Your SlideShare is downloading. ×
0
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Some IT law issues in Spain
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Some IT law issues in Spain

1,706

Published on

General Presentation by Marc Gallardo in Lexing Barcelona Conference

General Presentation by Marc Gallardo in Lexing Barcelona Conference

Published in: Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,706
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. #lexingbcn   Barcelona  Conference        September  28,  2012  |   G l o b a l   n e t w o r k   o f   a / o r n e y s   s p e c i a l i z e d   i n   e m e r g i n g   t e c h n o l o g y   l a w  
  • 2.  
  • 3. First   internaEonal   network   of   lawyers   focused   on  informaEon  technology  law       •   17  members  (worldwide)  Interna(onal   •   Same  and  unique  methodology  &   Integrated   procedures  (cross-­‐border  projects)   •   Law  &  Technologies  (IT  Law)   Specialized    
  • 4.    General  Presenta(on    …              20’                                              Data  Protec(on        30’                                  Cloud  Compu(ng        30’          Social  Media          30’                                Cookies            30’                                                                                        New  Domain  Names                                      15’                         Q  &  A                                                                                                        
  • 5.       BARCELONA,  FRIDAY,  SEPTEMBER  28,  2012  Privacy,  Cloud,  Social  Media  &  Cookies   Overview  of  Spanish  Law   Marc  GALLARDO                                                      marc.gallardo@alliantabogados.com        |  Argen(na  |  Belgium  |  Canada    |  France  |  Germany  |  Israel  |  Italy  |  Luxembourg  |  Mexico  |  Morocco  |  Norway  |  South  Africa  |  Spain  |  Switzerland  |  Tunisia    |  United  Kingdom  |  USA  
  • 6.  #  Data  Protec(on           SDPA  (‘99  &  ’07  &  ‘10)  /  AEPD     High  and  Stringent  Enforcenment  !   €  20.000.000  /  4000  proceedings   Dra  EU  RegulaEon  (January  2012)    #  Cloud  Compu(ng                                                                                                           SDPA  applies  /  AEPD  –  No  specific  regulaEons   AEPD  Guidelines  (June  2012)  /  EU  Guidelines  (July  2012)    #  Social  Media                                                                                                             SDPA  applies  /  AEPD  –  No  specific  regulaEons   No  general  Guidelines  /  EU  Guidelines        #  Cookies                                                                                                                           Eprivacy  Rule  in  LSSI  /  AEPD     No  general  Guidelines  /  EU  Guidelines  (June  2012)  
  • 7.     Data Controller Data subject contract Data Processor rights obligations Spanish Data Protection Law (SDPL) "   Notification requeriments "   Information provision obligations Organic "   Legal basis for processing data RegulationLaw 1999 "   Confidentiality & Security 2007 "   Data Protection Principles
  • 8.    Self-­‐Employed  ac(ng  as  traders  •   Professionals  &  Individual  traders    Data  rela(ng  to  contact  persons    •   Secondary  purpose  for  processing  (B2B)  •   Name,  surname,  job,  address,  tel.  &  fax       number    Proper  anonymiza(on  
  • 9.          LegiEmate  interest   Key  ObligaEon:  process  personal  data  lawfully     ✓  Consent ✓  Emergencies ✓  Contractual relations ✓  Public Interest ✓  Requirements of the law ✓  Legitimate interest!  Consent:  not  always  available  or  reliable  criteria      LegiEmate  interest  criterion  not  properly  incorporated    The  data  should  apeared  in  public  sources  !  Now  void  -­‐>  Ruling Feb. 2012! data subject! rights! legitimate ! interest DC! DP principles!
  • 10.                                      Cloud  CompuEng Oracle   IBM  Dropbox   Amazon   AWS   Apple   Google   Microsoh   Arsys Salesforce  
  • 11.              Cloud  definiEon  
  • 12. Main  risks     LACK  OF   LACK  OF  INFORMATION   CONTROL  
  • 13. Guidelines   No  specific  law  regulaEng  cloud  compuEng  but  …     data  protecEon  law  is  applicable  June !2012! www.agpd.esJuly ! Jun2012!
  • 14. Guidelines      #  User  is  the  Data  Controller     contractcontract #  CC  Provider  is  the  Data  Processor  
  • 15.          General  View  Tools  &  Services  that  facilitate  conversa(on   Internal: SM used within a company Hosted: Public SM controlled by a company Public: Public SM outside the control of a company SNS  impact  on  all  branches  of  law   ๏   Privacy   ๏   Employment   ๏   Intellectual  Property   ๏   Free  speech   ๏   Marke(ng  and  Consumer  Protec(on   ๏   Children  protecEon   ๏   Contests  and  Promo(ons   ๏   E-­‐reputa(on  
  • 16.                  SNS  Providers  SNS:  Informa(on  Society  Service  •   e-­‐Commerce  Liability  Exemp(on    •   No  obliga(on  to  monitor  infringements    SNS  Provider  is  a  data  controller  •   All  obliga(ons  rela(ng  to  privacy  protec(ons  •   Children  verifica(on  age  procedures  (under   14)  =  Authors  of  Apps  +  Adver(sers  [SNS  &  Mobile]    
  • 17.              Company  as  a  User  In  some  circumstances,  also  Data  Controllers      •   No  household  exemp(on      Soh  Law  to  resolve  certain  disputes    •   Intellectual  Property  Rights,  Privacy,  Iden(ty     theh,  Defama(on  &  others  Electronic  Commercial  Communica(ons  •   Opt-­‐  in  rule  (B2B  +  B2C)  &    soh  opt-­‐in  (if  client)  •   Transparency  (id.  sender)  •   Right  to  object  (valid  electronic  address)  
  • 18.        SituaEon  >  1st  April  ‘Cookie’  is  a  small  text  file  delivered  by  a  website  server  onto  the  computer  of  visitor  Mul(ple  func(ons  but  typically  used  to  taylor  website  offerings  and  facilitate  targeted  ads    Rule:  Informa(on  +  Consent  before  storing  or  gaining  access  to  any  cookie  (not  exempted)    
  • 19. ProblemsInforma(on  ?  Consent  ?  Browser  /  opt-­‐out  /  opt-­‐in    Guidelines  on  Exempted  Cookies  a.  Technical  cookies  &  b.  Strictly  necessary  cookies  No  enforcement  over  e-­‐privacy  consent  rule  (LSSI)  !  Enforcenment  possible  if  PD  is  collected  (SDPA).  
  • 20.                  Bo/om  line  is  …  #1 Audit✓   Conduct  a  comprehensive  and  thorough  risk  assessment  ✓   Iden(fy  risks  #2 Put in Place Policies & Programs✓   Evaluate  the  risks  ✓   Address  the  risks  #3 Implement and review✓   Implement  +  Review  on  a  regular  basis  ✓   Train  employees  and  monitor  compliance  ✓   Demonstrate  it:  a  policy  must  be  reflected  in  concrete  pracEces  !  
  • 21. GENERAL  PRESENTATION  #END     THANK  YOU   Page  23   |  Spain  |  Marc  Gallardo  |  marc.gallardo@alliantabogados.com  
  • 22. BARCELONA,  FRIDAY,  SEPTEMBER  28,  2012  Proposed  EU  General  Data  ProtecEon  RegulaEon   of  January  25,  2012:   State  of  Play   ALAIN  BENSOUSSAN     alain-­‐bensoussan@lexing.eu   |  Argen(na  |  Belgium  |  Canada    |  France  |  Germany  |  Israel  |  Italy  |  Luxembourg  |  Mexico  |  Morocco  |  Norway  |  South  Africa  |  Spain  |  Switzerland  |  Tunisia     |  United  Kingdom  |  USA  
  • 23. EU  GENERAL  DATA  PROTECTION  REGULATION  -­‐  FRANCE  Introduc(on  What are the stakes? –  harmonize the protection of personal data in the EU –  ensure the effectiveness of such protectionIssue –  a stronger and more coherent data protection framework in the EUSituation –  uncertainNews –  International mobilization and debate on personal data protection   Page  25   |  France|  Me  Alain  BENSOUSSAN  |alain-­‐bensoussan@lexing.eu  
  • 24. EU  GENERAL  DATA  PROTECTION  REGULATION  -­‐  FRANCE  Agenda   1.  Strengthen  the  rights  of  individuals   2.  Simplify  processes  for  businesses   3.  Extend  liability   4.  Impose  s(ffer  sanc(ons       Page  26   |  France|  Me  Alain  BENSOUSSAN  |alain-­‐bensoussan@lexing.eu  
  • 25. EU  GENERAL  DATA  PROTECTION  REGULATION  -­‐  FRANCE  1.  Strengthen  the  rights  of  individuals   Right  to  be   forgouen   Right  to  data   Strengthen   Clarifica(on   portability   the  rights  of  individuals     about  consent     Clarifica(on  about   the  exercise  of  data   subject  rights   Page  27   |  France|  Me  Alain  BENSOUSSAN  |alain-­‐bensoussan@lexing.eu  
  • 26. EU  GENERAL  DATA  PROTECTION  REGULATION  -­‐  FRANCE  2.  Simplify  processes  for  businesses   Cuvng  red  tape   One-­‐stop  shop   Joint  controllers     Abolish   the    general  obliga(on  to  no(fy   Mul(na(onals   processing   Excep(on:   data  transfers  outside  the  EU  to   Main  establishment   Joint  defini(on  of:     a  country    without  adequate   of  the  processor     level  of  protec(on   (i.e.  place  of  its  central   -­‐purposes;   administra(on  in  the  EU)   -­‐condi(ons;     -­‐means  of  processing   Excep(on:   Approval  of  BCR   sensi(ve  processing    by  one   supervisory  authority   Page  28   |  France|  Me  Alain  BENSOUSSAN  |alain-­‐bensoussan@lexing.eu  
  • 27. EU  GENERAL  DATA  PROTECTION  REGULATION  -­‐  FRANCE  3.  Extend  liability  (1)   Documenta(on  (art.  28)   • Maintain  documenta(on  of  all  processing  opera(ons   • Obliga(on  for  each  controller,  processor  and,  if  any,  the  controllers  representa(ve.     • Content   Data  protec(on  officer  (art.  35)   • Processing  carried  out  by  a  public  authority  or  body   • Processing  carried  out  by  an  enterprise  employing  250  persons  or  more     • Processing  opera(ons  which,  by  virtue  of  their  nature,  their  scope  and/or  their  purposes  require  regular  and  systema(c   monitoring  of  data  subjects       • Designated  for  a  period  of  at  least  2  years   No(fica(on  of  personal  data  breach  (art.  31)   • No  later  than  24  hours  aher  having  become  aware  of  it   • Otherwise,  reasoned  jus(fica(on  should  be  given   Page  29   |  France|  Me  Alain  BENSOUSSAN  |alain-­‐bensoussan@lexing.eu  
  • 28. EU  GENERAL  DATA  PROTECTION  REGULATION  -­‐  FRANCE    3.  Extend  liability  (2)   Accountability  (art.22)   • Designa(on  of  a  data  protec(on  officer  with  variety  of  rules  to  ensure  his  independence   • Demonstrate  by  documenta(on  compliance  with  rules  on  security,  processing  opera(ons  and  impact  assessment   • Implement  mechanisms  to  ensure  the  effec(veness  of  measures   Privacy  by  Design  (art.23)   • Deployed  and  implemented  by  default  at  the  (me  of  the  determina(on  of  the  means    for  processing  and  at  the  (me  of   processing   • Ensure  the  implementa(on  of  data  minimiza(on  principle   Impact  assessments  (art.  33)   • Specific  risks  presented  by  processing  opera(ons  to  the  rights  and  freedoms  of  data  subjects   • This  includes:  informa(on  on  sex  life,  health,  video  surveillance,  gene(c  data,  biometric  data  …   • Content:  a  general  descrip(on  of  the  envisaged  processing  opera(ons,  an  assessment  of  the  risks  to  the  rights  and  freedoms   of  data  subjects,  safeguards,  security  measures,  mechanisms  to  demonstrate  compliance  with  the  Regula(on   Page  30   |  France|  Me  Alain  BENSOUSSAN  |alain-­‐bensoussan@lexing.eu  
  • 29. EU  GENERAL  DATA  PROTECTION  REGULATION  -­‐  FRANCE  4.  Impose  s(ffer  sanc(ons  (1)   -­‐    No  mechanisms  for  requests  by  data  subjects     €250,000   -­‐    No  prompt  response  to  requests  by  data  subjects                or     -­‐    Charging  a  fee  for  the  informa(on  or  for  responses  to  the   0,5%  of  annual   requests  of  data  subjects   worldwide  turnover  Viola(ons         -­‐    Not  providing  informa(on,  or  providing  incomplete     informa(on,  or  not  providing  informa(on  in  a  sufficiently   €500,000     transparent  manner                  or     -­‐    Not  providing  access  for  the  data  subject,  not  rec(fying   1%  of  annual   personal  data,  not  communica(ng  relevant  informa(on  to   worldwide  turnover   a  recipient     -­‐    Not  complying  with  the  right  to  be  forgouen  or  to  erasure     -­‐    Not  providing  a  copy  of  the  personal  data  in  electronic   format     -­‐    Not  or  not  sufficiently  maintaining  documenta(on     -­‐    Not  or  not  sufficiently  determining  the  respec(ve   responsibili(es  with  co-­‐controllers   Page  31   |  France|  Me  Alain  BENSOUSSAN  |alain-­‐bensoussan@lexing.eu  
  • 30. EU  GENERAL  DATA  PROTECTION  REGULATION  -­‐  FRANCE  4.  Impose  s(ffer  sanc(ons(2)   -­‐    Processing  personal  data  without  any  or  sufficient  legal  basis   -­‐  Processing  special  categories  of  data  in  viola(on  of  the   Regula(on       -­‐    Not  complying  with  an  objec(on     -­‐    Not  complying  with  the  condi(ons  in  rela(on  to  measures     based  on  profiling     -­‐  Not  implemen(ng  accountability  (Privacy  by  Design,  Privacy   €1,000,000   Impact  Assessment)       -­‐  Not  designa(ng  a  representa(ve    or     -­‐  Processing  data  in  viola(on  of  the  Regula(on   2%  of   -­‐  Not  aler(ng  on  or  no(fying  a  personal  data  breach  or  not   annual   (mely  no(fying  the  data  breach   worldwide     -­‐  Not  carrying  out  a  data  protec(on  impact  assessment   turnover   -­‐  Not  designa(ng  a  Data  Protec(on  Officer     -­‐  Carrying  out  or  instruc(ng  a  data  transfer  to  a  third  country   without  appropriate  safeguards   -­‐  Not  complying  with  an  order  by  the  supervisory  authority         Page  32   |  France|  Me  Alain  BENSOUSSAN  |alain-­‐bensoussan@lexing.eu  
  • 31. Contact   "   ALAIN  BENSOUSSAN  AVOCATS              29  rue  du  colonel  Pierre  Avia  Paris  15  FRANCE                          Tel.  :  33  1  41  33  35  35                          Fax  :  33  1  41  33  35  36                          paris@alain-­‐bensoussan.com     "   Alain  Bensoussan                D.L  :  33  1  41  33  35  09                          Mob.  :  33  6  19  13  44  46                                        ab@alain-­‐bensoussan.com          |     F r a n c e     |     M e   A l a i n   B e n s o u s s a n     |     alain-­‐bensoussan@lexing.eu  
  • 32. BARCELONA,  FRIDAY,  SEPTEMBER  28,  2012   Data  ProtecEon  in  the  United  States   Recent  Developments   Françoise  GILBERT   Managing  Director  –  IT  Law  Group   Silicon  Valley,  California  +1  650-­‐804-­‐1235   fgilbert@itlawgroup.com  |  www.globalprivacybook.com  |  francoisegilbert.com  |  @francoisegilbrt  |  Argen(na  |  Belgium  |  Canada    |  France  |  Germany  |  Israel  |  Italy  |  Luxembourg  |  Mexico  |  Morocco  |  Norway  |  South  Africa  |  Spain  |  Switzerland  |  Tunisia    |  United  Kingdom  |  USA  
  • 33. Agenda   – Background   – Overview  of  US  data  protec(on  laws   – Role  of  the  US  federal  and  state  agencies   – Recent  US  Government  ini(a(ves   – Recent  enforcement  ac(ons   – Hot  issues   Page  35  |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 34. US  Data  Protec(on  Laws     –  No  na(onal  data  protec(on  law;  but  dozens  of  Federal  sectoral  laws   •  1890:  “Right  to  Privacy”  defines  the  concept   •  1966:  Freedom  of  Informa(on  Act  (access  to  informa(on  held  by  government   •  1968:  Wiretap  Act  (intercep(on  of  aural  communica(ons  and  disclosure  of  these  communica(ons  in  court)   •  1970:  Fair  Credit  Repor(ng  Act  (credit  repor(ng  agency  disclosure  of  credit  reports)   •  1974:  Privacy  Act  (disclosure  of  government  records)   •  1974:  Family  Educa(onal  Rights  and  Privacy  Act  (disclosure  of  school  records)   •  1978:  Right  to  Financial  Privacy  Act  (banking  and  financial  transac(ons)   •  1978:  Foreign  Intelligence  Surveillance  Act  (electronic  surveillance;  foreign  intelligence)   •  1986:  Computer  Fraud  &  Abuse  Act  (to  reduce  hacking,  use  of  viruses)   •  1986:  Electronic  Communica(on  Privacy  Act  (stored  or  in  transit  informa(on)   •  1996:  Health  Insurance  Portability  and  Accountability  Act  (health  informa(on)   •  1998:  Children  Online  Privacy  Protec(on  Act  (children  informa(on)   •  1999:  Financial  Services  Moderniza(on  Act  (GLBA)  (financial  informa(on)   •  2003:  CAN  SPAM  Act  (commercial  messages)     –  Hundreds  of  State  sectoral  laws  (+  some  states  have  cons(tu(onal  rights)   •  Protect  individuals  residing  in  a  specific  state   •  Security  breach  disclosure  laws   •  Security  measure  requirements   •  Protec(on  of  driver’s  license  informa(on,  medial  records,  etc.   Page  36     |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 35. Federal  &  State  Agencies   –  No  “na(onal  data  protec(on  agency”   •  Numerous  federal  agencies  play  role  similar  to  that  of  the  Data   Protec(on  Agencies  in  European  Union   –  Federal  Trade  Commission   –  Department  of  Health  &  Human  Services   –  Financial  Services  Agencies   –  Securi(es  &  Exchange  Commission   •  Numerous  state  agencies,  play  similar  role  at  the  State  Level   –  State  Auorney  General   –  Other  State  Agencies     –  Substan(al   coopera(on   between   State   and   Federal   Agencies   Page  37   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 36. Significant  Penal(es   –  Significant  penalEes  in  case  of  violaEon   •  FCRA:  up  to  $500,000  total  penalty  per  viola(on   –  Actual  penalEes   •  Google  (breach  of  FTC  consent  decree)  $22.5million   •  ChoicePoint  (breach  of  security)  $15million   •  Massachuseus  General  Hospital  (HIPPA)  $4.3million   •  Sony  $1million  (COPPA)   •  Xanga  $1million  (COPPA)   •  CVS,  Rite  Aid  pharmacies  $1million  (HIPAA  +  lack  of  security)   •  Spokeo  $800,000  (FCRA)   Page  38   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 37. Federal  Trade  Commission   –  Federal  Trade  Commission  (FTC):   •  Top   regulator   in   the   US   with   respect   to   protec(on   of   personal   informa(on   •  Powers  under  FTC  Act  (§5),  COPPA,  FCRA,  HIPAA   –  Numerous  acEons  against  companies  for:   •  Failure  to  comply  with  privacy  promises   •  Failure   to   provide   adequate   security   measures   for   personal   informa(on   •  Unclear   and   decep(ve   terms,   which   concealed   important   disclosure   regarding  un-­‐an(cipated  use  of  personal  informa(on   •  Failure  to  comply  with  requirements  of  Fair  Credit  Repor(ng  Act   •  Failure  to  comply  with  COPPA  requirements     Page  39   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 38. FTC  Enforcement  Ac(ons   –  Google  (Aug.  2012,  Dec.  2011)   –  Sony  BMG  Music  (Dec.  2008;   –  Spokeo  (Jun.  2012)   Jan  2011)   –  MySpace  (May  2012)   –  TJX  (Aug.  2008)   –  RockYou  (Mar.  2012)   –  Reed  Elsevier  (Aug.  2008)   –  Facebook  (Mar.  2011)   –  ValueClick  (Mar.  2008)   –  Playdom/Disney  (May.  2011)   –  ChoicePoint  (Jan.  2006)   –  Twi/er  (Mar.  2011)   –  BJ  Wholesale  (Sep.  2005)   –  RiteAid  Pharm  (Nov.  2010)   –  Microso  (Aug.  2002)   –  Lifelock  (Nov.  2010)   –  Geoci(es  /  Yahoo  (1999)   –  Sears  (Sep.  2009)   Page  40  |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 39. Recent  US  Efforts  on  Privacy   –  White  House  Consumer  Bill  of  Rights  (Feb.  2012)   •  Restates  Fair  Informa(on  Prac(ce  Principles   –  Federal   Trade   Commission   Report   on   Consumer   Privacy   (March   2012)   •  Privacy  by  Design,  Privacy  by  Default,  Online  Behavioral  Tracking  and   Adver(sing   –  Federal   Trade   Commission   Report   on   Children   and   Mobile   Apps   (February  2012)   •  Guidelines  on  mobile  apps  for  children     –  Federal   Trade   Commission   Guidelines   on   Mobile   Apps   (August   2012)   •  General  guidelines  on  the  publica(on  of  mobile  apps   –  Par(cipa(on  in  APEC  Cross  Border  Privacy  Rules  System     Page  41   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 40. Recent  Enforcement  Ac(ons   –  FTC  v.  Google  (August  2012)   •  $22.5  million  fine   •  Viola(on  of  pre-­‐exis(ng  consent  decree  with  FTC   •  FTC  looked  at  promises  made  in  Privacy  Policy  or  about  privacy   measures,   including   in   Google’s   representa(ons   that   it   complied   with  the  NAI  Code  of  Conduct   –  FTC  v.  Facebook  (August  2012)   •  Viola(on  of  representa(ons  made  in  Privacy  Policy   •  Including   representa(on   that   FB   followed   the   Safe   Harbor   Principles   •  20-­‐year  supervision  by  Federal  Trade  Commission   Page  42  |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 41. Other  Hot  Issues   –  Mobile   •  Mobile  apps,  mobile  payments,  mobile  privacy   –  BYOD   •  Bring  your  own  device  (to  work)   –  Social  Media   •  Poten(al  employer  access  to  social  media  account   –  Behavioral  MarkeEng   •  Tracking  devices,  cookies,  tags,  zombie  cookies   –  Big  Data   –  Cloud  CompuEng   •  Reform  of  Electronic  Communica(ons  Privacy  Act   Page  43   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 42. Françoise  Gilbert   IT  Law  Group   Palo  Alto,  California,  USA       Email:  fgilbert@itlawgroup.com   Phone:  +1  650-­‐804-­‐1235   IT  Law  Group:  itlawgroup.com   Blog:  francoisegilbert.com   Book:  globalprivacybook.com   Twiuer:  @francoisegilbrt   Page  44  |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 43. BARCELONA,  FRIDAY,  SEPTEMBER  28,  2012   CLOUD  COMPUTING   LEGAL  ISSUES  UP  IN  THE  AIR   Raffaele  ZALLONE  -­‐  Sébas(en  FANTI   r.zallone@studiozallone.it    -­‐    sebas(en.fan(@sebas(enfan(.ch  |  Argen(na  |  Belgium  |  Canada    |  France  |  Germany  |  Israel  |  Italy  |  Luxembourg  |  Mexico  |  Morocco  |  Norway  |  South  Africa  |  Spain  |  Switzerland  |  Tunisia    |  United  Kingdom  |  USA  
  • 44. CLOUD  COMPUTING   WHAT IS CLOUD COMPUTINGNATIONAL  INSTITUTE  OF  STANDARD  AND  TECNOLOGY:  A  MODEL  FOR  ENABLING  CONVENIENT,  ON-­‐DEMAND  NETWORK  ACCESS  TO  SHARED  POOL  OF  COMPUTING  RESOURCE   THERE ARE 3 DIFFERENT SERVICES MODELSSOFTWARE  AS  A  SERVICES   SAAS  OFFERS  ACCESS  TO  A   SERVICE  (ES:  MAIL,  ACCOUNTING,   SPREADSHEET)  PLATFORM  AS  A  SERVICES   PAAS  OFFERS  ACCESS  TO   DEVELOPMENT  TOOLS  INFRASTRUCTURE  AS  A  SERVICES   IAASOFFERS  HW+SW  ON  DEMAND   (MEMORY,  PROGRAMS,  ETC)    
  • 45. CLOUD  COMPUTING   CLOUD COMPUTING   OFFERS  SERVICES  TO  ONE  PRIVATE  CLOUDS   CUSTOMER  ONLY  MORE  SIMILAR   TO  DATA  CENTERS     AN  INFRASTRUCTURE  USED  TO  PUBLIC  CLOUDS   SERVE  SEVERAL  CUSTOMERS           (ES:  GMAIL)     SERVICE  OFFERING  WITH  HYBRID  CLOUDS   MIXTURE  OF  PRIVATE  /  PUBLIC    
  • 46. CLOUD  COMPUTING   CLOUD COMPUTING MAIN ISSUES   SECURITY CONTRACTUAL PRIVACY ISSUES ISSUES  
  • 47. CLOUD  COMPUTING   CONTRACTUAL ISSUES: MANY ARE THE SAME AS PER OUTSOURCING CONTRACTSERVICE  LEVELS  AND  RELATED   WHAT  TO  MEASURE  AND  HOW  MEASUREMENTS   CONSEQUENCES  PENALTIES  PROTECTION  OF  DATA  (AVAILABILITY,   DATA  MUST  ALWAYS  BE  AVAILABLE,  IS  RELIABILITY)   SUPPLIER  REL  IABLE?  SUB  CONTRACTING:  WHO  AND  FOR  WHAT     WIDE  USE  OF  SUBCONTRACTING  IS  STD   NEED  TO  HAVE  AGREEMENT  ON  HOW  TO   MANAGE  PROCESS  AN  CONTROLS  CONTINUITY  OF  SERVICE   BACK  UPS?  WARRANTIES?  CHANGES  OF  PLATFORM  /  SW  UPGRADES   NEED  TO  IMPLEMENT  CHANGE   MANAGEMENT  CONTROLS  DURATION  OF  CONTRACT   LONG  TERM  vs  SHORT  TERM:  PRO’S  AND   CON’S  TERMINATION  OF  CONTRACT  AND   NEED  TO  IMPLEMENT  APPROPRIATE  TRANSITION  TO  NEW  SUPPLIER   MANAGEMENT  AND  PROCESSES    
  • 48. CLOUD  COMPUTING   SPECIFIC CLOUD COMPUTING CONTRACTUAL ISSUES   LICENSE  vs  SERVICE   IF  THERE  IS  NO  LICENSE,  TERMINATION  OR   TRANSITION  TO  NEW  SUPPLIER  MAY  BE  A   REAL  PROBLEM   AUDITABILITY  -­‐  AVAILABILITY   MUST  HAVE  DATA  ALWAYS  AVAILABLE  FOR   AUDITS   MUST  BE  POSSIBLE  TO  AUDIT  SUPPLIER   ITSELF   LOCATION  OF  DATA   PRIVACY  AND  LIABILITY  ISSUE   SUB  CONTRACTORS   RIGHT  TO  APPROVE  AND  AUDIT    
  • 49. CLOUD  COMPUTING   SPECIFIC CLOUD COMPUTING CONTRACTUAL ISSUES   INTELLECTUAL  PROPERTY   MAKE  SURE  CRITICAL  I.P.  IS  PROTECTED   OPEN  vs  PROPRIETARY   SWITCHING  TO  NEW  SUPPLIER  MAY  BE  A   PROBLEM   CHANGE  MANAGEMENT   SUPPLIER  MAY  DECIDE  TO  CHANGE    SW,   PLATFORM,  SUBCONTRACTORS?  HOW  AND   WITH  WHAT  RIGHTS/NOTICE   STANDARD  CONTRACTUAL  TERMS   NEED  OF  CONTROL  /  FLEXIBILITY  /   REGULATION  OF    SPECIFIC  ISSUES   DATA  PRIVACY  ISSUES   ATTITUDE  OF  SUPPLIERS    
  • 50. CLOUD  COMPUTING   DATA PRIVACY ISSUES  WHERE  ARE  THE  DATA?   KNOWING  THE  LOCATION  OF  DATA  IS   ESSENTIAL  UNDER  UE  PRIVACY  LAWS  CAN  SUPPLIER  TRANSFER  DATA?   SAME  AS  ABOVE  MANAGEMENT  OF  SUBCONTRACTORS   MUST  BE  APPOINTED  AS  DATA  PROCESSORS   AND  MUST  BE  AUDITABLE,  BY  CUSTOMER,  BY   PRIVACY  AUTHORITY  OR  OTHER  BODIES  SECURITY  MEASURES   AUDITABILITY  –  LIABILITY  ACCESS  DATA  ARE  PERSONAL  DATA   WHERE  ARE  THEY,  WHO  CAN  ACCESS  THEM,   HOW  LONG  ARE  THEY  STORED  FOR  OBLIGATION  NOT  TO  USE  DATA   SUPPLIER  AND  SUBCONTRACTOR  RETURN  OR  DESTRUCTION  OF  DATA   SUPPLIER  AND  SUBCONTRACTORS    
  • 51. CLOUD  COMPUTING   LEGAL ISSUES  LIABILITY  OF  CLOUD  PROVIDER  FOR   NO   LIABILITY   IF   THE   PROVIDER   HAS   NO  ILLEGAL  CONTENT  ?   KNOWLEDGE   OR   AWARENESS   OF   ILLEGAL   NATURE   AND   REMOVES   OR   BLOCKS   ILLEGAL   DATA   WHEN   IT   DOES   GAIN   KNOWLEDGE   OR   BECOME   AWARE   OF   ILLEGAL   NATURE   (NOTICE   AND  TAKEDOWN)  JURISDICTIONAL  ISSUES  AND   THE  CHOICE  OF  THE  COMPETENT  COURT  AND  APPLICABLE  LAW   OF  THE  APPLICABLE  LAW  ARE  FUNDAMENTAL;   IF  OUTSIDE  OWN  COUNTRY,  ANY  LITIGATION   CAN  BECOME  PROHIBITIVELY  EXPENSIVE  DISPUTE  RESOLUTION   ARBITRATION  MUST  BE  CONSIDERED  AS  ONE   INTERESTING  OPTION  KEEPING   CONFIDENTIALITY  AND  AVOIDING  PROBLEMS   LIKE  CHOICE  OF  ANOTHER  APPLICABLE  LAW  BY   COURT    
  • 52. CLOUD  COMPUTING   LEGAL ISSUES  INTRODUCTION  OF  HARMFUL  CODE   NEED   TO   RELY   ON   THE   PROVIDER   APPLYING  (VIRUSES  AND  OTHER  MALICIOUS   SUFFICIENT   PROTECTION   AGAINST   THESE  CODE)   D A N G E R S ;   N E C E S S I T Y   O F   I M P O S I N G     OBLIGATIONS  TO  THE  PROVIDER    US  PATRIOT  ACT   In  certain  circumstances,  the  US  PATRIOT  Act   allows  the  US  government  to  obtain  data  held   anywhere  in  the  world  by  US  companies  or   companies  with  sufficient  connec(ons  to  the   US.  This  would  extend  to  data  centres  based  in   UE  that  are  operated  by  US  companies  and   data  centres  based  in  the  US  operated  by  non-­‐ US  companies.    IT  PROPERTY  OWNERSHIP   NECESSARY  TO  ENSURE  THAT  THE   AGREEMENT  DOES  NOT  TRANSFER  IP   OWNERSHIP    
  • 53. CLOUD  COMPUTING   LEGAL ISSUES  ISSUES  PARTICULAR  TO  REGULATED   RULES   THAT   LIMIT   THEIR   ABILITY   TO  INDUSTRIES   OFFSHORE   THEIR   OPERATIONS;   EX:   BANKING   OR   INSURANCE   COMPANIES;   TEST   THE   WATERS   WITH   THEIR   REGULATOR   BEFORE   PROCEEDING   WITH   CLOUD   COMPUTING   SERVICE  SOLUTIONS  SUBCONTRACTORS   ALL  THE  RELEVANT  OBLIGATIONS  MUST   THEREFORE  APPLY  ALSO  TO  THE  SUB-­‐ PROCESSORS  THROUGH  CONTRACTS   BETWEEN  THE  CLOUD  PROVIDER  AND   SUBCONTRACTOR  REFLECTING  THE   STIPULATIONS  OF  THE  CONTRACT  BETWEEN   CLOUD  CLIENT  AND  CLOUD  PROVIDER    SPECIAL  PRECAUTIONS  BY  THE  PUBLIC   EUROPEAN  GOVERNMENTAL  CLOUD  AS  A  SECTOR     SUPRA  NATIONAL  VIRTUAL  SPACE  WHERE  A     CONSISTENT  AND  HARMONIZED  SET  OF  RULES   COULD  BE  APPLIED?    
  • 54. CLOUD  COMPUTING  CONCLUSIONS AND RECOMMENDATIONS   CLEARLY  IDENTIFY  THE  DATA  AND  THE   EX:   HEALTH   DATA,   WHICH   CAN   ONLY   BE   PROCESSING  THAT  WILL  BE   STORED   BY   A   CLOUD   PROVIDER   LICENSED   BY   ENTRUSTED  TO  THE  CLOUD  PROVIDER   THE  FRENCH  MINISTRY  OF  HEALTH   UNDERTAKE  A  RISK  ANALYSIS  TO   REFER  TO  THE  GUIDELINES  OF  ENISA   ENSURE  THAT  THE  CUSTOMER  IS   (EUROPEAN  NETWORK  AND  INFORMATION   GETTING  THE  RIGHT  LEVEL  OF   SECURITY  AGENCY)  WHEN  CONDUCTING  THE   SECURITY   RISK     UPDATE  THE  RISK  ANALYSIS   REGULARLY   BE  SURE  TO  IDENTIFY  THE  RIGHT  KIND   SAAS,  PAAS,  OR  IAAS,  PUBLIC,  PRIVATE  OR   OF  OFFER  THAT  IS  APPROPRIATE  FOR   HYBRID  CLOUD  SOLUTIONS   A  CLOUD  CUSTOMERS  BUSINESS    
  • 55. CLOUD  COMPUTING   CONCLUSIONS AND RECOMMENDATIONS    Choose   a   cloud   provider   with   essen(al   elements   that   should   appear   in   the  sufficient   service   and   privacy   level   cloud  contracts  guarantees  Rethink  YOUR  own  IT  security  policy   such  as  rules  on  authen(ca(on  of  users,  and   employees  use  of  mobile  devices  to  access   the  employers  network…  Ensure  that  the  customer  defines  its   Localiza(on  of  the  data,  reversibility  and  data  own  requirements  on  the  technical   portability  and  legal  security  aspects  of  the  processing    
  • 56.            Social  Media          30’                                  Cookies            30’                                New  Domain  Names      15’                         Q  &  A                                                                                                        
  • 57. BARCELONA,  SEPTEMBER  28,  2012   Some  issues  on  Social  Networks   Jean-­‐François  HENROTTE   j•enroue@philippelaw.eu  |  Argen(na  |  Belgium  |  Canada    |  France  |  Germany  |  Israel  |  Italy  |  Luxembourg  |  Mexico  |  Morocco  |  Norway  |  South  Africa  |  Spain  |  Switzerland  |  Tunisia    |  United  Kingdom  |  USA  
  • 58. Some  issues  on  Social  Networks  1.  How  to  manage  issues  on  Social  Networks   A.  First,  the  easy  way   B.  Then  the  hard  way  2.  How  to  react  if  your  content  is  removed  3.  Community  management,  a  new  business   Page  60   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 59. Some  issues  on  Social  Networks  •  Social  networks  are  not  an  apart  world.  •  Almost  all  the  annoyances  of  society  can  be   found  there,  but  some  more  ohen  :   •  Defama(on   •  Harassment     •  Copyright  infrigement     •  Privacy  breach   •  …   Page  61   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 60. 1.  How  to  manage  issue  on  Social  Networks   How  to  react  ?   B.  Hard  Law  A.  Soh  Law      Use  the  tools   Use  leuer  of  formal  provided  by  social   no(ce,    cease-­‐and-­‐networks   desist  order,  themselves   lawsuit,…   Page  62   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 61. 1.  A  How  to  manage  issue  on  Social  Networks   Old  fashioned  legal  tools  are  good,  but…   Internet  is  a  par(cular  area  where  :     There  is  always  someone    Nothing  is  forgouen   on  the  lookout       Everything  can  be  reproduced   indefinitely     from  a  single  copy     Page  63   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 62. 1.A  How  to  manage  issue  on  Social  Networks   Beware  of  the  Barbara  Streisand’s  effect   Page  64  |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 63. 1.A  How  to  manage  issue  on  Social  Networks  Lawyers   need   to   be   careful   when   using  leuers  of  formal  no(ce  or  lawsuits  •  There   is   a   significant   risk   of   bad   publicity  •  There   is   a   significant   risk   to   auract   much   more   a/enEon   due   to   a   inadequate  or  bad  reac(on  than  to  the   first  event  in  itself   Page  65   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 64. 1.A  How  to  manage  issue  on  Social  Networks  Some  guidelines  •  Be  quick  but  do  not  rush  •  Be   ready   to   communicate   if   things   go   wrong  •  Use   the   reporEng   tools   implemented   by   social  networks   •  It  is  fast   •  It  tackles  the  problem  at  the  roots   •  It  prevent  (partly)  the  spread  of  the  problem   •  Main  issue  è  Completely  arbitrary   Page  66   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 65. 1.A  How  to  manage  issue  on  Social  Networks  Tools  to  report  abuse  •  First,  the  abuse  must  be  defined   •  Break  of  terms  and  policies   •  Copyright  (or  other  IP  right)  infrigement     •  Defama(on   •  Privacy  mauer   •  Harassment   •  …  •  Then,  follow  the  adequate  procedure   Page  67   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 66. 1.A  How  to  manage  issue  on  Social  Networks  •  Linkedin  hup://www.linkedin.com/sta(c?key=copyright_policy&trk=hb_h_copy  •  Facebook  hup://en-­‐gb.facebook.com/help/?page=178608028874393&ref=hcnav    •  FlickR  hup://www.flickr.com/abuse/       Page  68   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 67. 1.A  How  to  manage  issue  on  Social  Networks  •  Google  +  hup://support.google.com/plus/bin/answer.py?hl=en&answer=1253377    •  YouTube  hup://www.youtube.com/t/copyright_no(ce?gl=BE    •  Google.com  hups://www.google.com/webmasters/tools/removals?pli=1           Page  69   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 68. 1.B  How  to  manage  issue  on  Social  Networks  When  the  easy  way  is  not  enough  If  :  •  Social   network   does   not   comply   with   your   request,  or  not  fast  enough  •  You  feel  you  need  a  stronger  ac(on  è  Unholster  the  usual  lawyers   Page  70   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 69. 1.B  How  to  manage  issue  on  Social  Networks  First  issue  :  Iden(fy  the  perpetrator  •  Easy  if  his  real  name  is  disclosed  •  May  be  really  hard  if  he  uses  a  nickname   •  In  Belgium,  it  is  almost  impossible   ∟  Due   to   recent   case   law,   only   the   criminal   judge   have   the   power   to   compel   providers   to   disclose   the  iden(ty  of  a  user  (><  Spain)   ∟  But,   in   Belgium,   criminal   jus(ce   is   totally   overtaken  and  doesn’t  really  care  about  or  is  not   really  efficient  to  handle  these  cases   Page  71   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 70. 1.B  How  to  manage  issue  on  Social  Networks  The  perpetrator  is  known  And  is  in  a  place  where  you  can  reach  him…    è Then  you  can  sue  him  using  :   ∟  Criminal   law   if   defama(on   or   harassment   (Art.  443  and  following  of  B.  Criminal  Code)   ∟  Copyright  law   ∟  Civil  law  (Art.  1382  –  1383  of  B.  Civil  Code)   ∟  Commercial  law   Page  72   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 71. A  word  about  Criminal  Law  Ohen,   the   first   idea   when   faced   with   a  problem   (such   as   defama(on)   on   a   social  network  is  to  use  Criminal  Law    But  (in  Belgium  at  least):  •  You  are  not  in  control  •  Criminal  procedure  can  be  really  slow  •  It  may  paralyse  civil  procedure   Page  73   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 72. 1.B  How  to  manage  issue  on  Social  Networks  The  perpetrator  is  unknown  Or  you  can’t  reach  him  èLodge  a  Criminal  complaint  against  X  è At  the  same  (me,  act  against  the  provider   (social  network  company  in  this  case)  but  :   ∟  they  may  benefit  from  the  exemp(on  from  liability   ∟  they  can  oppose  the  argument  of  freedom  of  speech   ∟  they  can  claim  that  they  did  not  commit  any  fault   Page  74   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 73. 1.B  How  to  manage  issue  on  Social  Networks  Exemp(on  from  civil  liability    Introduced  by  Direc(ve  2000/31/EC  on  electronic  commerce  You  have  to  prove  that:  •  they   do   not   fit   into   the   category   of   intermediary   service  providers  (hoster  in  this  case)  as  provided   by  the  Direc(ve  •  they   had   previous   knowledge   of   the   illegality   or   had   not   responded   adequately   when   they   were   made  aware  of  this  illegality  èInjuc(on  are  s(ll  possible   Page  75   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 74. 1.B  How  to  manage  issue  on  Social  Networks  Freedom  of  speech  This   right   is   crucial   to   our   socie(es,   but   not  absolute    è You   have   to   prove   that   your   case   stays   into   one  of  these  rights  limita(ons     Page  76   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 75. 1.B  How  to  manage  issue  on  Social  Networks  The  lack  of  fault  è You   need   to   prove   that,   once   the   provider   has   been  made  aware  of  the  illegality,  he  commits   a  fault  if  he  doesn’t  react  quickly  to   remove  or   to  disable  access  to  the  informa(on     Page  77   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 76. 1.B  How  to  manage  issue  on  Social  Networks   Intermediary  conclusions     It  may  be  hard  and  expensive  to  achieve  a  result   (suppression  of  the  content,  not  even  talking  of   compensatory  damages)  with  the  hard  way     Get  yourself  organised  to  control  the  places  of   discussion   Use  the  soh  way   Page  78   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 77. 2.  How  to  react  if  your  content  is  removed  What  if  your  content  is  removed    •  IdenEfy   the   pretext   used   to   jus(fy   the   removal  •  Use   the   counter-­‐noEce   pages   and   tools   offered  by  social  networks  •  Act   at   the   same   (me   against   the   person   who   lodged   the   complaint   (when   his   iden(ty   is   known)   and   try   to   obtain   from   him  that  he  withdraws  his  complaint   Page  79   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 78. 3.  Community  management  Community  Management  •  A   new   profession   related   to   the   advent   of   social  networks  •  This   business   consists   in   managing   and   maintaining   a   community   of   “fans”   of   a   brand,   a   company,   a   people,…   on   social   networks   Page  80   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 79. 3.  Community  management  Issues  •  Liule  or  no  educa(on  to  become  a  community   manager  •  Ohen   a   poor   understanding   of   the   risks   from   the  execu(ves  •  Risks  are  even  greater  than  with  spokesman   •  Speed  and  spontaneity  of  responses   •  Rapid  dissemina(on  to  the  community  and  beyond   •  Fans   can   focus   on   personality   of   the   Community   manager   rather  than  on  the  brand   Page  81   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 80. 3.  Community  management  Issues  •  In   most   cases,   applica(on   of   labor   law   (if   the   manager   is   an   employee)   or   standards   liability  rules  •  In  Belgium,  except  for  gross  negligence,  the   employee  will  not  be  held  responsible    •  Par(cular   auen(on   should   be   paid   to   contract  !   Page  82   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 81. 3.  Community  management  Upon  hiring,  it  must  therefore  be  decided  •  Who   owns   the   contents   produced   by   the   Community   Manager   in   case   of   break   of   contract  ?   •  In   Belgium,   transfer   of   IP   rights   has   to   be   formally  provided  in  the  contract  (><  Spain)  •  Who  owns  the  community’s  members  that   he   has   auracted     in   case   of   break   of   contract  ?   Page  83   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 82. 3.  Community  management  Upon  hiring,  it  must  therefore  be  decided  •  Who   got   the   ownership   and   access   codes   to  the  account  ?     •  When   possible,   it’s   beuer   that   execu(ve   opens   the   account   themselves   and   then   gives   (limited)   admin   rights   to   the   community   manager   +   Execu(ve   should   keep   modera(ng   powers   in   case   of   emergency   •  It  should  be  a  good  idea  to  write  down  in  the   contract  the  unique  ID  of  the  account   Page  84   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 83. Conclusions   Don’t  Panic  !  •  Social   networks   are   powerful   tools   for   communica(on,  adver(sing  and  marke(ng  •  Social   networks   are   now   part   of   our   everyday   life   and   you   should   use   them,   with  care,  like  every  other  tool   Page  85   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 84. Conclusions   Join  us  on   Page  86  |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 85. Credits  •  Picture   of   Barbara   Streisand   :   By   Allan   warren   (Own   work)   [CC-­‐BY-­‐SA-­‐3.0   (hup:// crea(vecommons.org/licenses/by-­‐sa/3.0)   or   GFDL   (hup://www.gnu.org/copyleh/fdl.html)],   via   Wikimedia  Commons   Page  87   |  Belgium  |  Me  Jean-­‐François  HENROTTE  |  j•enroue@philippelaw.eu  
  • 86. BARCELONA,  FRIDAY,  SEPTEMBER  28,  2012   RegulaEng  Cookies  in  Canada   Jean-­‐François  De  Rico   Langlois  Kronström  Desjardins  llp    |  Argen(na  |  Belgium  |  Canada    |  France  |  Germany  |  Israel  |  Italy  |  Luxembourg  |  Mexico  |  Morocco  |  Norway  |  South  Africa  |  Spain  |  Switzerland  |  Tunisia    |  United  Kingdom  |  USA  
  • 87. web beacons zombie cookies device  data  supercookies Online   Behavioural   Cookies   Advertising  
  • 88. Cookies  •  File  created  by  browser  and   saved  on  a  user’s  computer   by  website    •  The  cookie  uniquely   iden(fies,  or  “records”  user   informa(on/preference  
  • 89. Purposes  Measuring  web  site  usage  to   •    Improve  func(onality  of  the  site;     •    Fraud  preven(on;  and     •    Online  behavioral  adver(sing;  
  • 90. InformaEon  collected  •  IP  address;    •  pages  visited;    •  length  of  Eme  spent  on  each  page;  •  adverEsements  viewed;    •  arEcles  read;    •  purchases  made;    •  search  terms;    •  user  preferences;    •  operaEng  system;    •  geographical  locaEon.  
  • 91. CLOUD  COMPUTING   Europe   Canada   Page  93    
  • 92. Europe       ObligaEon  to  provide  explanaEon  of  the  type   and  funcEon  of  cookies  and  obtain  a  users   explicit  consent  before  installing  a  cookie  
  • 93. Canada       Based  on  relaxed  “opt-­‐out”  framework.         AnE-­‐spam  law  (CASL)  An  Act  to  promote  the  efficiency  and  adaptability  of  the  Canadian  economy  by  regulaEng   certain  acEviEes  that  discourage  reliance  on  electronic  means  of  carrying  out  commercial   acEviEes,  and  to  amend  the  Canadian  Radio-­‐television  and  TelecommunicaEons   Commission  Act,  the  CompeEEon  Act,  the  Personal  InformaEon  ProtecEon  and  Electronic   Documents  Act  and  the  TelecommunicaEons  Act  (S.C.  2010,  c.  23)    
  • 94. AnE-­‐spam  law  (CASL)        Expressly  allows  cookies  to  be  installed  on  a   users  computer  ….provided  the  users   behaviour  suggests  he  or  she  would  consent   to  the  installaEon…                        (?)    
  • 95. General  prohibiEon      InstallaEon  of  computer  program    8.  (1)  A  person  must  not,  in  the  course  of  a  commercial  ac(vity,  install  or   cause  to  be  installed  a  computer  program  on  any  other  person’s  computer   system  or,  having  so  installed  or  caused  to  be  installed  a  computer  program,   cause  an  electronic  message  to  be  sent  from  that  computer  system,  unless   –  (a)  the  person  has  obtained  the  express  consent  of  the  owner  or  an   authorized  user  of  the  computer  system  and  complies  with  subsec(on   11(5);  or   –  (b)  the  person  is  ac(ng  in  accordance  with  a  court  order.  
  • 96.      “computer  program”  means  data   represen(ng  instruc(ons  or  statements  that,   when  executed  in  a  computer  system,  causes   the  computer  system  to  perform  a  func(on;  
  • 97. Cookie  ExcepEon  •  10  (…)  (8)  A  person  is  considered  to  expressly  consent  to  the  installaEon  of   a  computer  program  if  •  (a)  the  program  is   –  (i)  a  cookie,   –  (ii)  HTML  code,   –  (iii)  Java  Scripts,   –  (iv)  an  opera(ng  system,   –  (v)  any  other  program  that  is  executable  only  through  the  use  of   another  computer  program  whose  installa(on  or  use  the  person  has   previously  expressly  consented  to,  or   –  (vi)  any  other  program  specified  in  the  regula(ons;  and  •  (b)  the  person’s  conduct  is  such  that  it  is  reasonable  to  believe  that  they   consent  to  the  program’s  installaEon .  
  • 98.  Withdrawal  of  consent    
  • 99.  Policy  PosiEon  on  Online  Behavioural  AdverEsing        Applica(on  of  PIPEDA  to  the  collec(on/use  of   data  about  individuals’  web  ac(vi(es  for  the   purposes  of  online  behavioural  adver(sing   (OBA)  only.  
  • 100.  OPC  will  generally  consider  informa(on   collected  for  OBA  to  be  PI,  considering  that:     Ø the  purpose  is  crea(ng  profiles  to  serve  targeted   ads;     Ø means  available  for  gathering  and  analyzing   disparate  bits  of  data  and  serious  possibility  of   iden(fying  individuals;  
  • 101.  The  condi(ons  under  which  opt-­‐out  consent  to  OBA  can  be  considered  acceptable  are:    •  Individuals  are  made  aware  of  the  purposes  for  the  prac(ce  in  a  manner   that  is  clear  and  understandable  –  the  purposes  must  be  made  obvious  and   cannot  be  buried  in  a  privacy  policy,  at  or  before  the  (me  of  collec(on  and   provided  with  informa(on  about  the  various  par(es  involved  in  OBA;  •  Individuals  are  able  to  easily  opt-­‐out  of  the  prac(ce  -­‐  ideally  at  or  before  the   (me  the  informa(on  is  collected;  •  The  opt-­‐out  takes  effect  immediately  and  is  persistent;  •  The  informa(on  collected  and  used  is  limited,  to  the  extent  prac(cable,  to   non-­‐sensi(ve  informa(on  ;  and  •  Informa(on  collected  and  used  is  destroyed  as  soon  as  possible  or   effec(vely  de-­‐iden(fied  
  • 102. JurisdicEon    Canadian  businesses,  to  the  extent  they   process  and  use  data  about  individuals  in  the   European  Union,  through  websites  that  offer   goods  and  services  to  European  viewers  or   use  cookies  to  monitor  European  viewer   behaviour,  will  need  to  comply  with  the  more   stringent  direc(ve.  
  • 103. BARCELONA,  28  SEPTEMBER  2012   COOKIES   EU  &  UK  LAW  PERSPECTIVE   Daniel  PREISKEL   Preiskel  &  Co  LLP   5  Fleet  Place  London  EC4  7RD   United  Kingdom   dpreiskel@preiskel.com  |  Argen(na  |  Belgium  |  Canada    |  France  |  Germany  |  Israel  |  Italy  |  Luxembourg  |  Mexico  |  Morocco  |  Norway  |  South  Africa  |  Spain  |  Switzerland  |  Tunisia    |  United  Kingdom  |  USA  
  • 104. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Table  of  Contents  •   Essen(als  of  Cookies       •  Defini(on   •  EU  &  UK  Legal  Framework   •  EU  &  UK  Independent  Authori(es   •  Key  Issues   •  Enforcement  &  Penal(es   •  Compliance     Page  107   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 105. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  What  is  a  cookie?       •  According   to   the   Informa(on   Commissioner’s   Office   (ICO)   -­‐   that   is   the   independent   authority   in   UK   dealing   with   privacy   and   data   protec(on  -­‐  a  cookie  is  “a  small  file,  typically  of  le?ers  and  numbers,   downloaded   on   to   a   device   when   the   user   accesses   certain   websites.   Cookies   are   then   sent   back   to   originaFng   website   on   each   subsequent  visit.  Cookies  are  useful  because  they  allow  a  website  to   recognise  a  user’s  device”     •  There   are   several   type   of   cookies   depending   on   their   specific   features,   for   instance   there   are   session   cookies   and   persistent   cookies   Page  108   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 106. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Legal  Framework       •  EU  DirecEves:  European  Direc(ve  -­‐  2002/58/EC  -­‐  which  is  concerned   with   the   protec(on   of   privacy   in   the   electronic   communica(ons   sector,  which  has  been  amended  by  Direc(ve  2009/136/EC     •  UK   RegulaEons:   the   Privacy   and   Electronic   Communica(ons   (EC   Direc(ve)   Regula(ons   2003   (SI   2003/2426)   as   amended   by   the   Privacy  and  Electronic  Communica(ons  (EC  Direc(ve)  (Amendment)   Regula(ons  2011  (SI  2011/1208)   Page  109   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 107. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Legal  Framework       •  Both   the   Direc(ves   and   Regula(ons   apply   to   cookies   and   similar   technologies  for  storing  informa(on     •  The  legal  framework  states  that  the  use  of  cookies  is  only  allowed  if   an   end   user   has   been   provided   with   clear   and   comprehensive   informa(on  about  the  purposes  for  which  each  cookie  is  stored  and   accessed  on  to  his/her  computer  or  mobile  device  and  the  user  has   given  his  or  her  informed  consent   Page  110   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 108. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Legal  Framework       •  There   is   an   excep(on   to   the   requirement   to   provide   informa(on   about  cookies  and  obtain  consent  where  the  use  of  the  cookie  is:     •  for   the   sole   purpose   of   carrying   out   the   transmission   of   a   communica(on  over  an  electronic  communica(ons  network;  or     •  where   such   storage   or   access   is   strictly   necessary   (i.e.   essen(al)   for   the   provision   of   an   informa(on   society   service   requested   by   the   subscriber  or  user.  For  instance  it  is  likely  to  fall  within  the  excep(on   a  cookie  used  to  remember  the  goods  a  user  wishes  to  buy  when  they   proceed  to  the  checkout  or  add  goods  to  their  shopping  basket   Page  111   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 109. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  EU  &  UK  Independent  Authori(es       •  European   Data   Privacy   Supervisor   is   an   independent   supervisory   authority   devoted   to   protec(ng   personal   data   and   privacy   and   promo(ng  good  prac(ce  in  the  EU  ins(tu(ons  and  bodies     •  Ar(cle  29  Working  Party  on  the  Protec(on  of  Individuals,  that  is  an   independent  European  advisory  body  on  data  protec(on  and  privacy   set  up  under  Ar(cle  29  of  Direc(ve  95/46/EC     •  The   Informa(on   Commissioner’s   Office   is   the   UK’s   independent   authority  set  up  to  uphold  informa(on  rights  in  the  public  interest,   promo(ng   openness   by   public   bodies   and   data   privacy   for   individuals   Page  112   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 110. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Key  issues       •  Cookie  audit:     •  Iden(fy  which  type  of  cookies  are  used   •  Confirm  the  type  of  cookies  and  how  intrusive  they  are   •  Confirm   the   purpose(s)   of   each   cookie   and   whether   each   cookie   would   be   necessary  to  perform  the  services  requested   •  Iden(fy  what  data  each  cookie  holds,  and  confirm  whether  the  cookie  is  linked   to  other  data  that  the  cookie  owner  holds  about  a  user   •  Confirm  the  lifespan  of  each  persistent  cookie   •  Confirm  whether  the  cookie  is  a  first-­‐party  or  third-­‐party  cookie   •  Double  check  that  the  company  has  an  adequate  privacy  policy  posted  on  its   website  with  accurate  and  clear  informa(on  about  each  type  of  cookie  used  by   the  company   Page  113   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 111. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Key  issues       •  Ensure   informa(on   about   cookies   and   mechanisms   for   making   choices,   are   as   easily   accessible   as   possible   for   users   of   devices   in   which   cookies   are   stored,   so   as   to   obtain   valid   and   well   informed   consent  by  using:     •  Prominent  links   •  Legal  foot  notes  and  privacy  policy   •  News  items  and  blog  posts   •  A  clickable  image  or  icon   Page  114   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 112. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Key  issues       •  Cookies  as  “equipment”  and  applicable  law     •  Use   of   technologies   “similar”   to   cookies,   for   instance   the   apps   to   access  the  user’s  loca(on  and/or  personal  informa(on     •  Mul(-­‐jurisdic(onal   issues   in   the   interpreta(on,   applica(on   and   enforcement  of  the  law     •  Con(nuing  dialogue  with  authori(es     Page  115   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 113. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Enforcement  &  Penal(es       •  In  cases  where  organisa(ons  refuse  or  fail  to  comply  voluntarily  with   the   Regula(ons   the   ICO   and   the   Courts   have   a   range   of   op(ons   to   available  to  them  to  take  formal  ac(on  where  this  is  necessary   •  For  instance  the  ICO  may  request:     •  Informa(on  No(ce   •  Undertaking   •  Enforcement  No(ce   •  Monetary  Penalty  No(ce   Page  116   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 114. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Compliance       •  The  person  sevng  the  cookie  is  primarily  responsible  for  compliance   with  the  requirements  of  the  law     •  Where   third   party   cookies   are   set   through   a   website,   both   par(es   (the  website  owner  and  the  person  sevng  the  cookie)  will  have  the   responsibility  for  ensuring  users  are  clearly  informed  about  cookies   and  for  obtaining  consent   Page  117   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 115. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Compliance       •  Providers  must  obtain  users  consent:   •  Before  the  cookie  is  set   •  Through  an  affirma(ve  step     •  For   instance,   providers   may   use   pop-­‐Up   windows,   message   bars,   header  bars  or  splash  pages,  browser  sevngs,  terms  and  condi(ons,   sevng-­‐led  consent  and/or  feature-­‐led  consent  just  to  name  a  few   Page  118   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 116. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE  Essen(als  of  Cookies  Conclusion       •  Data  protec(on  is  a  complex  area   •  Penal(es  &  Reputa(onal  damage   •  Compliance  is  key   Page  119   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 117. COOKIES  -­‐  EU  &  UK  LAW   PERSPECTIVE   Essen(als  of  Cookies             Daniel  PREISKEL   dpreiskel@preiskel.com   Page  120   |  United  Kingdom|  Daniel  PREISKEL|  dpreiskel@preiskel.com  
  • 118. BARCELONA,  28  SEPTEMBER  2012     Trademark  Rights  ProtecEon   Mechanisms  for  New  gTLD´s     Enrique  Ochoa   Langlet,  Carpio  y  Asociados    |     G e r m a n y     |     B e l g i u m     |     C a n a d a     |     S p a i n     |     U S A     |     F r a n c e     |     I s r a e l      |     I t a l y     |     M o r o c c o     |   M e x i c o     |     N o r w a y     |     S w i t z e r l a n d  
  • 119. New  GTLD´s  -­‐  .love  -­‐  .app  -­‐  .microsoh  -­‐  .barcelona  -­‐  .nyc  -­‐  .lawyer         |     G e r m a n y     |     B e l g i u m     |     C a n a d a     |     S p a i n     |     U S A     |     F r a n c e     |     I s r a e l       |     I t a l y     |     M o r o c c o     |   M e x i c o     |     N o r w a y     |     S w i t z e r l a n d  
  • 120.   -­‐  Legal  Rights  Objec(ons  (LRO).              |     G e r m a n y     |     B e l g i u m     |     C a n a d a     |     S p a i n     |     U S A     |     F r a n c e     |     I s r a e l      |     I t a l y     |     M o r o c c o     |   M e x i c o     |     N o r w a y     |     S w i t z e r l a n d  
  • 121. WIPO  Arbitra(on  and   Media(on  Center  has  been   appointed  by  ICANN  as  the   exclusive  provider  of  dispute   resolu(on  services  for   trademark  based  “pre-­‐ delega(on”  Legal  Rights   Objec(ons   under  ICANN’s  New  gTLD   Program.      |     G e r m a n y     |     B e l g i u m     |     C a n a d a     |     S p a i n     |     U S A     |     F r a n c e     |     I s r a e l      |     I t a l y     |     M o r o c c o     |   M e x i c o     |     N o r w a y     |     S w i t z e r l a n d  
  • 122.  ICANN  offers  three  other  types  of  pre-­‐delega(on  objec(on-­‐based  dispute   resolu(on   procedures   which   are   not   administered   by  WIPO:      -­‐  “String  Confusion  Objec(on,”      -­‐  “Limited  Public  Interest  Objec(on,”  and      -­‐  “Community  Objec(on.”              ICANN   has   furthermore   established   a   process   for   the   ICANN  Governmental  Advisory  Commiuee  (GAC)  to  provide  “GAC  Advice  on  New  gTLDs”  concerning  applica(ons  iden(fied  by  governments  as  problema(c.      |     G e r m a n y     |     B e l g i u m     |     C a n a d a     |     S p a i n     |     U S A     |     F r a n c e     |     I s r a e l      |     I t a l y     |     M o r o c c o     |   M e x i c o     |     N o r w a y     |     S w i t z e r l a n d  
  • 123. Trademark  protecEon  mechanisms  available  aer  new  gTLDs  are  approved.  “Rights  ProtecEon  Mechanisms”  (RPMs).      -­‐   Trademark   Clearinghouse   (for   use   in   connec(on   with   Sunrise  periods  and  Trademark  Claims  services)    -­‐  Uniform  Rapid  Suspension  system  (URS),  and      -­‐  Post-­‐Delega(on  Dispute  Resolu(on  Procedure  (PDDRP).        In   addi(on,   the   exis(ng   Uniform   Domain   Name   Dispute  Resolu(on  Policy  (UDRP)  will  be  applicable  to  all  new  gTLDs.      |     G e r m a n y     |     B e l g i u m     |     C a n a d a     |     S p a i n     |     U S A     |     F r a n c e     |     I s r a e l      |     I t a l y     |     M o r o c c o     |   M e x i c o     |     N o r w a y     |     S w i t z e r l a n d  
  • 124. Enrique  Ochoa   eochoa@lclaw.com.mx  |     G e r m a n y     |     B e l g i u m     |     C a n a d a     |     S p a i n     |     U S A     |     F r a n c e     |     I s r a e l      |     I t a l y     |     M o r o c c o     |   M e x i c o     |     N o r w a y     |     S w i t z e r l a n d  
  • 125. |     G e r m a n y     |     B e l g i u m     |     C a n a d a     |     S p a i n     |     U S A     |     F r a n c e     |     I s r a e l      |     I t a l y     |     M o r o c c o     |   M e x i c o     |     N o r w a y     |     S w i t z e r l a n d  
  • 126. ArgenEna   Belgium   Canada   France   Germany   Israel  Estudio  Millé   Philippe  &  Partners   Langlois,  Kronström,  Desjardins   Alain  Bensoussan,  Isabelle  Tellier   Buse  Heberer  Fromm  Rechtsanwälte   Livnat,  Mayer  &  Co  Antonio  &  Rosario  Millé   Jean-­‐François  Henroue  &  Alexandre   Richard  Ramsay  &  Jean-­‐François  De  Rico   &  Frédéric  Forster   Bernd  Reinmüller,  Tim  Caesar  &  Stephan   Russell  D.  Mayer  Suipacha  1111  -­‐  piso  11   Cruquenaire   jean-­‐francois.derico@lkd.ca   www.alain-­‐bensoussan.com   Menzemer   Jérusalem  Technology  Park,  C1008AAW  Buenos  Aires   j•enroue@philippelaw.eu  hup:// www.langloiskronstromdesjardins.com     Neue  Mainzer  Strasse  28   Building  9,  4th  Floor  T.  0054  11  5297  7000   lexing.philippelaw.eu     Paris   60311  Frankfurt  Am  Main   P.O.  Box  48193  Malcha  F.  0054  11  5297-­‐7009     Montreal   29,  rue  du  Colonel  Pierre  Avia   T.  0049  699  71  09  71  00   91481  Jérusalem    estudio@mille.com.ar   Liège   1002,  rue  Sherbrooke  Ouest,  28e  étage   F75508  Paris  cedex  15   F.  0049  699  71  09  72  00   T.  0097  226  79  95  33  www.mille.com.ar   Boulevard  d’Avroy,  280   H3A3L6  Montréal   T.  0033  141  33  35  35   reinmueller@buse.de   F.  0097  226  79  95  22   4020  Liège   T.  0015  148  42  95  12   F.  0033  141  33  35  36   www.buse.de   mayer@lmf.co.il   T.  0032  4    229  20  10   F.  0015  148  45  65  73   paris@alain-­‐bensoussan.com   www.livmaylaw.co.il   F.  0032  78  15  56  56         Quebec   Grenoble   Brussels   801,  Grande  Allée  Ouest,  Bureau  300   7,  place  Firmin  Gau(er   Avenue  Louise,  240   G1S1C1  Québec   F38000  Grenoble   1050  Bruxelles   T.  0014  186  50  70  00   T.  0033  476  70  09  95   T.  0032  2  250  39  80   F.  0014  186  50  70  75   F.  0033  476  70  09  96   F.  0032  78  15  56  56   grenoble@alain-­‐bensoussan.com  Italiy   Luxembourg   Mexico   Morocco   Norway   South  Africa  Studio  Legale  Zallone   Philippe  &  Partners   Langlet,  Carpio  y  Asociados   Bassamat  &  Associée   Føyen  Advøka•irma  DA   Michalsons  Raffaele  Zallone   Marc  Gouden  &  Jean-­‐François   Enrique  Ochoa   Fassi-­‐Fihri  Bassamat   Arve  Føyen   Lance  Michalson  and  John  Giles  31  Via  Dell’Annunciata   Henroue   Torre  Axis  Santa  Fe   30  rue  Mohamed  Ben  Brahim  Al  Mourrakouchi   Postboks  7086  St.  Olavs  pl.   lance@michalsons.co.za  20121  Milano   41  avenue  de  la  Liberté   Prolongación  Paseo  de  la   20000  Casablanca   0130  Oslo   www.michalsons.co.za  T.  0039  229  01  35  83   1931  Luxembourg   Reforma  #  61,  PB-­‐B1   T.  00212  522  26  68  03   T.  0047  21  93  10  00    F.  0039  229  01  03  04   T.  00352  266  886   Col.  Paseo  de  las  Lomas   F.  00212  522  26  68  07   F.  0047  21  93  10  01   Johannesburg  r.zallone@studiozallone.it   F.  00352  266  887  00     01330  Mxico,  D.F.   contact@cabinetbassamat.com   arve.foyen@foyen.no   Ground  Floor  www.studiovallone.it   luxembourg@philippelaw.eu   T.  0052  55  25  91  10  70   www.cabinetbassamat.com   www.foyen.no   Twickenham  Building   hup://lexing.philippelaw.eu   F.  0052  55  25  91  10  40   The  Campus,  57  Sloane  &  Cnr  Main  Road   eochoa@lclaw.com.mx   2021  Bryanston   www.lclaw.com.mx   T.  0027  11  568  0331   F.  0027  86  529  4276       Cape  Town   Boyes  Drive   St  James   7945  Cape  Tow   T.  0027  21  300  1070   F.  0027  86  529  4276  Spain   Switzerland   Tunisie   United  Kingdom   USA  Alliant  Abogados  Asociados  SLP   SébasEen  FanE  Avocat  &  Notaire   Cabinet  Younsi  &  Younsi   Preiskel  &  Co  LLP   IT  Law  Group  Marc  Gallardo   8B  rue  de  Pré-­‐Fleuri,  CP  497   Yassine  Younsi   Danny  Preiskel   Françoise  Gilbert  Gran  Via  Corts  Catalanes  702   1951  Sion   4,  Rue  Pe(te  Malte   5  Fleet  Place   555  Bryant  Street  #603  08010  Barcelone   T.  0041  27  322  15  15   1001  Tunis   London  EC4M  7RD   Palo  Alto,  CA  94301  T.  0034  93  265  58  42       F.  0041  27  322  15  70   T.  00  216  71  346  564     T.  0044  20  7332  5640     T.  0016  508  04  12  35  F.  0034  93  265  52  90   sebas(en.fan(@sebas(enfan(.ch   cabinetyounsi_younsi@yahoo.fr   F.  0044  20  7332  5641   F.  0016  507  35  18  01  marc.gallardo@alliantabogados.com   www.sebas(enfan(.ch   hup://younsiandyounsilawfirm.e-­‐ dpreiskel@preiskel.com   fgilbert@itlawgroup.com  www.alliantabogados.com   monsite.com   www.preiskel.com   www.itlawgroup.com   |   G l o b a l   n e t w o r k   o f   a / o r n e y s   s p e c i a l i z e d   i n   e m e r g i n g   t e c h n o l o g y   l a w  

×