According to the German Federal Labor Court, Germany’s highest court for employment disputes, German employers are not allowed to monitor employees in the workplace without a concrete suspicion of a criminal violation or, in some cases, a serious breach of duty (judgment dated July 27, 2017, case ref. 2 AZR 681/16). This means that employer monitoring of an employee’s computer usage without a concrete suspicion, including the use of keylogging software that records all keyboard entries made at a desktop computer does not comply with German data privacy laws. Courts may exclude evidence obtained under violation of German data privacy laws from their proceedings.
Facts of the Case
In the case, a web developer filed a dismissal law suit against a termination notice issued by its employer. The employer had installed a so-called keylogger on the employee’s business computer. The employer did this to prove its assumption that the employee had dedicated major parts of his working time to private activities. This keylogger software monitored and stored all keyboard entries for a significant period of time. In addition, the software periodically took and stored screenshots of the employee’s desktop.
The guidance states that the policy must contain, in general, such information as the:
How do you ensure that an Internet-connected sensor or device—often inexpensive and designed for lifespans of up to 20 years or more—can be secured against not only the intrusions of today but also those of the future? This question has taken on new urgency as low-cost Internet-connected devices are increasingly being co-opted into massive networks, known as “botnets,” that are capable of causing widespread disruption.
Both government regulators and industry have been working together to solve this and related questions by developing best practices for mitigating security risks from unpatched or unsupported devices. As we discussed in January, the National Telecommunications and Information Administration (NTIA), an independent agency within the Department of Commerce, is leading a multi-stakeholder process to consider opportunities and challenges associated with the Internet of Things (IoT). Since then, a working group convened by the NTIA has published a draft set of industry best practices for communicating to consumers when patches are available and when device manufacturers support sunsets. The Federal Trade Commission (FTC), consumer representatives and industry have submitted comments discussing these issues.
The NTIA’s Best Practices Draft
As appreciation for IoT security threats has grown, stakeholders in government, industry, and the technologist community have issued various guidance materials addressing how manufacturers should communicate information about security updates for IoT devices. The NTIA working group summarized and harmonized these recommendations into the best practices draft document for manufacturers. The document is also intended to serve as a baseline for the NTIA’s ongoing work in support of the growth of IoT products.
Four years after signing the Marrakesh Treaty (introduced by the WIPO) to Facilitate Access to Published Works for Persons who are Blind, Visually Impaired, or otherwise Print Disabled, the EU institutions finally voted for its implementation. With over 600 votes, the European Parliament adopted the final compromise on 6 July 2017. The European Council ratified the compromise on 17 July 2017. Within one year after entering into force, the member states need to implement the requirements from the EU directive. The regulation will apply directly.Four years after signing the Marrakesh Treaty (introduced by the WIPO) to Facilitate Access to Published Works for Persons who are Blind, Visually Impaired, or otherwise Print Disabled, the EU institutions finally voted for its implementation. With over 600 votes, the European Parliament adopted the final compromise on 6 July 2017. The European Council ratified the compromise on 17 July 2017. Within one year after entering into force, the member states need to implement the requirements from the EU directive. The regulation will apply directly.
The upcoming Law
After a long debate on how to implement the requirements of the Treaty, the final compromise includes two pieces of legislation: a directive and a regulation. At the centre of the new legislation, there are three main issues:
The U.S. Federal Communications Commission has adopted a Notice of Apparent Liability (“NAL”) imposing a $82 million penalty against Best Insurance Contracts (d/b/a Wilmington Insurance Quotes) and its owner/operator Philip Roesel for allegedly making more than 21 million prerecorded robocalls with illegally “spoofed” caller ID information in an attempt to sell health insurance.
The corrosive effects of rising nationalism and the sheer complexity of conducting business on a global scale has made leading tech executives concerned about their companies’ ability to trade freely and secure the regulatory and other government approvals they need to compete successfully. These and other issues surfaced during a candid hour-long discussion between Hogan Lovells’ counsel Tom Sugrue and corporate leaders from some of the world’s most formidable players in the telecommunications sector, gathered at the Washington D.C. Ritz Carlton for a strategic legal summit.
Nationalism represents a rapidly growing threat to Vodafone’s global business Megan Doberneck, said. Doberneck is the President and General Counsel for Vodafone Americas Inc., the US subsidiary of Vodafone Group Plc, one of the world’s largest wireless telecommunications companies, which provides service to more than 400 million customers across 70 countries. According to Doberneck, even multinational companies such as Vodafone, which has extensive in-country employment and billions of dollars in direct national investment, have started to encounter concerns that regulatory authorities attribute to their ostensibly “foreign” ownership. Vodafone recently published its 2017 Digital Rights and Freedoms Report, including an unprecedented 30-country study, prepared with the help of Hogan Lovells, on law enforcement and intelligence agencies’ access to customer data.
Gerry Oberst, Senior Vice President of Global Regulatory & Governmental Strategy of SES, agreed. SES, a global leader in satellite communications, has operations in so many countries and must comply with so many different legal and regulatory regimes, that even obtaining the regulatory approvals necessary to allow in-country operations can prove challenging. Ensuring ongoing compliance once SES is authorized to do business in a country poses an even greater risk, he said.
On 6 July 2017, the French Supreme Court (Cour de cassation) confirmed a decision of the Paris court of appeal dated 15 March 2016 (RG No. 040/2016) which held that Internet intermediaries must bear the costs for implementing blocking measures against illegal streaming websites.
Article L. 336-2 of the French intellectual property Code (“IPC”) allows rights holders to seek a Court order to have intermediaries (such as Internet Service Providers) implement measures to cease or prevent online copyright infringement. This article is the transposition into French law of Article 8(3) of the Information Society Directive (2001/29/EC). This provision has been used several times by rights holders in order to obtain blocking measures against major illegal streaming websites in France.
In the present case, several French professional Unions for copyright defence initiated proceedings against major intermediaries on the grounds of Article L. 336-2 IPC to obtain the blocking of several streaming websites including Allostreaming.
Case law background
The Paris court of first instance (decision dated 28 November 2013, RG No. 11/60013) decided that the costs of the blocking measures sought by the French Unions should not be borne by intermediaries. In its reasoning, the Paris court of first instance notably relied on the decision of the French Constitutional Council (in charge of examining compliance of a passed law with the French Constitution) dated 28 December 2000 (No. 2000-441 DC) which held that the law which obliged telecommunication operators to bear costs for implementing communication interception measures sought by public authorities for public safety purposes was contrary to the Constitution. The court also relied on the CJEU decision Sabam v. Netlog, C-360/10 dated 16 February 2012 which considered that an injunction ordering an hosting provider to implement a system filtering information in order to prevent files being made available which infringe copyright “would result in a serious infringement of the freedom of the hosting service provider to conduct its business (…).” (§46).
On July 26th, Hogan Lovells hosted another installment in its 2017 webinar series on emerging issues involving the Internet of Things (IoT). This webinar focused on potential legal issues with connected vehicles and smart cars, including in the areas of regulatory compliance, privacy, litigation, and intellectual property.
Lance Bultena, a partner in Hogan Lovells Washington, D.C. office, moderated the discussion. Lance opened by explaining why the automotive industry is changing, emphasizing that the world is younger, more urban, more connected, and more concerned about the environment. Connected vehicles have emerged, in part, as a response to these changes, creating opportunities for new revenue streams for original equipment manufacturers (OEMs), equipment suppliers, content and applications developers and others. Furthermore, advances such as driverless cars have the potential to significantly reduce the costs of transportation and infrastructure, in addition to reducing accidents and promoting environmental efficiency.
Fast, reliable communications networks are essential for high-quality connected vehicle applications, and there is robust competition for access to the wireless networks and spectrum that enables them. Auto companies currently have access to special purpose spectrum for dedicated short-range communications (DSRC) that is immediately adjacent to a popular 5 GHz Wi-Fi spectrum band. DSRC technology enables vehicle-to-vehicle communications that auto companies use primarily for safety applications. Wi-Fi advocates argue that auto companies should share this spectrum, which could affect the reliability and safety of DSRC applications. These industries are battling not only at the Federal Communications Commission (FCC), the United States telecommunications regulator, but also at the National Highway Traffic Safety Administration (NHTSA). Under former President Obama, NHTSA proposed to mandate vehicle-to-vehicle technologies in all light vehicles in the United States, citing the potential to reduce accidents caused by human error. The current administration will likely determine the outcome of that proposal.
The U.S. Federal Communications Commission has adopted a Forfeiture Order (“Order”) imposing a nearly $2.9 million penalty against Dialing Services, LLC (“Dialing Services”) for making prerecorded voice calls to wireless phones without the “prior express consent” of the called parties. This Order is notable because the FCC targeted the technology platform provider rather than the provider’s customer.
Welcome to the Hogan Lovells Global Payments Newsletter. In this monthly publication we provide an overview of the most recent payments, regulatory and market developments from major jurisdictions around the world as well as sharing interesting reports and surveys on issues affecting the market.
Key developments of interest over the last month include:
EBA responds to Commission’s amendments to the RTS on SCA: The EBA has published an Opinion in which it rejects three of the four amendments the European Commission proposed in May.
Implementation of MLD4 in Italy: Among other things, Legislative Decree No.90 of 25 May 2017 changes the existing legislative framework by introducing specific provisions for payment and e-money institutions and increased reporting requirements.
EBA publishes guidelines on professional indemnity insurance under PSD2: The final guidelines require the minimum monetary amount of PII or comparable guarantee to be calculated by adding up the amounts that are reflective of the risk profile, type of activity and size of activity criterion.
To view a PDF of the full Newsletter please click here. You can also follow us on Twitter at @HLPayments for regular news and updates.