreiskel@preiskel.com Essentials of Cookies
    116. 116. | Germany | Belgium | Canada | Spain | USA | France | Israel | Italy | Morocco | Mexico | Norway | Switzerland Trademark Rights Protection Mechanisms for New gTLD´s Enrique Ochoa Langlet, Carpio y Asociados BARCELONA, 28 SEPTEMBER 2012
    117. 117. | Germany | Belgium | Canada | Spain | USA | France | Israel | Italy | Morocco | Mexico | Norway | Switzerland New GTLD´s - .love - .app - .microsoft - .barcelona - .nyc - .lawyer
    118. 118. | Germany | Belgium | Canada | Spain | USA | France | Israel | Italy | Morocco | Mexico | Norway | Switzerland - Legal Rights Objections (LRO).
    119. 119. | Germany | Belgium | Canada | Spain | USA | France | Israel | Italy | Morocco | Mexico | Norway | Switzerland WIPO Arbitration and Mediation Center has been appointed by ICANN as the exclusive provider of dispute resolution services for trademark based “pre- delegation” Legal Rights Objections under ICANN’s New gTLD Program.
    120. 120. | Germany | Belgium | Canada | Spain | USA | France | Israel | Italy | Morocco | Mexico | Norway | Switzerland ICANN offers three other types of pre-delegation objection-based dispute resolution procedures which are not administered by WIPO: - “String Confusion Objection,” - “Limited Public Interest Objection,” and - “Community Objection.” ICANN has furthermore established a process for the ICANN Governmental Advisory Committee (GAC) to provide “GAC Advice on New gTLDs” concerning applications identified by governments as problematic.
    121. 121. | Germany | Belgium | Canada | Spain | USA | France | Israel | Italy | Morocco | Mexico | Norway | Switzerland Trademark protection mechanisms available after new gTLDs are approved. “Rights Protection Mechanisms” (RPMs). - Trademark Clearinghouse (for use in connection with Sunrise periods and Trademark Claims services) - Uniform Rapid Suspension system (URS), and - Post-Delegation Dispute Resolution Procedure (PDDRP). In addition, the existing Uniform Domain Name Dispute Resolution Policy (UDRP) will be applicable to all new gTLDs.
    122. 122. | Germany | Belgium | Canada | Spain | USA | France | Israel | Italy | Morocco | Mexico | Norway | Switzerland Enrique Ochoa eochoa@lclaw.com.mx
    123. 123. | Germany | Belgium | Canada | Spain | USA | France | Israel | Italy | Morocco | Mexico | Norway | Switzerland
    124. 124. | Global network of attorneys specialized in emerging technology law Germany Buse Heberer Fromm Rechtsanwälte Bernd Reinmüller, Tim Caesar & Stephan Menzemer Neue Mainzer Strasse 28 60311 Frankfurt Am Main T. 0049 699 71 09 71 00 F. 0049 699 71 09 72 00 reinmueller@buse.de www.buse.de Belgium Philippe & Partners Jean-François Henrotte & Alexandre Cruquenaire jfhenrotte@philippelaw.eu http://lexing.philippelaw.eu Liège Boulevard d’Avroy, 280 4020 Liège T. 0032 4 229 20 10 F. 0032 78 15 56 56 Brussels Avenue Louise, 240 1050 Bruxelles T. 0032 2 250 39 80 F. 0032 78 15 56 56 Canada Langlois, Kronström, Desjardins Richard Ramsay & Jean-François De Rico jean-francois.derico@lkd.ca www.langloiskronstromdesjardins.com Montreal 1002, rue Sherbrooke Ouest, 28e étage H3A3L6 Montréal T. 0015 148 42 95 12 F. 0015 148 45 65 73 Quebec 801, Grande Allée Ouest, Bureau 300 G1S1C1 Québec T. 0014 186 50 70 00 F. 0014 186 50 70 75 Spain Alliant Abogados Asociados SLP Marc Gallardo Gran Via Corts Catalanes 702 08010 Barcelone T. 0034 93 265 58 42 F. 0034 93 265 52 90 marc.gallardo@alliantabogados.com www.alliantabogados.com USA IT Law Group Françoise Gilbert 555 Bryant Street #603 Palo Alto, CA 94301 T. 0016 508 04 12 35 F. 0016 507 35 18 01 fgilbert@itlawgroup.com www.itlawgroup.com France Alain Bensoussan, Isabelle Tellier & Frédéric Forster www.alain-bensoussan.com Paris 29, rue du Colonel Pierre Avia F75508 Paris cedex 15 T. 0033 141 33 35 35 F. 0033 141 33 35 36 paris@alain-bensoussan.com Grenoble 7, place Firmin Gautier F38000 Grenoble T. 0033 476 70 09 95 F. 0033 476 70 09 96 grenoble@alain-bensoussan.com Israel Livnat, Mayer & Co Russell D. Mayer Jérusalem Technology Park, Building 9, 4th Floor P.O. Box 48193 Malcha 91481 Jérusalem T. 0097 226 79 95 33 F. 0097 226 79 95 22 mayer@lmf.co.il www.livmaylaw.co.il Italiy Studio Legale Zallone Raffaele Zallone 31 Via Dell’Annunciata 20121 Milano T. 0039 229 01 35 83 F. 0039 229 01 03 04 r.zallone@studiozallone.it www.studiovallone.it Luxembourg Philippe & Partners Marc Gouden & Jean-François Henrotte 41 avenue de la Liberté 1931 Luxembourg T. 00352 266 886 F. 00352 266 887 00 luxembourg@philippelaw.eu http://lexing.philippelaw.eu Morocco Bassamat & Associée Fassi-Fihri Bassamat 30 rue Mohamed Ben Brahim Al Mourrakouchi 20000 Casablanca T. 00212 522 26 68 03 F. 00212 522 26 68 07 contact@cabinetbassamat.com www.cabinetbassamat.com Mexico Langlet, Carpio y Asociados Enrique Ochoa Torre Axis Santa Fe Prolongación Paseo de la Reforma # 61, PB-B1 Col. Paseo de las Lomas 01330 Mxico, D.F. T. 0052 55 25 91 10 70 F. 0052 55 25 91 10 40 eochoa@lclaw.com.mx www.lclaw.com.mx Norway Føyen Advøkatfirma DA Arve Føyen Postboks 7086 St. Olavs pl. 0130 Oslo T. 0047 21 93 10 00 F. 0047 21 93 10 01 arve.foyen@foyen.no www.foyen.no United Kingdom Preiskel & Co LLP Danny Preiskel 5 Fleet Place London EC4M 7RD T. 0044 20 7332 5640 F. 0044 20 7332 5641 dpreiskel@preiskel.com www.preiskel.com Switzerland Sébastien Fanti Avocat & Notaire 8B rue de Pré-Fleuri, CP 497 1951 Sion T. 0041 27 322 15 15 F. 0041 27 322 15 70 sebastien.fanti@sebastienfanti.ch www.sebastienfanti.ch South Africa Michalsons Lance Michalson and John Giles lance@michalsons.co.za www.michalsons.co.za Johannesburg Ground Floor Twickenham Building The Campus, 57 Sloane & Cnr Main Road 2021 Bryanston T. 0027 11 568 0331 F. 0027 86 529 4276 Cape Town Boyes Drive St James 7945 Cape Tow T. 0027 21 300 1070 F. 0027 86 529 4276 Tunisie Cabinet Younsi & Younsi Yassine Younsi 4, Rue Petite Malte 1001 Tunis T. 00 216 71 346 564 cabinetyounsi_younsi@yahoo.fr http://younsiandyounsilawfirm.e- monsite.com Argentina Estudio Millé Antonio & Rosario Millé Suipacha 1111 - piso 11 C1008AAW Buenos Aires T. 0054 11 5297 7000 F. 0054 11 5297-7009 estudio@mille.com.ar www.mille.com.ar
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×