CR International

	Table of Contents
	Preview
	Archives/Previous Issues
	Cases & Material

	Questions and Feedback
	Subscription

	Profile
	Our Team
	Copyright & Disclaimers

	Computer und Recht
	IT-Rechts-Berater
	IT-Law Literature
	Seminars

Zuletzt aktualisiert am: 28.01.2010

CR-International News

Net Neutrality: The Economic Benefits

In January 2010 the Institute for Policy Integrity at the New York University School of Law has published Report No. 4 entitled "Free to Invest - The Economic Benefits of Preserving Net Neutrality" written by Inimai M. Chettiar/ J. Scott Holladay.

In their report, Inimai M. Chettiar and J. Scott Holladay discuss the implications of the new net neutrality rules proposed for the Internet by the Federal Communications Commission (FCC) in October 2009. Using an economic framework, Chettiar and Holladay analyze how the proposed rules will affect the value of the Internet—understood as both the physical communications network as well as the content that travels over that infrastructure. With this framework, they examine the tradeoffs inherent in Internet policy and point the direction toward rules that will facilitate the growth of the Internet and give private companies the correct incentives to continue investing in this significantly valuable good.

Report "Free to Invest - The Economic Benefits of Preserving Net Neutrality" by Chettiar/Holladay

SmartPrivacy by Smart Grid

In November 2009 the Future of Privacy Forum (FPF) with Ontario Information and Privacy Commissioner Ann Cavoukian, have released a white paper on “SmartPrivacy for the Smart Grid: Embedding Privacy in the Design of Electricity Conservation.” the term SmartPrivacy describes the holistic approach necessary to realizing the objective of all encompassing data protection. SmartPrivacy represents a broad arsenal of protections, encapsulating everything necessary to ensure that all of the personal information held by an organization is appropriately managed. These include: Privacy by Design; law, regulation and independent oversight; accountability and transparency; market forces; education and awareness; social norms; data security; and fair information practices. Privacy by Design (PbD) is a concept ensuring the protection of privacy through the use of privacy-enhancing technologies — embedding them into the design specifications of information technology, business practices, physical environments and infrastructure — making privacy the default.

White Paper "SmartPrivacy for the Smart Grid: Embedding Privacy in the Design of Electricity Conservation" by Future of Privacy Forum and Ontario Information and Privacy Commissioner Ann Cavoukian

USA: Self-Regulatory Principles for Online Behavioral Advertising

In July 2009 leading U.S. industry associations presented their cross-industry Self-Regulatory Program for Online Behavioral Advertising developed to apply consumer-friendly standards to online behavioral advertising across the Internet. Online behavioral advertising increasingly supports the convenient access to content, services, and applications over the Internet that consumers have come to expect at no cost to them. The Self-Regulatory Program consists of seven Principles:

The Education Principle calls for entities to participate in efforts to educate consumers and businesses about online behavioral advertising. It is expected that there will exist
a robust industry-developed Web site(s) that provide consumers with educational material about online behavioral advertising.
The Transparency Principle requires the deployment of multiple mechanisms for clearly disclosing and informing consumers about data collection and use practices associated with online behavioral advertising. This Principle applies to entities collecting and using data for online behavioral advertising and to the Web sites from which such data is being collected and used by third parties.
The Consumer Control Principle provides for mechanisms that will enable users of Web sites at which data is collected for online behavioral advertising purposes the ability to choose whether data is collected and used or transferred to a non-affiliate for such purposes. The choice will be provided by the third party entities collecting and using data for online behavioral advertising and the mechanism will be found either at their own Web sites or at industry-developed Web sites. The new links and disclosures on the Web pages or advertisements will direct consumers to these mechanisms. The Transparency and Consumer Control Principles have separate provisions for “service providers” engaged in online behavioral advertising.
The Data Security Principle requires entities to provide reasonable security for, and limited retention of, data collected and used for online behavioral advertising purposes.
The Material Changes Principle directs entities to obtain consent before applying any change to their online behavioral advertising data collection and use policy that is less
restrictive to data collected prior to such material change.
The Sensitive Data Principle recognizes that certain data collected and used for online behavioral advertising purposes merits different treatment. The Principles apply
heightened protection for children’s data by applying the protective measures set forth in the Children’s Online Privacy Protection Act. Similarly, this Principle requires
consent for the collection of financial account numbers, Social Security numbers, pharmaceutical prescriptions, or medical records about a specific individual for online
behavioral advertising purposes.
The Accountability Principle calls upon entities representing the wide range of actors in the online behavioral advertising ecosystem to develop and implement policies and programs to further adherence to these Principles.

These Principles correspond with the “Self-Regulatory Principles for Online Behavioral Advertising” proposed by the Federal Trade Commission in February 2009, and also address public education and industry accountability issues raised by the Commission.

Self-Regulatory Principles for Online Behavioral Advertising developed by AAAA, ANA, BBB, DMA, IAB of July 2009

Self-Regulatory Principles for Online Behavioral Advertising by the Federal Trade Commission (FTC Staff Report) of February 2009

Review of Data Protection Directive

In May 2009 the RAND Corporation Europe published its "Review of the European Data Protection Directive" by Neil Robinson/ Hans Graux/ Marten Botterman/ Lorenzo Valeri. The Review finds the Directive not sufficient in the long term because its principles will need to be supported by a harmsbased back-end in order to cope with the growing challenge of globalisation and international data flows. Further, a lot can be achieved by better implementation of the current rules, for instance by establishing consensus over the interpretation of several key concepts and a possible shift in emphasis in the interpretation of others. The Review first identifies a set of distinct challenges Within the contexts of rapid technological change and globalisation, then identified a number of strengths and weaknesses associated with the Directive and, finally, formulates a set of practical recommendations for getting the most out of current arrangements, along with a proposed regulatory architecture.

"Review of the European Data Protection Directive" by Neil Robinson/ Hans Graux/ Marten Botterman/ Lorenzo Valeri

Report on Film Piracy, Organized Crime, and Terrorism

In April 2009 the RAND Corporation published its Report on "Film Piracy, Organized Crime, and Terrorism" by Gregory F. Treverton/ Carl Matthies/ Karla J. Cunningham/
Jeremiah Goulka/ Greg Ridgeway/ Anny Wong. This Report presents the findings of research into the involvement of organized crime and terrorist groups in counterfeiting a wide range of products, from watches to automobile parts, from pharmaceuticals to computer software. The Report presents detailed case studies from around the globe in film piracy as one area of counterfeiting to illustrate the broader problem of criminal - and perhaps terrorist - groups finding a new and not-much-discussed way of funding their nefarious activities.
Although there is less evidence of involvement by terrorists, piracy is high in payoff and low in risk for both groups, often taking place under the radar of law enforcement.

"Film Piracy, Organized Crime, and Terrorism" by Gregory F. Treverton/ Carl Matthies/ Karla J. Cunningham/ Jeremiah Goulka/ Greg Ridgeway/ Anny Wong

ISTTF: Enhancing Child Safety & Online Technologies

On 31 December 2008, the Internet Safety Technical Task Force (ISTTF) published its Final Report on "Enhancing Child Safety & Online Technologies" to the Mulit-State Working Group on Social Networking of State Attorneys General of the United States. The Final Report is directed by the Berkman Center for Internet & Society at Harvard University and determines the extent to which today’s technologies could help to address these online safety risks, with a primary focus on social network sites in the United States.

Enhancing Child Safety & Online Technologies of 31 December 2008 by ISTTF

Human Rights Guidelines for ISPs and Online Games Providers

In July 2008 the Council of Europe publish two Human Rights Guidelines: one for Internet Service Providers and the other for Online Games Provider. Both Guidelines understand and encourage the role and position of ISPs and Online Games Providers in respecting and promoting human rights.

The Human Rights Guidelines for ISPs recognise that not all ISPs have the same roles and responsibilities vis-à-vis users but that these may depend on the types of services the ISP delivers and what segment of customers the ISP serves. These Guidelines are grouped in several chapters, according to the respective roles of the ISPs. The first chapter applies to Internet access providers (providers of ondemand or dedicated Internet access services). The second chapter applies to providers of other information society services, such as is the case for providers of hosting services, content providers and application providers. The third chapter applies to all Internet service providers accordingly.

The Human Rights Guidelines for Online Games Providers encourages games designers and publishers to promote and facilitate gamers’ well-being and to regularly assess and evaluate their information policies and practices, in particular regarding child safety and responsible use, while respecting fundamental rights, in particular the right to freedom of expression and the right to privacy and secrecy of correspondence.These Guidelines are mainly directed towards developers and publishers of online games. Some guidelines, such
as those concerning the development of parental control tools, may also be applied by producers of gaming consoles and platforms in their activities. For the purposes of these Guidelines, online virtual universes (such as Second Life) are not seen as online games and the Guidelines are not intended to apply to online gambling sites, such as online casino or online bookmaking websites.

Study on Spam Marketing Conversion

In November seven scientists of the International Computer Science Institute at Berkeley and the Dept. of Computer Science and Engineering at University of California, San Diego, have published the study "Spamalytics: An Empirical Analysis of Spam Marketing Conversion" revealing a margin of profit for spammers.

The “conversion rate” of spam — the probability that an unsolicited e-mail will ultimately elicit a “sale” — underlies the entire spam value proposition. However, our understanding of this critical behavior is quite limited, and the literature lacks any quantitative study concerning its true value. In this paper we present a methodology for measuring the conversion rate of spam. Using a parasitic infiltration of an existing botnet’s infrastructure, the study analyzes two spam campaigns: one designed to propagate a malware Trojan, the other marketing on-line pharmaceuticals. For nearly a half billion spam e-mails the study identifies the number that are successfully delivered, the number that pass through popular anti-spam filters, the number that elicit user visits to the advertised sites, and the number of “sales” and “infections” produced.

Study "Spamalytics: An Empirical Analysis of Spam Marketing Conversion" by Chris Kanich/ Christian Kreibich/ Kirill Levchenko/ Brandon Enright/ Geoffrey M. Voelker/ Vern Paxson/ Stefan Savage

A Practical Guide to GPL Compliance

On 20 August 2008, the Software Freedom Law Center (SFLC) published a guide to effective compliance with the GNU General Public License (GPL) and related licenses prepared by Bradley M. Kuhn, Aaron Williamson and Karen M. Sandler. In accordance with SFLC's philosophy of assisting the community with GPL compliance cooperatively, the guide focuses on avoiding compliance actions and minimizing the negative impact when enforcement actions occur. It introduces and explains basic legal concepts related to the GPL and its enforcement by copyright holders. It also outlines business practices and methods that lead to better GPL compliance. Finally, it recommends proper post-violation responses to the concerns of copyright holders.

"A Practical Guide to GPL Compliance" of 20 August 2008
by Software Freedom Law Center (http://www.softwarefreedom.org/)

OECD on the Future of Internet Economy

On 18 June 2008, the ministerial session has led to the "Seoul Declaration for the Future of the Internet Economy". In this Declaration the OECD member states agree on the need for governments to work closely with business, civil society and technical experts on policies that promote competition, empower and protect consumers, and expand Internet access and use worldwide. In order to contribute to the development of the Internet economy, the OECD states will implement policies that:

facilitate the convergence of digital networks, devices, applications and services;
foster creativity in the development, use and application of the Internet;
strengthen confidence and security; and
ensure that the Internet Economy is truly global.

The OECD has also published a Policy Brief looking at likely future developments in the Internet economy. The Policy Briefe examines how all stakeholders can help the Internet to meet the increasing demands made upon it, continue to drive innovation, provide new communications services and platforms, while being secure and respecting privacy.

"Seoul Declaration for the Future of the Internet Economy" of 18 June 2008

"The Future of the Internet Economy", OECD Policy Brief, June 2008

Challenges and Directions for Monitoring P2P

On 1 June 2008, Michael Piatek, Tadayoshi Kohno, Arvind Krishnamurthy of the University of Washington have made available their study of the methods used by enforcement agencies to detect copyright infringement, particularly in P2P networks. It is the first scientific, experimental study of monitoring and copyright enforcement on P2P networks and has lead to several surprising discoveries:

Practically any Internet user can be framed for copyright infringement today. By profiling copyright enforcement in the popular BitTorrent file sharing system, it is possible to generate hundreds of real DMCA takedown notices for computers at the University of Washington that never downloaded nor shared any content whatsoever. Further, it is possible to remotely generate complaints for nonsense devices including several printers and a (non-NAT) wireless access point. The results demonstrate several simple techniques that a malicious user could use to frame arbitrary network endpoints.
Even without being explicitly framed, innocent users may still receive complaints. Because of the inconclusive techniques used to identify infringing BitTorrent users, users may receive DMCA complaints even if they have not been explicitly framed by a malicious user and even if they have never used P2P software!
Software packages designed to preserve the privacy of P2P users are not completely effective. To avoid DMCA complaints today, many privacy conscious users employ IP blacklisting software designed to avoid communication with monitoring and enforcement agencies. This software often fails to identify many likely monitoring agents, but these agents exhibit characteristics that make distinguishing them straightforward.

While the experiments focus on BitTorrent only, the findings imply the need for increased transparency in the monitoring and enforcement process for all P2P networks to both address the known deficiencies exposed as well as to identify lurking unknown deficiencies.

"Challenges and Directions for Monitoring P2P - or - Why My Printer Received a DMCA Take Down Notice" by Michael Piatek, Tadayoshi Kohno, Arvind Krishnamurthy, published in University of Washington Technical Report, UW-SCE-08-06-01
Further information including FAQ at: http://dmca.cs.washington.edu/.

EU: Opinion on Data Protection Issues Related to Search Engines

On 4 April 2008, The Art. 29 Data Protection Working Party adopted an opinion on data protection issues related to search engines. In this Opinion the Working Party aims to strike a balance between the legitimate business needs of the search engine providers and the protection of the personal data of internet users. To serve this primary objective, the Opinion identifies a clear set of responsibilities under the Data Protection Directive (95/46/EC) for search engine providers as controllers of user data and addresses the definition of search engines, the kinds of data processed in the provision of search services, the legal framework, purposes/grounds for legitimate processing, the obligation to inform data subjects, and the rights of data subjects.

A key conclusion of the Opinion is that the Data Protection Directive generally applies to the processing of personal data by search engines, even when their headquarters are outside the EEA, and that the onus is on search engines in this position to clarify their role in the EEA and the scope of their responsibilities under the Directive. The Data Retention Directive (2006/24/EC) is clearly highlighted as not applicable to search
engine providers.

Art. 29 Data Protection Party "Opinion on data protection issues related to search engines" WP 148 of 4 April 2008

Council of Europe: Recommendation on Internet Filters

On 26 March 2008 the Committee of Ministers of the Council of Europe adopted Recommendation CM/Rec(2008)6 on measures to promote the respect for freedom of expression and information with regard to Internet filters. The Recommendation aims to achieve common standards and strategies in the member states with regard to Internet filters to promote the full exercise and enjoyment of the right to freedom of expression and information and related rights and freedoms in the European Convention on Human Rights. For that purpose, the Council of Europe recommends in particular to take measures with regard to Internet filters in line with the guidelines set out in the appendix to this recommendation as well as to bring these guidelines to the attention of all relevant private and public sector stakeholders.

Council of Europe Recommendation CM/Rec(2008)6 of 26 March 2008

UK: IPO Proposal for Changes to Copyright Exceptions

On 8 January 2008, the Intellectual Property Office (IPO) has launched a consultation on the question how the Gowers recommendations on exceptions to copyright might be implemented in the UK. The Gowers Review on Intellectual Property recommended various changes to copyright exceptions as well as the introduction of new exceptions. In a Consultation Document the IPO sets out 5 new elements:

Educational Exceptions: Showing of broadcasts and exchange of passages of copyrighted works also for distance learning students and teachers
Format Shifting: A new exception allowing consumers to make for private uses a copy of a work they legally own, so that they can make the work accessible in another format for playback on a device in their lawful possession.
Research and Private Study: The exception for research should be expanded to cover all forms of content, not just literary, artistic, dramatic and musical works
Libraries and Archives: the exception for libraries and archives should be expanded to also allow copies of sound recordings, films and broadcasts to be
made as well as to format shift.
Parody: A fair dealing style exception is proposed.

The IPO invites all interested parties to answer to the consultation by 8 April 2008. The consultation is stage one of a two part consultation process.

IPO Consultation Paper of 8 January 2008

Gowers Review on Intellectual Property of 6 December 2006

UK: Draft Guiding Principles on Hacking Tools

The Crown Prosecutor Service has issued Guiding Principles on how to interpret the changes to the Computer Misuse Act 1990 introduce by the Police and Justice Act 2006. Although the changes to Sec. 1, 2, 3, 3A and 35 Computer Misuse Act 1990 have not yet come into force, the Guiding Principles are to assist Crown Prosecutors and Designated Caseworkers in the use of their discretion in making decisions in computer misuse cases.

CPS's Guiding Principles

ENISA: Security in Online Social Networks
On 25 October 2007, the European Network and Information Security Agency (ENISA) presented its first Position Paper on Security Issues and Recommendations for Online Social Networks at the e-challenges conference in the Hague. ENISA emphasises the many benefits of Social Networking but identifies 15 important threats. This leads to 19 recommendations on how Social Networking can be made safer. Some of the main threats identified by ENISA and its industry stakeholders representatives are:

Digital Dossiers: the network never forgets – what happens when the huge warehouses of seemingly transient personal information provided by SNS get into the hands of blackmailers and spammers?
Face Recognition: Images enable unexpected linking to apparently anonymous profiles, especially when combined with uncontrolled “tagging”.
CBIR: Content-Based Image Retrieval is an emerging technology that can match identifying aspects of a room (e.g. a painting) in very large databases. Other SNS threats are e.g. Spear Phishing using SNS, Reputation damage through ID theft, Stalking, Cyber-bullying, and Corporate Espionage.

Recommendations for a safer SNS usage include:

Review and Reinterpret Regulatory Framework: Social Networking was not around when current legislation (especially data protection law) was created. Clarification or even modification is needed in particular of the Dir. 2002/58 on privacy and electronic communications.
Increase Transparency of Data Handling Practices
Awareness-raising & education: recommendations include “real-time” education of users, campaigns for schools, security best practice training for software developers and security conscious corporate policy for SNS usage.
Discourage banning of SNS in schools: instead favouring co-ordinated campaigns to educate children, teachers and parents in a controlled and open way in safe usage of SNS.
Promote Portable Networks: allow users to move, control and syndicate their own data and privacy preferences between SNS.

ENISA Position Paper No. 1 "Security Issues and Recommendations for Online Social Networks", October 2007

Principles for User Generated Content Services

On 18 October 2007, several of the world’s leading Internet and media companies announced their joint support for a set of collaborative principles serving as a comprehensive set of guidelines to help user-generated content (UGC) services and content creators work together towards their collective goal of bringing more content to more consumers through legitimate channels. The principles call for a broad range of constructive and cooperative efforts by copyright owners and UGC services including:

Implementation of state of the art filtering technology with the goal to eliminate infringing content on UGC services, including blocking infringing uploads before they are made available to the public;
Upgrading technology when commercially reasonable;
Cooperating to ensure that the technology is implemented in a manner that effectively balances legitimate interests, including fair use;
Cooperation in developing procedures for promptly addressing claims that content was blocked in error;
Regularly using the technology to remove infringing content that was uploaded before the technology could block it;
Identification and removal of links to sites that are clearly dedicated to, and predominantly used for, the dissemination of infringing content; and,
Promotion of content-rich, infringement-free services by continuing to cooperatively test new technologies and by collaboratively updating these principles as appropriate to keep current with evolving developments.

Principles for User Generated Content Services of 18 October 2007

not supported by Apple and YouTube
supported by CBS Corp., Dailymotion, Fox Entertainment Group, Microsoft Corp., MySpace, NBC Universal, Veoh Networks Inc., Viacom Inc., The Walt Disney Company and others.

CoE: Promoting Freedom of Expression and Information in the New Communication Environment

On 26 September 2007, the Council of Europe (CoE) adopted Recommendation CM/Rec(2007)11 of the Committee of Ministers to member states "on promoting freedom of expression and information in the new information and communications environment". The dokument recommends that governments of the member states not only adopt common standards and strategies to implement the suggested Guidelines but also bring these Guidelines to the attention of all relevant stakeholders, in particular the private sector, civil society and the media so that they take all necessary measures to contribute to their implementation. The Guidelines focus on five aspects:

Empowering individual users;
Common standards and strategies for reliable information, flexible content creation and transparency in the processing of information;
Affordable access to ICT infrastructure;
Access to information as a public service and
Co-operation between stakeholders.

Recommendation CM/Rec(2007)11 "on promoting freedom of expression and information in the new information and communications environment"

On 10 October 2007, the European Digital Rights (EDRI) expressed serious concerns over the adoption of Recommendation CM/Rec(2007)11 and invited all interested parties to sign up in support to this EDRI statement.

EDRI Statement and Call for Action of 10 October 2007

UK: Data Retention Regulation 2007

On 1 October 2007, the Data Retention (EC Directive) Regulations 2007 came into force imposing on the providers of public electronic communications services or networks (“providers”) a duty to retain certain categories of data for a period of 12 months. These Regulations implement Directive 2006/24/EC (“the Directive”) of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. However, the UK has made a declaration pursuant to Article 15.3 of the Directive that it will postpone application of that Directive to the retention of communications data relating to Internet Access, Internet telephony and Internet e-mail.

The Data Retention (EC Directive) Regulations 2007

EU: The European Concept of Personal Data

On 20 June 2007, the Art. 29 Data Protection Working Party has adopted opinion 4/2007 on the concept of personal data. The objective of the present opinion of the Working Party is to provide guidance on the way in which the concept of personal data in Directive 95/46/EC and related community legislation should be understood and how it should be applied in different situations. The Working Party’s is based on the four main “building blocks” that can be distinguished in the definition of “personal data”:

The first element – “any information” – calls for a wide interpretation of the concept, regardless of the nature or content of the information, and the technical format in
which it is presented. This means that both objective and subjective information about a person in whatever capacity may be considered as “personal data”, and
irrespective of the technical medium on which it is contained.
The second element – “relating to” – has so far been often overlooked, but plays a crucial role in determining the substantive scope of the concept, especially in relation
to objects and new technologies. The opinion provides three alternative elements – i.e. content, purpose or result – to determine whether information “relates to” an
individual.
The third element – “identified or identifiable” – focuses on the conditions under which an individual should be considered as “identifiable”, and especially on “the
means likely reasonably to be used” by the controller or by any other person to identify that person.
The fourth element – “natural person” – deals with the requirement that “personal data” are about “living individuals”.

Opinion 4/2007 on the concept of personal data by the Art. 29 Data Protection Working Party

EU: National Progress Report on eGovernment

On 19 September 2007, the European Commission presented a "National Progress Report on eGovernment in the EU27+" at the Ministerial eGovernment Conference in Lisbon. The National Progress Report revealed impressive progress in transforming public administrations, thereby boosting economic growth by placing citizens and businesses at the centre of government services. Member States have developed and agreed roadmaps for mutual recognition and authentication of electronic identities, for cross-border eProcurement and for inclusive eGovernment. Equally important is the effort to reduce administrative burdens for both citizens and businesses, the increasing level of eParticipation activity, and the willingness of public administrations to share good practices.

"The user challenge: Benchmarking the supply of online public services", independent survey by Capgemini for the Commission

"", full text by Commission

EU: Ruling of the Court of First Instance in Microsoft v. Commission

On 17 September 2007 the Court of First Instance (CFI) delivered his judgment in Case T-201/04 Microsoft Corp. v Commission of the European Communities. The CFI essentially upholds the Commission's decision finding that Microsoft abused its dominant position regarding:

Bundling of the Windows client PC operating system and Windows Media Player
Refusal to supply the interoperability information

However, the CFI annulled certain parts of the decision relating to the appointment of a monitoring trustee, which have no legal basis in Community law.

A shortened version of the CFI's judgment will be published in the October 2007 issue of CRi together with an elaborate article by Ashwin van Rooijen on "Essential Interfaces" exploring the Software Directive's equilibrium between intellectual property rights and competition law.

CFI Press Release No 63/07

Microsoft Corp. v. Commission of the European Communities full text of the CFI judgment (1373 paragraphs)

UK: Time for Government to Maintain Confidence In The Internet
On 10 August 2007, the Science and Technology Committee of the House of Lords published the report on "Personal Internet Security". The Report highlights the threat to the future of the Internet posed by e-crime, and argues that the Government must do more to protect individual Internet users.The Report finds that individual Internet users are increasingly victimised - yet instead of acting to protect individuals, or providing incentives for the private sector to act, Government continues to insist that individuals are ultimately responsible for their own security. The Committee describe this approach as "inefficient and unrealistic". The Lords Committee recommend a range of measures that would:

Increase the resources and skills available to the police and criminal justice system to catch and prosecute e-criminals
Establish a centralised and automated system, administered by law enforcement, for the reporting of e-crime.
Provide incentives to banks and other companies trading online to improve the data security by establishing a data security breach notification law.
Improve standards of new software and hardware by taking the first steps towards the establishment of legal liability for damage resulting from security flaws.
Encourage Internet service providers to improve the security offered to customers by establishing a "kite mark" for Internet services.

The Committee also recommend that the Government should review, as a matter of urgency, their decision to require online frauds to be reported to the banks rather than police in the first instance. Victims of e-crime should have acknowledgment from law enforcement bodies that a serious crime has taken place.

Report "Personal Internet Security" is published by The Stationery Office, House of Lords Science and Technology Committee, 5th Report of 2006/07, HL Paper 165.

EU: "Rome II" Regulation On Civil Liability

Regulation (EC) No 864/2007 of the Parliament and of the Council of 11 July 2007 on the law applicable to non-contractual obligations (Rome II) has been formally adopted and is published in the Official Journal of the European Union. The Regulation will be applicable in the courts of the Member States as of 11 January 2009.

In May 2007, after four years of negotiations, the European Parliament and the Council, meeting in the Conciliation Committee, had approved a regulation harmonising the rules concerning the law applicable to non-contractual obligations ("Rome II"). The aim of this measure is to ensure that courts in all the Member States apply the same law in the event of cross-border disputes in matters of tort/delict, thus facilitating the mutual recognition of court decisions in the EU.

The Rome II rules aim to strike a reasonable balance between the interests of the alleged perpetrator of the damage and the victim. The Regulation adopts the solution applied in the majority of Member States and establishes a general rule that the law of the country in which the damage occurs (for example, the law of the place of the road accident) will apply, unless the parties both have their habitual residence in another country, in which case the law of that country will apply. There are a number of specific rules for the commonest specific torts/delicts such as product liability, environmental damage, anti-competitive practices, etc.

Regarding the highly controversial question of media violations of privacy, the co-legislators chose to exclude them from the scope of the Regulation but called on the Commission to present a detailed study by the end of 2008.

Regulation (EC) No 864/2007 of 11 July 2007 (Rome II)

Agreement on PNR Data between EU and US
On 23 July 2007, the EU Council (GAERC) has approved the Agreement between the EU and the United States on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the US Administration. The Agreement replaces the interim Agreement which was signed by the EU and the United States in October 2006, and which expires on 31 July 2007. The Agreement aims to provide a long-term solution for the processing and transfer of PNR data and will be valid for a period of seven years, thus ensuring legal certainty for a considerable period. This Agreement is to be accompanied by an Exchange of Letters between the U.S. and the EU in which the U.S. provides a set of assurances to the EU as to the way in which the EU PNR data will be handled. The Agreement and the Exchange of Letters include the following important safeguards:

As from 1 January 2008, airlines in the EU, which satisfy certain technical requirements, will be required to send ("push") the PNR data in their reservation systems to the US. This system will replace the one under which the US Department of Homeland Security had the right to access electronically PNR data from air carriers' reservation/departure control systems ("pull").
The number of data collected will be of 19, instead of 34 as foreseen by the interim agreement.
The data will be retained in an active database for no more than seven years, after which time the data will be moved to dormant, non-operational status for no more than eight years.
The data will be used only for the purpose of preventing and combating terrorism and related offences and other serious offences that are transnational in nature.
The sensitive data (i.e; data revealing racial or ethnic origin) must be filtered and deleted unless the data is accessed for an exceptional case. In that event, the Commission will be informed that such data has been accessed.

The agreement pays particular attention to the need to fully respect citizens' fundamental rights and freedoms as laid down in Article 6(2) of the Treaty on the European Union, notably the right to privacy, the need to ensure legal certainty and the protection of public security.

Agreement of 23 July 2007 between EU and US on PNR (document 11595/07)

EU: Roaming Regulation In Force
On 30 June 2007, the EU regulation on roaming has entered into force for a period of 3 years. The Roaming Regulation aims to allow citizens travelling within the EU to communicate across borders at affordable and transparent prices.

Neither wholesale nor retail prices for roaming within the EU were justified by the underlying costs of providing the service. Also, the national regulatory authorities had drawn the Commission’s attention to this fact and have called for action at EU level to solve the problem. The cross-border nature of international roaming services makes it difficult for Member States to regulate these services at national level.

At present, only a minority of all mobile customers makes use of roaming services despite overall EU mobile penetration of above 100%. The Roaming Regulation shall ensure that people who normally avoid using their mobile phone abroad will now be able to experience more benefits of mobile communications. In detail the regulation includes the folowing provisions for consumers:

Prices paid for international roaming when travelling within the EU will be capped by a Eurotariff unless the customer opts for a special package offered by an operator.
The prices of the Eurotariff cannot exceed 49 cents for making calls and 24 cents for receiving calls for the next year (excluding VAT).
Also wholesale charges are being capped ensuring that all operators will be in a position to offer lower retail tariffs.
Customers will be able to receive an SMS when they are roaming informing them of the price they are expected to pay for making and receiving calls.

EU Roaming Regulation of 30 June 2007

European Regulators Group (ERG) Guidelines "Offers to Customers Concerning Roaming Tariff Options", ERG (07) 40

ERG Guidelines "Identification of Consumers on 'special' tariffs", ERG (07) 41

OFT Market Study "Internet Shopping"

On 19 June 2007, the Office of Fair Trading (OFT) has released Market Study into internet shopping. The UK internet shopping market is estimated to be worth over £21.4bn, and last year over 20 million people shopped online with nearly a third of them spending over £1,000. The Market Study found that some shoppers could find better deals by searching more effectively, many could do more to protect themselves online, and most do not know that they have cancellation rights when shopping on the internet. The Market Study also found that many businesses did not know their obligations under the Distance Selling Regulations (DSRs) which provide additional protection for shoppers when buying online. Some businesses could also do more to address consumers' concerns about privacy and security.

OFT market study "Internet Shopping" of 19 June 2007

EU: Commission Tests Collecting Societies' Commitments Concerning Reciprocal Representation Contracts
On 14 June 2007, the European Commission has invited comments from interested parties on commitments proposed by CISAC and 18 collecting societies, designed to meet the concerns raised in the Commission's Statement of Objections of January 2006 (see MEMO/06/63). The Commission's Statement of Objections concerns only certain relatively new forms of copyright exploitation, namely the retransmission of music via the internet, satellite and cable networks. As regards these new forms of copyright exploitation, the Commission is concerned that certain clauses of the agreements might infringe the EC Treaty’s ban on restrictive business practices (Article 81). These clauses are:

membership restrictions which oblige authors to transfer their rights only to their own national collecting society (whatever the subsequent exploitations of the rights)
territorial restrictions, which oblige commercial users to obtain a licence only from the domestic collecting society and limited to the domestic territory.

Following detailed discussions, CISAC has undertaken to modify its model contract and 18 EEA collecting societies (representing almost 95% of the copyright licensing market in the EEA) have committed themselves to implement these modifications. The new contract lifts the membership restrictions and the exclusivity clause, according to which reciprocal representation is done on an exclusive basis for the respective territory of the collecting societies. The parties also agreed, when entering into bilateral contracts, to allow multi territorial licences covering their respective portfolios of rights, provided that each collecting society fulfils an exhaustive list of objective criteria. The list of criteria aims at ensuring, inter alia, that competition among collecting societies would not take place to the detriment of authors' remuneration.

The Commission has invited interested parties to present their comments by 9 July 2007 on the commitments offered by CISAC and 18 EEA collecting societies. The Commission will then assess the comments receive from interested parties. If the assessment concluded that the proposed commitments did indeed solve the competition concerns raised by the restrictive contract clauses, the Commission would adopt a so-called commitments decision under Article 9 of Regulation 1/2003 finding that there are no longer grounds for action by the Commission, without concluding whether or not there has been or still is an infringement. However, if commitments given in the context of such a decision are broken, the Commission may impose on the party in question a fine amounting to 10% of the total worldwide turnover without having to prove that there has been an infringement of the antitrust rules.

Details of the proposed commitments as published in the EU's Official Journal C 128

OECD Report on Economic Impact of Counterfeiting and Piracy
On 4 June 2007, the Organisation for Economic Co-operation and Development (OECD) has released the executive summary of its report on "The Economic Impact of Couterfeiting and Piracy". The full report will be released in late June 2007. Based on data from customs seizures in OECD countries, the report estimates that trade in counterfeit and pirated goods across national borders may have totalled around USD 200 billion in 2005. The total value of trade in counterfeit and pirated goods, including products made and sold inside the same country, may have been several hundred billion dollars higher, the report said. Its estimate excludes the value of digital products distributed via the Internet. The OECD report makes a number of recommendations for ways to address these issues:

Increase enforcement of existing laws;
Further strengthen co-operation between governments and industry to make current policies more effective and help identify new strategies to fight counterfeiting;
Strengthen criminal penalties to deter criminals and toughen sanctions to more effectively redress the harm caused to rights holders;
Educate consumers to raise public awareness of the growing threat to health and safety of substandard counterfeited products.

One of the biggest challenges facing governments and business is getting reliable and up to date information on the extent of counterfeiting and piracy and the impact on economies. The OECD recommends governments and business invest more in collecting and analysing information; agree a common approach to collecting enforcement data and develop a framework to report the health and safety effects.

"The Economic Impact of Couterfeiting and Piracy" OECD report's Executive Summary of 4 June 2007

The Report is the first step of a three part project against the background of the TRIPS definitions of intellectual property rights. A second part (covering digital piracy) and a third part (covering other IPR infringements) are to be produced later. First findings have been presented on 30 January 2007

Preliminary findings of 30 January 2007 the OECD Study "Counting the Cost: The Economic Impacts of Counterfeiting and Piracy"

Guidelines for Securing RFID Systems

In April 2007, the National Institute of Standards and Technology (NIST) has published its "Guidelines for Securing Radio Frequency Identification (RFID) Systems". The Guidelines provide an overview of RFID technology, the associated security and privacy risks, and recommended practices that will enable organizations to realize productivity improvements while safeguarding sensitive information and protecting the privacy of individuals. The Guidelines identify four major risks associated with RFID systems:

Business process risk: Direct attacks on RFID system components potentially could undermine the business processes the RFID system was designed to enable. For example, a warehouse that relies solely on RFID to track items in its inventory may not be able to process orders in a timely fashion if the RFID system fails.
Business intelligence risk: An adversary or competitor potentially could gain unauthorized access to RFID-generated information and use it to harm the interests of the organization implementing the RFID system. For example, an adversary might use an RFID reader to determine whether a shipping container holds expensive electronic equipment, and then target the container for theft when it gets a positive reading.
Privacy risk: Personal privacy rights or expectations may be compromised if an RFID system uses what is considered personally identifiable information for a purpose other than originally intended or understood. As people possess more tagged items and networked RFID readers become ever more prevalent, organizations may have the ability to combine and correlate data across applications to infer personal identity and location and build personal profiles in ways that increase the privacy risk.
Externality risk: RFID technology potentially could represent a threat to non-RFID networked or collocated systems, assets, and people. For example, an adversary could gain unauthorized access to computers on an enterprise network through Internet Protocol (IP) enabled RFID readers if the readers are not designed and configured properly.

April 2007 "Guidelines for Securing Radio Frequency Identification (RFID) Systems" by NIST

EU: Parliamentary Approval for Directive on Criminal Measures Protecting IP Rights

On 25 April 2007, the European Parliament has approved "as amended" in its first reading the European Comission proposal for a Directive on Criminal Measures Aimed At Ensuring the Enforcement of Intellectual Property Rights (COM(2006)0168 – C6 0233/2005 – 2005/0127(COD)). One key effect of the amendments is to exclude from the scope of the Directive the subject of patents by establishing that, pending the adoption of more comprehensive rules on patents at Community level in future (in the form of a suitable directive), the provisions of the proposed Directive do not apply to patents.

Report on the amended proposal for a directive of the European Parliament and of the Council on "criminal measures aimed at ensuring the enforcement of intellectual property rights" by Nicola Zingaretti

EU: Opinion on Crossborder Police Cooperation

On 4 April 2007, the European Data Protection Supervisor delivered his Opinion on the initiative of 15 Member States with a view to adopting a Council Decision on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime.

Opinion of the European Data Protection Supervisor of 4 April 2007

EU: Vision for Improving Patent System in Europe

On 29 March 2007, the European Commission has set out its vision, in the form of a Communication, for improving the patent system in Europe and for revitalising the debate on this issue. Making the Community patent a reality and improving the existing patent litigation system should, together with supporting measures, make the patent system more accessible and bring cost savings for all.

The Communication highlights that Europe's current patent system is considerably more expensive than the US and Japanese systems. A Community patent would be far more attractive than models under the present system which is a bundle of national patents. A European patent designating 13 countries is 11 times more expensive than a US patent and 13 times more expensive then a Japanese patent. The existing system of patent litigation in the EU, with the risk of multiple patent litigation in several countries on the same patent issue, leads to unnecessary costs for all the parties involved and causes lack of legal certainty.

The Communication is intended to draw operational conclusions from the stakeholder consultation launched in 2006 and to allow the Council to launch deliberations on patent reforms, in particular on the Community patent and jurisdictional arrangements:

Community patent: Many stakeholders support the Community patent as the approach which will yield most added value for European industry under the Lisbon strategy. The Commission believes that concerns about an overly centralised jurisdiction should be taken into account in the work on the creation of an integrated EU-wide jurisdiction for patents. On translation costs, the Commission will explore with Member States how to improve the language regime with a view to reducing translation costs while increasing legal certainty.
Integrated EU-wide jurisdictional system for patents: Whereas some Member States support the draft European Patent Litigation Agreement (EPLA) in the context of the European Patent Convention, other Member States favour the establishment of a specific Community jurisdiction for patent litigation on European and Community patents based on the EC Treaty. Under these circumstances, the Commission believes that consensus could be built on the basis of an integrated approach which combines elements of both EPLA and a Community jurisdiction. The way forward could be to reflect on the creation of a unified and specialised patent judiciary, with competence for litigation on European patents and future Community patents. This system could be inspired by the EPLA model but could allow for integration in the Community jurisdiction. As a first step, work should concentrate on building consensus among Member States around principles on which consensus is emerging.

In addition, the Communication addresses various supporting measures for an improved patent system, such as patent quality, knowledge transfer and enforcement issues.

Communication by the European Commission on Enhancing the Patent System in Europe of 29 March 2007

EU: Independent Study on Copyright Directive

In February 2007, the European Union has published the Final Report of an independent Study, commissioned by the European Commission, on the Implementation and Effect in Member States' Laws of Directive 2001/29/EC on the Harmonisation of Certain Aspects of Copyright and Related Rights in the Information Society.

Part I, written by the Institute for Information Law of the University of Amsterdam, provides an early assessment of the impact of Directive 2001/29/EC on the development of online business models.

Part II, written by the Queen Mary Intellectual Property Research Centre of the University of London, offers a comprehensive inventory of the actual implementation of the Directive by the twentyfive Member States of the European Union, as well as a summary of remaining disparities and specific problems that have a detrimental and disharmonising effect throughout the Internal Market.

The Final Report concludes that the Directive has at best only partly achieved its main goal of promoting growth and innovation in online content services. The Directive is found to deserve particularly low marks for its (lack of) harmonising effect and its (lack of) legal certainty. While the harmonised right of communication to the public is considered a model of technology-neutral regulation, the Directive’s convoluted rules on TPM’s are found to have little more to offer to the Member States and its market players than confusion, legal uncertainty and disharmonisation.

Executive Summary of Final Report

Part I: The Impact of Directive 2001/29/EC on Online Business Models

Part II: The Implementation fo Directive 2001/29/EC in the Member States

International Privacy Survey 2006

On 2 November 2006, Privacy International presented a survey of the state of privacy in all EU countries together with eleven benchmark countries. The study and the accompanying ranking chart measure the extent of surveillance and privacy. They do not intend to comprehensively reflect the state of democracy or the full extent of legal or parliamentary health or dysfunction in these countries (though the two conditions are frequently linked).Rather the aim of this study is to present an assessment of the extent of information disclosure, surveillance, data exploitation and the general state of information privacy. The findings “worst ranking” and “lowest ranking” denote countries that exhibit poor privacy performance and high levels of surveillance. Key findings include:

The two worst ranking countries in the survey are Malaysia and China. The highest-ranking countries are Germany and Canada.
In terms of statutory protections and privacy enforcement, the US is the worst ranking country in the democratic world. In terms of the health of national privacy protection, the US has been ranked between Thailand and Israel.
The worst ranking EU country is the United Kingdom, which fell into the “black” category along with Russia and Singapore. The black category defines countries demonstrating “endemic surveillance”.
Despite having no comprehensive national privacy law, the United States scored higher than the UK. Thailand and the Philippines also scored higher than the UK.
Argentina scored higher than 20 of the 25 EU countries.
Australia ranks higher than Slovenia but lower than Lithuania and Argentina. New Zealand ranks higher than Australia and has an equivalent ranking to the Czech Republic.

2006 International Privacy Survey by Privacy International evaluating all European Union countries, Australia, Canada, the United States, New Zealand, Argentina, Russia, Israel, Thailand, the Philippines, Malaysia, Singapore and China

The first study was prepared by London Economics in association with PricewaterhouseCoopers and found that the effectiveness of national regulation under the EU telecom rules plays a significant and positive role in attracting investment into the telecoms sector, next to other factors, such as per capita GDP, regional population density and industry structure. The study thus supports the Commission's assessment that “regulatory holidays” would clearly be counterproductive for individual Member States, as well as the EU as a whole. "An Assessment of the Regulatory Framework for electronic Communications: Growth and Investment in the EU E-Communications Sector"

The second study was prepared by Hogan & Hartson and Analysys and takes a broad look at key features of the current framework and submits 65 concrete proposals for reform including streamlining the market review procedure, improving appeal procedures in national courts, and creating the possibility for pan-European service authorisations. It also recommends that structural separation should be a remedy of last resort for national regulatory authorities in ex ante regulation and that the list of ex ante remedies should include organisational and functional separation. The study also looks at the issue, currently under discussion, to give the Commission enhanced powers over remedies to be adopted by national telecom regulators in case of a position of significant market power on a specific electronic communications market. Several respondents suggested that an enhanced Community control over remedies would facilitate greater harmonisation and availability of consistent wholesale products across the EU. Moreover, the study notes that the downside risks for competition and the internal market are greater for “the wrong ex ante remedies” than a “conceptually flawed market analysis” but it recognises that this is primarily a political decision. "Preparing the Next Steps in Regulation of Electronic Communications"

The third study was prepared by Dr. Ulrich Stumpf, Prof. Martin Cave and Prof. Tommaso Valletti and covers the work of economic experts on the state of competition on narrowband, broadband and mobile services. Their final report calls for a removal of much of the regulation of retail markets included in the Recommendation on relevant markets of 2003 – a proposal already taken into account in the Commission documents of 29 June (IP/06/874), which comes to the conclusion that, on most retail markets, wholesale regulation on its own can ensure effective competition, and that, therefore, ex-ante-regulation should be removed in relation to retail calls and leased lines markets. The expert report also calls for the removal of the mobile access and call origination market (market 15), a proposal that will be considered and debated further in the course of the ongoing consultation. "Experts' Report in Relation with the Review of the Recommendation on Markets Subjects to Ex Ante Regulation"

Further contributions regarding the Public Consultation should be sent before 27 October 2006 in electronic format to: marketsrecommendation@ec.europa.eu. All comments will be published unless confidentiality is specifically requested.

Second Discussion Draft of GNU GPLv3

On 27 July 2006 the Free Software Foundation (FSF) and the Software Freedom Law Center (SFLC) have released the second discussion draft of the GNU General Public License (GPL) version 3 (GPLv3). "The primary purpose of the GNU GPL is to preserve users' freedom to use, share, and modify free software," said Richard Stallman, founder of FSF and original author of the GPL. "We depend on public review to make the GPL do this job reliably." The second discussion draft includes:

a clarification that the license only directly restricts DRM in the special case in which it is used to prevent people from sharing or modifying GPLv3-covered software. The clarified DRM section preserves the spirit of the original GPL, which forbids adding additional unfree restrictions to free software. GPLv3 does not prohibit the implementation of DRM features, but prevents them from being imposed on users in a way that they cannot remove.
a reworked license compatibility section, and provisions that specifically allow GPL-covered programs to be distributed on certain file sharing networks such as BitTorrent.
the first draft of the GNU Lesser General Public License (LGPL) version 3. The LGPL license covers many free software system libraries, including some published by the FSF.

Second Discussion draft of GNU GPLv3 of 27 July 2006 Further information at http://gplv3.fsf.org/ where comments on the Second Discussion Draft are welcome.

Report on Open Standards, Open Source and Open Innovation

In April 2006, the Digital Connection Council of the Committee for Economic Development (CED) issued its report entitled "Open Standards, Open Source and Open Innovation: Harnessing the Benefits of Openness" examining the phenomenon of "openness" which the Organisation for Economic Co-operation and Development (OECD) calls "an underlying technical and philosophical tenetof the expansion of e-commerce". The Report scutinizes the three areas indicated in the title in an effort to:

study the impact of openness in specific circumstances,
gauge its importance, and
determine whether public policy should encourage it, restrict it, or be neutral.

CED Report on Open Standards, Open Source and Open Innovation of April 2006

Public-Sector Outsourcing and Risks to Privacy

In February 2006, the Canadian Privacy Commissioner of Alberta released a report about "Public-Sector Outsourcing and Risks to Privacy". The report looks at public-sector outsourcing in Alberta with an eye to the risks it presents and to how these risks can be mitigated. The issues raised can have implications for private-sector information management, and for healthservices work beyond the range of regional health authorities. However, the scope of the report is limited to just the outsource practices of “public bodies” as defined in Alberta's Freedom of Information and Protection of Privacy Act (FOIP), including provincial ministries, boards, agencies and commissions, as well as local bodies such as school districts, public post-secondary institutions, hospitals, and municipal governments.

Report on Public-Sector Outsourcing and Risks to Privacy by Alberta's Privacy Commissioner

Consumer International: Policy Recommendations on Flexibilities in Copyright Law

On 16 February 2006, Consumer International issued the report "Copyright and Access to Knowledge - Policy Recommendations on Flexibilities in Copyright Law". The report examines the Berne Convention, the TRIPS Agreement and the WCT to identify the provisions that may be relied on by national lawmakers to improve access to educational materials in their respective countries. The report also examines the copyright laws of 11 developing countries in the Asia Pacific region to ascertain the extent to which the national lawmakers have availed themselves of the flexibilities presented in these instruments. The results on copyright protection in these countries are:

Scope: All 11 countries studied have either expanded the scope beyond what they are required to do or given copyright owners more rights than necessary under the relevant international instruments.
Duration: Ten out of the 11 countries studied have extended the duration of copyright protection for some or all work forms beyond the minimum duration required by their treaty obligations.
Limitations and Exceptions: The report examines 14 limitations and exceptions to copyright protection including parallel import, the three-step test and anti-circumvention provisions. On average, the 11 countries studied have not ensured that they use to the widest extent possible all limitations and exceptions to copyright available to them.

Consumer International's Report "Copyright and Access to Knowledge" of 16 February 2006

USA: Report on Orphan Works

In January 2006, the US Copyright Office released its report on orphan works. The US Senate had asked the Copyright Office to undertake a review of the orphan works issue, and to develop policy options and legislative recommendations for the Committee on the Judiciary based on that review.

In Eldred v. Ashcroft, the Supreme Court had considered the Copyright Term Extension Act of 1998, and then reaffirmed Congress's broad power under the Copyright Clause of the Constitution to determine the appropriate term of copyright protection and to extend the term of existing works. That case, both before and after its decision, had created considerable controversy. A principal concern is that the current Copyright Act might be creating a class of "orphan works" — works for which no copyright owner can be found, and thus for which permission to use or adapt these works cannot be obtained.

EU: Evaluation of Rules on Database Protection
On 12 December 2005, the European Commission has published an evaluation of the protection EU law gives to databases according to the 1996 Database Directive. The evaluation focuses on whether the introduction of the 'sui generis' database right led to an increase in the European database industry's rate of growth and in database production. On the basis of the information available, the evaluation finds that the economic impact of the “sui generis” right on database production is unproven. However, the European publishing industry, consulted in the online survey, argued that “sui generis” protection is crucial to the continued success of their activities. In addition, most respondents to the online survey believe that

the "sui generis" right has brought about legal certainty,
reduced the costs associated with the protection of databases,
created more business opportunities and
facilitated the marketing of databases.

First evaluation of Directive 96/9/EC on the legal protection of databases, 12 December 2005

United Nations: Convention on the Use of E-Communications in International Contracting

On 23 November 2005, the United Nations General Assembly has adopted a new Convention on the Use of Electronic Communications in International Contracting which was prepared by United Nations Commission on International Trade Law (UNCITRAL) Working Group on Electronic Commerce and complements as well as builds upon earlier instruments prepared by the UNCITRAL, including the UNCITRAL Model Law on Electronic Commerce and the UNCITRAL Model Law on Electronic Signatures. The Convention is intended to assure companies and traders around the world that contracts negotiated electronically are as valid and enforceable as traditional paper-based transactions. The provisions of the Convention deal with, among other things:

determining a party’s location in an electronic environment;
the time and place of dispatch and receipt of electronic communications; and
the use of automated message systems for contract formation.
Other provisions contain criteria establishing functional equivalence between electronic communications and paper documents -– including “original” paper documents -– as well as between electronic authentication methods and hand-written signatures.

The Convention will be open for signature by all States at United Nations Headquarters in New York from 16 January 2006 to 16 January 2008. It is subject to ratification, acceptance or approval by the signatory States, and open for accession by all States that are not signatory States. The Convention will enter into force on the first day of the month following the expiration of six months after the date of deposit of the third instrument of ratification, acceptance, approval or accession. It is expected that a signature event would take place during the UNCITRAL’s thirty-ninth session, to be held in New York from 19 June to 7 July 2006, to promote participation in the Convention by States and awareness of its provisions.

UN Convention on the Use of Electronic Communications in International Contracting of 23 November 2005

WSIS: Initiative for UN Internet Governance Forum

The World Summit on the Information Society (WSIS) agreed on 15 November 2005 to ask the Secretary-General of the United Nations, in an open and inclusive process, to convene, by the second quarter of 2006, a meeting of the new forum for multi-stakeholder policy dialogue—called the Internet Governance Forum (IGF).The mandate of the Forum is (inter alia) to:

Discuss public policy issues related to key elements of Internet Governance in order to foster the sustainability, robustness, security, stability and development of the Internet;
Advise all stakeholders in proposing ways and means to accelerate the availability and affordability of the Internet in the developing world;
Strengthen and enhance the engagement of stakeholders in existing and/or future Internet Governance mechanisms, particularly those from developing countries;
Identify emerging issues, bring them to the attention of the relevant bodies and the general public, and, where appropriate, make recommendations;
Contribute to capacity-building for Internet Governance in developing countries, drawing fully on local sources of knowledge and expertise.

WSIS initiative for UN Internet Governance Forum (IGF) of 15 November 2005

Hague Convention on Choice of Court Agreements
On 30 June 2005, the Hague Conference released a Convention on Choice of Court Agreements. The Convention aims to promote international trade and investment by uniform rules on jurisdiction, recognition and enforcement of foreign judgments in civil or commercial matters and establishes an international legal regime ensuring the effectiveness of exclusive choice of court agreements between parties to commercial
transactions.

Convention on Choice of Court Agreements of 30 June 2005

EU: Commission Proposal of Criminal Law Provisions to Combat Infringements of IP Rights
On 12 July 2005, the European Commission adopted proposals for a directive and for a framework decision to combat infringements of intellectual property rights. The purpose of the proposed measures is to align national criminal law and improve European cooperation so as to deal effectively with counterfeiting and piracy activities, which are often carried out by criminal organisations. The proposed measures apply to all types of infringements of intellectual property rights. Under the proposal for a directive, all intentional infringements of an intellectual property right on a commercial scale, and attempting, aiding or abetting and inciting such infringements are treated as criminal offences.

The proposal for a framework decision sets a threshold for criminal penalties applicable to the perpetrators of these offences: at least four years' imprisonment and an applicable fine of at least EUR 100 000 to EUR 300 000 for cases involving criminal organisations or posing a risk to public health and safety. The proposal allows Member States to apply tougher penalties.

Proposals of the European Commission of 12 July 2005 for a

EU: Commission Study on the Cross-Border Collective Management of Copyright

On 7 July 2005, the European Commission released a study on a community initiatve on the cross-border collective management of copyright. The Study examines the present structures for cross-border collective management of copyright for the provision of online music services and concludes that the absence of EU-wide copyright licences for online content services makes it difficult for these music services to take off. In order to improve cross-border management of copyright, this Study considers three options:

Do nothing (Option 1);
Suggest ways in which cross-border cooperation between national collecting societies in the 25 Member States can be improved (Option 2); or
Give right-holders the choice to authorise a collecting society of their choice to manage
their works across the entire EU (Option 3).

The Study concludes that Option 3 offers the most effective model for cross-border management. With respect to cross-border licensing, allowing right-holders to choose a collecting society outside their national territories for the EU-wide licensing of the use made of his works, creates a competitive environment for cross-border management of copyright and considerably enhances right-holders’ earning potential. With respect to cross-border distribution of royalties, the right-holders freedom to choose any collecting society in the EU, will be a powerful incentive for these societies to provide optimal services to all its rightholders, irrespective of their location – thereby enhancing cross-border royalty payments. The Study therefore proposes a series of principles that Member States would have to adhere to in order not to stifle the emergence of Option 3 as a competitive model for the cross-border management of copyright works.

Commission Study of 7 July 2005 on a Community Initiative on Cross-Border Collective Management of Copyright

Australia: Fair Use and Other Copyright Exceptions

In May 2005, the Autralian Attorney General presented a Paper on "Fair Use and Other Copyright Exceptions". The purpose of this paper is to invite comment on whether the Copyright Act should include a general exception associated with principles of ‘fair use’ or specific exceptions which would facilitate the public’s access to copyright material in the digital environment.

The issues paper outlines the nature of copyright under the Copyright Act as well as the nature of and rationale for exceptions and the impact of relevant international obligations. It then discusses fair dealing exceptions under the Act and proposals for reform made earlier. The discussion of ‘Fair use’ under US copyright law is the focus of the review along with comparable exceptions under European Community (EC) directives and under the national laws of the UK, New Zealand and Canada. The use of technological protection measures and of new forms of consumer contracts to restrict access to exceptions is referred to.

Canada: Stopping Spam

In May 2005 the Canadian Task Force on Spam issued its final Report entitled “Stopping Spam – Creating a Stronger, Safer Internet”. The Report recommends to combat unsolicited commercial emails by establishing on opt-in regime supported by tough penalties. To this end, the following email activities should be made offences:

the failure to abide by an opt-in regime for sending unsolicited commercial email;
the use of false or misleading headers or subject lines (i.e. false transmission information) designed to disguise the origins, purpose or contents of an email, whether the objective is to mislead recipients or to evade technological filters;
the construction of false or misleading URLs and websites for the purpose of collecting personal information under false pretences or engaging in criminal conduct (or to commit other offences listed);
the harvesting of email addresses without consent, as well as the supply, use or acquisition of such lists; and
dictionary attacks.

The report also calls for the creation of a private right of action to facilitate spam suits and the creation of a centre, reporting to the Minister of Industry, responsible for policy oversight and coordination, public education and awareness, and providing support to enforcement agencies.

Report of Canadian Task Force on Spam, May 2005

USA: Copyright Issues in Digital Media

In August 2004, the Congressional Budget Office (CBO) issued a study on "Copyright Issues in Digital Media". The paper reviews current copyright law in the United States and considers the unique aspects of digital technology's challenge to that law. It also examines the prospects for a market-based resolution to copyright disputes over digital content and explores the effect of potential revisions to copyright law on economic efficiency and equity. While this analysis suggests some issues and concerns that the Congress may wish to consider during its deliberations about any changes in copyright law, the paper makes no policy recommendations.

CBO Paper on Copyright Issues in Digital Media, August 2004 (PDF, 1,7 MB)

ECJ: Abuse of a Dominant Position - IMS Health

On 29 April 2004 the European Court of Justice (ECJ) established in IMS Health GmbH & Co. OHG v NDC Health GmbH & Co. KG under which circumstances the refusal by an undertaking in a dominant position to grant a licence for a copyright only is abusive. In principle the exclusive right to reproduction forms part of the copyright-holder's rights, so that a refusal of a licence cannot, in itself, constitute an abuse of a dominant position. Nevertheless, the exercise of an exclusive right may, in exceptional circumstances, give rise to abusive conduct. In order for the refusal by an undertaking which owns a copyright to give access to a product or service indispensable to carry on business to be regarded as an abuse, three conditions must be fulfilled:

(1) the undertaking which requested the licence must intend to offer new products or services not offered by the owner of the copyright and for which there is a potential consumer demand;

(2) the refusal can not be justified by objective considerations, and

(3) the refusal is such as to reserve to the undertaking which owns the copyright the relevant market, by eliminating all competition on that market.

ECJ, Judgment of 29 April 2004 in IMS Health v NDC Health C-418/01

EU: IPR Enforcement Directive

On 26 April 2004 the EU Council adopted the Directive on the Enforcement of Intellectual Property Rights (Enforcement Directive). Its purpose is to harmonise measures and procedures to enforce intellectual property rights. The Enforcement Directive brings under the supervision of the European Court of Justice (ECJ) much of the content of the TRIPS provisions on enforcement of intellectual property rights (namely Art. 41 - 50 and 61 TRIPS) and goes beyond TRIPS by implementing at a Community level certain so-called 'best practices' measures currently in operation in one or more Member States.

EU Directive on the Enforcement of Intellectual Property Rights of 29 April 2004

Proposal for a Directive on Measures and Procedures to Ensure the Enforcement of Intellectual Property Rights as agreed by the Council of EU on 16 February 2004

European Commission: Microsoft Decision

On 24 March 2004 the European Commission concluded, after a five-year investigation, that Microsoft Corporation had broken European Union competition law by leveraging its near monopoly in the market for PC operating systems (OS) onto the markets for work group server operating systems and for media players.
Because the illegal behaviour was still ongoing, the Commission has ordered Microsoft to disclose to competitors, within 120 days, the interfaces required for their products to be able to 'talk' with the ubiquitous Windows OS. Microsoft was also required, within 90 days, to offer a version of its Windows OS without Windows Media Player to PC manufacturers (or when selling directly to end users). In addition, Microsoft was fined € 497.2 million for abusing its market power in the EU.

European Commission, Decision of 24 March 2004 - Microsoft

Norway: Acquittal in DVD-Case

The DVD-case regards the actions of a - at the time of the act - 15 year old Norwegian, Jon Lech Johansen. He was indicted for having gained unlawful access to movies and player keys contained on region-1-encoded DVDs by breaking the protective device CSS. The question was whether this was a punishable offence according to Section 145(2) of the Norwegian Penal Code.

The Oslo Court of First Instance found that access to data or software is only unlawful constituting a criminal offence when the person accessing has no right to access the data in any way. If, however, the person accessing has a right to access the data, it would be irrelevant of how the access is obtained. Since Johansen had only used DVDs lawfully bought by himself, he enjoyed a right to access the data.

The Borgarting Appellate Court confirmed the finding of the previous instance adding that when Johansen programmed the user interface to DeCSS, he had no reason to believe that the reverse engineering or decompilation of the 'nomad' was illegal. The appellate court concluded on this basis that access to the data cannot be construed as illegal.

Oslo Court of First Instance: Unofficial translation by CRI correspondent Professor Dr. Jon Bing

Borgarting Appellate Court: Unofficial translation by CRI correspondent Professor Dr. Jon Bing

The first study was prepared by London Economics in association with PricewaterhouseCoopers and found that the effectiveness of national regulation under the EU telecom rules plays a significant and positive role in attracting investment into the telecoms sector, next to other factors, such as per capita GDP, regional population density and industry structure. The study thus supports the Commission's assessment that “regulatory holidays” would clearly be counterproductive for individual Member States, as well as the EU as a whole. "An Assessment of the Regulatory Framework for electronic Communications: Growth and Investment in the EU E-Communications Sector"

The second study was prepared by Hogan & Hartson and Analysys and takes a broad look at key features of the current framework and submits 65 concrete proposals for reform including streamlining the market review procedure, improving appeal procedures in national courts, and creating the possibility for pan-European service authorisations. It also recommends that structural separation should be a remedy of last resort for national regulatory authorities in ex ante regulation and that the list of ex ante remedies should include organisational and functional separation. The study also looks at the issue, currently under discussion, to give the Commission enhanced powers over remedies to be adopted by national telecom regulators in case of a position of significant market power on a specific electronic communications market. Several respondents suggested that an enhanced Community control over remedies would facilitate greater harmonisation and availability of consistent wholesale products across the EU. Moreover, the study notes that the downside risks for competition and the internal market are greater for “the wrong ex ante remedies” than a “conceptually flawed market analysis” but it recognises that this is primarily a political decision. "Preparing the Next Steps in Regulation of Electronic Communications"

The third study was prepared by Dr Ulrich Stumpf, Professor Martin Cave and Professor Tommaso Valletti and covers the work of economic experts on the state of competition on narrowband, broadband and mobile services. Their final report calls for a removal of much of the regulation of retail markets included in the Recommendation on relevant markets of 2003 – a proposal already taken into account in the Commission documents of 29 June (IP/06/874), which comes to the conclusion that, on most retail markets, wholesale regulation on its own can ensure effective competition, and that, therefore, ex-ante-regulation should be removed in relation to retail calls and leased lines markets. The expert report also calls for the removal of the mobile access and call origination market (market 15), a proposal that will be considered and debated further in the course of the ongoing consultation. "Experts' Report in Relation with the Review of the Recommendation on Markets Subjects to Ex Ante Regulation"

Earlier this year, the Commission published a Communication on the review of the regulatory framework for electronic communications (29 June 2006), a Public Consultation on a Draft Recommendation (28 June 2006) and an Impact Assessment (28 June 2006), which include several policy proposals for boosting competition and building a single market for wireless services. Further contributions regarding the Public Consultation should be sent before 27 October 2006 in electronic format to: marketsrecommendation@ec.europa.eu. All comments will be published unless confidentiality is specifically requested.

EU Telecoms Reform: Commission continues debate with three studies
On 25 August 2006, the Commission made public three commissioned studies which should serve as “food for thought” in the ongoing review of the 2002 EU telecoms rules. The studies published today deal with some of the key subjects of the review process: growth and investment in the EU electronic communications sector, regulatory reform and the state of competition in the electronic communications markets. While the three studies are not binding on the Commission, they are useful contributions to the public debate on the review of the EU telecom rules during the public consultation that will last until the end of October. The three studies reflect a broad range of opinions on all aspects of EU telecoms rules: The first study was prepared by London Economics in association with PricewaterhouseCoopers and found that the effectiveness of national regulation under the EU telecom rules plays a significant and positive role in attracting investment into the telecoms sector, next to other factors, such as per capita GDP, regional population density and industry structure. The study thus supports the Commission's assessment that “regulatory holidays” would clearly be counterproductive for individual Member States, as well as the EU as a whole. "An Assessment of the Regulatory Framework for electronic Communications: Growth and Investment in the EU E-Communications Sector".

The second study was prepared by Hogan & Hartson and Analysys and takes a broad look at key features of the current framework and submits 65 concrete proposals for reform including streamlining the market review procedure, improving appeal procedures in national courts, and creating the possibility for pan-European service authorisations. It also recommends that structural separation should be a remedy of last resort for national regulatory authorities in ex ante regulation and that the list of ex ante remedies should include organisational and functional separation. The study also looks at the issue, currently under discussion, to give the Commission enhanced powers over remedies to be adopted by national telecom regulators in case of a position of significant market power on a specific electronic communications market. Several respondents suggested that an enhanced Community control over remedies would facilitate greater harmonisation and availability of consistent wholesale products across the EU. Moreover, the study notes that the downside risks for competition and the internal market are greater for “the wrong ex ante remedies” than a “conceptually flawed market analysis” but it recognises that this is primarily a political decision. "Preparing the Next Steps in Regulation of Electronic Communications"

The third study was prepared by Dr Ulrich Stumpf, Professor Martin Cave and Professor Tommaso Valletti and covers the work of economic experts on the state of competition on narrowband, broadband and mobile services. Their final report calls for a removal of much of the regulation of retail markets included in the Recommendation on relevant markets of 2003 – a proposal already taken into account in the Commission documents of 29 June (IP/06/874), which comes to the conclusion that, on most retail markets, wholesale regulation on its own can ensure effective competition, and that, therefore, ex-ante-regulation should be removed in relation to retail calls and leased lines markets. The expert report also calls for the removal of the mobile access and call origination market (market 15), a proposal that will be considered and debated further in the course of the ongoing consultation. "Experts' Report in Relation with the Review of the Recommendation on Markets Subjects to Ex Ante Regulation"

Prior news see section "Cases & Material"