T2O media interviews Jose Maria Dutilh, Managing Partner of LEQUID and Miss. Sor Arteaga, Partner Head of IT-Law Department.

 

Which are the most sensitive legal issues for companies with online presence?

Companies with online presence have to be very careful with the compliance of current regulations, especially those regarding data protection. In Le Quid we recommend that our clients make the responsibilities and duties of the Data Processor and the Data Controller clear in the contract, have mechanisms for the gathering and obtaining of express consent, to inform users of any cases of data transfer, and establish mechanisms for the exercising of ARCO rights. Also, companies with online presence, must meet the LSSICE (Law 34/2002 of 11th July for the Information Society and Electronic Commerce Services) in the sending of commercial communications, SMS or e-mailings, they must obtain the appropriate prior express consent by the user and display the word “publi” or “publicity” and in the case of promotional offers (discounts, prizes and gifts) promotional competitions or games, they must leave them clearly identified as well as the access conditions and, where appropriate, participation conditions so that they are easily accessible. Finally, we emphasize the compliance of trademark rights and intellectual and industrial property rights in general of the content available in Internet.

Entrevista realizada por T2O media a José María Dutilh, Socio Director de LEQUID, y a Sor Arteaga Responsable de Comunicaciones, Nuevas Tecnologías y Administración Electrónica de LEQUID.

 

¿Cuáles son las cuestiones legales más sensibles para las empresas con presencia online?

Las empresas con presencia online tienen que tener especial cuidado con el cumplimiento de la normativa vigente, especialmente en materia de protección de datos. En Le Quid recomendamos a nuestros clientes, dejar claro en el contrato las responsabilidades y deberes del encargado y responsable del tratamiento, disponer de mecanismos de recogida y obtención del consentimiento expreso, informar a los usuarios en caso de cesión de los datos, y establecer mecanismos para el ejercicio de los derechos ARCO. Asimismo, las empresas con presencia online, deben cumplir la LSSICE (Ley 34/2002 de 11 de julio de servicios de la sociedad de la información y de comercio electrónico) en el envío de comunicaciones comerciales, SMS, o e-mailings, obtener el respectivo consentimiento previo y expreso por parte de los usuarios e indicar la palabra “publi” o “publicidad”, y en caso de ofertas promocionales (descuentos, premios y regalos) concursos o juegos promocionales, dejar claramente identificados los mismos, así como las condiciones de acceso y, en su caso, de participación para que sean fácilmente accesibles. Por último, debemos destacar, el cumplimiento por parte de las empresas online de los derechos de marca y en general de propiedad Intelectual e industrial de los contenidos disponibles en internet.

T2O media interviews Jose Maria Dutilh, Managing Partner of LEQUID and Miss. Sor Arteaga, Partner Head of IT-Law Department.

 

Which are the most sensitive legal issues for companies with online presence?

Companies with presence online have to be very careful with the current regulations compliance, especially regarding data protection. In Le Quid we recommend our clients to make clear in the contract the responsibilities and duties of the Data Processor and the Data Controller, have mechanisms for gathering and obtaining express consent, inform users in case of data transfer, and establish mechanisms for exercising of ARCO rights.  Also, companies with presence online, must meet the LSSICE (Law 34/2002 of 11 July services of information society and electronic commerce) in the sending of commercial communications, SMS or e-mailings, obtaining the appropriate prior express consent by the user and display the word “publi” or “publicity” and in case of promotional offers (discounts, prizes and gifts) promotional competitions or games, leaving them clearly identified as well as the access conditions and, where appropriate, participation conditions to be easily accessible. Finally, we emphasize, the compliance of trademark rights and in general intellectual and industrial property rights of the content available in Internet.


Which are the most important changes to the legal level for online marketing?

Certainly, from a legal point of view for digital marketing, the most innovative aspect was the change a few days ago from the LSSICE transposing Directive 2009/136/EC (e-Privacy Directive), regulating devices, storage and retrieval of data in terminal equipment of the recipients (“cookies”), essential in “behavioral advertising”. As well as changes in the recently published “Royal Decree-Law 13/2012″, 30th March, concerning the duty of companies in business communications not to conceal and/or hide the identity of the advertiser, nor incite the recipients to visit websites without identifying the communication as advertising and identifying the legal person that makes it. Also in commercial communications by e-mail, a valid email address is required where people can exercise the right not to receive commercial communications assuring that the sending of communications is forbidden if the address is not included. In addition, a mere notification of the users will to revoke his consent to continue receiving communication shall be enough. This also includes the duty of providing information in an accessible way to users on the above procedures.

Another relevant aspect are the sweepstakes and online games on social networks like Facebook, where besides the compliance of the rules laid down by the referred social network you must comply with regulations and formalities foreseen in the games regulations in force.


What lesser-known legal issues do you think should be highlighted??

From our experience at Le Quid, advising national and international clients for many years, we have observed that sometimes our clients, online service providers, are unaware of the mechanisms and suitable ways to obtain valid consent, they confuse the roles of the Data controller with those of the Data processor, and in their activities acquire or transfer data without being aware of it. Also, the need to comply with current legislation on online gaming is lesser known, as well as the need to regulate the actors’ obligations such as the community manager whose opinions play a decisive role in the company’s reputation of having mechanisms which allow a higher control in minor cases and to consult generic files of exclusion of commercial communications (Robinson lists) which is compulsory prior to conducting advertising or commercial research campaigns. These examples are some of the legal issues often forgotten by businessmen, and the failure to comply with the law can result in considerable fines from the Agency. The lack of knowledge about trademark law and the execution of unfair and illegal competitive practices by the advertisers such as links to competitor’s sites or sites where product imitation of these brands are offered. Small spelling mistakes which take advantage of errors made by users when typing in the brand name is another important aspect which may be considered.


We often speak about the Internet users’ rights, but, what are the rights of online advertisers?

The law seeks generally to protect the weakest party, in this case the internet user. However, the online advertiser has rights that sometimes they are unaware of such as intellectual and industrial property, protection and regulation of brands. Once the brand is registered, it is given an exclusive right to forbid use by a third party. The law in general allows the owner of the trademark to prohibit an advertiser from advertising products or services under denominations similar or identical to those of the registered trademark through use of a Keyword that is similar or identical to that used by the owner of the trademark. Online advertisers benefit from protection on their registered domains meaning that no other company or third party can use them. They are able to report companies that perform actions which constitute piracy or unfair competition acts, and if their rights are damaged, can take any legal action needed for the competitor to cease the anticompetitive and unfair practice. They can bring up civil and commercial actions for damages or even criminal responsibility for them.

At what point is the data protection issue?

The European Commission recently made a proposal to change the European legal framework on data protection with a new regulation on Data Protection which will undoubtedly represent the most significant change in the field and its next approval will lay the foundations for data protection regulation in the coming years. It emphasizes the duty of companies and people responsible for investment in data protection (with impact assessments for privacy and the establishment within the companies of a new figure called “the delegate of data protection”).

The implementation of the new regulation to non-European companies that offer their services and products in the EU; the unification of policies for those publicly responsible and private entities; the inclusion of new criteria in the definition of what is a violation of personal data, genetic data, biometric or health data, the regulation of the right to oblivion, the specific treatments for data of minors and the creation of the European Data Protection Council will be some of the aspects that the European Commission intend to include and will mark a milestone in the data protection regulation for the countries of the European Union.

We must add the immediate regulation of cloud computing, social networks in interest of protecting children and safeguarding the rights and personal data of users, behavioral marketing in the regulation of cookies and the right to oblivion, to allow individuals who desire and request to eliminate their personal data from the search engines and social networks to do so.

In practice, important initiatives such as the modification of Google or Facebook privacy policies or the audit of data protection that Facebook has had in Ireland are signs that this matter will be of high importance in the near future.

What are the basic recommendations for any company operating on the internet?

At Le Quid we recommend our clients who express their desire to operate online, to ensure the fulfillment of legality in all actions and activities carried out.
Among the basic measures to be implemented, the web page must fulfill the provisions of the LOPD and the LSSICE with a good data protection and privacy policy and the corresponding legal note.

The regulation of cookies should be taken into account too. In relation to activities concerning advertising on search engines, it must be ensured that these activities or actions do not violate the intellectual property or trademark law and do not constitute unfair competition practices.

When working with social networks, you must ensure at all times that all the expressions and comments to users are respectful. Also, in the case of commercial communications, you must have clear information and obtain prior consent. In general, we recommend reviewing the process within the organization to ensure that they are effective. From our experience we can say that the first thing a company operating on the Internet should do is a review and audit of their processes to detect to what extent they can be improved and adapt them to the LOPD, LSSICE, consumption or intellectual property. It is vital to hire an expert to do this. In our firm, we have observed that some companies have asked for our advice after they have been penalized. Of course, we are able to defend them but it is advisable to prevent and avoid unnecessary fines. The knowledge of law and good legal advice and support from the beginning makes the difference between companies and helps them to act correctly and avoid future penalization.

What about social networks?

Social networks, with an exponential growth are the means to reach thousands of users quickly and at very low cost. It is therefore very useful in the e-commerce and online marketing fields. Nevertheless, we must alarm about the huge amount of data available about us, our friends, customs and even our location, IP address, browser type, websites we have visited and so on. This allows them to easily understand tastes, preferences and the profile of the user, whose data can be easily transferred to third parties, and even worse, may be obtained from security breaches, as has happened in recent years. This has allowed changes to the privacy policies of social networks like Facebook with greater penetration, which we believe are still inadequate in terms of the guarantee and protection of data protection rights and privacy. However, there are good examples such as Sonic and LinkedIn who are closer to fulfilling the essential principles in the configuration of data protection law at European level such as the consent, information, purpose, data quality, fulfillment of security levels and allowing the exercise of rights of access, rectification, cancellation and opposition.

Definitively, it is possible that in the not too distant future with the normative changes like the protection of information, the increasing demand and the need from users of major protection and security, social networks will be forced to change their privacy policies and to implement better security, especially if they want to stay in the market. Their next opponents like “Altly” (alternative to open-source Facebook), whose main focus is on security and data protection, point out that users should know exactly who can see what information from the network and the control of information “should be in our hands and its practice should be extremely simple.” Beyond any subjective assessment, social networks will have to adapt to the idea that many users do not want to share their private life and in the future there will be more regulation and intervention by regulatory authorities, especially with the regulation of minor details, the right to oblivion and new online games on social networks.

What is the future for cookies; key allies of online marketing?

The “Royal Decree-Law 13/2012″, 30 March, was recently published and transposes directives on internal markets in electricity, gas and electronic communications by adopting measures for the economic imbalance correction between costs and electricity and gas revenues. ”
The above mentioned Decree specifies in its Article 4 the modification of the Law 34/2002 concerning the Information Society and Electronic Commerce Services (LSSICE) regulating the cookies referred to in article 4.3. It gives a new draft to the article 22.2 of the LSSICE, highlighting a new aspect: “the need for consent”, as well as the information foreseen in the LSSICE.
From the point of view of the European regulator the message is clear, prior consent is a basic requirement. The working group of Art. 29 has made it clear on several occasions where the privacy topic will have to be considered by the companies.
The above mentioned regulation means an important milestone in behavioral advertising. It will be necessary on the part of the advertisers to provide some mechanism such as a tick box where the user authorizes the installation of cookies on their devices, whose application in practice will be very difficult and whose implementation will take time.
Finally, it should be noted that the competent body for the possible infractions for the breaches of the new regulation is the Spanish Agency for Data Protection, and will have to establish examples of valid mechanisms for the compliance of the new legal framework. In other countries like the UK generous terms have been granted to those responsible to adapt their websites.
In any case, it will be necessary to pay attention to the Agency’s reaction against the new regulation of the cookies. We also recommend modifying the privacy policies to fit the new regulations and taking all necessary measures to avoid any penalty.
Likewise, it must be noted that the rule regulates “storage devices and data recovery of information in the terminal equipment of the addresses”, and not just the cookies that are a speciality within the type.

Internet is global … in what measure is legislation local?

Internet is global, but it is very difficult to have global laws that apply equally to everyone even if that is the trend especially in the EU countries, unlike in some of the Common-law countries (especially the United States) where the regulation is local and much more flexible than in the EU countries.

In general, the regulation of rules related to Internet in the EU is more uniform. The tendency is that they will be charged to lenders of services in our territories even though they are established in countries outside of the EU.

Therefore we are inclined to think that the above mentioned local laws will slowly have to start to give in and make changes if they want their companies to have the same competitive advantage as the rest.

If we want a unique digital market to grow, the unification of the regulation is necessary and in Europe we are making big advances into this. Local legislations will have to yield and change. The search engines must come to terms with the fact that the Internet is not a territory without law.

 

What are your forecasts for the future: in which areas there will be more changes?

A lot of changes will take place in this sector in the following months. In terms of data protection, the new European regulation will play a decisive role and will directly influence online marketing.
Additionally there will be more regulation and control over social networks, which will continue to grow and play an important role. There is an increased control of the companies that use cookies (which is very important for behavioral advertising). A further development of online gaming (with the approval of the long-awaited Rules), more regulation on the liability of suppliers and monitoring of data on servers regardless of the country in which they are located in the case of cloud computing, the use of next generation networks and more modern mobile devices with services and tools based on geolocation, and business investment in advertising in search engines which will increase the respect for the legality and knowledge of the actions that violate the right of trademarks and unfair competition.
These upcoming trends will be taking place in this dynamic and constantly evolving field, where no doubt, information, prevention and good legal advice will make the difference between the companies.


¿ Cuáles son las novedades más relevantes a nivel legal para el marketing on line?

Sin duda, desde un punto de vista legal para el marketing online el aspecto más novedoso ha sido la modificación hace pocos días de la LSSICE que traspone la Directiva 2009/136/CE (Directiva e-Privacy), regulando dispositivos de almacenamiento y recuperación de datos en equipos terminales de los destinatarios (las “cookies”), esenciales en la “behavioral advertising” o publicidad comportamental. Así como, los cambios introducidos en el recién publicado “Real Decreto-Ley 13/2012”, de 30 de marzo, relativos al especialmente deber de las empresas en las comunicaciones comerciales de no disimular y/ocultar la identidad del anunciante, ni incitar a los destinarios a visitar páginas web sin identificar la comunicación como publicidad e identificar la persona jurídica que la realiza; asimismo, en comunicaciones comerciales por e-mail, se exige una dirección electrónica válida donde se pueda ejercer el derecho a no recibir comunicaciones comerciales, quedando prohibido el envío de las comunicaciones si no se incluye esta dirección; se permite revocar el consentimiento a las comunicaciones electrónicas con la simple notificación de su voluntad al remitente; e incluye el deber de información de forma accesible a los usuarios, sobre los procedimientos antes mencionados. Aunado a ello, otro aspecto novedoso son los sorteos y juegos online en redes sociales, como Facebook, donde además del cumplimiento de las normas previstas por la referida red social, se deberá cumplir con la normativa y formalidades previstas en la normativa vigente en materia de juegos.

¿Qué aspectos legales menos conocidos crees que habría que destacar?

De nuestra experiencia en LeQuid asesorando desde hace muchos años a clientes nacionales e internacionales, hemos observado que en ocasiones nuestros clientes, prestadores de servicios online, desconocen los mecanismos y formas adecuadas para obtener un consentimiento válido, confunden las figuras de encargado con el de responsable del tratamiento, y en sus actividades adquieren o ceden datos, sin estar consciente de ello. Asimismo, es menos conocida la necesidad de: cumplir con la normativa vigente en materia de juego online, de regular las obligaciones de actores tan importantes como el administrador de los contenidos en las redes sociales (community manager) cuyas opiniones pueden ser decisivas en la reputación de la empresa de disponer de mecanismos que permitan mayor control en el caso de menores, y la de consultar los ficheros genéricos de exclusión de comunicaciones comerciales (listas Robinson) la cual es obligatoria con carácter previo a la realización de campañas de publicidad o prospección comercial. Estos ejemplos, son algunos de los aspectos legales a veces olvidados por los empresarios, cuyo incumplimiento se puede traducir en cuantiosas sanciones por parte de la Agencia. Aunado a ello, el desconocimiento del derecho de marcas y la realización de prácticas de competencia desleal e ilícitas por los anunciantes como: enlaces a sitios de competidores, o sitios en los que se ofrecen productos de imitación de dichas marcas, pequeños errores ortográficos que se aprovechan de las equivocaciones de los usuarios al teclear la marca en cuestión, son otros aspectos importantes que se deben considerar.

A menudo hablamos de la defensa de los derechos de los internautas, pero ¿cuáles son los derechos de los anunciantes online?

Por lo general, la ley trata de proteger al más débil jurídico, en este caso (el internauta), no obstante, el anunciante online goza de derechos que a veces desconoce como el de propiedad Intelectual e industrial de los contenidos; protección y regulación de signos distintivos (marcas) ya que una vez registrada la marca confiere un derecho exclusivo para prohibir a cualquier tercero el uso, sin su consentimiento, en el tráfico económico de cualquier signo similar para productos o servicios similares a aquellos para los que la marca esté registrada que impliquen por parte del público un riesgo de confusión. En general, la Ley le permite prohibir a un anunciante que, a partir de una palabra clave idéntica o similar a la marca, que haya seleccionado sin consentimiento del titular en el marco de un servicio de referenciación en Internet, haga publicidad de productos o servicios similares o idénticos a aquellos para los que se ha registrado la marca, procedan del titular de la marca o de una empresa económicamente vinculada a éste o si, por el contrario, proceden de un tercero.

Asimismo, los anunciantes online gozan de protección de sus dominios registrados, para que ninguna otra empresa o tercero los puedan utilizar. Pueden denunciar a las empresas que realicen acciones que constituyan actos de piratería o competencia desleal, y en caso de vulneración de sus derechos, pueden ejercer las acciones legales pertinentes, para que terceros (la mayoría de los casos, su competencia) cesen en la práctica anticompetitiva y desleal, así como también, podrá interponer las acciones civiles y mercantiles correspondientes por los daños y perjuicios causados, e incluso responsabilidad penal por las mismas.

¿En qué punto está el tema de la protección de datos?

La reciente propuesta de la Comisión Europea para la reforma del marco normativo europeo de protección de datos, con un nuevo Reglamento Europeo de Protección de Datos, sin duda representará el cambio más significativo en la materia, y su próxima aprobación supondrá un hito importante que sentará las bases de la regulación de la protección de datos en los años venideros. Entre los aspectos novedosos del Reglamento, cuya aplicación, es inmediata desde su publicación, destaca el deber de las empresas y responsables de invertir en materia de protección de datos (con evaluaciones de impacto para la privacidad y el establecimiento dentro de la empresas de una nueva figura “la del delegado de protección de datos”); la aplicación de la nueva regulación de las empresas no europeas que ofrezcan sus servicios y productos en la UE; la unificación de políticas para responsables públicos y entes privados; la inclusión de nuevos criterios en la definición sobre qué es una violación de datos personales, datos genéticos, datos biométricos o  datos de salud; la regulación del derecho al olvido, los tratamientos específicos para los datos de menores y la creación del Consejo Europeo de Protección de Datos, serán algunos de los aspectos que la Comisión Europea pretende incorporar, y marcará un antes y un después en la regulación de protección de datos para los países de la unión.

A esto, hay que añadirle la inminente regulación del cloud computing o computación en la nube; el de las redes sociales en aras de proteger a los menores y salvaguardar los derechos y datos de carácter personal de los usuarios, el marketing comportamental con la regulación de las cookies, y el derecho al olvido, para permitir que las personas que así lo deseen y soliciten lograr que sus datos personales, desaparezcan de los buscadores y redes sociales. En la practica, iniciativas importantes como la modificación de las políticas de privacidad de Google o Facebook, o la auditoria de protección de datos que ha tenido Facebook en Irlanda son indicios de que el tema será relevante y dará mucho que hablar en el futuro y debe ser tomado en consideración por las empresas de marketing online.

¿Cuáles son las recomendaciones básicas para cualquier empresa que opere en Internet?

En LeQuid, recomendamos a nuestros clientes que manifiestan su deseo de operar en internet, que velen por el cumplimiento de la legalidad en todas las acciones y actividades a realizar. Entre las medidas básicas a implementar, la página web debe cumplir lo previsto en la LOPD y la LSSICE con una buena política de protección de datos y privacidad, y la correspondiente nota legal. Asimismo, se debe tener en cuenta la regulación sobre cookies. En las actividades realizadas con relación a la publicidad en los buscadores, hay que procurar que las actividades o acciones realizadas, no vulneren la propiedad intelectual, el derecho de marca y constituyan prácticas de competencia desleal. Si se trabaja con Redes Sociales, se debe tener mucho cuidado con las expresiones y comentarios a los usuarios que en todo momento deben ser respetuosas. Asimismo, en caso de comunicaciones comerciales se debe disponer la información de forma clara y obtener el debido consentimiento. En general, recomendamos revisar los procesos dentro de la organización y velar porque los mismos sean efectivos. De nuestra experiencia podemos decir que lo primero que debe hacer una empresa que opere en internet, es una revisión y auditoria de sus procesos para detectar en que medida puede mejorar los mismos y adecuarlos a la LOPD, LSSICE, consumo o propiedad intelectual, siendo vital contratar un experto para ello. En nuestro despacho, hemos observado que algunas empresas han solicitado nuestro asesoramiento una vez han sido sancionados. Naturalmente, somos capaces de defenderles pero lo recomendable es prevenir, y evitar las multas innecesarias, de allí que el conocimiento de la normativa y una buena asesoría y acompañamiento legal desde el principio marca la diferencia entre las empresas, y ayuda a actuar de forma correcta y evitar futuras sanciones.

¿Qué pasa con las redes sociales?

Las redes sociales, con un crecimiento exponencial son el medio por excelencia para llegar a miles de usuarios de forma rápida y a muy bajos costes, resultando muy útil en el ámbito de comercio electrónico y marketing online. Pese a ello, nos debe alarmar, la ingente cantidad de datos que disponen sobre nosotros, nuestras amistades, costumbres e incluso sobre nuestra localización, dirección IP, tipo de navegador, dominios que visitamos, etc.; que les permite fácilmente conocer los gustos, preferencias y el perfil del usuario, cuyos datos pueden ser fácilmente cedidos a terceros, y peor aún, pueden ser obtenidos por fallos de seguridad, como ha ocurrido en los últimos años. Esto, ha permitido, cambios en las políticas de privacidad de las redes sociales con mayor penetración como Facebook, que a nuestro juicio, siguen siendo insuficientes en cuanto a la garantía y protección de los derechos de protección de datos y la privacidad. No obstante, existen buenos modelos como los de Sonico y LinkedIn quienes se aproximan al cumplimiento de los principios esenciales en la configuración del derecho de protección de datos a nivel europeo como lo son: el consentimiento, información, finalidad, calidad de los datos, cumplir con los niveles de seguridad y permitir el ejercicio de los derechos de acceso, rectificación, cancelación y oposición.

En definitiva, no se descarta que un futuro no muy lejano con los cambios normativos en materia de protección de datos, y la creciente demanda y necesidad de los usuarios de mayor protección y seguridad, se obligue a las redes sociales a modificar sus políticas de privacidad y a implementar mayores niveles de seguridad, en especial si quieren mantenerse en el mercado, ya que sus próximos rivales como “Altly” (alternativa a Facebook de código abierto), centran su manifiesto en la seguridad y protección de datos, señalando que los usuarios deberían saber exactamente quién puede ver qué información sobre la red, y que el control de la información “debería estar en nuestras manos, y debería ser extremadamente sencillo ejercerlo”. Más allá de cualquier valoración subjetiva, las redes sociales tendrán que adaptarse a la idea de que muchos usuarios no desean compartir su intimidad, y el futuro, será una mayor regulación e intervención por parte de las autoridades de regulación, con especial en la regulación de los datos de menores, el derecho al olvido, y nuevas modalidades como el juego online en las redes sociales.

¿Cuál es el futuro de las cookies, aliadas fundamentales del marketing online?

Recientemente se ha publicado el “Real Decreto-Ley 13/2012”, de 30 de marzo, por el que se transponen directivas en materia de mercados interiores de electricidad y gas y en materia de comunicaciones electrónicas, y por el que se adoptan medidas para la corrección de las desviaciones por desajustes entre los costes e ingresos de los sectores eléctrico y gasista”. Dicho Decreto, recoge en su artículo 4 la modificación de la Ley 34/2002, de servicios de la sociedad de la información y de comercio electrónico (LSSICE) regulando lo referido a las cookies en el artículo 4.3 que da una nueva redacción al artículo 22.2 de la LSSICE, destacando como aspecto novedoso la necesidad de consentimiento” además del de información previsto en la LSSICE. Desde el punto de vista del regulador europeo el mensaje es claro, el consentimiento previo es un requisito fundamental, y así lo ha dejado claro en varias ocasiones a través del grupo de trabajo del art. 29 donde el tema de la privacidad tendrá que ser un elemento a tomar en cuenta en las empresas.

Dicha regulación, supone un hito importante en la publicidad comportamental, donde será necesario por parte de los anunciantes prever algún mecanismo como por ejemplo una casilla, donde el usuario autorice la instalación de cookies en sus dispositivos, cuya aplicación en la práctica, sin duda resultará compleja y tardará en su implementación. Por último, hay que destacar que ante posibles infracciones por incumplimiento de la nueva regulación, el órgano competente de conocerlas es la Agencia Española de Protección de Datos, que deberá establecer ejemplos de mecanismos válidos para el cumplimiento del nuevo marco legal, donde en otros, países como el Reino Unido, se han otorgado plazos generosos para que los responsables de los sitios web puedan adaptarse. En todo caso, habrá que estar atentos a la reacción de la Agencia frente a la nueva regulación de las cookies, recomendamos modificar las políticas de privacidad para adecuarlas a la nueva regulación, y tomar todas las medidas necesarias para evitar cualquier sanción. Asimismo, debe advertirse que la norma regula dispositivos de almacenamiento y recuperación de datos en equipos terminales de los destinatarios”, y no únicamente las cookies que son una especialidad dentro del género.

¿Internet es global…en qué medida la legislación es local?

Internet es global, pero es muy difícil tener legislaciones globales que apliquen a todos por igual aunque esa sea últimamente la tendencia, especialmente en los países de la UE, a diferencia de algunos países anglosajones (especialmente Estados Unidos) donde la regulación es local y mucho más flexible que la de los países de la Unión. En general, en la UE es más uniforme la regulación de normas relacionadas con internet, y la tendencia es que las mismas sean aplicadas a prestadores de servicio en nuestros territorios aunque estén establecidos en países fuera de la unión. Por lo cual, nos inclinamos a pensar que dichas legislaciones locales tendrán poco a poco que ceder y empezar a introducir cambios si quieren que sus empresas gocen de la misma ventaja competitiva que el resto. Para el crecimiento y consolidación de un mercado digital único, es necesario la unificación de la normativa y en Europa estamos dando grandes avances en ello, donde las legislaciones locales tendrán que ceder y cambiar, y los motores de búsqueda deberán de asumir de una vez, que internet no es un territorio sin ley.

¿Cuáles son tus previsiones de cara al futuro: en qué áreas vaticinas que habrá más cambios?

En términos generales de cara al futuro, son muchos los cambios que se avecinan en el sector, que en pocos meses se enfrentará a cambios regulatorios importantes. En materia de protección de datos, el nuevo reglamento europeo será decisivo e influirá de forma directa en el marketing online. Asimismo, habrá mayor regulación y control sobre las redes sociales (que seguirán en crecimiento y jugando un rol importante), existirá un mayor control de las empresas que utilicen cookies (vitales para la publicidad comportamental), un mayor desarrollo del juego online (con la aprobación de su Reglamento tan esperado), mayor regulación sobre la responsabilidad de los proveedores y el control de los datos en los servidores sin importar el país donde se ubiquen en el caso de cloud computing, el uso de redes de nueva generación y de dispositivos móviles más modernos con servicios y herramientas basados en la geolocalización, y la inversión de las empresas en publicidad en los motores de búsqueda donde aumentará el respeto a la legalidad y el conocimiento de las acciones que vulneran el derecho de marcas y la competencia desleal, en términos generales éstas serán algunas de las próximas tendencias a producirse en este ámbito tan dinámico y en constante evolución, donde sin duda la información, prevención y buena asesoría legal, marcará la diferencia entre las empresas del sector.

 

Which are the most important changes to the legal level for online marketing?

Certainly, from a legal point of view for digital marketing, the most innovative aspect was the change a few days ago of the LSSICE transposing Directive 2009/136/EC (e-Privacy Directive), regulating devices, storage and retrieval data terminal equipment of the recipients (“cookies”), essential in the “behavioral advertising”. As well as changes in the recently published “Royal Decree-Law 13/2012”, 30 March, concerning to the duty of companies in business communications not to conceal  and/or hide the identity of the advertiser, nor incite the recipients to visit websites without identifying the communication as advertising and identifying the legal person which makes it. Also in commercial communications by e-mail, it is required a valid email address where people can exercise the right not to receive commercial communications remaining forbidden the sending of communications if the address is not included; granting the permission to revoke consent to electronic notification of the sender´s will and to include the duty of information in an accessible way to users on the above procedures.

Another relevant aspect are the sweepstakes and online games on social networks like Facebook, where besides the  compliance of the rules laid down by the referred social network you must comply with regulations and formalities foreseen in the in force games regulations.


What lesser-known legal issues you think should be highlighted?

Since Le Quid has been advising national and international clients for a long time we have noticed that sometimes our clients, online service providers, ignore mechanisms and suitable ways to obtain a valid consent, they confuse the Data controller with the Data processor roles, one in charge of the treatment and in their activities acquire or transfer data without being aware of it. Also, it is less known the desire of complying with current legislation on online gaming, to regulate the actors’ obligations such as the community manager whose opinions play a decisive role in the company´s reputation of having ways which allows a higher control in minor cases and to look up the files of generic exclusion of commercial communications (Robinson lists) which is compulsory prior to conducting advertising or commercial research campaigns. These examples are some of the legal issues often forgotten by businessmen, and the failure to comply with the law can result into considerable fines by the Agency. The lack of knowledge about the trademark law and the execution of unfair and illegal competition by the  advertisers such as links to competitor’s sites or sites where the product imitation of these brands are offered. These are small spelling mistakes which take advantage of errors made by users when typing the brand are other important aspects which may be considered.


We often speak about the Internet users ´s rights, but, which are the rights of online advertisers?

The law seeks generally to protect the weakest party and in this case the internet user. However, the online advertiser has rights that sometimes unknowns such as intellectual and industrial property, protection and regulation of brands. Once the brand is registered, it is given an exclusive right to forbid the use by a third party. The law in general allows to prohibit an advertiser that, from an identical keyword or similar to the brand which have selected without owner´s consent as part of an internet referencing service, advertise products or services similar or identical to those for which the mark is registered. Online advertisers enjoy protection on their registered domains so that no other company or third party can use them. They sue or claim to companies that perform actions which constitute piracy or unfair competition acts, and if their rights are damaged, can take any legal action necessary in order that competitor ceases the anticompetitive and unfair practice. They can bring up civil and commercial actions for damages or even criminal responsibility for them.


At what point is the data protection issue?

The European Commission made recently a proposal to change the European legal framework on data protection with a new regulation on Data Protection which will undoubtedly represent the most significant change in the field and its next approval will lay the background for the data protection regulation in the coming years. It emphasizes the duty of companies and responsible for investment in data protection (with impact assessments for privacy and the establishment within the companies of a new figure called “the delegate of data protection”).

The implementation of the new regulation to non-European companies that offer their services and products in the EU; the unification of policies for public responsible and private entities; the inclusion of new criteria in the definition of what is a violation of personal data, genetic data, biometric or health data, the regulation of the right to forgetting,  the specific treatments from children and the creation of the European Data Protection Council will be some of the aspects that the European Commission intend to include and will mark a before and an after in the data protection regulation for the countries of the European Union.

We must add the immediate regulation of cloud computing, the social networks in order to protect children and safeguard the rights and personal data of users, behavioral marketing in the regulation of cookies and the right to forgetting, to allow individuals who desire and request to  eliminate their personal data from the search engines and social networks.

Escribe texto o la dirección de un sitio web, o bien, traduce un documento.

In practice, important initiatives such as the modification of Google or Facebook privacy policies or the audit of data protection that Facebook has had in Ireland are signs that this matter will be very important.


Which are the basic recommendations for any company operating on internet?

In Le Quid we recommend to our clients who express their desire to operate online, to ensure the fulfillment of legality in all actions and activities carried out.

Among the basic measures to set up, the web page must fulfill the LOPD and the LSSICE with a good data protection and privacy policy and the corresponding legal note.

The regulation of cookies should be taken into account too. Activities in relation to advertising on search engines should ensure that these activities or actions do not violate the intellectual property, trademark law and do not constitute unfair competition practices.

While working with social networks, you must ensure that at all times all the expressions and comments to users are respectful. Also, in the case of commercial communications, you must have clear information and obtain prior consent. In general, we recommend reviewing the process within the organization and ensure that these are effective. From our experience we can say that the first thing a company operating on the Internet should do is a review and audit of their processes to detect to what extent can improve them and adapt them to the LOPD, LSSICE, consumption or intellectual property, being vital hiring an expert to do this. In our office, we have observed that some companies have asked for our advice after they have been punished.

Of course, we are able to defend them but it is advisable to prevent and avoid unnecessary fines. The knowledge of law and good legal advice and support from the beginning makes the difference between companies and helps to act correctly and avoid future sanctions.

What about social networks?

Social networks with an exponential growth are the means to reach thousands of users quickly and at very low cost. It is very useful in the e-commerce field and online marketing. Nevertheless, we should alert about the huge amount of data available from us, our friends, customs and even our location, IP address, browser type, websites we have visited and so on.  This allows them to understand easily tastes, preferences and profile of the user, whose data can be easily transferred to third parties, and even worse, may be obtained from security breaches, as has happened in recent years. This has allowed changes to the privacy policies of social networks like Facebook with deeper penetration. We believe are still inadequate in terms of the guarantee and protection of data protection rights and privacy. However, there are good examples such as Sonic and LinkedIn who are closer to fulfilling the essential principles in the configuration of data protection law at European level  such as the consent, information, purpose, data quality, ensure the security levels and allow the exercise of rights of access, rectification, cancellation and opposition.

Definitively, it is possible that not in a very distant future with the normative changes like the protection of information and the increasing demand and the need of the users of a major protection and security, social networks will be forced to change their privacy policies and to implement better security, especially if they stay in the market. Their next opponents like “Altly” (alternative to open-source Facebook), point out on the security and data protection. Users should know exactly who can see which information from the network and the control of information “should be in our hands and its exercise should be extremely simple.” Beyond any subjective assessment, social networks will have to adapt to the idea that many users do not want to share their private life and in the next future there will be more regulation and intervention by regulatory authorities, like in the regulation of minor details, the right to forget and new online games on social networks.


Which is the future of cookies, key allies of online marketing?

The “Royal Decree-Law 13/2012″, 30 March, was recently published and transposes directives on internal markets in electricity, gas and electronic communications by adopting measures for the economic imbalance correction between costs and the electricity and gas revenues. ”

The above mentioned Decree specifies in its Article 4 the modification of the Law 34/2002 referred to the company of the information and electronic commerce  services (LSSICE) regulating the cookies of the article 4.3.  That gives a new draft to the article 22.2 of the LSSICE, standing out a new aspect “the need of consent” as well as the information foreseen in the LSSICE.

From the point of view of the European regulator the message is clear, prior consent is a basic requirement. The working group of the Art. 29 clarified it on several occasions where the privacy topic will have to be considered by the companies.

The above mentioned regulation means an important milestone in the behavioral advertising. It will be necessary on the part of the advertisers to provide some mechanism such as a box where the user authorizes the installation of cookies on their devices, whose application in practice will be very difficult and the implementation will be late.

Finally, it should be noted that the competent body of knowing the possible infractions for the breaches of the new regulation is the Spanish Agency for Data Protection. It will have to establish examples of valid mechanisms for the compliance of the new legal framework. In others countries like the UK generous terms have been granted to adapt their websites.

In any case, it will be necessary to pay attention to the Agency´s reaction against the new regulation of the cookies. We also recommend modifying the privacy policies to fit the new regulations and take all necessary measures to avoid any penalty.

Likewise, it must be noted that the rule regulates “storage devices and data recovery of information in the terminal equipment’s of the addresses”, and not only the cookies that are a speciality within the gender.


Internet is global … in what measure the legislation is local?

Internet is global, but it is very difficult to have global laws that apply equally to everyone even if that is the trend especially in the EU countries.  In some of the Common-law countries (especially The United States) the regulation is local and much more flexible than in the EU countries.

In general, the regulation of the procedure related to Internet in the EU is standard. The trend is that the same ones will be charged to lenders of services in our territories even though they are established in countries out of the EU.

Therefore we are inclined to think that the above mentioned local laws will slowly start to give in and make changes if they want their companies to have the same competitive advantage than the rest.

Therefore, we prefer to think that these local laws will have less to transfer and to start introducing changes if they want their companies to enjoy the same competitive advantage than the rest.

If we want an unique digital market to grow, the unification of the regulation is necessary and in Europe we are giving big advances in it. Local legislations will have to yield and change. The search engines must assume at once that Internet is not a territory without law.

 

Which are your forecasts for the future: in which areas there will be more changes?

A lot of changes will take place in this sector in the following months. In terms of data protection, the new European regulation will play a decisive role and will influence directly in online marketing.

There will be more regulation too and control over social networks which will continue growing and playing an important role. There is an increased control of the companies that use cookies (this is very important for behavioral advertising). A further development of online game (with the approval of the Rules as expected), more regulation on the liability of suppliers and monitoring of data on servers regardless of the country where they are located in the case of cloud computing, the use of next generation networks and mobile devices with services more modern and tools based on geolocation, and business investment in advertising in search engines which will increase the respect for the rule of law and knowledge of the actions that violate the right trademark and unfair competition.

These upcoming trends will happen in this dynamic and constantly evolving area, where no doubt, the information, prevention and good legal advice will make the difference between the companies.