From The IP Kat:
I have recently returned from the Second Brand Protection Congress in Frankfurt.
It was a very interesting event with a wide range of speakers and topics all linked to brand protection. The talks ranged from the various online anti-counterfeiting tools and latest technological developments and intermediary liability through to the various methods that brands have adopted to protect their rights.
. . . .
Ekaterina Makarova of Sberbank gave us a sneak peak into its cyber squatting problems. The most memorable copycatwas a purported airline (an unusual second line of business for a bank) which mimicked the bank’s branding colours, website layout and overall appearance. These issues are being successfully litigated via the Russian courts.
Magdalena Kaput of Oriflame Cosmetics discussed the Protection of image rights. This is particular issue under their direct sales model where social media engagement and photos of Oriflame events are an important part of their business. As Magdalena explained in the world of post GDPR it is important to understand context and consent before using an image. Getting this wrong can create major reputational harm and a large liability under GDPR.
Magdalena highlighted a particular feature of celebrity and model contracts which needs to change – whilst they can be very long regarding location timing, lighting, hair and makeup to be used they do not tend to include specific consent to use of the image. This is a major omission which will need to be resolved in model/celebrity contracts to avoid problems in the future.
Link to the rest at The IP Kat
For those not familiar with GDPR, here is a high-level description PG has culled from various sources:
The General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
The reforms are designed to reflect the world we’re living in now, and brings laws and obligations – including those around personal data, privacy and consent – across Europe up to speed for the internet-connected age. From social media companies, to banks, retailers, and governments — almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analysed and, perhaps most importantly, stored by organisations.
Through the power of information technology, any enterprise that sells products or provides services via the internet is technically a global business. Regardless of whether your organization is a one-person operation selling novelty T-shirts or a Fortune 100 company providing sophisticated cloud computing solutions, you are likely to have customers residing outside your country of origin.
Data breaches inevitably happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it — and those people often have malicious intent.
Under the terms of GDPR, not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.
GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU.
The types of data considered personal under the existing legislation include name, address, and photos. GDPR extends the definition of personal data so that something like an IP address can be personal data. It also includes sensitive personal data such as genetic data, and biometric data which could be processed to uniquely identify an individual.
Because of the sheer number of data breaches and hacks which have occurred over the years, the unfortunate reality for many is that some of their data — be it an email address, password, social security number, or confidential health records — has been exposed on the internet.
One of the major changes GDPR will bring is providing consumers with a right to know when their data has been hacked. Organisations will be required to notify the appropriate national bodies as soon as possible in order to ensure EU citizens can take appropriate measures to prevent their data from being abused.