In today’s judgment, the UK Supreme Court held that rights-holders should bear the costs of implementing website blocking injunctions to prevent IP infringement. The judgment overturns the practice adopted by the English courts since 2011 of requiring internet service providers, as innocent intermediaries, to bear these costs.
A recent judgment of the European Court makes it clear that in many circumstances more than one party may be a joint data controller. Whilst the judgment pre-dates the GDPR, its consideration of what constitutes ‘control’ and ‘joint control’ remains good law under the GDPR. The judgment means that parties who may have considered themselves ‘data processors’ in the past should review whether they are in fact ‘joint data controllers’ with others. Continue Reading Are joint data control relationships now the norm rather than the exception?
On 29 November 2017, the Court of Justice of the European Union (ECJ) confirmed that, under the Copyright Directive (the Directive), the making available of copies of television programmes saved in the cloud must be authorised by the holder of the copyright or related rights. Continue Reading ECJ confirms rights holders can stop cloud-based television recording services
On 13 September 2017, the Commission issued a proposal for a Regulation to strengthen the role of the EU Agency for Network and Information Security (ENISA) by:
- granting it a permanent mandate;
- clarifying its role as the information hub of the EU for cybersecurity; and
- tasking it with the responsibility of proactively contributing to policy in the area of network information and security.
The proposal also introduces EU-wide cybersecurity certification schemes for ICT products and services, which will be prepared by ENISA. This aims to address current market fragmentation and provide a comprehensive set of cybersecurity rules, technical requirements, standards and procedures. Continue Reading EU Commission proposes stronger mandate for ENISA and EU-wide cybersecurity certification
The UK Government has released a “Future Partnership” paper setting out its vision for UK-EU data flows post-Brexit. In particular, the paper anticipates seeking an early UK-EU agreement that each area’s data protection laws provide equivalent protection, which would allow data to continue to flow between the EU, the UK and other third countries post-Brexit. Continue Reading UK Government seeks EU equivalency for UK data protection law post-Brexit
With holiday season upon us, earlier this week Matt Hancock, the UK Government’s Digital Minister, announced proposals for a new UK data protection law. Previously covered on this blog here and here, little new of substance was announced, but in a slow news week, the announcement garnered significant UK media coverage and attention. Continue Reading UK’s Digital Minister announces changes to UK data protection law
This week heralded further progress for the European Digital Single Market strategy, with the online content portability regulation mentioned previously on this blog coming into force on 20 July 2017, following publication of this regulation in the EU Official Journal on 30 June 2017. The regulation itself sets out a number of key dates during next year and onwards for content providers and consumers alike to watch for. Continue Reading ‘Watch like at home’: dates worth watching for
Following the Government’s decision to include a revised data protection law in the Queen’s Speech last month, the House of Lords EU Home Affairs Sub-Committee reviewed the potential implications on national security, stability and public safety of the UK exiting the European Union without an agreement to ensure there is unhindered data flow between the two sides. The Committee issued a stark warning that it was “struck by the lack of detail” on how the Government would ensure that the UK data protection regime continues to allow data transfer with the European Union in a post-Brexit world.
In a judgment delivered on 14 June 2017, the Court of Justice of the European Union (CJEU) decided that making available a online sharing platform falls within the concept of “communication to the public” for the purposes of copyright law, and can therefore amount to infringement of copyright in protected works which are shared via that platform. This decision bolsters the ability of copyright owners to pursue the operators of such platforms, and to obtain relief against intermediaries (in particular ISPs) forcing them to block their users from accessing such platforms.
The immediate practical consequence of the CJEU’s decision is that the national courts are entitled to grant blocking injunctions against ISPs in order to block users from accessing TPB. This is plainly a positive outcome from the point of view of copyright holders, giving them stronger rights to restrict unauthorised distribution of their protected works. The generally pro-rightsholder approach of the CJEU in this case mirrors the recent efforts of the English courts to modernise its remedies in order to secure adequate protection against infringing activities, as reported in a previous blog post.
A revised data protection law forms part of the new government’s legislative agenda for the UK. Key points in the Queen’s Speech on 21 June 2017 were that a new UK Data Protection Bill (the Bill) will replace the current Data Protection Act 1998; the new Bill will implement the EU General Data Protection Regulation (GDPR) in the UK (a fact that the party manifestos were silent on before the election); and the government intends to put the UK in the best position to maintain data sharing across the EU and internationally. These points remained unchallenged in the subsequent parliamentary debates, and the government’s express intention to implement the GDPR through national law in the UK was welcomed by many businesses. Continue Reading Proposal for a new UK Data Protection law