GERMANY: Creating New Property Rights on the Basis of General Legal Concepts - Without Limits?

In two cases recently decided by two different senates of the German Federal Supreme Court (Bundesgerichtshof, BGH), the following issue was raised: To what extent can the filming of sports events organized by someone else, on the one hand, and the photographing of someone else’s physical property, on the other hand, be legally controlled by the organizer of the sports event and the owner of the property respectively? In its “Hartplatzhelden.de” decision, the first senate of the Federal Supreme Court concluded that the act of filming sports events does not constitute an act of unfair competition as such, and hence is allowed even without the consent of the organizer of the sports event in question. However, the fifth senate, in its “Prussian gardens and parks” decision, held that photographing someone else’s property is subject to the consent of the owner of the grounds, provided the photographs are taken from a spot situated on the owner’s property. In spite of their different outcomes, the two cases do not necessarily contradict each other. Rather, read together, they may well lead to an unwanted – and unjustified – extension of exclusive protection, thus creating a new “organizer’s” IP right.

Spanish Supreme Court Rules in Favour of Google Search Engine... and a Flexible Reading of Copyright Statutes?

On 3 April 2012, the Spanish Supreme Court issued a major ruling in favour of the Google search engine, including its ‘cache copy’ service: Sentencia n.172/2012, of 3 April 2012, Supreme Court, Civil Chamber.* The importance of this ruling lies not so much in the circumstances of the case (the Supreme Court was clearly disgusted by the claimant’s ‘maximalist’ petitum to shut down the whole operation of the search engine), but rather on the court going beyond the text of the Copyright Act into the general principles of the law and case law, and especially on the reading of the three-step test (in Art. 40bis TRLPI) in a positive sense so as to include all these principles. After accepting that none of the limitations listed in the Spanish Copyright statute (TRLPI) exempted the unauthorized use of fragments of the contents of a personal website through the Google search engine and cache copy service, the Supreme Court concluded against infringement, based on the grounds that the three-step test (in Art. 40bis TRLPI) is to be read not only in a negative manner but also in a positive sense so as to take into account that intellectual property – as any other kind of property – is limited in nature and must endure any ius usus inocui (harmless uses by third parties) and must abide to the general principles of the law, such as good faith and prohibition of an abusive exercise of rights (Art. 7 Spanish Civil Code).The ruling is a major success in favour of a flexible interpretation and application of the copyright statutes, especially in the scenarios raised by new technologies and market agents, and in favour of using the three-step test as a key tool to allow for it.

Personal Data and Encryption in the European General Data Protection Regulation

Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.