Brand Protection Conference in Frankfurt

From The IP Kat:

I have recently returned from the Second Brand Protection Congress in Frankfurt.

It was a very interesting event with a wide range of speakers and topics all linked to brand protection. The talks ranged from the various online anti-counterfeiting tools and latest technological developments and intermediary liability through to the various methods that brands have adopted to protect their rights.

. . . .

Ekaterina Makarova of Sberbank gave us a sneak peak into its cyber squatting problems. The most memorable copycatwas a purported airline (an unusual second line of business for a bank) which mimicked the bank’s branding colours, website layout and overall appearance. These issues are being successfully litigated via the Russian courts.

Magdalena Kaput of Oriflame Cosmetics discussed the Protection of image rights. This is particular issue under their direct sales model where social media engagement and photos of Oriflame events are an important part of their business. As Magdalena explained in the world of post GDPR it is important to understand context and consent before using an image. Getting this wrong can create major reputational harm and a large liability under GDPR.

Magdalena highlighted a particular feature of celebrity and model contracts which needs to change – whilst they can be very long regarding location timing, lighting, hair and makeup to be used they do not tend to include specific consent to use of the image. This is a major omission which will need to be resolved in model/celebrity contracts to avoid problems in the future.

Link to the rest at The IP Kat

For those not familiar with GDPR, here is a high-level description PG has culled from various sources:

The General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.

The reforms are designed to reflect the world we’re living in now, and brings laws and obligations – including those around personal data, privacy and consent – across Europe up to speed for the internet-connected age. From social media companies, to banks, retailers, and governments — almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analysed and, perhaps most importantly, stored by organisations.

Through the power of information technology, any enterprise that sells products or provides services via the internet is technically a global business. Regardless of whether your organization is a one-person operation selling novelty T-shirts or a Fortune 100 company providing sophisticated cloud computing solutions, you are likely to have customers residing outside your country of origin.

Data breaches inevitably happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it — and those people often have malicious intent.

Under the terms of GDPR, not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.

GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU.

The types of data considered personal under the existing legislation include name, address, and photos. GDPR extends the definition of personal data so that something like an IP address can be personal data. It also includes sensitive personal data such as genetic data, and biometric data which could be processed to uniquely identify an individual.

Because of the sheer number of data breaches and hacks which have occurred over the years, the unfortunate reality for many is that some of their data — be it an email address, password, social security number, or confidential health records — has been exposed on the internet.

One of the major changes GDPR will bring is providing consumers with a right to know when their data has been hacked. Organisations will be required to notify the appropriate national bodies as soon as possible in order to ensure EU citizens can take appropriate measures to prevent their data from being abused.


10 thoughts on “Brand Protection Conference in Frankfurt”

  1. Probably could also be used to censor information about attacks on women. I wonder if EU governments could have any motivation to want to do that.

  2. “Through the power of information technology, any enterprise that sells products or provides services via the internet is technically a global business. Regardless of whether your organization is a one-person operation selling novelty T-shirts or a Fortune 100 company providing sophisticated cloud computing solutions, you are likely to have customers residing outside your country of origin.”

    And simply answering demands of what your company may know of EU customers could drive most small companies out of business. Which was why many have stopped trying – or they go through a larger third party like Amazon …

    This will just finish turning the EU into a black hole where data can’t be found – and no one bothers to look.


  3. GDPR has been hotly debated at Writer Sanctum. GDPR is a flagrant example of government overreach. Can the EU bureaucracy in Brussels tell an individual in Mumbai what to do with user data? Well, yeah, they can tell all they want. Can they enforce it? Not very bloody well likely.

  4. Contrary to previous commenters I’ve worked in a tech related business for a major U.S. IT-company while they were adapting to the GDPR changes. The changes were implemented globally.

    In fact, all the big US players chose to comply. Since the summer of 2018 we all live in a GDPR legal framework when using services like FB, Apple, Google etc, whether you are an EU citizen or not.

    I used to come here daily because the comments were whip-smart and varied. This posts’ comments is why I rarely do anymore:

    – A conspiracy theorist who reveals he don’t even understand the basics: GDPR aims to regulate what COMPANIES can and cannot do with PRIVATE EU CITIZENS’ information.

    Please, Mr Fool, elaborate how the GDPR legislation is used by plural EU-governments (when there still, PTL, only one) to cover up an issue that is handled each country’s authorites nationally, and not by the EU whatsoever?

    – An anonymous commenter who believes that copying a page of GDPR legalese, creating an automated GDPR-process for their customers and adding an agree button to the company website will stop smaller companies from entering a market that has roughly a billion consumers in total.

    – The hopeless fallacies: The GDPR is about protecting private citizens of the EU’s personal information by setting up a framework so that the individual knows what info the company uses, what info the company keeps, why they need to keep it (legal and fiscal reasons for example) and for how long. The citizen can choose to agree to the conditions, or choose another company. The company can honor the conditions, or not.

    The Mumbai argument is not an argument. Just because some bad Apple go on a shooting spree doesn’t mean the law against killing people is government overreach. Nor is the GDPR.

    I’m not saying that there isn’t both idiocy and overreach when it comes to IT EU legislation, but the GDPR isn’t it.

    • Not that I care about GDPR but I’m thinking that billion customer quote is a wee bit high. By a factor of 2-3. Unless the EU somehow grew beyond 26 countries to include Russia, Ukarine, Moldova, and all the scandinavian countries. And even that only adds up to 742M.

      I thought there was more to Europe than the EU…

      Besides, for a lot of products, the return vs cost of doing business within the EU doesn’t merit the compliance effort anyway.

    • @Tina– I second almost everything you say. GDPR came just as I was leaving the corporate world, but I spent a fair amount of time studying it for one of my books. I see it as needed individual privacy protection, not government overreach. I’m glad that the EU market is large enough to force many US companies to comply.

      I agree with Felix, I think the EU market is closer to 500M than 1B, but I believe it is still the single largest trading block on the planet.

      My only disagreement with the GDPR is that reading it is difficult. PG and the other lawyers here may snicker, but I’m used to reading computing standards and I found the GDPR sucked the air right out of me.

      Nonetheless, I am glad the GDPR took the lead on this. I think it was a necessary step that should have been taken five years ago. I am disappointed that the US did not take the lead on computing privacy instead of riding on Europe’s coat-tails and playing catch-up.

      I think US citizens will be better off for the GDPR.

      • The EU is, for now, the biggest trading block on the planet.

        But they have of late taken to over-playing their hand in both cyberspace and “cultural” products. The former because of their protectionism and the latter because, in the “cultural” space it is a fragmented market. This is most noticeable in the areas of interest around here: pbooks and ebooks.

        The market power of any specific region is a function of the actual consumption (and revenues generated by) the specific product in question, not the number of warm bodies in that region. And that varies product by product, company by company, sector by sector.

        That is why Google could and did ignore the German and Spanish demands they pay the old, entrenched media companies for sending eyeballs tbeir way but the global automakers had to uglify their car front ends with nose warts to protect European jaywalkers from their own carelessness.

        In autos, the EU has real market power; in ebooks and online, less so. So they can rant and rave all they want about “the right to be forgotten” or compulsory filtering to little effect. Power in one sector does not automatically translate to other sectors.

        The Chinese “great firewall” is something they erected themselves intentionally. The EU is well on the way of seeing theirs emerge unintentionally as they disincentivize global online players from bothering with their domain.

        GDPR by itself is trivial. The mindset behind it and behind Article 13 isn’t. And the number of warm bodies in the region is not going to carry the day.

        • “GDPR by itself is trivial. The mindset behind it and behind Article 13 isn’t. And the number of warm bodies in the region is not going to carry the day.”

          We should start a pool on how long it will take for them to figure out that they’ve ‘goofed’. When ‘never’ would be an option, we need to set an ending point somewhere. Do you think ‘five years’ is enough – or do you think they’re stubborn enough to go ten? 😉

          MYMV and you not be caught up in that mess.

    • I’m sorry, but I was under the impression that one of the ‘features’ of the GDPR was that EU type citizens could now request/demand information from a website of what that website had stored/saved about their interactions of said website.

      I am unsure what type of ‘automated GDPR-process’ would be both cheap and easily implemented that would provide the requested data without it also possibly giving out that same info to parties that ask/demand it – which would then be a breach of that bit about keeping your personal data personal.

      It’s always a ‘simple’ issue when you’re not the person having to do it – and getting fined if it doesn’t work as expected.

      MYMV and may the ones making silly laws have to then pay for them.

Comments are closed.