Changes to the Right of Access to Personal Data under the GDPR – the UK perspective on Employee Data

In anticipation of the coming into force of the General Data Protection Regulation (GDPR) exactly a year from today, we are initiating a series of blog posts looking at the practical implications for employers. This post looks at individual employees’ right of access to their personal data and takes the form of a Q&A addressing key changes to this right that will be brought about by the GDPR. Given the ambiguous wording of the GDPR, there are more “Qs” than “As” at this stage, but we will update this guide when further clarity is provided by the UK Information Commissioner or at EU level. 

Continue Reading

The GDPR Becomes Law in 365 Days – Three Areas to Start Focusing on Now

We’re officially at the one year mark before the EU General Data Protection Regulation (“GDPR”) comes into effect on May 25, 2018.  In the last month many EU Member States have been busy proposing GDPR implementation bills, and this week the CNIL published a summary of the responses received to its consultation on profiling, consent, certification, and notification of violations, which are expected to advise Article 29 Working Party (“WP29”) guidelines on these topics.  While the WP29 and many Data Protection Authorities (“DPAs”) have published guidance documents regarding certain GDPR requirements, many questions still remain regarding the exact steps organizations will need to take over the next 365 days to be in compliance. However, organizations that continue to delay and wait for answers to these questions have little chance of being close to compliance by next May.

For some organizations this one-year milestone should indicate it’s time to kick into high gear with GDPR preparation, while for others it means they need to get started now before they run out of runway. Organizations that have not devoted much effort to GDPR compliance should not delay any longer, but should start planning their GDPR readiness timeline now to build a practical level of GDPR compliance by next May – especially considering that DPAs have made it clear that there will not be a grace period for GDPR compliance.

Continue Reading

Weekly Data Privacy Alert – 15 May 2017

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Privacy & Cybersecurity team. This week’s alert covers news from Germany and the UK.

Germany

  • Federal Data Protection Commissioner Releases Leaflet on Digital Language Assistants
  • Voßhoff Welcomes Federal Supreme Court Ruling on Dynamic IP Addresses

UK

  • ICO Opens Formal Investigation Into Use of Data Analytics in Political Campaigns
  • Firm Fined £100,000 by ICO for Sending 3.3 Million Spam Text Messages

For more information on any of these items, or data privacy issues generally, please feel free to call any of the of the following individuals:

Annette Demmel (Germany)

Caroline Egan (Birmingham)

Francesca Fellowes (Leeds)

Change of Scenery: TC Heartland Reshapes the Patent Litigation Landscape

Earlier today (May 22, 2017), the U.S.138290667 Supreme Court unanimously held that venue for patent infringement suits against U.S. companies is limited to the company’s state of incorporation or where the company has a “regular and established place of business.”  The Supreme Court’s decision—TC Heartland LLC v. Kraft Foods Group Brands LLC, Case No. 16-341—dramatically reshapes the patent litigation landscape.  For many years, venue has been deemed proper over a U.S. company wherever an accused product is found, providing plaintiffs with great flexibility in selecting a forum they perceived as favorable.  The Eastern District of Texas has been the major beneficiary of that flexibility for many years; for example, according to legal analytics company Lex Machina, one-third of all patent infringement cases commenced in the First Quarter of 2017 were filed in E.D. Texas, a statistic that has been relatively stable for some time.  Yet very few patent infringement defendants are incorporated within that district or otherwise have regular and established places of business there.  TC Heartland will remove E.D. Tex. as a favored locale for patent infringement cases (particularly for non-practicing entities).  As a result, expect to see new filings swell in other venues – particularly in the District of Delaware, where most large U.S. companies are incorporated.

(The paragraph above distills the case’s holding and impact on patent infringement litigation moving forward.  For those interested in more details, read on.)

TC Heartland sought Supreme Court review contending that lower court practice was based on the U.S. Court of Appeals for the Federal Circuit’s misconstruction of the applicable venue statutes.  The U.S. Code contains a special venue provision for patent infringement lawsuits (28 U.S.C. § 1400(b)), providing that “[a]ny civil action for patent infringement may be brought in the judicial district where the defendant resides, or where the defendant has committed acts of infringement and has a regular and established place of business.”  Sixty years ago, the Supreme Court held in Fourco Glass Co. v. Transmirra Products Corp., 353 U.S. 222, 226 (1957), that a U.S. company “resides” only in its place of incorporation.  In 1990, however, the Federal Circuit held that domestic companies could be sued for patent infringement in any U.S. judicial district where they were subject to personal jurisdiction.  VE Holding Corp. v. Johnson Gas Appliance Co., 917 F.2d 1574 (Fed. Cir. 1990).  The Federal Circuit’s holding stemmed from its view that 1988 amendments to the general venue statute (28 U.S.C. § 1391(c)) had modified the special patent venue statute to incorporate this broader concept of venue.  In practice, VE Holding permitted plaintiffs to file patent infringement suits anywhere that infringing goods could be found after having been placed into “the stream of commerce,” meaning virtually anywhere.  As a result, patent plaintiffs over time increasingly directed their cases to districts that they perceived as more favorable to patent litigation, with the Eastern District of Texas accounting for up to 40% of all patent infringement cases filed.

At oral argument, questions from the Supreme Court justices appeared to express some concern about the impact of an about-face on venue given 25+ years of practice since VE Holding.  The Court’s resulting opinion, however, provides lower courts no guidance for how to turn the clock back to patent venue law circa 1957.  In the short term, expect a deluge of venue transfer motions.  Among the issues open for decision in such cases will be the scope of a “regular and established place of business” in a given district.  That alternative, statutory basis for venue, which was rendered irrelevant while the Federal Circuit’s broad view of patent venue held sway, may itself become the basis for some amount of collateral litigation.  Other practical issues include:

  • how, with only two full-time judges (after Judge Robinson’s imminent retirement and Judge Sleet’s senior status), the District of Delaware will handle the likely influx of new and transferred cases;
  • whether so-called patent assertion entities (PAEs), who regularly filed their cases in Texas, will reduce their activity because TC Heartland requires that they file infringement lawsuits in forums that are the defendants’ “home court”; and,
  • how the business model for PAEs will be impacted, including whether the secondary market for patents will be injured by the ruling.

For more information on this case, please review our prior blogs on this matter (here, here, and here).

Brexit – how will my IP rights be affected?

The two year countdown to Brexit has begun. With the clock ticking, there is now a more urgent need for businesses to plan for the impact that Brexit will have on their operations.

We have produced an updated briefing for intellectual property owners explaining the likely implications for their EU-wide IP protection, particularly where there is a so called ‘hard Brexit’.  The note looks at what could happen in the area of trade mark, design, patent and copyright protection and also considers the impact for businesses on the ability to intercept counterfeit goods, and parallel trade within Europe.

IP owners need to take steps now to prepare for the UK’s formal exit from the EU.  Our briefing suggests what those steps might be.

Ninth Circuit Holds The GOOGLE Trademark Is Not The Victim Of “Genericide”

138290667Ninth Circuit Holds The GOOGLE Trademark Is Not The Victim Of “Genericide”

On Tuesday, the Ninth Circuit issued its decision in Elliott v. Google, Inc., No. 15-15809 (9th Cir. May 16, 2017), affirming the District of Arizona’s ruling granting Google’s motion for summary judgment that its GOOGLE trademark is not subject to cancellation as generic.

The claim that Google’s mark should be cancelled was made by two individuals who purchased over 700 domain names incorporating the GOOGLE mark.  After Google obtained ownership of the domain names through an administrative action in which Google established the domain names were confusingly similar to the GOOGLE mark and had been registered in bad faith, the plaintiffs brought suit seeking to cancel the trademark as “generic.”  Under governing law, generic marks are not protectable because, as common descriptive terms, they do not—as trademarks must—identify the source of a product or service.  Even trademarks that begin life as seemingly fanciful identifiers for products (such as Aspirin, Cellophane, and Thermos) may fall victim to “genericide,” i.e., become generic over time.  In 2014, the parties cross-moved for summary judgment on the issue of genericness, and the District of Arizona granted summary judgment in Google’s favor. Continue Reading

Weekly Data Privacy Alert – 8 May 2017

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Privacy & Cybersecurity team. This week’s alert covers news from the EU, Germany and the UK.

EU

  • EDPS Backs Article 29 Working Party in Opinion on Draft ePrivacy Regulation

Germany

  • Baden-Württemberg Data Protection Authority Appeals to Private Camera Drone Users
  • Consumer Association Nordrhein-Westfalen Finds Data Protection Deficits in Wearables and Fitness Apps
  • Federal Data Protection Commissioner Comments on Bundestag Adoption of New Data Protection Act

UK

  • ICO’s Highest Nuisance Calls Fine Reaches Record £400,000

For more information on any of these items, or data privacy issues generally, please feel free to call any of the of the following individuals:

Annette Demmel (Germany)

Caroline Egan (Birmingham)

Francesca Fellowes (Leeds)

Preparing for (or Avoiding) a Schoolyard Brawl: Rationalizing Patent Value

Patents are expensive and should provide value to any company that spends money on them.  There is no single way to value patents, and the value of a patent may change depending on the company’s needs and as products and markets develop.  We offer here a few practical suggestions to value patents and prepare for – or avoid – an expensive patent litigation having all the emotions of a schoolyard brawl.

One simple, effective way to conceptualize the value of patents is to produce a list of actual or prospective benefits that have value for a company and then align each patent, or each family of related patents, against those benefits.  Some measurable benefits include, for example:

  • protecting a product or product candidate
  • affecting a competitor or a competitor’s product or product candidate
  • aligning with prospective commercial partners during partnering of a product candidate or corporate mergers or acquisitions
  • supporting the business or a business deal
  • adding perceived value, such as the number of patents that a company holds and/or reports during public filings, and
  • providing the ability to turn patents into cash through out-licensing.

Alignment of each patent or patent family with an actual or prospective set of benefits is necessary to ensure that the attention and spending the patents receive are rational and realistic.

Continue Reading

Weekly Data Privacy Alert – 1 May 2017

Please click here to read the latest data privacy alert from the Squire Patton Boggs Data Privacy & Cybersecurity team. This week’s alert covers news from France and the UK.

EU

  • EDPS Presents Annual Report for 2016 to European Parliament

UK

  • ICO Issues Revised Guidance on Political Campaigning
  • Online Retailer Fined After Cyber-attack Leaves Customer Details Vulnerable

For more information on any of these items, or data privacy issues generally, please feel free to call any of the of the following individuals:

Caroline Egan (Birmingham)

Francesca Fellowes (Leeds)

New Australian Mandatory Data Breach Notification Legislation

iStock_000019536561_SmallAustralian businesses have been warned they can no longer keep quiet about cyber security breaches, after the Senate passed laws mandating their disclosure 15 years after they were introduced in the US.

The long anticipated Privacy Amendment (Notifiable Data Breaches) Bill 2016 (Bill) was passed in the Australian Parliament on 13 February 2017. The Bill amends the Privacy Act 1988 (Privacy Act) to introduce mandatory data breach notification provisions requiring any organisation that is accountable to the Privacy Act to inform the Australian Information Commissioner and members of the public if their data has been compromised. This includes most Commonwealth Government agencies, some private sector organisations, credit reporting bodies, credit providers and tax file number recipients. Continue Reading

LexBlog