Photo of John Cahir

News reports have confirmed that on Wednesday 26 July, after a public consultation period on the issue, the Irish Government have agreed to set the digital age of consent at 13 years of age. Article 8 of the General Data Protection Regulation (GDPR) provides that a child under the age of 16 cannot consent to the processing of their personal data without the express consent of their parents. EU Member States have been granted the discretion to set a lower age under the GDPR provided that it is no lower than 13.

The decision follows consideration of a submission made by Special Rapporteur for Child Protection, Dr Geoffrey Shannon, who had previously called for the lowest age of consent to be adopted in a Joint Oireachtas Committee on Justice, Defence and Equality meeting on 5 July which discussed the General Scheme of the Data Protection Bill 2017. Dr Shannon stressed the importance of protecting a child’s right to participate and have their voice heard when considering the digital age of consent.

A similar decision has been taken in the UK where the Department of Digital, Culture, Media  & Sport have confirmed that they intend to set the age of digital consent at the lower threshold of 13 years of age, in a Statement of Intent released on 7 August, discussing the proposed Data Protection Bill 2017.

 

The Court of Justice of the European Union (CJEU) has handed down a reference for a preliminary ruling in Case C-610/15 (Stichtin Brein v Ziggo BV, XS4ALL Internet BV), holding that making available and managing an online platform for sharing copyright-protected works may constitute an infringement of copyright.

The case was brought by a Dutch anti-piracy group Stichtin Brein against two internet service providers and was referred to the CJEU by the Supreme Court of the Netherlands to seek clarification on a point of EU law.

The CJEU considered whether an internet sharing platform, such as ‘The Pirate Bay’, which makes available and manages the indexation of metadata relating to copyrighted works, was providing ‘communication to the public’ of copyrighted materials within the meaning of Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society. It was noted that although copyrighted material was placed online by users and not by the operators of ‘The Pirate Bay’, by indexing files to allow users locate and share protected works, it played “an essential role in making the works in question available.”

It was also noted that although ‘The Pirate Bay’ does not host content, it provides a torrent search engine, classifying files under different categories and providing access to protected material “with full knowledge of the consequences of their conduct.”

The case will now return to the Dutch courts for final determination on the issue, but the ruling strengthens the position of copyright holders throughout the EU who wish to hold online sharing platforms accountable.

 

The General Scheme of the Data Protection Bill 2017 was published last Friday and we have prepared a summary of its main provisions here.

The drafting of the Bill is a complex task. There is a need to repeal the provisions of the Data Protection Acts 1988 and 2003 that are replaced by the directly effective provisions of the GDPR, to transpose the Law Enforcement Directive (2016/680) and at the same time to give effect to provisions of the GDPR that require national implementing measures.

Although not stated definitively, it appears that consideration is being given to having a full repeal of the Data Protection Acts 1988 and 2003 with the new Act to be a consolidating measure. That would be a welcome development.

The stand out proposals of general interest in the Bill include:

  • Confirmation that only public authorities who compete with the private sector will be susceptible to administrative fines.
  • The proposal that additional due process in the form of an oral hearing or a written “right of reply” will be available under the new administrative sanctions procedure.
  • A new power of the DPC to direct that a controller/processer engage an independent reviewer to prepare a written report on any matter specified by the DPC with the cost of the report to be borne by the data controller/processor. This is an entirely new investigative mechanism that has been designed to deal with “large scale cases”.

We will provide regular updates on the Bill’s progress.

As has been reported widely in the world media, the Court of Justice of the European Union (CJEU) this week declared the EU-US Safe Harbour regime to be invalid. The decision has understandably given rise to a lot of concern among European businesses that transfer data to the US.

In this blog post, we seek to answer the main questions that are being asked following the CJEU ruling.

Continue Reading Data in Disarray: The Aftermath of the Safe Harbour Decision

The Advocate General, Yves Bot, of the Court of Justice of the European Union (CJEU) last week delivered his opinion in the Maximillian Schrems v Data Protection Commissioner Case, C362/14 (the Opinion). The Opinion, which is advisory in nature, recommends that the Safe Harbour programme be invalidated and that the Irish Data Protection Commissioner (the DPC) be empowered to carry out a full investigation as to the adequacy of protection afforded to the personal data of Facebook’s EU users. 

Continue Reading Safe Harbour in Danger?

The Irish High Court has issued a significant decision in Aldi Stores (Ireland) Limited & anor v- Dunnes Stores (No.2) [2015] IEHC 551holding that a plaintiff is entitled as of right to an injunction where a trade mark is infringed in the course of a comparative advertising campaign even where the advertising campaign in question has ended. The defendant has indicated that it will be appealing the finding of liability made by the court.

Continue Reading High Court grants injunction prohibiting further trade mark infringement in relation to advertising campaign which has ended.

Following the recent Court of Justice decision in the Costeja case, Google launched a service last Friday that will allow European data subjects to request the removal of search results for queries that include their name where those results are "inadequate, irrelevant, or no longer relevant, or excessive in relation to the purpose for which they were processed". The request form is available online.

Continue Reading Google launches new European privacy removal tool

The UK Court of Appeal has issued a significant judgment on the scope of protection afforded by Registered Community Designs (RCDs) in Magmatic Ltd v PMS International Ltd. The case concerned a claim of infringement brought by Magmatic Ltd (Magmatic), creator of the popular children’s ride-on suitcase range, Trunki, against PMS International Ltd (PMS), which manufactured a discount variant of ride-on suitcases inspired by the Trunki range. The Court of Appeal held that the trial judge, Justice Arnold, had erred in principle by disregarding surface decoration and colour contrast in his global assessment of the similarities between the two products.

Continue Reading UK Court of Appeal Rules on Scope of Registered Community Design Rights

The European Union is promising its citizens better access to online music thanks to a new directive focusing on “the collective management of copyright and related rights and multi-territorial licensing of rights in musical works for online use in the internal market” (the Directive). The Directive, which was adopted by the European Council on 20 February, aims to simplify and facilitate cross-border music licensing for online service providers. This is good news for Irish consumers who are typically kept waiting for innovative new music streaming services to hit Irish shores. Irish artists will also benefit from quicker, more transparent payments of performing rights royalties.

The Directive has two principle aims:

To facilitate cross-border licensing of authors’ rights in online music; and

To make copyright collective management organisations (CMOs) (also known as collecting societies) more transparent and effective.

Continue Reading EU Overhaul of Collective Rights Management for Online Music

The CJEU has ruled in Svensson and Others v Retriever Sverige AB (C466/12) (Svensson) that providing a hyperlink to copyrighted works which are already freely available online does not constitute an infringement of copyright.  However, if a link allows users to bypass technical measures restricting access to a site on which a copyrighted work appears, then infringement may occur.

The decision had been awaited with some trepidation due to the essential role linking plays in the day to day operation of the internet. A contrary ruling would have created a serious barrier to the interconnectivity upon which the internet thrives.

 

Continue Reading Links to Freely Available Content do not Infringe Copyright