Update | IP/IT: trademarks infringements

Readers may remember the unsuccessful challenge to the ?Digital Economy Act 2010 (DEA) in the courts. In May 2012 the government issued a response to the Film Policy Review Panel's revision of the UK film industry in this area, saying: 'The government welcomes the panel's recommendation ?and remains committed to implementing the Digital Economy Act provisions as ?soon as possible'.

Digital Economy Act challenge

DCMS said in its response (www.official-documents.gov.uk/document/cm83/8355/8355.pdf): 'The judicial review of the online infringement of copyright provisions has caused significant delay since although the government won overwhelmingly in both the High Court and the Court of Appeal, the point upon which we lost in both cases has meant that we have had to reset how the costs of the process will be apportioned. This in turn has led to the Initial Obligations Code being delayed. However, we anticipate that the code will be published in June 2012'.

The Film Policy Review Panel is reviewing the future of UK film. In January it reported that copyright infringement was contributing to declining industry revenues and that a 'key element' to addressing the problem was in implementing the measures contained in the DEA.

Ofcom had earlier suggested in a draft code of practice that infringers (usually those who upload or download films without permission) would receive three warning letters from ISPs drafted by Ofcom. Those receiving more than the three letters, each of which becomes more forceful in tone but presumably do not go so far as to amount to a breach of professional conduct rules as in the ACS and Davenport Lyons SRA decisions, are then put on a blacklist. The plan is that individuals who want to appeal must pay £20 when they receive the letter even if they have done nothing wrong.

Trademark infringement

Red Bull GmbH v Sun Mark Ltd saw Red Bull in Germany win its action against trademark infringers who had used the mark 'BULLET' and words 'NO BULL IN THIS CAN' for energy drinks. It was held this breached Red Bull's trademarks 'BULLIT' under section 10(2) of the Trade Marks Act 1994 and its community trade mark. The defendants had tried to argue that Red Bull had registered the marks in bad faith, but it failed.

In July the Court of Justice of the European Union held that software licences which are expressed not to be assignable can be assigned, notwithstanding this clause under EU law. This has thoroughly set the cat among the pigeons for many software licensors who rely on the fact licences are personal only. The decision was considered in an article in the Solicitors Journal 7 August 2012 and in the September issue of IT Law Today. If the licence is for a fixed term it appears the new rule does not apply therefore presumably the practical answer for those with software licensor clients is to change perpetual licences to fixed-term licences. See case C-128/11 UsedSoft v Oracle.

In July the Ministry of Justice published responses to the draft data protection regulation. Hardly anyone commented on the draft directive issued with it which relates to police matters and interception so that is not addressed in the published responses. For details of the data protection proposals see: https://consult.justice.gov.uk/digital-communications/data-protection-proposals-cfe

In June the Advertising Standards Authority adjudicated on whether two tweets, one by Wayne Rooney and the other from Jack Wilshere, were obviously identifiable as marketing tweets because they included a Nike hashtag.

In Samsung Electronics (UK) Ltd v Apple Inc. [2012] EWHC 1882 (Pat) in July, the High Court held that the Samsung Galaxy tablet computer does not breach Apple's community registered design. The court compared the two products and, although there were similarities, the overall impression gained was not that they were of the same company.

The similarities and differences between the products were considered, followed by an assessment of the seven features relied upon by Apple against the degree of freedom of the designer and the design corpus that existed in 2004. The court found that the informed user's overall impression of the Samsung tablets was that their front view indicated that the products belonged to the same pre-existing family as Apple's design, but that Samsung's tablet computers did not have the same understated and extreme simplicity: they were not as 'cool'. As the overall impression produced on the informed user was different, there was no finding of infringement by Samsung.

A recent High Court decision on outsourcing will be of interest to IT lawyers. The parties have to operate 'in good faith' and service level obligations were imposed in the usual way. The relevant clause said: 'The Trust and [Medirest] will co-operate with each other in good faith and will take all reasonable action as is necessary for the efficient transmission of information and instructions to enable the Trust [...] to ?derive full benefit of the contract'
It was held that the Trust (the buyer) had not acted in good faith in awarding itself excessive service credits.

Domains and hosts

On 13 June the Internet Corporation for Assigned Names and Numbers (ICANN) released its list of over 1,900 new generic top level domain names. ICANN has now given a short time period for interested parties to file public comments and to make formal objections to any proposed gTLDs. Failure to act during the objection period may preclude entities from challenging the activation of new gTLDs in the future. Brand owners and organisations around the world are strongly advised to take advantage of this limited opportunity to identify any candidate gTLDs that may create competitive threats to their businesses, confusion in the marketplace, or otherwise breach legal rights. The June 2021 list is at https://newgtlds.icann.org/en/program-status/application-results/strings-1200utc-13jun12-en.

In June the EU announced that it had begun a consultation on when an online service provider should be considered a 'hosts' of content. Those who just host are less liable for content than others. The ecommerce directives provide that as long as they remove illegal material quickly they are not liable. There was a 2010 consultation on this area and now a new questionnaire has been issued by the EU. (https://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=noticeandaction)

Data protection

In June Brighton and Sussex University Hospitals NHS Trust was served with a Civil Monetary Penalty (CMP) of £325,000 following what the Information Commissioner's Office (ICO) called a serious breach of the Data Protection Act (DPA). The fine is the highest issued by the ICO since it was granted the power to issue CMPs in April 2010. It followed the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff '“ including some relating to HIV and Genito Urinary Medicine (GUM) patients - on hard drives sold on an internet auction site in October and November 2010.

The data included details of patients' medical conditions and treatment, disability living allowance forms and children's reports. It also included documents containing staff details, such as National Insurance numbers, home addresses, ?ward and hospital IDs, and information referring to criminal convictions and suspected offences.

The data breach occurred when an individual engaged by the Trust's IT service provider, Sussex Health Informatics Service (HIS), was tasked to destroy approximately 1000 hard drives held in a room accessed by key code at Brighton General Hospital in September and October 2010. A data recovery company bought four hard drives from a seller on an internet auction site in December 2010, who had purchased them from the individual.

Although the ICO was assured in its initial investigation that only four hard drives were affected, it was contacted by a university who told them that one of their students had purchased hard drives via an internet auction site. An examination of the drives established that they contained data which belonged to the Trust.

The Trust was unable to explain how the individual removed at least 252 of the approximate 1000 hard drives they were supposed to destroy from the hospital during their five days on site. They are not believed to have known the key code needed to access the room where the drives were stored, and were usually supervised by staff working for HIS. However, the Trust did acknowledge that the individual would have left the building for breaks, and that the hospital is publicly accessible.

The ICO's deputy commissioner and director of data protection David Smith said: 'The amount of the CMP issued in this case reflects the gravity and scale of the data breach. It sets an example for all organisations '“ both public and private '“ of the importance of keeping personal information secure. That said, patients of the NHS in particular rely on the service to keep their sensitive personal details secure. In this case, the Trust failed significantly in its duty to its patients, and also to its staff.' A copy of the CMP notice is available on the ICO's website at: www.ico.gov.uk/what_we_cover/taking_action/dp_pecr.aspx.