The “process” of patenting: Why should we care about a potential U.S. Supreme Court decision in Bilski v. Doll?

In Bilski v. Doll, the U.S. Supreme Court is called to define one of the categories of patent-eligible subject matter, “process” patents. In 2008, the Court of Appeals for the Federal Circuit held that the category has a narrow meaning, and that to be eligible for a process patent under 35 U.S.C. § 101, the invention must involve a machine or apparatus or involve a transformation to a different state or thing, ultimately rejecting the patent application as unpatentable subject matter. The patent applicants have asked the U.S. Supreme Court to determine two issues: first, the meaning of “process” in 35 U.S.C. § 101 and whether the lower court properly relied on a “machine-or-transformation” test, and second, the test's potential conflict with 35 U.S.C. § 273, which provides protection for “method[s] of doing or conducting business.” The Court's decision could change the way that research and business are done, and patent protection for such investments. Parts 1 and 2 of this article address Bilski directly and what is and is not in dispute. Part 3 addresses the “machine-or-transformation” test, while Parts 4 and 5 address reasons not to adopt such a test.     

The future of consumer data protection in the E.U. Re-thinking the “notice and consent” paradigm in the new era of predictive analytics

The new E.U. proposal for a general data protection regulation has been introduced to give an answer to the challenges of the evolving digital environment. In some cases, these expectations could be disappointed, since the proposal is still based on the traditional main pillars of the last generation of data protection laws. In the field of consumer data protection, these pillars are the purpose specification principle, the use limitation principle and the “notice and consent” model. Nevertheless, the complexity of data processing, the power of modern analytics and the “transformative” use of personal information drastically limit the awareness of consumers, their capability to evaluate the various consequences of their choices and to give a free and informed consent.     

European national news

The regular article tracking developments at the national level in key European countries in the area of IT and communications - co-ordinated by Herbert Smith LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to compliment the Journal’s feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.     

Profiling the mobile customer – Privacy concerns when behavioural advertisers target mobile phones – Part I

Mobile customers are being tracked and profiled by behavioural advertisers to be able to send them personalized advertising. This process involves data mining consumer databases containing personally-identifying or anonymous data and it raises a host of important privacy concerns. This article, the first in a two part series on consumer information privacy issues on Profiling the Mobile Customer, addresses the questions: “What is profiling in the context of behavioural advertising?” and “How will consumer profiling impact the privacy of mobile customers?” The article examines the EU and U.S. regulatory frameworks for protecting privacy and personal data in regards to profiling by behavioural advertisers that targets mobile customers. It identifies potential harms to privacy and personal data related to profiling for behavioural advertising. It evaluates the extent to which the existing regulatory frameworks in the EU and the U.S. provide an adequate level of privacy protection and identifies key privacy gaps that the behavioural advertising industry and regulators will need to address to adequately protect mobile consumers from profiling by marketers. The upcoming second article in this series will discuss whether industry self-regulation or privacy-enhancing technologies will be adequate to address these privacy gaps and makes suggestions for principles to guide this process.¹     

Cursing the Cloud (or) Controlling the Cloud?

Inspired by the cloud computing hypes, this paper responds to some of the hypes, but not to all. The hype in this paper refers to the level of the adequacy of data protection and privacy in a cloud computing (the Cloud) environment. Paradoxically, this paper proffers observational insights that surround the Cloud from the perspectives of data protection and privacy. It examines briefly the efforts of January 2010 led by Microsoft and anticipating “liability” scenarios. The liability rhetorically refers to the illegal access in the Cloud. This paper does not focus entirely on the technology sophistication; however, it analyses two scenarios of illegal access. To mitigate the liability, it suggests a “Cloud Compliant Strategy (CCS)” being a proposed model to control the Cloud. The observational insights of this paper have also intertwined with the adequacy of data protection from the lenses of the European Union (EU) Data Protection Directive 95/46/EC (DPD) and Safe Harbor provisions (SH).     

Rethinking the one-stop-shop mechanism: Legal certainty and legitimate expectation

This paper aims to contribute to the discussion concerning the one-stop-shop mechanism proposed in the General Data Protection Regulation (hereinafter “GDPR”). The choice of regulation as the instrument to legislate on data protection is already an unmistakable indication that unification and simplification (together with respect of data subjects' interests) shall be the guide for every legal discussion on the matter. The one-stop-shop mechanism (hereinafter “OSS”) clearly reflects the unification and simplification which the reform aims for. We believe that OSS is logically connected with the idea of one Data Protection Authority (hereinafter “DPA”) with an exclusive jurisdiction and that this can only mean that, given one controller, no other DPA can be a competent authority.² In other words, OSS implies a single and comprehensive competent authority of a given controller. In our analysis we argue that such architecture: a) works well with the “consistency mechanism”; b) provides guarantees to data subjects for a clear allocation of powers (legal certainty); and c) is not at odds with the complaint lodging procedure. Our position on fundamental questions is as follows. What is the perimeter of competence of the DPA in charge? We believe that it should have enforcement power on every issue of the controller, including issuing the fines. How to reconcile such dominant role of one DPA with the principle of co-operation among DPAs? We do not consider co-operation at odds with the rule that decisions are taken by just one single authority. Finally, we share some suggestions on how to make the jurisdiction allocation mechanism (the main establishment criterion) more straightforward.     

Data protection legislation: What is at stake for our society and democracy?

The author starts by questioning the main privacy challenges raised by our present and future information society viewed as a “global village”. Apart from a comparison with the traditional village of our parents, he identifies the two complementary and not dissociable facets of our privacy: the right to seclusion and the right to participate fully in our society. According to the first German Constitutional Court recognizing the right to informational self-determination as a new constitutional right, he underlines the need to analyse the data protection as a tool for ensuring both the citizens' dignity and our democracy.     

Singapore's Personal Data Protection legislation: Business perspectives

As global digitalisation of information and interconnecting technologies along with new marketing practices and business processes vastly increase the opportunities for data collection, storage, usage and delivery, there is a corresponding increase in consumer expectations of data privacy. These expectations must be met if business organisations are to promote consumer trust and confidence and maintain their overall competitiveness in a global market. It goes without saying that information is the most valuable business asset and “privacy is good business and information can be the basis of bigger business”. The need to protect data privacy has long been recognised and implemented by major trading nations. Surprisingly, Singapore as a financial centre and nation aspiring to be a trusted data hosting hub has been slow in enacting specific data protection laws. The first piece of legislation that has emerged is a light-touch baseline framework applicable to all organisations except the public sector. This article considers the new legislation from the business perspective and the implications for private sector business organisations facing the challenges of compliance.     

EU law requirements to provide information to website visitors

This is the first of a planned series of articles considering the EU’s limited harmonisation of the laws regulating the activities of businesses using the Internet. This first article considers five key EU directives, all of which require website operators to provide a variety of information to website visitors. We consider the circumstances in which the various requirements apply and the information that must be provided, to simplify the process of navigating through rules which, although similar in nature, arise from disparate sources. We consider data privacy and “ePrivacy” rules; consumer protection rules arising in the field of e-commerce; and rules protecting potential creditors dealing over the Internet with limited liability companies.     

The rule of law online: Treating data like the sale of goods: Lessons for the internet from OECD and CISG and sacking Google as the regulator

The decision of the Court of Justice of the European Union (“CJEU”) in the case of Google Spain SL v Agencia Española de Protección de Datos (AEPD) ² [“the Google decision”] to require Google to enforce a right to be forgotten has caused a furore and sets a dangerous precedent in internet regulation. ³ It is setting up the search engine as a form of Internet Government and fracturing the balance between privacy and freedom of information in the connected world. In a world where we have become attuned to full exposure by routinely signing over access to information, privacy is no longer the issue – the real concern is control. This paper seeks to address the issues of whether we have a right to privacy anymore, who should be making decisions about what is available and where and how a global convention on access to information might be achieved.     

A comparison of proposed legislative data privacy protections in the United States

The use of online consumer tracking methods has raised significant privacy concerns for consumers and policymakers for decades. Advertisers using these methods analyze web-viewing habits to predict consumer preferences and actions. The advertising industry in the United States has promoted self-regulatory principles to respond to these concerns. However, in December 2010, the U.S. Federal Trade Commission reported that these efforts “have been too slow and up to now have failed to provide adequate and meaningful protection.” President Barack Obama's administration has supported broader legislation for comprehensive protection of individuals' private data. The leading model for data privacy protection is the 1980 Organization for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. This article examines two leading legislative privacy proposals in the context of the OECD principles. This examination concludes that, although the proposals do not provide sufficient comprehensive privacy protections, they do fill significant gaps in current U.S. privacy laws.     

There's more to it than data protection – Fundamental rights,privacy and the personal/household exemption in the digital age

Heated debates triggered by the plans to introduce the “right to be forgotten” exposed problems the all-encompassing application of rules on data processing may cause in practice. The purpose of this article is to discuss the compatibility of these rules with the rapidly evolving online environment in the context of the need to guarantee human rights on the internet. The author argues that there is an imbalance in the protection of individual rights online. It results from the limited application of personal/household exception and, in general, the narrow understanding of the concept of online privacy. According to the author in order for data protection laws to flesh out not only the fundamental right of data protection, but also play a mediatory role in balancing other rights, the application of the personal/household exception should be extended to include private online activities. This would reflect the complex character of the very concept of online privacy, diversity of actors and activities shaping online “territories”, as well as the increasingly heterogeneous fabric of the Web.     

European national news

The regular article tracking developments at the national level in key European countries in the area of IT and communications – co-ordinated by Herbert Smith LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to compliment the Journal’s feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.     

European national news

The regular article tracking developments at the national level in key European countries in the area of IT and communications – co-ordinated by Herbert Smith LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to compliment the Journal's feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.     

European national news

The regular article tracking developments at the national level in key European countries in the area of IT and communications – co-ordinated by Herbert Smith LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to compliment the Journal’s feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.     

European national news

The regular article tracking developments at the national level in key European countries in the area of IT and communications – co-ordinated by Herbert Smith LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to compliment the Journal’s feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.     

European national news

The regular article tracking developments at the national level in key European countries in the area of IT and communications – co-ordinated by Herbert Smith LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to compliment the Journal's feature articles and briefing notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.     

European national news

The regular article tracking developments at the national level in key European countries in the area of IT and communications – co-ordinated by Herbert Smith LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to compliment the Journal's feature articles and Briefing Notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.     

European national news

The regular article tracking developments at the national level in key European countries in the area of IT and communications – co-ordinated by Herbert Smith LLP and contributed to by firms across Europe. This column provides a concise alerting service of important national developments in key European countries. Part of its purpose is to compliment the Journal's feature articles and Briefing Notes by keeping readers abreast of what is currently happening “on the ground” at a national level in implementing EU level legislation and international conventions and treaties. Where an item of European National News is of particular significance, CLSR may also cover it in more detail in the current or a subsequent edition.