Photo of Davinia Brennan

The Government has published its legislation programme for Spring 2021. The programme contains 32 bills for publication and prioritisation by the Government.

Key Bills of relevance to the data protection, commercial and technology sector include:

Bills expected to undergo pre-legislative scrutiny  

  • Online Safety and Media Regulation Bill – This Bill will provide for the establishment of a Media Commission (including an Online Safety Commissioner), the dissolution of the Broadcasting Authority of Ireland, a regulatory framework to tackle the spread of harmful online content, and implementation of the revised Audiovisual Media Services (AVMS) Directive 2018/1808. The heads of Bill were published on 9 January 2020, and 8 December 2020. Member States were due to implement the revised AVMS Directive in national law by 19 September 2020, so Ireland has missed this deadline.
  • Hate Crime Bill– This Bill will repeal the Prohibition of Incitement to Hatred Act 1989, to provide for new and aggravated offences, including an offence of incitement. The Heads of Bill are in preparation.

Continue Reading Government publishes Spring Legislative Programme

Photo of Davinia Brennan

On 24 December 2020, the EU and UK reached a consensus on the Trade and Cooperation Agreement (the Agreement). The agreement allows personal data to continue to flow freely from the EU/EEA to the UK for up to 6 months after 1 January 2021, or until an adequacy decision is adopted (whichever is earlier). This provides the European Commission with some further time to make an adequacy decision in relation to the UK.

Continue Reading Trade Agreement keeps EU-UK personal data flowing for 6 months

Photo of Davinia Brennan

The European Data Protection Board (EDPB) recently published new Guidelines to help businesses comply with their obligation to adopt a Data Protection by Design and by Default (DPbDD) approach when processing personal data.

Article 25 GDPR requires controllers to implement appropriate technical and organisational measures and safeguards that provide effective implementation of the data protection principles, and protect data subjects’ rights, by design and by default.  Article 25 prescribes both design and default elements that should be taken into account.

A controller must adopt a DPbDD approach at all stages of developing processing activities, including tenders, outsourcing, development, support, maintenance, testing, storage, deletion, etc.  The importance of complying with the DPbDD obligation is underlined by the fact that it is a factor for competent supervisory authorities to consider when  determining whether to impose an administrative fine and the level of that fine (Article 83(2)(d)).

Continue Reading EDPB publish new guidelines on data protection by design and by default

The purpose of copyright is to protect original artistic works, but Banksy is well-known for his view that “copyright is for losers”, which may well be linked to the fact that he would likely lose his anonymity by asserting copyright over his works. He has instead sought protection from commercialisation by third parties of his works through various trade mark registrations. However, a recent decision by the EUIPO has put an end to his trade mark registration protecting one of his most famous pieces of art.

Continue Reading Banksy loses EU trade mark due to “bad faith”

Photo of Davinia Brennan

The European Commission recently published its new draft Standard Contractual Clauses (SCCs) for international transfers of personal data to third parties located outside of the EEA.

The new SCCs have been expected for some time in light of the coming into force of the GDPR. The existing set of SCCs were implemented under the former Data Protection Directive 95/46/EC and still referenced that regime. The delay was due to the European Commission reconciling the new SCCs with the decision of the European Court of Justice in Schrems II.

Whilst the new SCCs align with the GDPR, address the Schrems II decision, and directly incorporate some of the European Data Protection Board (EDPB) Recommendations on Supplementary Measures (01/2020), they are not a catch-all solution for international data transfers. Parties will still be required to undertake a risk assessment, and adopt supplementary measures (where necessary), to ensure the effectiveness of the new SCCs in the third country concerned.  Where the new SCCs and supplementary measures do not provide an adequate level of protection in the third country, then companies will be obliged to suspend and/or terminate the transfer.

Continue Reading European Commission publishes draft new SCCs

Photo of Davinia Brennan

The European Commission recently published draft Article 28 Standard Contractual Clauses for use between controllers and processors located within the European Union.  The draft Article 28 Clauses are distinct from, and  should not be confused with, the European Commission’s new draft Standard Contractual Clauses (SCCs) for data transfers out of the EEA.  The latter SCCs contain their own set of Article 28 clauses.

Continue Reading European Commission publishes new draft Article 28 Clauses

As we continue to adjust to new restrictions introduced by the government as a result of the pandemic, the world of trade marks has been business as usual.  In this blog, we discuss a recent decision relating to a high profile trade mark proprietor, Lionel Messi, who is widely regarded as one of the best footballers in the world.

The Court of Justice of the European Union (CJEU) recently dismissed appeals brought by the EUIPO and a Spanish company against the judgment of the General Court authorising Lionel Messi to register the trade mark ‘MESSi’ for sports equipment and clothing. The CJEU held that there is no likelihood of confusion between the word mark MASSI and a figurative sign containing the word MESSi.

Continue Reading No likelihood of confusion between MASSI and MESSi

Photo of Davinia Brennan

The Government has published its legislation programme for Autumn 2020. The programme includes: 30 priority Bills; 50 Bills that are expected to undergo pre-legislative scrutiny; 87 Bills where preparatory work is underway, and 14 Bills which are currently before the Oireachtas.

Key Bills of relevance to the data protection, commercial and technology sector include:

Priority Legislation 

  • Withdrawal of the United Kingdom from the European Union (Consequential Provisions) Bill – This Bill will provide for the legislative needs that will arise at the end of the Brexit transition period.

Bills expected to undergo pre-legislative scrutiny  

  • Online Safety and Media Regulation Bill – This Bill will provide for the establishment of a Media Commission (including an Online Safety Commissioner), the dissolution of the Broadcasting Authority of Ireland, a regulatory framework to tackle harmful online content, and implementation of the revised Audiovisual Media Services (AVMS) Directive 2018/1808. The general scheme of the Bill was published in January 2020, and the  legislative programme indicates that further heads are in preparation. Member States are expected to implement the AVMS Directive in national law by 19 September 2020, so Ireland will miss this deadline.
  • Consumer Rights Bill– This Bill will give effect to EU Directive 770/2019 on consumer contracts for the supply of digital content and digital services, EU Directive 771/2019 on consumer contracts for the sale of goods, and to update and consolidate the statutory provisions on consumer rights and remedies in relation to contracts for the supply of non-digital services, unfair contract terms, and information and cancellation rights.

Continue Reading Government publishes Legislation Programme for Autumn 2020

Photo of Davinia Brennan

On 7 September 2020, the European Data Protection Board (EDPB) issued draft guidelines on the concepts of controller and processor. The concepts play a crucial role in the application of the GDPR, as they determine who will be responsible for compliance with different data protection rules, and how data subjects can exercise their rights in practice.

The concepts have not changed compared to the Data Protection Directive 95/46/EC (now repealed) and the general criteria for how to attribute the different roles remain the same. However, the EDPB acknowledges the necessity of providing clarification on these concepts under the GDPR.  Since the entry into force of the GDPR, many questions have arisen in relation to the implications of the concept of joint controllership (under Article 26 GDPR), and the specific obligations for processors (under Article 28 GDPR). The guidelines replace the previous Opinion of the Article 29 Working Party on the concepts of controller and processor (Opinion 1/2010).

In part I, the guidelines discuss the definitions of the concepts of controller, joint controllers, processor, and third party/recipient. Part II considers the consequences that are attached to the different roles. The guidelines also contain helpful examples of the circumstances when an entity is a controller, joint controller or processor.

Continue Reading EDPB publishes draft guidelines on the concepts of controller and processor

The Court of Justice of the European Union (CJEU) has made an important ruling for brand owners, online marketplaces and retailers alike, in finding that Amazon is not liable for unwittingly stocking trade mark infringing goods on behalf of third party sellers.

Continue Reading E-commerce operators not liable for trade mark infringement for mere storage of infringing goods